Retrofitting Risk Management for IEC EN 60601 3rd Edition Compliance

Eamon

Involved In Discussions
#1
We have products certified to 60601-1 2nd edition, which we are just now starting to get certified for 3rd edition.

The risk management philosophy embedded in the 3rd edition is for the full product life cycle, and risk management as specified in ISO 14971 is called for from the start of the product design process.

Unless the manufacturer was prescient enough to apply ISO 14971 in its design process before this was mandated by the 3rd edition of 60601-1, how can any product designed prior to the 3rd edition comply with its risk management requirements?

Or to put it more concretely, how are testing houses dealing with this issue?

Eamon Egan
 
Elsmar Forum Sponsor
M

maple68

#2
If I understand correctly. This was more lik backfilling the risk requriements to the existing products. Of course, post-market experience or design chages will be added in the Risk file and the risk docuemnt should be a living document.
 

Peter Selvey

Leader
Super Moderator
#3
Maple68 is right, this will be a back fill operation, which is actually OK from a regulatory point of view.

Just some background:
Europe: essential requirements, standards, risk management and state of the art apply at the "time of design", not the time of sale, provided there is no significant safety issues (see "whereas" section in the MDD).

USA: standards have no formal role in the regulation, and there is no expectation by the FDA to upgrade old designs to new standards.

Canada: same as for the US (standards have no formal role, and Health Canada has no expectation for upgrade).

But, test houses using the 3rd ed will need some risk management documentation, especially for the specific items that are called out in the 3rd edition. And you will need to establish a baseline for the maintenance side of risk management (market feedback, design changes).

There are a lot of shortcomings in ISO 14971 risk management, so don't worry too much about making "perfect" documentation. Just getting started is the key point.

One way is to allocate some reasonable resource targets (e.g. time, pages, or even line items in the risk summary table), and just start working to those targets.

I also recommend that on a 7 year cycle (no longer than 10 years) all designs should be upgraded to new standards. Don't forget that new designs are usually based on old designs. This 7 year cycle helps to keep everything up to date and smooths the path for new designs.
 
P

PaulGr

#4
Nice overview of Peter. Just to add with respect to Europe: in practice, many designs are upated on a regular basis. With significant changes, notified bodies do require 'state of the art', and complying with current standards is then the most common way to show 'state of the art'. So your 7 year cycle could be a bit shorter.

I recommend distinguishing between 'mainly process standards' (risk management, usability, SW lifecycle,...)' and product standards (60601-1, 60601-2-x,...). Notified bodies don't expect you to redo your design process, so with new or updated process standards, in general a limited backfill operation and/or some rationales should do.

In my experience, testing houses testing existing products on 3th edition compliance also use this more pragmatic approach. Discuss this with them in the earliest stage.

Cheers, Paul
 

Peter Selvey

Leader
Super Moderator
#5
As an MDD auditor over 7-8 years I found that most new designs were based on old designs sometimes 15-30 years old. While there were high level claims of compliance, at the detail level the "grandfather clause" was often applied (i.e. it's OK because it's old).

For example, many NIBPs were tested for clinical accuracy 15-20 years ago according to AAMI/ANSI SP10. Since then the electronic circuits and software have been modified time and time again, but each change was small and previous clinical data deemed valid. In the background the standards for clinical validation of NIBPs have changed and improved (EN 1060-4, and now ISO 81060-2), invalidating much of the older clinical data. But the requirements look similar and you need to look carefully (slowly, clause by clause) to see where the big changes are.

So, that's why I recommend on a 7 year cycle starting with a fresh, blank protocol and going through clause by clause and checking if the existing records really support compliance. This is not something that is done in practice, because it is expensive and the NBs don't ask for it.

NBs make a lot of noise about updating to high profile standards like EN IEC 60601-1, but they tend to overlook a lot of the smaller standards like the NIBP situation above. However these lower profile standards can actually be much more important from the patient perspective.
 

Roland chung

Trusted Information Resource
#6
Good said, peter. In your NIBP example, I am wondering if ISO 81060 series will supersede the EN 1060 series. The requirements between them are similar or overlapping but I can not find out any clue from Official documents for the replacement.
 

Peter Selvey

Leader
Super Moderator
#7
Getting bit off topic here, but the situation is if the original document was issued by EN then ISO or IEC versions don't specifically say they are intended to replace the older EN standard.

The same problem with ISO 80601-2-56 for thermometers, one expects that it will replace EN 12470 series but there is no explicit statement to that effect, and the requirements are quite different.

We just have to wait for them to get harmonized.
 
Thread starter Similar threads Forum Replies Date
F Retrofitting Medical Devices - Who is the Manufacturer after the Retrofit? EU Medical Device Regulations 12
M What is the Risk of Using Obsolete Versions of C=0 & ANSI/ ASQ Z1.4 Sampling Plans? ISO 13485:2016 - Medical Device Quality Management Systems 8
D AS9100D 8.4.2 Note 2 Significant Operational Risk AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A Calculating Risk Estimation ISO 14971 - Medical Device Risk Management 28
M Intended Use vs Actual Use and Scope of Risk Management EU Medical Device Regulations 8
S IDCB 0129/0160 Clinical Risk Management ISO 14971 - Medical Device Risk Management 2
H At what level (harm, hazardous situation, seq. of events, etc) is "risk" estimated? ISO 14971 - Medical Device Risk Management 12
A Risk Management Team IEC 60601 - Medical Electrical Equipment Safety Standards Series 11
S Risk Management File - Procedure Packs ISO 14971 - Medical Device Risk Management 3
B ISO 14001 Risk assesment ISO 14001:2015 Specific Discussions 4
J What risk to cover when NOT using ISO 17025 accredited/certified labs for calibration ISO 17025 related Discussions 3
G Risk Management for IEC 60601-1 and IEC 60601-1-2 IEC 60601 - Medical Electrical Equipment Safety Standards Series 15
S What is your favorite Usability Risk Analysis tool? IEC 62366 - Medical Device Usability Engineering 5
T Assessing risk where harm is indirect - Generic devices / accessories / intermediates ISO 14971 - Medical Device Risk Management 8
K Do you have separate clinical risk management group or experts in your manufactures? EU Medical Device Regulations 4
W IATF 9.2.2.1 Internal Audit how to determine risk IATF 16949 - Automotive Quality Systems Standard 12
S Risk control through Information for safety ISO 14971 - Medical Device Risk Management 8
A Derive Risk Acceptance Matrix from Risk Policy ISO 14971 - Medical Device Risk Management 8
B ERP software validation - risk assessment vs validation scope ISO 13485:2016 - Medical Device Quality Management Systems 11
I Estimation of overall residual risk. How to? EU Medical Device Regulations 11
Sidney Vianna ISO Practical Guide on ISO 31000:2018 - Risk Management Other ISO and International Standards and European Regulations 0
T IEC 62304 : Risk control for SaMD IEC 62304 - Medical Device Software Life Cycle Processes 8
T Risk Assessment and Management Misc. Quality Assurance and Business Systems Related Topics 0
P Scenario based risk assessment IEC 27001 - Information Security Management Systems (ISMS) 1
Q KPI risk assessment - Criteria for the given score IATF 16949 - Automotive Quality Systems Standard 3
S Foreign Risk Notification Canada Medical Device Regulations 2
J HELP NEEDED ! Risk Management Exercise ISO 14971 - Medical Device Risk Management 12
O Should a Covid vaccine and testing policy be included as part of ISO9001 or AS9100 risk management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Does 4.5 - Alternative RISK CONTROL apply to the Particular Standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
Q Measurement Equipment Revocation - Looking for a Disposal Form with Risk Assessment IATF 16949 - Automotive Quality Systems Standard 10
B ISO13485 Risk managment implementation for suppliers ISO 14971 - Medical Device Risk Management 2
Moncia Chemical risk assessment / COSHH Manufacturing and Related Processes 5
Enghabashy Supply chain main policies ,scope, risk assessments & relavant KPI Supply Chain Security Management Systems 2
D Use Error Risk Controls and Control Verification ISO 14971 - Medical Device Risk Management 6
J Risk Assessment of Lithium Ion Batteries FMEA and Control Plans 3
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 13
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 14
H Risk Analysis and Probability of Occurrence ISO 14971 - Medical Device Risk Management 3
B Risk analysis for defective measuring or measuring equipment out of calibration General Measurement Device and Calibration Topics 2
P Benefit risk analysis on pFMEA ISO 14971 - Medical Device Risk Management 10
B AS9102 - 3D printing a special tool required for assembly (counterfeit risk?) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
K Defining risk control measures IEC 62304 - Medical Device Software Life Cycle Processes 14
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
Q FMEA and Risk assessment in Microsoft Access FMEA and Control Plans 6
I Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0

Similar threads

Top Bottom