Does it make sense to isolate SIP/SOPs in all circumstances?

neveregret

Registered
Hello all, I have read many articles about SIP/SOPs in this forum. My situation is a little different. I have a certified device and I just became aware of this problem. Actually, I can't say that I have a full SIP/SOP connection. I have an USB port on my device, but it is absolutely not used in any way. This is a port created to upload the code during production. When I get it with 3.115 it's not really a SIP/SOP. This USB port does not have any function of the device and is not used for any data transfer etc.

60601-1 Figure 17, i.e. part c of 8.7.4.7, has not been tested on this device. I guess the performance of this test depends a little on this part.
1-) In this case, is the USB port still considered SIP/SOP?

Of course, there is no insulation on this port and the device has a BF type connection. BF type aplied part (cable) has 1 MOPP isolation. As I said, this port is not designed to be used during treatment in the hospital (The device can be used only in the hospital).

2-) They can replace the applied BF type part with a part from another manufacturer. In this case, can we say that the applied section still has 1 MOPP?

It is already an approved device, the user manual states that "this port will never be used during treatment and devices compatible with 60950, 60601 should be used.
I was really confused after learning about this risk. I constantly think about whether it would be enough if I just mentioned this issue in risk management and had such a warning in the user manual. I am somewhat relieved that it is something that is definitely not used during treatment. I may add a cover or warning (on the enclosure) to that section when I release the new version (with new MDR or new LVD test), but I don't know how this will pose a problem for the old ones.

I'm really curious about your comments on this subject. Can you help me please?
 
Last edited:

yodon

Leader
Super Moderator
I know this isn't answering your question, but maybe you could completely eliminate the question (and some cybersecurity questions) if you put a (screwed-down) cover over the USB port after installing the software?
 

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
When I worked at the Dept of Veterans Affairs in the USA the IT Security would intentionally leave USB sticks on cafeteria tables or other common areas. They were seeing if any employees grabbed it and used their government-issued PC to try to read it and they often would.

I also worked on a system that had a hardened file system that could not be altered in any way, however the USB port was open. The device(s) ended up with the Conficker virus. Conficker - Wikipedia.

I suggest physically preventing the use of the USB port.
 

neveregret

Registered
I know this isn't answering your question, but maybe you could completely eliminate the question (and some cybersecurity questions) if you put a (screwed-down) cover over the USB port after installing the software?
Thank you for reply. This problem also occurs on sold devices. I'm confused about whether a solution without a cover would be sufficient or not. Or do I need to send USB covers to sold devices? I'm not fully familiar with these procedures.

That's why I wonder if warnings would be enough in this case.
 

yodon

Leader
Super Moderator
I would definitely implement a change for devices not yet distributed.

I guess the approach to the distributed devices depends a lot on how many have been distributed and what your distribution method is. If you have just 1 or 2 in the wild, it would seemingly be easy enough to replace them. If you have a bunch but have distributors that can work directly with the consignees, maybe they can visit and swap / update. I did a quick search and found these USB locks (I'm not selling these or recommending these specific ones). That might be a solution if you have a bunch of units distributed and don't have a good way to reach each consignee. Just ship them one or 2 of the locks and recommend they install them. (They shouldn't need the key.) Not necessarily ideal, but gives a little protection.

Since it's already "approved" (presume you mean cleared by the FDA and has passed all the 60601-1 tests), maybe just a warning about not using the port in any way would be something to say. That's possibly skating on regulatory thin ice so I would definitely recommend getting expert regulatory advice before pushing out any additional info.
 

Avidan B

System Eng, Medical devices safety &reg. advisor
Hello all, I have read many articles about SIP/SOPs in this forum. My situation is a little different. I have a certified device and I just became aware of this problem. Actually, I can't say that I have a full SIP/SOP connection. I have an USB port on my device, but it is absolutely not used in any way. This is a port created to upload the code during production. When I get it with 3.115 it's not really a SIP/SOP. This USB port does not have any function of the device and is not used for any data transfer etc.

60601-1 Figure 17, i.e. part c of 8.7.4.7, has not been tested on this device. I guess the performance of this test depends a little on this part.
1-) In this case, is the USB port still considered SIP/SOP?

Of course, there is no insulation on this port and the device has a BF type connection. BF type aplied part (cable) has 1 MOPP isolation. As I said, this port is not designed to be used during treatment in the hospital (The device can be used only in the hospital).

2-) They can replace the applied BF type part with a part from another manufacturer. In this case, can we say that the applied section still has 1 MOPP?

It is already an approved device, the user manual states that "this port will never be used during treatment and devices compatible with 60950, 60601 should be used.
I was really confused after learning about this risk. I constantly think about whether it would be enough if I just mentioned this issue in risk management and had such a warning in the user manual. I am somewhat relieved that it is something that is definitely not used during treatment. I may add a cover or warning (on the enclosure) to that section when I release the new version (with new MDR or new LVD test), but I don't know how this will pose a problem for the old ones.

I'm really curious about your comments on this subject. Can you help me please?
USB Ports which feed from the isolated part shall be covered (and require a tool to be opened.) the reason is leakage currents through external device which may be connected to those ports.
Re. #2 , not sure I understand your question, if you warry about the possibility of replacing the AP from other mnf, and there is an unacceptable risk, I would have suggest to replace the connector to a unique connector to your AP.
 

Loekje

Involved In Discussions
A problem with standard USB ports is always that you cannot rely on what is hooked-on. If one puts an USB hub of questionably quality in between your device and your approved host device than it will probably function but you are in the dark on assumed patient safety. So you have to apply two MOPP's for mains between that USB port and your patient.
If you already have 2 MOPPs designed somewhere else inside your device than you may happily attach anything you like. You must assume that the data transport is inherently unsafe though.

If your USB port is an accessible part then your risk management may dictate MOPPs and or MOOPs for the working voltage behind the port.
I have seen special form factors on USB plugs and sockets such that creepage and clearance is OK and ordinary USB plugs will not fit.
 
Top Bottom