Almost every day, another advertisement or article is released that espouses the need to get ready for product testing to the new IEC 60601-1 Third Edition. Industry has been experiencing some pressure to apply this expensive standard to their practices.
However, regulators and government agencies have renewed concerns about the risk management system. Concerns over credibility of certification to continue to emerge, especially because IEC 60601-1 is a standard intended to be applied to all electro-medical devices traded internationally. This has recently reached the attention of many other regulators who had previously remained on the sidelines of issuing opinions on standards. The International Accreditation Forum and European cooperation on Accreditation have entered into discussions and the European Commission (DG SANCO) is taking notice.
The accreditation bodies and regulators are questioning whether product-testing labs are capable of performing credible conformity assessment of the risk management system ISO 14971, which plays a critical role in determining compliance with 60601-1 3rd edition. There is also a concern that the standard itself is so open-ended and vulnerable to control by the manufacturer, that it can no longer be considered a fully independent product certification standard.
During a visit recently with the a representative of the National Institute of Standards and Technology (NIST), I was told that doubts existed as to whether any assessment to the 60601-1 3rd edition could be trusted, because most product testing labs have little or no staffing or experience with management system certifications. The concerns were directly aimed at the testing laboratories’ reliance on test engineers to perform the ISO 14971 risk management system assessment.
Accreditation Differences for Product versus Management System Certifications
Product testing laboratories have historically operated under accreditation to ISO 17025, which concerns the accuracy of testing equipment used for measuring attributes of physical products. Conformity Assessment Bodies (CABs) that normally certify management systems, such as ISO 13485 and ISO 9001 are required to be accredited under an entirely different international standard, namely ISO 17021. These categories of accreditation have been strengthened further by the International Accreditation Forum’s issuance of mandatory accreditation requirements related to ISO 13485 (ref IAF document MD9). These requirements will be enforced by July 2012.
In effect, a lab offering certification services for IEC 60601-1 3rd edition could be expected to have a duel accreditation that would add an ISO17021accreditation to establish credibility and assessment methods that are appropriate for establishing on-site conformity with management system ISO 14971. Industry shunned this approach in 2005, because manufacturers did not see any benefit to having yet another assessment of the risk management system. Most laboratories objected because they didn’t want another scope of accreditation added to their facilities, especially when most testing labs had only ever performed product certifications under an ISO 17025 accreditation.
The question remains, if a product testing lab assesses the risk management systems, can the assessment be trusted? OSHA’s has illuminated this question through an e-mail to TUV, as follows:
“ANSI/AAMI ES60601 standard.
We have reviewed the standard but not yet approved its use under the NRTL Program. Our main concern with this standard, which is based on the third edition of IEC 60601, is the risk management file concept. We plan to develop and propose criteria that NRTLs must meet in order to rely upon or make use of this risk management file. NRTLs would be recognized for this standard only if they meet the criteria. Until OSHA has approved these criteria, however, we cannot be sure how or when we will allow the use of the standard. Because we have not yet recognized any NRTLs for this AAMI standard, products certified to it would not meet OSHA’s NRTL approval requirement.
— Email dated 28-Feb-2011 from Mr. B. Pasquet,
Office of Technical Programs and Coordination Activities OSHA, Washington, DC.
Why Regulators are Taking Another Look
Regulators like OSHA, which had previously trusted that product testing was a cut-and-dried product conformity assessment, are now realizing that allowing the manufacturer to dictate the test criteria for certification could undermine basic safety requirements. Regulators are alarmed at just how much control has been given over to the manufacturer. Recently published articles by Intertek and TUV illustrate why:
The main driver for the transition from the second to the third edition came from medical device manufacturers and users interested in a less prescriptive testing and standards approach that did not tell them exactly what to do in testing products. Manufacturers said they would rather have an evaluation approach that let them think about where potential hazards are to the patient and to the operator. The manufacturer could then base its design on assessment of that risk and its mitigation of that risk. Manufacturers believed that this approach would broaden the design spectrum and allow them to use emerging technologies without the need to wait for standards to catch up.
Another article provides a specific example of how the testing criterion is to be shaped by the manufacturer’s risk management system.
Risk management in the Third Edition 60601-1 plays a role in how third-party testing companies will conduct certain tests of the product. For example, in the Second Edition 60601-1, Clause 44.3 covers the spillage test which was conducted by spilling 200 milliliters of tap water at a distance of 5 centimeters for 15 seconds on the top of the product.
The Third Edition 60601-1 Clause 11.6.3 takes a different approach of using risk management to determine the requirements of the spillage test. Through risk management, the manufacturer can determine the type of liquid, volume, duration of spill and the location of the spill that the testing partner will be when conducting compliance testing.
Laboratory Organizations Adding Cost and Pressure to Industry
Team NB and IECEE are two organizations that are heavily promoting, even pressing 60601-1 3rd edition into service. In fact there is already evidence that Team NB will be issuing guidance to all fellow Notified Bodies to push device makers into using 60601-1 3rd edition, even if the EU Directive clearly states that no standard is mandatory for CE marking. Several blogs and e-ads have been posted, that erroneously claim that compliance with 60601-1 is going to be mandatory in Europe. These claims are then redacted in less public or even private postings. The net result is an industry that is unsure of what it must do to stay in the market. It is not surprising that most marketing personnel working at testing labs have never completed an essential requirements checklist and don’t know what CE marking really means for medical devices.
AAMI reports that IECEE has issued guidance for the application of 60601-1,adding requirements to the 60601-1 evaluations that do not exist in the standard. These additions are now being stripped back, in order to manage cost concerns raised by industry. OSHA and FDA are under increased pressure to assess the cost impact of standards that will be enforced under their regulatory frameworks. The emphasis on cost consideration was reinforced this year by an executive order being issued to all Federal Agencies from the Obama Administration. The IECEE CB scheme remains a voluntary scheme. It also could represent the most costly route for certification to the 3rd edition.
Who Regulates Who in Europe
Team NB and IECEE are not regulators. They are organizations of mostly for-profit testing and certification bodies. TUV, UL, Intertek, and others are promoting the use of this standard, but manufacturers should know that they do not have to use it. These companies have no authority to override the flexibility granted by FDA or the European Commission’s Directives concerning medical devices, which states that "… harmonized European standards are drawn up by private law bodies and should retain their status as non-mandatory texts." – 93/42/EEC
Notified Bodies do control how their mark can be used, but manufacturers can switch to another Notified Body. The Notified Bodies all operate under the direction of a “Notifying Authority”, which is an actual government ministry. If a notified body presses an inflexible approach to obtaining their CE mark, you can switch to another notified body. This may be another reason why Team NB is pushing for uniform application of how 60601-1 3rd.
Cost Concerns in Europe are Growing
Cost concerns related to 60601-1 3rd edition, have recently caught the attention NORMAPME, which represents small- and medium-sized companies in Europe. Sebastiano Toffaletti Director of NORMAPME has explained that “We have seen so many cases where standards are set by testing laboratories and/or large companies with the result of creating undue costs and burdens for SMEs... we consider important to raise public interest about this case and perhaps mobilise the SME community in Europe.”
IEC 60601-1 3rd edition remains one of the most costly and burdensome standards ever to be developed. Not all roads to compliance include 60601-1 3rd edition, and some roads are beginning to crumble under the lack of credibility related to the ISO 14971 Risk Management System. Until these gaps in credibility and cost begin to narrow, the medical device industry should examine all its options and not be misled by product testing labs that have too great of a stake in taking your money, and too little experience in genuine medical device regulatory compliance.
Grant Ramaley is the co-chairman of the Dental Trade Alliance Regulatory Affairs and Standards Committee, and co-convener for the International Accreditation Forum’s Medical Device’s Working Group. Ramaley is director of regulatory affairs at Aseptico Inc.
Editors Note: IEC 60601-1 3rd Edition has seen its share of controversy, check out these articles on to get the full story.
How Scary Is IEC 60601-1? —January 2011
IEC 60601-1 and Risk Management— November 2011