We have submitted our product for 60601 certification and all EMC / Safety Markings have come back with passing results. However the test lab is requiring all the risk documentation before they will provide the certification report. Is this common?

For instance, we have not finished our design transfer, but the test house would like to see our risk management report which per our SOP needs to contain process risk evaluation.


Quite Involved in Discussions
Yes, unfortunately this is standard.

With so many of the requirements of 60601-1 having a 'by risk management' or 'by inspection of the risk management file' options the test house needs to know how you (the manufacturer) have dealt with it.

Many test houses are affiliated to the IEC IECEE conformity scheme. I use a version of an IECEE operational document OD-2044 Edition 2.2 to provide a summary of all the risk parts of 60601-1. This lists every individual clause risk management requirement and the parts of 14971 that apply.

For instance-
60601-1 Clause Mechanical strength and resistance to heat

requires the following parts of 14971

4.2 Intended use and characteristics
4.3 Identification of hazards
4.4 Estimation of risk
5 Risk evaluation
6.2 Risk options analysis
6.3 Control measures implementation
6.4 Residual risk analysis
6.5 Risk / benefit analysis

As you can imagine the form is long!
and filled with a LOT of N/A entries.

Your test house should be able to provide you with a blank form to fill in.

Welcome to the forums.

Peter Selvey

Trusted Information Resource
Bit of a side issue, but this actually highlights a legal fault in 601-1 and other standards that embed risk management.

Logically, the risk management system should sit outside of product standards, and provide only supplementary specifications for use within the product standard.

Then we can test and state that the device complies with the product standard and any supplementary specifications used.

Following this, the RM file can be signed off as complete.

Embedding the whole risk management system creates circular reference where you can't sign the 601-1 report without the RM being signed off, and you can't sign off the RM without the 601-1 report being signed off. Apart from this, embedding RM creates the painful process for the test labs and a fuzziness around responsibilities (who is responsible, the test lab or manufacturer? Test labs will claim no responsibility, but then why do they charge to review? What are they really doing?)

In practice there is a bit of a fudge going on - either the test lab accepts draft documents (common in my experience) or the manufacturer falsely signs the RMF before things are actually complete.

Wondering if there is any experience how to handle this for the forum members?
It is a bit of "do loop" which requires a bit of finesse. What we've generally done is for the clauses in the standard(s) which require "inspection of the RMF":
1. We make our best attempt to analyze the associated risks based on literature and experience.
2. If we can verify the necessary risk controls in house, then we'll close that out and present it as evidence to the test lab.
3. For risk controls which rely upon the test lab's data as evidence to complete the assessment, we give that a provisional "pass" with the assumption that the lab test will be PASS. We hold that as an open item in our verification of controls.
4. The above is all captured in an initial version of the risk management report.
5. We present this version of the RMF to the lab.
6. Following lab tests, we update the affected risk control verifications and issue a revision to the risk management report.