MECA Main Site

IEC 60601-1
Medical Equipment Compliance
Certification and Regulatory
Help Site

MECA ECG

- Work With The Experts to Speed Your Device to Market -

Medical Equipment Compliance Associates, LLC

World Turning
MECA Logo

Call Today
For answers to your questions.
Speak with Brian Biersach at:

(262) 347-3436

 

Risk Management Compliance Help

This is the MECA help website.
Also see our main site at
60601-1.com.

Help With Risk Management Requirements

This page provides guidance on the requirements for risk management, set out in the two medical device standards, IEC 60601-1 and ISO 14971.
The ISO 14971 requirements for the risk management process/procedure are specified as requirements in Clause 4.2.2 of IEC 60601-1.
This is NOT the device-specific risk management file or FMEA; this is the process/procedure used in the design of the medical device.
If this was not done before the device was designed and developed, this will be an exercise in backwards documentation.
You may also find that when the risk management process and device file is generated, there are new risks that need to be addressed.
This is not uncommon.

The guidance documents with the following information can be downloaded on the MECA Download page at: http://60601-1.com/download.html


ISO 14971 Risk Management Process/Procedure Guidance

Risk Management Process/Procedure Requirements to comply with Clause 4.2.2 of IEC 60601-1.
Note, IEC 60601-1 excludes review of production and post-production requirements.

The following are to be addressed in your risk management process and/or procedure documentation.
This is not specific to your device, this is the documented process/procedure that you apply to generate the device risk management file.
Clause numbers references below are from ISO 14971 (not IEC 60601-1).

3.1
Risk Management Process
The following items shall be documented in the risk management procedure:
That an ongoing process is established, documented and maintained for:

- Identifying hazards

- Estimating, evaluating and controlling the risks

- Monitoring the effectiveness of risk controls

That the process shall include these elements:

- Risk analysis

- Risk evaluation

- Risk control

That if a documented product realization process exists, it shall:

- Incorporate the appropriate parts of the risk management process

 

3.2

Management Responsibilities

The following items shall be documented in the risk management procedure:

Evidence that top management is committed to providing adequate Resources

 

3.2

Management Responsibilities

The following items shall be documented in the risk management procedure:

Evidence that top management is committed to the assignment of Qualified Personnel

 

3.2

Management Responsibilities

The following items shall be documented in the risk management procedure:

That a policy is designed and documented for:

- Determining Criteria for Risk Acceptability

That management policy ensures criteria based on:

- National/regional regulations and international standards

- Takes into account known stakeholder concerns and accepted state of the art

 

3.3

Qualification of Personnel

Specify that the following items shall be documented in the device risk management file:

Risk management tasks are completed by persons having:

- The knowledge and experience appropriate to the tasks they are assigned, including

   * Device experience

   * Technical experience

   * Risk management techniques, as appropriate

- Qualification records are maintained

 

3.4

Risk Management Plan

Specify that the following items shall be documented in the device risk management file:

That risk management activities shall:

- Be planned

- Include changes to the plan made over the life-cycle of the device

That plans shall be prepared for particular medical devices/accessories, and shall include at a minimum:

 

3.4a

Scope

Specify that the following items shall be documented in the device risk management file:

Scope of the planned activities identifying the medical device, including:

- Description of the device

- Life-cycle phases covered by the plan

 

3.4b

Assignment of Responsibilities and Authorities

Specify that the following items shall be documented in the device risk management file:

Specification of the assignment of responsibilities and authorities

 

3.4c

Review Requirements for Risk Management Activities

Specify that the following items shall be documented in the device risk management file:

Specification of the review requirements for risk management activities

 

3.4d

Criteria for Risk Acceptability

Specify that the following items shall be documented in the device risk management file:

Criteria based on the manufacturers policy

Criteria for accepting risks when the probability cannot be estimated

 

3.4e

Verification Activities

Specify that the following items shall be documented in the device risk management file:

Specification of the verification activities

 

3.4f

Production and Post-Production

Not required by IEC 60601-1 Ed.3.1

Collection & review of production and post-production information

 

3.5

Risk Management File

Specify that the following items shall be documented in the device risk management file:

That a risk management file shall be established for each device

That the risk management file shall provide traceability for each hazard to:

- Risk analysis

- Risk evaluation

- Implementation and verification of mitigations (control measures)

- Assessment of residual risk acceptability

 

4.1

Risk analysis process

Specify that the following items shall be documented in the device risk management file:

That a risk analysis shall be performed

That implementation of the planned activities and result of the risk analysis shall be documented

That the risk analysis shall include at a minimum:

a) Description & identification of the items covered

b) Identification of personnel performing the risk analysis

c) Scope and date of the risk analysis

 

4.2

Product Specifications (Intended Use and Characteristics Related to the Safety)

Specify that the following items shall be documented in the device risk management file:

- Intended use and reasonably foreseeable misuse identified

- Listing of characteristics (qualitative and quantitative) that could impact the safety of the medical device

- Any appropriate limits

 

4.3

Identification of Hazards

Specify that the following items shall be documented in the device risk management file:

- List compiled of known and foreseeable hazards for the device in normal and fault conditions

 

4.4

Estimation of the Risk(s) For Each Hazardous Situation

Specify that the following items shall be documented in the device risk management file:

- Reasonably foreseeable sequences/combinations of events leading to hazardous situations considered

- The hazardous situation is recorded

- Risk(s) for each hazardous situation shall be estimated using available data or information

- Where the probability of occurrence cannot be estimated,

  the resulting consequences shall be identified for use in the risk evaluation/control

- Activities are recorded in the risk management file

- Any systems used for qualitative/quantitative categorization of probability/severity

  shall be documented in the risk management file

 

5

Risk Evaluation

Specify that the following items shall be documented in the device risk management file:

- All identified hazardous situation shall be evaluated to determine if risk reduction is required,

  based on the criteria defined in the plan

- The results of the evaluation are recorded in the risk management file

 

6.1

Risk Reduction

(Not required by IEC 60601-1 Ed.3.1)

- Where reduction is required, risk control activities are performed

 

6.2

Risk Control Option Analysis

Specify that the following items shall be documented in the device risk management file:

That risk control measures appropriate for reducing risks to an acceptable level shall be identified

That one or more risk control measures shall be applied in the following priority:

a)  Safety by design (inherent) - elimination of the hazard or hazardous situation

b) Protective measures in the device or manufacturing process

    - Prevent the hazard or hazardous situation from occurring

c) Information for safety

    - Provide warnings related to the hazard or hazardous situation

That the selected risk control measure shall be documented in the risk management file

That where further risk reduction is impractical, a risk/benefit analysis of the residual shall be performed

 

6.3

Implementation of Risk Control Measure(s)

Specify that the following items shall be documented in the device risk management file:

That selected risk control measures shall be implemented

That the implementation and its effectiveness shall be verified and documented in the risk management file

 

6.4

Residual Risk Evaluation

Specify that the following items shall be documented in the device risk management file:

That risk remaining after the implementation of the risk control shall be evaluated against the criteria

in the risk management plan

That further risk control shall be applied where the residual risk is not judged acceptable

That for acceptable residual risk, the manufacturer shall determine which residual risks to disclose

(including what information is necessary)

  NOTE: this is looking at each risk individually

 

6.5

Risk/Benefit Analysis

Specify that the following items shall be documented in the device risk management file:

That for residual risk not meeting the criteria for risk acceptability where further risk control is impractical,

the manufacturer may gather data/literature to determine if benefit of the device outweighs the residual risk

(If not, the risk remains unacceptable)

That where the benefit outweighs the residual risk,

the manufacturer shall identify any information for safety required to disclose the residual risk

That this review shall be documented in the risk management file

That this assessment is performed on individual risks

 

6.6

Risks arising from risk control measures

That the impact of risk controls shall be reviewed with regard to risks arising from control measures:

 

6.6a

Introducing New Hazards/Hazardous Situations

Specify that the following items shall be documented in the device risk management file:

That the impact on risk controls are reviewed for introducing new hazardous situations

That any new/increased risks are subjected to the requirements of this standard and documented in

the risk management file

 

6.6b

Effect on the Estimated Risks for Previously Identified Hazardous Situations

Specify that the following items shall be documented in the device risk management file:

That the impact on risk controls are reviewed for the effect on the estimated risks for

previously identified hazardous situations

That any new/increased risks are subjected to the requirements of this standard and documented in

the risk management file

 

6.7

Completeness of Risk Control

Specify that the following items shall be documented in the device risk management file:

That an assessment shall be performed to ensure that risks from all identified hazardous situations

have been considered

That this assessment shall be documented in the risk management file

 

7

Overall Residual Risk Acceptability

Specify that the following items shall be documented in the device risk management file:

That following implementation & verification of all risk control measures:

- Manufacturer shall determine if the overall residual risk of the device is acceptable,

  based on the criteria defined in the risk management plan

  NOTE: this is looking at the overall risk profile, not each risk individually

Specify that where the overall residual risk is judged to be unacceptable:

- Manufacturer may gather data & literature on the medical benefit of the device (intended use / purpose)

  to determine if they outweigh the overall residual risk

- If not, the residual risk remains unacceptable

- Where acceptable, the manufacturer shall determine what information is necessary to include

  in the accompanying documents to disclose residual risk

That this evaluation shall be documented in the risk management file

 

8

Risk Management Report

Specify that the following items shall be documented in the device risk management file:

That prior to commercial distribution of the device,

a review of the risk management process shall be performed to ensure:

- Risk management plan was appropriately implemented

- Overall residual risk is acceptable

- Appropriate methods in place to obtain relevant production/post-production information

That the results of this review are recorded as the risk management report

That the results of this review are included in the risk management file

That responsibility for review assigned in the risk management plan to persons with appropriate authority

 

9

Production and Post-Production Information

(Not required by IEC 60601-1 Ed.3, 3.1)

A system shall be established, documented and maintained to collect and review production and post-production
information about the device or similar devices

The system should consider at a minimum:

a) Mechanism for collecting and processing information generated by the operator, user, or those accountable for
    installation, use and maintenance of the device

b) New or revised standards

    The system should collect and review public information for similar devices

    The information shall be evaluated for possible relevance to safety including:

    -  Identification of previously unrecognized hazards/hazardous situations

    - Estimated risks arising from hazardous situations are no longer acceptable

      * e.g. if within the boundaries that were accepted during the risk management process.

        (probability & severity)

    - If the above conditions occur:

      1) Impact on previously implemented risk management activities shall be evaluated and used an additional input
          into the risk management process

      2) Review the risk management file for the device to determine if residual risk(s) or acceptability has changed
          and the impact on previously implemented control measures

This evaluation shall be documented in the risk management file




IEC 60601-1Device Risk Management Requirements and Guidance

Being added shortly

 

 

MECA Logo (TM)

Experts in the field of medical certification and regulatory compliance with a commitment to quality service
Founded  2002

Linkedin Twitter Facebook
Google+