Devices that come into contact with patients are subject to the most rigorous risk management processes.

The third edition of IEC 60601-1 will have a significant impact on both manufacturers of medical devices and certification organisations, but it will also result in safer and more effective devices.

Everyone involved in certification to IEC 60601-1 needs to understand that fundamental changes have accompanied the transition from the second edition (1988) to the third edition (2005) of this standard. In addition to making structural changes to the standard, the third edition takes on a broader range of products and has been modernised to take account of the past ten years of technological evolution and a different approach to standards development.

Some of the changes allow for a relaxation of requirements based on historical evidence, which makes for significant savings on the cost of medical equipment. For example, if a risk management process shows that a device or its components do not touch the patient, then that device or its components only need to meet the less stringent requirements of IEC 60950, because in such circumstances operator protection and not patient protection is the goal. In such cases, manufacturers can use components, such as power supplies and video displays that are used in IT applications.

New thinking

Perhaps the most significant change accompanying the third edition is the requirement for risk management. Clause 4.2 of the third edition states: ‘A risk management process complying with ISO 14971 shall be performed.’ Thus, to meet the requirements of the third edition, one must also comply with ISO 14971.

This single statement integrates process-based requirements into a test standard, which will have a significant impact on both manufacturers and Certification Organisations (COs). The manufacturer’s risk management process is used throughout the third edition to determine whether a particular requirement is applicable or not applicable; whether an alternative requirement can be substituted; and whether it can be satisfied with alternative test criteria or testing procedures.

Flexibility in risk management standards

Clause 4.5 of the third edition allows the manufacturer to use an alternative means of managing any risk addressed by the standard, so long as the residual risk (estimated as part of the risk management process) can be demonstrated to be smaller. So, instead of designing a product to meet the third edition, risk management is used to design a standard the device must meet.

It might be an exaggeration to say that these are revolutionary ideas, but it is true to say that the risk management process allows the manufacturer more flexibility. In return for this flexibility, the manufacturer will be expected to demonstrate that its assessment of acceptable risk takes into account applicable regulations and standards, stakeholder concerns and state-of-the-art processes. The acceptable risk needs to be rationally based and measurable, so that the manufacturer can make good decisions at the design stage.

Implications for COs

What does the establishment of this risk management process mean for COs? Test parameters and even the application of specific tests can vary from device to device, depending on the intended use and resultant acceptable risk(s). This, in turn, raises the question of how this impacts on a CO’s ability to conduct testing cheaply and efficiently.

Furthermore, COs will want to seek many parts (if not all) of the manufacturer’s risk management file, since the third edition has over 100 compliance statements where evidence of compliance is to be found in the risk management file. Thus, the documentation needed for certification will probably increase significantly.

Assessing manufacturers’ risk management processes

But what about the risk management process itself? Since one must have an ISO 14971 risk management process in place to conform to the third edition, it is logical that COs will want to assess the manufacturer’s risk management process as part of the certification process, as they now do for certification to the collateral standard for programmable electro-medical systems. Thus, certification to the third edition of IEC 60601-1 will probably include some sort of onsite audit to assess the manufacturer’s compliance to ISO 14971.

UL International provides testing and certification solutions. Its services and marks support access and acceptance in the major world markets.