Just my 2 cents as a past functional safety test engineer: generally, risk management is a poor tool for documenting functional safety, it's too high level. It would be great for all parties if the 601 series had a basic checklist for protection systems for high severity harm (like death, serious injury), covering things like:
- overview of control/protection (how it works)
- operating point (nominal value, range of adjustment, tolerance, suitability, margins to safe limits)
- response time (suitability, margins)
- independence (from control system or cause)
- alarms/notification
- reset methods (latching, non-latching, operator intervention, suitability, risks)
- long term reliability (sleeping fault detection by start up tests, high speed testing, annual maintenance)
- additional protection for any weak points (e.g. common parts used by control and protection, slow response under certain conditions)
These are the key points that a third party should be reviewing when assessing the design of a high risk protection system, such as in a dialysis system, surgical laser, ESU, infusion pump, infant incubator etc.
Despite the importance, I have found that few manufacturers prepare such information, so it's almost always been necessary to reverse engineer it from the circuit diagram or tests, research. If designers know these are the things to consider in the design phase, and they need to document, it would be a smoother process for everyone. It's not that difficult, and entirely reasonable considering it's protecting against death or serious injury. But it's not something that naturally comes out of ISO 14971 risk management, or even PEMS, 62304. These are all just management systems.
Examples of classic mistakes: setting the protection operating point or response time based on the limits of technology rather than clinical aspects; auto-reset leading to dangerous outcomes; no consideration of periodic tests; going cheap and using same parts for control and protection like reference voltages, sensors, CPUs.