Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

IEC 60601-1 and ISO 14971 Assessment

#1
We have submitted our product for 60601 certification and all EMC / Safety Markings have come back with passing results. However the test lab is requiring all the risk documentation before they will provide the certification report. Is this common?

For instance, we have not finished our design transfer, but the test house would like to see our risk management report which per our SOP needs to contain process risk evaluation.
 
#2
Yes, unfortunately this is standard.

With so many of the requirements of 60601-1 having a 'by risk management' or 'by inspection of the risk management file' options the test house needs to know how you (the manufacturer) have dealt with it.

Many test houses are affiliated to the IEC IECEE conformity scheme. I use a version of an IECEE operational document OD-2044 Edition 2.2 to provide a summary of all the risk parts of 60601-1. This lists every individual clause risk management requirement and the parts of 14971 that apply.

For instance-
60601-1 Clause 8.8.4.1 Mechanical strength and resistance to heat

requires the following parts of 14971

4.2 Intended use and characteristics
4.3 Identification of hazards
4.4 Estimation of risk
5 Risk evaluation
6.2 Risk options analysis
6.3 Control measures implementation
6.4 Residual risk analysis
6.5 Risk / benefit analysis

As you can imagine the form is long!
and filled with a LOT of N/A entries.

Your test house should be able to provide you with a blank form to fill in.

Welcome to the forums.
 
#3
Bit of a side issue, but this actually highlights a legal fault in 601-1 and other standards that embed risk management.

Logically, the risk management system should sit outside of product standards, and provide only supplementary specifications for use within the product standard.

Then we can test and state that the device complies with the product standard and any supplementary specifications used.

Following this, the RM file can be signed off as complete.

Embedding the whole risk management system creates circular reference where you can't sign the 601-1 report without the RM being signed off, and you can't sign off the RM without the 601-1 report being signed off. Apart from this, embedding RM creates the painful process for the test labs and a fuzziness around responsibilities (who is responsible, the test lab or manufacturer? Test labs will claim no responsibility, but then why do they charge to review? What are they really doing?)

In practice there is a bit of a fudge going on - either the test lab accepts draft documents (common in my experience) or the manufacturer falsely signs the RMF before things are actually complete.

Wondering if there is any experience how to handle this for the forum members?
 
#4
It is a bit of "do loop" which requires a bit of finesse. What we've generally done is for the clauses in the standard(s) which require "inspection of the RMF":
1. We make our best attempt to analyze the associated risks based on literature and experience.
2. If we can verify the necessary risk controls in house, then we'll close that out and present it as evidence to the test lab.
3. For risk controls which rely upon the test lab's data as evidence to complete the assessment, we give that a provisional "pass" with the assumption that the lab test will be PASS. We hold that as an open item in our verification of controls.
4. The above is all captured in an initial version of the risk management report.
5. We present this version of the RMF to the lab.
6. Following lab tests, we update the affected risk control verifications and issue a revision to the risk management report.
 
#5
Yes, unfortunately this is standard.

With so many of the requirements of 60601-1 having a 'by risk management' or 'by inspection of the risk management file' options the test house needs to know how you (the manufacturer) have dealt with it.

Many test houses are affiliated to the IEC IECEE conformity scheme. I use a version of an IECEE operational document OD-2044 Edition 2.2 to provide a summary of all the risk parts of 60601-1. This lists every individual clause risk management requirement and the parts of 14971 that apply.

For instance-
60601-1 Clause 8.8.4.1 Mechanical strength and resistance to heat

requires the following parts of 14971

4.2 Intended use and characteristics
4.3 Identification of hazards
4.4 Estimation of risk
5 Risk evaluation
6.2 Risk options analysis
6.3 Control measures implementation
6.4 Residual risk analysis
6.5 Risk / benefit analysis

As you can imagine the form is long!
and filled with a LOT of N/A entries.

Your test house should be able to provide you with a blank form to fill in.

Welcome to the forums.
Hello, I realize this thread is almost two years old, but found it relevant to the question I have. We have been asked by our test house to write up a risk management document for 60601-1 based on our ISO 14971 risk management file. Do you know if all the 60601-1 clauses will have to be addressed, or just 4.2 (general requirements)? If its the former, then that is a hell of a long list! TIA
 

Tidge

Involved In Discussions
#6
Hello, I realize this thread is almost two years old, but found it relevant to the question I have. We have been asked by our test house to write up a risk management document for 60601-1 based on our ISO 14971 risk management file. Do you know if all the 60601-1 clauses will have to be addressed, or just 4.2 (general requirements)? If its the former, then that is a hell of a long list! TIA
I can't speak for your NRTL, but it is likely more than just 4.2, although it will not not be all the clauses of 60601-1. My recollection from my 3rd edition experience with a NRTL is that all the clauses of 60601-1 which include "Compliance is checked by inspection of the RISK MANAGEMENT FILE" are the ones that the NRTL wants you to summarize for them. For example, some element of the risk file should bluntly state what the essential performance (4.3) is of the ME device because in a 14971-compliant process this would be a key driver for the risk management process.
 
#7
Thank you for your reply. We are working with a testing firm for CB certification in Korea, and this was a request from them. We did not receive any other explanation other than that a "risk management file" for 60601-1 3rd edition needs to be provided. You make a good point about all clauses not being needed, as a vast majority of them do not apply to our device. Are you basically saying that we should look at the definition of essential performance within our ISO 14971 file, and use that to determine which clauses of 60601-1 need to be summarized?
 

Tidge

Involved In Discussions
#8
I recommend that you review 60601-1 for all the clauses which include "Compliance is checked by inspection of the RISK MANAGEMENT FILE" and then explain where in your risk files (many companies consider the entire DHF as part of the risk files) you satisfy those clauses. The essential performance is just one section; there are others. Some of these clauses may also be address by established procedures at your company along with specific outputs of that process.
 
#10
I recommend that you review 60601-1 for all the clauses which include "Compliance is checked by inspection of the RISK MANAGEMENT FILE" and then explain where in your risk files (many companies consider the entire DHF as part of the risk files) you satisfy those clauses. The essential performance is just one section; there are others. Some of these clauses may also be address by established procedures at your company along with specific outputs of that process.
Thank you, will check that out :)
 
Top Bottom