Determining Critical Components for conformity with IEC 60601-1

T

Thukira

It depends on the notified body based on efforts involved; but it will not be as same as the first time; usually it will be considered as service request from you as customer to NB.

Hope it helps
 

Peter Selvey

Leader
Super Moderator
In principle, if a Notified Body asks for anything in the context of MDD/CE audit, they should provided a reference for the requirement (e.g regulation, standard, clause etc.). The higher level regulations that apply to any certification body (including Notified Bodies) require them to use only requirements in publicly available standards or regulations. They can't just make up requirements. And, they cannot use guidance documents (guidance documents can help explain a requirement, but they should not effectively introduce a new requirement).

If you are however asking the agency for a formal "type test" (prepare an IEC 60601-1 report for voluntary basis or for a certificate), then the request for a critical component list is reasonable as they need this for the report, as Pads38 has mentioned.

However, even then the Notified Body's definition of a "critical component" is not practical. There are simply too many components to list.

In product safety testing (voluntary reports, CB certificates, NRTL), there has been a fairly long history of listing "critical components" more based on convention rather than a definition. For example, in a switching power supply convention would identify the isolation components (transformer, EMC Y1/Y2 caps over isolation barriers, optocouplers), fuses, the PCB material and that's pretty much it. However, in a switching power supply there are also many critical components associated with overcurrent and overvoltage protection which are not listed. Why? Just historical convention.

The convention varies a bit with different agencies and I guess everyone knows you can't list everything. So, it would be a case of roughly guessing what the agency wants and then waiting for feedback, i.e. they might say a particular cooling fan is critical so please indicate the manufacturer etc.

In some cases flexibility can be introduced by referring to critical characteristics rather than a full list manufacturer type, model etc. That gives the manufacturer the ability to change suppliers without needing to update the list. For example, I used to list mains wiring by stating the rated voltage, AWG, UL type (which infers single or double insulated), but leave the manufacturer/type as "any/any".
 

DENich

Involved In Discussions
Hello Peter Selvey,
Thanks a lot for the detailed explanation. It looks very plausible.

So, to sum up, I can distinguish two critical components lists (ССL): "live" CCL and CCL "for a testing agency".

"Live" CCL is based on risk analysis and involves evaluating risks of appearance HAZAROUS SITATIONS i.e. if malfunction of a component can lead to electrical shock, fire, violation of EMI requirements or deviations from ESSENTIAL PERFORMANCE etc., so, this component should be recognized as Critical component. It's important to make your own "live" CCL to ensure your device is really safe and reliable.

CCL "for a testing agency" is a formalized table, which depends on a particular agency and is based rather on an established practice than on genuine risk analysis. It can be reasonable. CB test (at least ours) doesn't involve evaluation of a risk analysis file, therefore it's easier to use forms "to fill in" than try to evaluate reasonability of including each component to CCL and actually to accomplish risk analysis one more time.

So, an algorithm of creating CCL "for a testing agency" can be like this:
1. To accomplish risk analysis and create your own "live" CCL.
2. Basing on information from the Internet (special thanks to the members of this thread) about "typical" critical components create rough CCL "for a testing agency".
3. In cooperation with the particular test agency clarify CCL "for a testing agency"

I think, it's will be correct to use both CCLs for a production process.
 

Peter Selvey

Leader
Super Moderator
Personally I would be reluctant to make a big list based on risk, for a medical device, just about every component is "critical" in some sense. It needs some other criteria (filter) to figure out what is worth listing. Risk is in there but not the only factor. Otherwise the list would be endless.

If you are keen to make such a list, it's worth to explore a few examples to see why they are in or out of the list to develop some rules to keep the list manageable. For example, a CPU or microcontroller has 0.1uF caps near the power supply pins. If you don't use them (or, use the wrong type), the processor's function could become unreliable which could influence essential performance or software related risks controls. But most engineers would not list them as critical. Try to figure out why and make it a rule.

Personally, I would not make risk based critical components, the BOM works fine for the purpose (i.e. it has everything). Instead I would spend more time explaining the design for critical functions, especially where it is not obvious by inspection. For example how the circuit works, operating points, why certain parts were selected, software algorithm. That's more useful in the long run since it can help designers when the design needs to be updated, including for example, when parts have to be changed due to supply or other issues.
 

DENich

Involved In Discussions
I am reluctant to make a big list too. I have thought about choosing criteria too. It would be great to explore few examples, but I'm kind of a pioneer (the first explorer) on a field of 60601-1 certification in my firm and I have failed to find any relevant example in the Internet. So, a lot of mistakes are waiting for me before I will find out my own way to deal with 60601-1 certification.
As to 0.1uF capacitor, I think, it really depends on situation. Usually this capacitor has a big voltage overrating, it is mounted on a relatively lightweight PCB and vibrations or other mechanical causes of malfunctions are negligible low. In this case it is no need to list this capacitor in a CCL. But if, for example, capacitor is mounted on a PCB which is situated, let's say, on a vehicle, vibrations can cause a piezoelectric effect on thisc apacitor or even lead to a mechanical demolition of a MLCC structure. In this case, I believe, it will not bad to list this capacitor in a CCL and use here a soft-terminated type of capacitors.

Thanks for your ideas. It's hard to sort it out with standards on your own and that's why I'm here.
 

Al Rosen

Leader
Super Moderator
Hello all.
I'd like to discuss issues related with WORKING VOLTAGE and critical components.

A Notified Body demands filled-in CDF form (critical component list). A representative of the Notified Body claims:
1. Critical Component: A component and/or sub assembly identified during a product evaluation deemed to have an impact on the safe operation or safety features of a product as dictated by the applied standard(s). This can be an electrical, mechanical, or structural component.
2. Components under dangerous voltage (greater than 42,4 V peak a.c. or 60 V d.c) are critical components.

My understanding in terms of electronics is different:
1. The limits of TOUCH CURRENT, PATIENT LEAKAGE CURRENT and PATIENT AUXILIARY CURRENT should not be exceeded for APPLIED PARTS and ACCESSIBLE PARTS in NORMAL CONDITION and SINGLE FAULT CONDITION [refer to 60601-1 rev.3.0 par. 8.1 and par. 8.4]
2. ME devices should have 2 MOP to prevent APPLIED and ACCESSIBLE PARTS from exceeding the limits I specified in item 1. [refer to 60601-1 rev.3.0 par. 8.5.1.1]
3. A corresponded MOP is determined by WORKING VOLTAGE where WORKING VOLTAGE is the highest voltage between separated by the MOP parts which is possible within input rated voltage (refer to 60601-1 rev.3.0 par. 8.5.4).
3.NORMAL CONDITION includes short circuit of any insulation that does not comply with the requirements for MOP[ refer to 60601-1 rev.3.0 par. 8.1 a) ]

From the all above I conclude that if short circuit of a component can lead to increasing of the proper WORKING VOLTAGE we should consider this component as Critical. If short circuit of a component doesn't lead to a HAZARDOUS SITUATION I don't need to consider it as Critical component.

Actually there is not such a thing as Critical Component in 60601-1 at all. I have managed to find only one reference related with Critical parts in IEC TR 62354 (describes testing procedures for medical equipment). It claims Notified bodies should demand a list of safety-rlated components which should include components used in mains, means of protection, critical materials, internal wires.

So, what do you think I should do? Should I just obey to demands of the Notified Body and include to Critical part list all components under voltage greater than 42,4Vpeak a.c./60 V d.c? Since we have great amount of such components it will lead to non-flexible purchasing and strong dependence from different manufacturers.
What do you think TR 62354 means by "parts used in mains"? Are they components on the SUPPLY MAINS side of any mains fuse?
Could you share your own experience of filling in Critical part list and dealing with Notified Bodies on this subject?

Regards,
Den.

From IEC 60601-1
4.8 * Components of ME EQUIPMENT

All components, including wiring, the failure of which could result in a HAZARDOUS SITUATION
shall be used in accordance with their specified ratings unless a specific exception is made in this standard or through the RISK MANAGEMENT PROCESS. The reliability of components that are
used as MEANS OF PROTECTION shall be assessed for the conditions of use in the ME EQUIPMENT
. They shall comply with one of the following (see also 4.5):

a) the applicable safety requirements of a relevant IEC or ISO standard;

NOTE 1 For the components, it is not necessary to carry out identical or equivalent tests already performed to check compliance with the component standard.


b) where there is no relevant IEC or ISO standard, the requirements of this standard have to be applied.

NOTE 2 If there are neither requirements in this standard nor in an IEC or ISO standard, any other applicable
source (e.g. standards for other types of devices, national standards) could be used to demonstrate compliance
with the RISK MANAGEMENT PROCESS.
See Figure 5 for a schematic flow chart for a) and b).
The components that meet the conditions in bold would be Critical.
 

DENich

Involved In Discussions
Hello Al Rosen,
Thanks a lot for posting.

I would say, it is way too wide definition and, strictly speaking, it is not a definition at all. It is just a requirement, all definitions are given in paragraph 3 of the standard.
As was mentioned by Peter Selvey above, any component could be recognized as causing a HAZARDOUS SITUATION and if probability of appearing a malfunction is not taken in account CCL would include a whole BOM. Here RISK ANALYSIS should help, but, as different sources say (and not only from this thread), real CCLs which are demanded by testing houses are rather conventional tables, than based on RISK ANALYSIS.
 

Al Rosen

Leader
Super Moderator
Hello Al Rosen,
Thanks a lot for posting.

I would say, it is way too wide definition and, strictly speaking, it is not a definition at all. It is just a requirement, all definitions are given in paragraph 3 of the standard.
As was mentioned by Peter Selvey above, any component could be recognized as causing a HAZARDOUS SITUATION and if probability of appearing a malfunction is not taken in account CCL would include a whole BOM. Here RISK ANALYSIS should help, but, as different sources say (and not only from this thread), real CCLs which are demanded by testing houses are rather conventional tables, than based on RISK ANALYSIS.
Do you want to satisfy the test lab's requirement or reduce your risk? If the latter, perform a FMECA to identify the critical components.
 

DENich

Involved In Discussions
Do you want to satisfy the test lab's requirement or reduce your risk?
Thanks for the response.
Of course, I do want to satisfy both. We have already implemented a lot of principles of fault free and operator/patient-safe design during an engineering process. Methods like FMECA or traditional risk analysis can help with a methodology and a systematic approach. My point is, is it good or bad, that performing FMECA and receiving of CB test report are a bit different tasks, although they both should be done.
 
Top Bottom