Retrofitting Risk Management for IEC EN 60601 3rd Edition Compliance

Eamon

Involved In Discussions
We have products certified to 60601-1 2nd edition, which we are just now starting to get certified for 3rd edition.

The risk management philosophy embedded in the 3rd edition is for the full product life cycle, and risk management as specified in ISO 14971 is called for from the start of the product design process.

Unless the manufacturer was prescient enough to apply ISO 14971 in its design process before this was mandated by the 3rd edition of 60601-1, how can any product designed prior to the 3rd edition comply with its risk management requirements?

Or to put it more concretely, how are testing houses dealing with this issue?

Eamon Egan
 
M

maple68

If I understand correctly. This was more lik backfilling the risk requriements to the existing products. Of course, post-market experience or design chages will be added in the Risk file and the risk docuemnt should be a living document.
 

Peter Selvey

Leader
Super Moderator
Maple68 is right, this will be a back fill operation, which is actually OK from a regulatory point of view.

Just some background:
Europe: essential requirements, standards, risk management and state of the art apply at the "time of design", not the time of sale, provided there is no significant safety issues (see "whereas" section in the MDD).

USA: standards have no formal role in the regulation, and there is no expectation by the FDA to upgrade old designs to new standards.

Canada: same as for the US (standards have no formal role, and Health Canada has no expectation for upgrade).

But, test houses using the 3rd ed will need some risk management documentation, especially for the specific items that are called out in the 3rd edition. And you will need to establish a baseline for the maintenance side of risk management (market feedback, design changes).

There are a lot of shortcomings in ISO 14971 risk management, so don't worry too much about making "perfect" documentation. Just getting started is the key point.

One way is to allocate some reasonable resource targets (e.g. time, pages, or even line items in the risk summary table), and just start working to those targets.

I also recommend that on a 7 year cycle (no longer than 10 years) all designs should be upgraded to new standards. Don't forget that new designs are usually based on old designs. This 7 year cycle helps to keep everything up to date and smooths the path for new designs.
 
P

PaulGr

Nice overview of Peter. Just to add with respect to Europe: in practice, many designs are upated on a regular basis. With significant changes, notified bodies do require 'state of the art', and complying with current standards is then the most common way to show 'state of the art'. So your 7 year cycle could be a bit shorter.

I recommend distinguishing between 'mainly process standards' (risk management, usability, SW lifecycle,...)' and product standards (60601-1, 60601-2-x,...). Notified bodies don't expect you to redo your design process, so with new or updated process standards, in general a limited backfill operation and/or some rationales should do.

In my experience, testing houses testing existing products on 3th edition compliance also use this more pragmatic approach. Discuss this with them in the earliest stage.

Cheers, Paul
 

Peter Selvey

Leader
Super Moderator
As an MDD auditor over 7-8 years I found that most new designs were based on old designs sometimes 15-30 years old. While there were high level claims of compliance, at the detail level the "grandfather clause" was often applied (i.e. it's OK because it's old).

For example, many NIBPs were tested for clinical accuracy 15-20 years ago according to AAMI/ANSI SP10. Since then the electronic circuits and software have been modified time and time again, but each change was small and previous clinical data deemed valid. In the background the standards for clinical validation of NIBPs have changed and improved (EN 1060-4, and now ISO 81060-2), invalidating much of the older clinical data. But the requirements look similar and you need to look carefully (slowly, clause by clause) to see where the big changes are.

So, that's why I recommend on a 7 year cycle starting with a fresh, blank protocol and going through clause by clause and checking if the existing records really support compliance. This is not something that is done in practice, because it is expensive and the NBs don't ask for it.

NBs make a lot of noise about updating to high profile standards like EN IEC 60601-1, but they tend to overlook a lot of the smaller standards like the NIBP situation above. However these lower profile standards can actually be much more important from the patient perspective.
 

Roland chung

Trusted Information Resource
Good said, peter. In your NIBP example, I am wondering if ISO 81060 series will supersede the EN 1060 series. The requirements between them are similar or overlapping but I can not find out any clue from Official documents for the replacement.
 

Peter Selvey

Leader
Super Moderator
Getting bit off topic here, but the situation is if the original document was issued by EN then ISO or IEC versions don't specifically say they are intended to replace the older EN standard.

The same problem with ISO 80601-2-56 for thermometers, one expects that it will replace EN 12470 series but there is no explicit statement to that effect, and the requirements are quite different.

We just have to wait for them to get harmonized.
 
Top Bottom