The third edition of IEC 60601-1 mandates that medical device manufacturers
manage risk throughout their supply chains.
When the third edition of IEC60601-1 was published, it marked the beginning of a new era. The standard now incorporates the concept and application of risk management in the design and production of devices. Implementation of risk management has implications for not only the end-product manufacturer but component providers as well, and further cascades through the entire supply chain. All parties face a series of choices and opportunities in determining how best to ensure, for the entire lifetime of a device, that basic safety and essential performance are preserved. This article explores some of those choices and the consequences.
The publication of the standard sparked debate and discussion about the need to perform a risk management assessment of component power supplies that will be used in medical electrical equipment.
In reality, this is not a new concern. Many regulators have long required manufacturers to incorporate risk management in the design and production of medical devices. For example, FDA’s quality system regulation (QSR) requires manufacturers to, as noted in 21 CFR 820.30(c), “ensure that the design requirements relating to a device are appropriate and address the intended use of the device, including the needs of the user and patient.” And, as specified in 21 CFR 820.30(g), manufacturers “shall include software validation and risk analysis” [emphasis added].
In practice, some manufacturers have relied on third-party certification to ensure adequacy of design of supplied components. With certain qualifiers, FDA has acknowledged this approach. According to the preamble to the 1996 QSR (comment No. 103):
[FDA] cautions manufacturers against relying solely on certification by third parties as evidence that suppliers have the capability to provide quality products or services ... third-party certification should not be relied on exclusively in initially evaluating a supplier. If a device manufacturer has established confidence in the supplier’s ability to provide acceptable products or services, certification with test data may be acceptable.”
The national and international standards used to certify these components have also provided a solid foundation for ensuring medical device safety.
To ensure the safety and effectiveness of the finished device after the design phase, finished device manufacturers must control all contractors. In the past, OEMs have, to some degree, relied on the certifications of off-the-shelf components to ensure safety. Because of this reliance on certifications, OEMs may not have had detailed knowledge of design features at the component level. However, to truly manage the risks involved in the application of a component within an overall system, OEMs may need to perform additional analysis, and may need to know the design details and construction features of the component.
As specified in clause 4.2 of ISO 14971,
The manufacturer shall identify and document those qualitative and quantitative characteristics that could affect the safety of the medical device and, where appropriate, their defined limits. This documentation shall be maintained in the risk management file.”
And as specified by clause 4.3,
The manufacturer shall compile documentation on known and foreseeable hazards associated with the medical device in both normal and fault conditions.
This documentation shall be maintained in the risk management file.”
Therefore, if a manufacturer’s risk management process has identified a certain feature as critical to basic safety or essential performance, it is the manufacturer’s responsibility to ensure that the feature is preserved through the expected service life of the device.
In the past, if a feature was dependent on a particular construction within an outsourced component, the end-product manufacturer relied on the compliance of the component with national and international standards and their certifications.
Theoretically, if component manufacturers had risk management processes in place, and if it were possible for them to know the intended use and essential performance of the end product, this approach could continue. However, many component manufacturers are not familiar with these risk management requirements and may never take the initiative to learn them. It is then the OEM’s responsibility to follow through and ensure appropriate risk-management measures are taken. To see what this actually means, it is necessary to dig deeper.
As specified in the rationale to subclause 4.2 of IEC 60601-1:2005 [emphasis added throughout]:
The MANUFACTURER is responsible for ensuring that the design and construction of the ME [medical electrical] EQUIPMENT renders it suitable for its INTENDED PURPOSE and that any RISKS that are associated with its use are acceptable when weighed against the benefits... ”
“The MANUFACTURER of ME SYSTEMS should make this determination on a system level. The MANUFACTURER should assess RISKS resulting from the fact that individual system components have been integrated into one system. This assessment should include all aspects of the information exchanged between the system components.”
The latter statement makes it clear that the risk assessment needs to consider the intended function of a device and how it may relate to the device’s essential performance.
The rationale continues,
Even when these components are non-me electrical components, the potential RISK related to the integration of these components into the ME SYSTEM needs to be considered. Further requirements for the integration of non-medical equipment into a ME SYSTEM are described in clause 16. It gives the requirements for an ME SYSTEM and how RISKS associated with non-ME EQUIPMENT are addressed….”
From 16.1 of IEC 60601-1:2005
An ME SYSTEM shall provide:
— within the PATIENT ENVIRONMENT, the level of safety equivalent to ME EQUIPMENT complying with this standard; and
— outside the PATIENT ENVIRONMENT, the level of safety equivalent to equipment complying with their respective IEC or ISO safety standards….”
There are additional factors, but the net effect is that the manufacturer must pay close attention to where and under what conditions a given component is to be employed. In some cases, compliance with the applicable component safety standard alone may be sufficient. In other cases, the manufacturer must identify associated hazards and estimate and evaluate the risks they carry. The manufacturer must take action to control those risks and monitor the effectiveness of those controls.
Of course, there are business implications associated with the selection of components, and they are more extensive when risk management is required. This is true for both the component supplier and OEM. With regard to risk management for medical devices, there are two basic scenarios: the component supplier elects to perform the risk management or it elects not to perform it.
At least initially, most component suppliers will probably not perform risk management. This means that, for them, business will continue as usual with regard to design, development, and production processes.
However, if the application of a purchased component requires risk management, the OEM will need information about the component beyond its ratings and certifications. This might include design details of the component construction (e.g., transformer bobbin construction and material, creepage and clearance distances, and dielectric strength).
To fulfill applicable regulatory obligations and follow its risk management process, the OEM may also require some level of supplier control over the component to ensure the preservation of basic safety and essential performance. This may involve second-party audits by the OEM, which may also need to understand how the component manufacturer’s suppliers are controlled. The certification agency that evaluates the finished device may also need such information. If this same component is sold to other end-product medical device manufacturers for similar purposes, suppliers may find themselves duplicating assessments and information-sharing processes.
From the OEM’s perspective, it is important demonstrate compliance with clause 4.8 of IEC 60601-1:2005, which states in part:
All components, including wiring, the failure of which could result in a HAZARDOUS SITUATION, shall be used in accordance with their specified ratings unless a specific exception is made in this standard or through the RISK MANAGEMENT PROCESS…”
Similarly other clauses of IEC 60601-1:2005 expect the risk management process to properly address any risks associated with the device. These risks may be associated with the components employed. Thus, the OEM may need information about things such as component construction, production processes, supplier controls, and the like to complete its risk management file.
With this information in hand, the OEM will have to determine whether any supplemental actions or end-product design changes are needed to maintain an acceptable level of risk on an ongoing basis. OEMs may impose vendor requirements (such as supplier controls) on suppliers in order to maintain an acceptable level of risk.
As discussed, some suppliers follow a risk management process when developing components. This presents challenges to the provider, but also offers some distinct benefits.
With respect to the challenges, the single biggest hurdle may be implementing an ISO 14971 process, or failing that, implementing processes and procedures to support the informational needs and actions of an OEM’s ISO 14971 process. The good news is that many component suppliers already have quality management systems in place, and can integrate an ISO 14971 process with those systems. There are many resources available to help suppliers with this process. The global harmonization task force (GHTF) produced a document (GHTF/SG3/N15R8) titled “Implementation of Risk Management Principles and Activities Within a Quality Management System.” It discusses and supports the implementation and integration of a risk management system within a quality management system and provides practical explanations and examples.
Another challenge, perhaps better stated as an additional requirement, is establishing and communicating the design intent of a component. Previously, the supplier could produce a component with certain features and ratings, and it was up to the OEM to determine whether the component was acceptable for the end use. However, a fundamental element of risk management for any device is a clear statement of intended use and a declaration of the essential performance. These establish the basis for design features, performance characteristics, and the identification of any limitations for the device. The risk management process is then used to define, establish, and implement any necessary risk mitigations to preserve the essential performance and basic safety of the end product.
The information that is developed in answer to the challenges provides the key benefits of implementing a risk management program—namely, the supplier’s ability to demonstrate due diligence to a purchaser in the form of objective evidence of compliance with the relevant parts of clauses of IEC 60601-1, especially clauses 4.2 and 4.8. Suppliers that are able to provide a clear statement of intended use and a definition of essential performance for a component (as well as details of the risk analysis and mitigation actions performed) put OEMs in a much better position to complete their risk management processes. OEMs may prefer vendors that can offer such risk management documentation because they can reduce the OEM’s burden in terms of cost and time.
Suppliers may find additional, intangible benefits to implementing a risk-management process. Specifically, they will have a clear and comprehensive understanding of the actual risks associated with the declared intended use and essential performance of components developed with the aid of a risk-management analysis. The risk controls applied to product design features and characteristics will be focused right where they need to be—on preserving basic safety and essential performance. This, in turn, can result in a more efficient allocation of resources, a reduction in field issues, and greater profitability.
OEMs that work with suppliers that have implemented a risk management process will see distinct advantages beyond being able to demonstrate compliance with the safety standard. This begins with supplier assessments. As noted in FDA’s QSR (sec. 820.50):
Each manufacturer shall establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements.
(a) Evaluation of suppliers, contractors, and consultants. Each manufacturer shall establish and maintain the requirements, including quality requirements, that must be met by suppliers, contractors, and consultants. Each manufacturer shall:
(1) Evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements. The evaluation shall be documented.”
A supplier with an ISO 14971–compliant process could readily produce the information and documentation needed to support, and thus simplify, an OEM’s efforts to evaluate and select suppliers.
There are additional potential benefits for OEMs, such as the following:
When both the OEM and the supplier have an ISO 14971 process in place, communication between the two is greatly enhanced. Both parties have a more comprehensive understanding of the design and production risks associated with the finished device. This offers the opportunity to reduce the duplication of effort, making the entire supply chain leaner and focusing activities on the preservation of basic safety and essential performance. This is in line with the imperative of regulators around the world with regard to good manufacturing practices.
Medical devices certified according to the third edition of IEC 60601-1 must be developed under a process compliant with ISO 14971. This is also true for critical outsourced components. Thus, the end-product manufacturer and the provider of the outsourced component both face a choice. OEMs must decide if they are going to require outsourced components to be developed under an ISO 14971 process, and providers must decide if they’re going to implement an ISO 14971 process.
Clearly these choices represent the potential for significant change in the industry, and the options faced by OEMs and component providers must be weighed carefully. The third edition of IEC 60601-1 will bring change, but as history has demonstrated, change also brings opportunity.