The Third Edition of IEC 60601 published in 2005 has introduced far-reaching changes reflecting a major shift in thinking on safeguarding the safety of medical devices. From its inception in 1977, IEC 60601-01 has been the critical tool for demonstrating the safety of electro-medical devices and has become the baseline for the safety and effectiveness of such devices around the world. “The Third Edition has, in fact, changed IEC 60601 from a basic safety standard for electro-medical devices to address both basic safety and the safety of the device in terms of its essential performance”, explains Harry van Vugt, Project Manager Notified Body/ IEC 60601-series Product Expert. “The revised standard should ensure that the products comply with the today’s state of art requirements and thus also result in safer products. But introducing and implementing these new requirements will have major consequences for both medical device manufacturers and certification bodies.”
The most far-reaching and significant change is that manufacturers are required to have a documented risk management process in compliance with ISO 14971 and which addresses not only the design but the entire life cycle of a device. “Risk management under ISO 14971 is a self-improving process; it requires the manufacturer to use knowledge gained before, during and after production in improving the safety of a device”, says Harry van Vugt.
As stated in the introduction to the Third Edition, ‘In all cases, the risk management process will establish whether the requirements of the standard are appropriate and acceptable.’ This, in fact, gives a manufacturer more freedom to challenge the requirements of the standard with regard to the needs of the device and its intended use, rather than having to adjust the device design to the requirements of the standard. “Of course, manufacturers cannot do this arbitrarily, the acceptable risk has to be established on an objective evidence basis”, says Harry van Vugt.
The Third Edition has various implications for Certification Bodies. To comply with IEC 60601-1, manufacturers will have to demonstrate that the risk management process has been applied to the device and that risk analyses have been performed and the data compiled in a risk management file. Certification Bodies will have to ensure that this has been done.
“Review of risk management activities is certainly a departure from the ways Certification Bodies have worked in the past”, continues Harry van Vugt. “The safety of an electro-medical device has been certified on the basis of meeting certain criteria on prescribed test methods. Under the new IEC 60601, the certification task would appear to focus more on reviewing risk management files and conducting additional reviews for any major changes to a device. And what’s more, it would seem logical that a manufacturer’s risk management system would need to be audited periodically to ensure continued compliance with ISO 14971.”
However, not all Certification Bodies have the expertise in-house to carry out these reviews and audits. As a European Notified Body, KEMA is experienced in risk analysis review because this is a part of the technical review for the CE marking. “In the last year, we have had numerous inquiries from manufacturers about the implications of the new Third Edition”, concludes Harry Van Vugt. “As a result, we have conducted training sessions for individual companies in gaining better understanding of the requirements and the implications for their company and their new products.”