SIST EN 60601-1-4:1998
(Main)Medical electrical equipment - Part 1-4: General requirements for safety - Collateral standard: Programmable electrical medical systems (IEC 60601-1-4:1996)
Medical electrical equipment - Part 1-4: General requirements for safety - Collateral standard: Programmable electrical medical systems (IEC 60601-1-4:1996)
Specifies requirements for the process by which a programmable electrical medical system is designed. Serves as the basis of requirements of Particular Standards, including serving as a guide to safety requirements for the purpose of reducing and managing risk.This standard covers requirement specification, architecture, detailed design and implementation software development, modification, verification and validation, marking and accompanying documents.
Medizinische elektrische Geräte - Teil 1-4: Allgemeine Festlegungen für die Sicherheit - Ergänzungsnorm: Programmierbare elektrische medizinische Systeme (IEC 60601-1-4:1996)
Appareils électromédicaux - Partie 1-4: Règles générales de sécurité - Norme collatérale: Systèmes électromédicaux programmables (CEI 60601-1-4:1996)
Cette norme fixe les prescriptions à suivre lors de la conception d'un système électromédical programmable. Elle fournit aussi la base des prescriptions des normes particulières en servant de guide pour les exigences de sécurité visant à réduire et à gérer les risques. Elle traite les aspects suivants : les spécifications des prescriptions, l'architecture, la conception détaillée et la mise en oeuvre y compris le développement du logiciel, les modifications, la vérification et la validation, le marquage et les documents d'accompagnement.
Medicinska električna oprema - 1. del: Splošne varnostne zahteve - 4. spremljevalni standard: Programirljivi električni medicinski sistemi (IEC 60601-1-4:1996)
General Information
Relations
Standards Content (Sample)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Medizinische elektrische Geräte - Teil 1-4: Allgemeine Festlegungen für die Sicherheit - Ergänzungsnorm: Programmierbare elektrische medizinische Systeme (IEC 60601-1-4:1996)Appareils électromédicaux - Partie 1-4: Règles générales de sécurité - Norme collatérale: Systèmes électromédicaux programmables (CEI 60601-1-4:1996)Medical electrical equipment - Part 1-4: General requirements for safety - Collateral standard: Programmable electrical medical systems (IEC 60601-1-4:1996)35.240.80Uporabniške rešitve IT v zdravstveni tehnikiIT applications in health care technology11.040.01Medicinska oprema na splošnoMedical equipment in generalICS:Ta slovenski standard je istoveten z:EN 60601-1-4:1996SIST EN 60601-1-4:1998en01-september-1998SIST EN 60601-1-4:1998SLOVENSKI
STANDARD
SIST EN 60601-1-4:1998
SIST EN 60601-1-4:1998
SIST EN 60601-1-4:1998
SIST EN 60601-1-4:1998
SIST EN 60601-1-4:1998
NORMEINTERNATIONALEINTERNATIONALSTANDARDCEIIEC601-1-4Première éditionFirst edition1996-05Appareils électromédicaux —Partie 1:Règles générales de sécurité4. Norme Collatérale:Systèmes électromédicaux programmablesMedical electrical equipmentPart 1:General requirements for safety4. Collateral Standard:Programmable electrical medical systems© CEI 1996 Droits de reproduction réservés — Copyright — all rights reservedAucune partie de cette publication ne peut étre reproduite niNo part of this publication may be reproduced or utilized inutilisée sous quelque forme que ce soit et par aucun pro-any form or by any means, electronic or mechanical,cédé, électronique ou mécanique, y compris la photocopie etincluding photocopying and microfilm, without permissionles microfilms, sans l'accord écrit de l'éditeur.in writing from the publisher.Bureau Central de la Commission Electrotechnique Internationale 3, rue de Varembé Genève, SuisseCommission Electrotechnique Internationale CODE PRIXInternational Electrotechnical Commission PRICE CODEvMe»utyHapoauae 3nel{Tporexuwiecnaa HoMHCCHa• Pour prix, voir catalogue en vigueurFor price, see current catalogueIEC•SIST EN 60601-1-4:1998
601-1-4 ©I EC:1996- 3 -CONTENTSPageFOREWORD 5INTRODUCTION 9ClauseSECTION 1: GENERAL1Scope, object and relationship to other standards
111.201Scope
111.202 Object
111.203 Relationship to other standards
112Terminology and definitions
132.201 Defined terms
132.202 Degrees of requirements and miscellaneous terms
156Identification, marking and documents
176.8ACCOMPANYING DOCUMENTS
17SECTION 9: ABNORMAL OPERATION AND FAULT CONDITIONS;ENVIRONMENTAL TESTS52 Abnormal operation and fault conditions
1752.201 Documentation
1752.202 RISK management plan
2152.203 DEVELOPMENT LIFE-CYCLE
2152.204 RISK management process
2152.205 Qualification of personnel
2552.206 Requirement specification
2552.207 Architecture
2752.208 Design and implementation
2752.209 VERIFICATION
2752.210 VALIDATION
2752.211 Modification
2952.212 Assessment 29Table DDD.1 - Suggested correlation of the documentation requirement to theDEVELOPMENT LIFE-CYCLE phases
55Figures201Content of RISK MANAGEMENT FILE and RISK MANAGEMENT SUMMARY 19CCC.1RISK chart
39CCC.2RISK management process
43DDD.1DEVELOPMENT LIFE-CYCLE model for PEMS
51EEE.1Examples of PEMS/PESS structures
59AnnexesAAATerminology - Index of defined terms
31BBBRationale
33CCCRISK concepts
37DDDDEVELOPMENT LIFE-CYCLE model 49EEEExamples for PEMS/PESS structures
57FFFBibliography
61SIST EN 60601-1-4:1998
601-1-4 ©I EC:1996- 5 -INTERNATIONAL ELECTROTECHNICAL COMMISSIONMEDICAL ELECTRICAL EQUIPMENT -Part 1: General requirements for safety -4. Collateral Standard:Programmable electrical medical systemsFOREWORD1)The IEC (International Electrotechnical Commission) is a worldwide organization for standardization comprising all nationalelectrotechnical committees (IEC National Committees). The object of the IEC is to promote international co-operation onall questions conceming standardization in the electrical and electronic fields. To this end and in addition to other activities,the IEC publishes International Standards. Their preparation is entrusted to technical committees; any IEC NationalCommittee interested in the subject dealt with may participate in this preparatory work. International, govemmental and non-governmental organizations liaising with the IEC also participate in this preparation. The IEC collaborates closely with theIntemational Organization for Standardization (ISO) in accordance with conditions determined by agreement between thetwo organizations.2)The formal decisions or agreements of the IEC on technical matters, express as nearly as possible, an internationalconsensus of opinion on the relevant subjects since each technical committee has representation from all interestedNational Committees.3)The documents produced have the form of recommendations for international use and are published in the form ofstandards, technical reports or guides and they are accepted by the National Committees in that sense.4)In order to promote international unification, IEC National Committees undertake to apply IEC International Standardstransparently to the maximum extent possible in their national and regional standards. Any divergence between the IECStandard and the corresponding national or regional standard shall be clearly indicated in the latter.5)The IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any equipmentdeclared to be in conformity with one of its standards.6)Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patentrights. IEC shall not be held responsible for identifying any or all such patent rights.International Standard IEC 601-1-4 has been prepared by IEC technical committee 62: Electricalequipment in medical practice. It constitutes a Collateral Standard to IEC 601-1: Medical electricalequipment- Part 1: General requirements for safety, hereinafter referred to as the General Standard.In the 601 series of publications, Collateral Standards specify general requirements for safety applicableto:–a group of MEDICAL ELECTRICAL EQUIPMENT (e.g. radiological equipment);–a specific characteristic of all MEDICAL ELECTRICAL EQUIPMENT, not fully addressed in the GeneralStandard (e.g. electromagnetic compatibility).SIST EN 60601-1-4:1998
601-1-4 © I EC:1996- 7 -The text of this Collateral Standard is based on the following documents:FDISReport on voting62/83/FDIS62/87/RVDFull information on the voting for the approval of this Collateral Standard can be found in the report onvoting indicated in the above table.The numbering of sections, clauses and subclauses of this Collateral Standard corresponds with thatof the General Standard.Subclauses and figures which are additional to those of the General Standard are numbered startingfrom 201; additional annexes are lettered AM, BBB, etc., and additional items aaa), bbb), etc.Annex AAA forms an integral part of this Collateral Standard.Annexes BBB, CCC, DDD, EEE and FFF are for information only.In this Collateral Standard, the following print types are used:-requirements, compliance with which can be tested, and definitions: roman type;-explanations, advice, general statements, exceptions and references: smaller type;-test specifications and headings of subclauses: italic type;—TERMS DEFINED IN CLAUSE 2 OF THE GENERAL STANDARD OR OF IEC 601-1-1 OR OF THIS COLLATERALSTANDARD OR IN IEC 788: SMALL CAPITALS.The requirements are followed by specifications for the relevant tests.SIST EN 60601-1-4:1998
601-1-4 © I EC:1996- 9 -INTRODUCTIONComputers are increasingly used in MEDICAL ELECTRICAL EQUIPMENT, often in critical-safety roles. Theuse of computing technologies in MEDICAL ELECTRICAL EQUIPMENT introduces a level of complexity whichis exceeded only by the biological systems of the PATIENTS the MEDICAL ELECTRICAL EQUIPMENT isintended to diagnose and/or treat. This complexity means that systematic failures can escape practicalaccepted limits of testing. Accordingly, this safety standard goes beyond traditional testing andassessment of the finished MEDICAL ELECTRICAL EQUIPMENT and includes requirements for the processesby which the MEDICAL ELECTRICAL EQUIPMENT is developed. Testing of the finished product is not, by itself,adequate to address the SAFETY of complex MEDICAL ELECTRICAL EQUIPMENT.This standard is a Collateral Standard to the General Standard. It requires that a process be followedand that a record of that process be produced to support the SAFETY of MEDICAL ELECTRICAL EQUIPMENTincorporating PROGRAMMABLE ELECTRONIC SUBSYSTEMS. The concepts of RISK management and aDEVELOPMENT LIFE-CYCLE that are the basis of this standard can also be of value in the development ofMEDICAL ELECTRICAL EQUIPMENT that does not include a PROGRAMMABLE ELECTRONIC SUBSYSTEM.The effective application of the standard will require, subject to the task in hand, competency in thefollowing:-application of the specific MEDICAL ELECTRICAL EQUIPMENT with emphasis on SAFETYconsiderations;MEDICAL ELECTRICAL EQUIPMENT development process;-methods by which SAFETY INTEGRITY is assured;techniques of RISK analysis and RISK control.SIST EN 60601-1-4:1998
601-1-4 ©IEC:1996- 11 -MEDICAL ELECTRICAL EQUIPMENT -Part 1: General requirements for safety -4. Collateral Standard:Programmable electrical medical systemsSECTION 1: GENERAL1 Scope, object and relationship to other standards1.201 ScopeThis Collateral Standard applies to the SAFETY of MEDICAL ELECTRICAL EQUIPMENT and MEDICAL ELECTRICALSYSTEMS incorporating PROGRAMMABLE ELECTRONIC SUBSYSTEMS (PESS), hereinafter referred to asPROGRAMMABLE ELECTRICAL MEDICAL SYSTEMS (PEMS).NOTE - Some systems which incorporate software and are used for medical purposes fall outside the scope of thisCollateral Standard, e.g. many medical informatics systems. The distinguishing factor/criterion is whether or not thesystem satisfies the definition Of MEDICAL ELECTRICAL EQUIPMENT in 2.2.15 of IEC 601-1 or the definition Of MEDICALELECTRICAL SYSTEM in 2.203 of IEC 601-1-1.1.202 ObjectThis Collateral Standard specifies requirements for the process by which a PEMS is designed. ThisCollateral Standard also serves as the basis of requirements of Particular Standards, including servingas a guide to SAFETY requirements for the purpose of reducing and managing RISK. This CollateralStandard is addressed to:a)certification bodies;b)MANUFACTURERS;c)writers of Particular Standards.This standard covers:d)requirement specification;e)architecture;f)detailed design and implementation including software development;g)modification;h)VERIFICATION and VALIDATION;j)marking and ACCOMPANYING DOCUMENTS.Aspects not covered by this standard include:k)hardware manufacturing;I) software replication;m)installation and commissioning;n)operation and maintenance;o)decommissioning.1.203 Relationship to other standards1.203.1 IEC 601-1For MEDICAL ELECTRICAL EQUIPMENT, this Collateral Standard complements IEC 601-1 and itsamendments.SIST EN 60601-1-4:1998
601-1-4 ©IEC:1996- 13 -When referring to IEC 601-1 or to this Collateral Standard, either individually or in combination, thefollowing conventions are used:–"the General Standard" designates IEC 601-1 alone;–"this Collateral Standard" designates IEC 601-1-4 alone;–"this Standard" designates the combination of the General Standard and this CollateralStandard.1.203.2 Particular StandardsA requirement in a Particular Standard takes priority over the corresponding requirement in thisCollateral Standard.1.203.3 Normative referencesThe following normative documents contain provisions which, through reference in this text, constituteprovisions of this International Standard. At the time of publication, the editions indicated were valid. Allnormative documents are subject to revision, and parties to agreements based on this InternationalStandard are encouraged to investigate the possibility of applying the most recent editions of thenormative documents indicated below. Members of IEC and ISO maintain registers of currently validInternational Standards.IEC 601-1: 1988, Medical electrical equipment - Part 1: General requirements for safetyAmendment No. 1 (1991)Amendment No. 2 (1995)IEC 601-1-1: 1992, Medical electrical equipment - Part 1: General requirements for safety - 1. CollateralStandard: Safety requirements for medical electrical systemsIEC 788: 1984, Medical radiology - TerminologyISO 9000-3: 1991, Quality management and quality assurance standards - Part 3: Guidelines for theapplication of ISO 9001 to the development, supply and maintenance of softwareISO 9001: 1994, Quality systems - Model for quality assurance in design, development, production,installation and servicing2 Terminology and definitions2.201 Defined termsIn this Collateral Standard, terms printed in SMALL CAPITALS are used in accordance with their definitionsin the General Standard, IEC 601-1-1, this Collateral Standard or IEC 788.An index of defined terms used in this Collateral Standard is given in annex AAA.For the purpose of this Collateral Standard, the following additional definitions apply.2.201.1 DEVELOPMENT LIFE-CYCLE: Necessary activities occurring during a period of time that starts atthe concept phase of a project and finishes when the VALIDATION of the PEMS is complete.2.201.2 HAZARD ANALYSIS : Identification of HAZARDS and their initiating causes.NOTE - The quantification of HAZARD is not a part of the HAZARD ANALYSIS.SIST EN 60601-1-4:1998
601-1-4 ©IEC:1996- 15 -2.201.3 MAXIMUM TOLERABLE RISK : Value of RISK which is specified as the maximum which may bepermitted.NOTE - The value may be specified for the PEMS as a whole or for a particular HAZARD.2.201.4 PROGRAMMABLE ELECTRICAL MEDICAL SYSTEM (PEMS) : MEDICAL ELECTRICAL EQUIPMENT or MEDICALELECTRICAL SYSTEM containing one or more PROGRAMMABLE ELECTRONIC SUBSYSTEM.2.201.5 PROGRAMMABLE ELECTRONIC SUBSYSTEM (PESS) : System based on one or more centralprocessing units, including their software and interfaces.2.201.6 RESIDUAL RISK : RISK identified by HAZARD ANALYSIS which remains after RISK management hasbeen completed.2.201.7 RISK: Probable rate of occurrence of a HAZARD causing harm, and the degree of SEVERITY ofthe harm.2.201.8 RISK MANAGEMENTFILE: That part of the quality records required by this standard.2.201.9 RISK MANAGEMENT SUMMARY: Document, which provides traceability for each HAZARD and eachcause of the HAZARD to the RISK analysis and to the VERIFICATION that the RISK of the HAZARD iscontrolled.NOTE - This document may be held on paper or on electronic media.2.201.10 SAFETY: Freedom from unacceptable RISK.2.201.11 SAFETY HAZARD (hereinafter referred to as HAZARD) : Potentially detrimental effect on thePATIENT, other persons, animals, or the surroundings, arising directly from MEDICAL ELECTRICALEQUIPMENT.2.201.12 SAFETYINTEGRITY: Likelihood of a safety-related system satisfactorily performing the requiredSAFETY functions under all the stated conditions within a stated period of time.2.201.13 SEVERITY: Qualitative measure of the possible consequences of a HAZARD.2.201.14 VALIDATION : Process of evaluating a PEMS or a component of a PEMS during or at the end ofthe development process, to determine whether it satisfies the requirements for its intended use.2.201.15 VERIFICATION : Process of evaluating a PEMS or a component of a PEMS to determine whetherthe products of a given development phase satisfy the specified requirements imposed at the start ofthat phase.2.202 Degrees of requirements and miscellaneous termsIn this Collateral Standard, certain terms (which are not printed in small capitals) have particularmeanings, as follows:–"shall"–"should"–"may"–"specific"indicates a requirement that is mandatory for compliance;indicates a strong recommendation that is not mandatory forcompliance;indicates a permitted manner of complying with a requirement orof avoiding the need to comply;is used to indicate definitive information stated in this CollateralStandard or referenced in other standards, usually concerningparticular operating conditions, test arrangements or valuesconnected with compliance;SIST EN 60601-1-4:1998
601-1-4 ©IEC:1996- 17 -– "specified"is used to indicate definitive information stated by theMANUFACTURER in ACCOMPANYING DOCUMENTS Or in otherdocumentation relating to the PEMS under consideration, usuallyconcerning its intended purposes, or the parameters orconditions associated with its use or with testing to determinecompliance.6 Identification, marking and documents6.8 ACCOMPANYING DOCUMENTS6.8.201 All relevant information regarding RESIDUAL RISK shall be placed in both the INSTRUCTIONS FORUSE and the RISK MANAGEMENT FILE.Compliance is checked by inspection of the INSTRUCTIONS FOR USE and the RISK MANAGEMENT FILE.SECTION 9: ABNORMAL OPERATION AND FAULT CONDITIONS;ENVIRONMENTAL TESTS52 Abnormal operation and fault conditions52.201 Documentation52.201.1 Documents produced from application of this standard shall be maintained and shall form partof the quality records; see figure 201. This should be done in accordance with 6.3 of ISO 9000-3.52.201.2 These documents, herein referred to as the RISK MANAGEMENT FILE, shall be approved, issuedand changed in accordance with a formal configuration management system. This should be done inaccordance with 6.2 of ISO 9000-3.52.201.3 A RISK MANAGEMENT SUMMARY shall be developed throughout the DEVELOPMENT LIFE-CYCLE aspart of the RISK MANAGEMENT FILE. It shall contain:a)identified HAZARDS and their initiating causes;b)estimation of RISK;c)reference to the SAFETY measures, including their required SAFETY INTEGRITY, used to eliminateor control the RISK of the HAZARD;d)evaluation of effectiveness of RISK control;e)reference to VERIFICATION.Compliance is checked by inspection of the RISK MANAGEMENT FILE.SIST EN 60601-1-4:1998
Other qualityrecordsRISK MANAGEMENTFILE52.201.2QualityRecordsPEMS architecturespecification52.207.2Designspecification52.208.1VALIDATIONmethods andresults 52.210.6RESIDUAL RISK6.8.201^Test specification52.208.1Assessmentreport52.212Subsystemarchitecturespecification52.207.2IHAZARD identificationmethods52.204.3.1.8SEVERITY categoriz-ation method52.204.3.2.3Subsystemrequirementspecification52.206HAZARD identificationresults52.204.3.1.9RISK managementplan52.202PEMS requirementspecification52.206iLikelihoodestimation method52.204.3.2.4iHAZARD#1HAZARD#2HAZARD#n+1HAZARD#nandeffectivenessof RISK control52.204.4.6HAZARD and its Initiating causes52.204.3.1.10VERIFICATIONmethods and results52.209.3stimatedRequirementsRISKto control RISK52.204.4.552.204.3.2.5HAZARD ANALYSIS52.204.3.1RISK control52.204.4RISK estimation52.204.3.2VERIFICATION52.209iDEVELOPMENTLIFE-CYCLE52.203
VERIFICATION plan52.209.2
VERIFICATION plan52.210.2
RISK MANAGEMENTSUMMARY52.201.3IEC 405/95SIST EN 60601-1-4:1998
601-1-4 ©IEC:1996- 21 -52.202 RISK management plan52.202.1 The MANUFACTURER shall prepare a RISK management plan.52.202.2 This plan shall include the following:a)scope of the plan, defining the project or product and the DEVELOPMENT LIFE-CYCLE phases forwhich the plan is applicable;b)the DEVELOPMENT LIFE-CYCLE to be applied (see 52.203), including a VERIFICATION plan and aVALIDATION plan;c)management responsibilities in accordance with 4.1 of ISO 9001;d)RISK management process;e)requirements for reviews.52.202.3 If the plan changes during the course of development, a record of the changes shall be kept.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.203 DEVELOPMENT LIFE-CYCLE52.203.1 A DEVELOPMENT LIFE-CYCLE shall be defined for the design and development of the PEMS.52.203.2 The DEVELOPMENT LIFE-CYCLE shall be divided into phases and tasks, with a well-defined input,output and activity for each.52.203.3 The DEVELOPMENT LIFE-CYCLE shall include integral processes for RISK management.52.203.4 The DEVELOPMENT LIFE-CYCLE shall include documentation requirements.52.203.5 RISK management activities shall apply throughout the DEVELOPMENT LIFE-CYCLE asappropriate; see 52.204.NOTE - An example of a DEVELOPMENT LIFE-CYCLE is given in annex DDD.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.204 RISK management process52.204.1 A RISK management process shall be used that has the following elements:—RISK analysis;—RISK control.52.204.2 The process shall be applied throughout the DEVELOPMENT LIFE-CYCLE.52.204.3 RISK analysis52.204.3.1 HAZARD ANALYSIS52.204.3.1.1 HAZARD identification shall be carried out as defined in the RISK management plan;see 52.202.52.204.3.1.2 HAZARDS shall be identified for all reasonably foreseeable circumstances including:—NORMAL USE;–incorrect use.SIST EN 60601-1-4:1998
601-1-4 ©I EC:1996- 23 -52.204.3.1.3 The HAZARDS considered shall include, as appropriate:—HAZARDS to PATIENTS;—HAZARDS to OPERATORS;—HAZARDS to service personnel;—HAZARDS to bystanders;—HAZARDS to the environment.52.204.3.1.4 Reasonably foreseeable sequences of events, which may result in a HAZARD, shall beconsidered.52.204.3.1.5 Initiating causes considered shall include, as appropriate:–human factors;–hardware faults;–software faults;–integration errors;–environmental conditions.52.204.3.1.6 Matters considered shall include, as appropriate:–compatibility of system components, including hardware and software;–user interface, including command language, warning and error messages;–accuracy of translation of text used in the user interface and INSTRUCTIONS FOR USE;–data protection from human intentional or unintentional causes;–RISK/benefit criteria;–third party software.52.204.3.1.7 HAZARD identification methods appropriate to the DEVELOPMENT LIFE-CYCLE phase shall beused.52.204.3.1.8 The methods used (e.g. fault tree analysis, failure modes and effects analysis) shall bedocumented in the RISK MANAGEMENT FILE.52.204.3.1.9 The results of the application of the methods shall be documented in the RISK MANAGEMENTFILE.52.204.3.1.10 Each identified HAZARD and its initiating causes shall be recorded in the RISK MANAGEMENTSUMMARY.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.204.3.2 RISK estimation52.204.3.2.1 For each identified HAZARD the RISK shall be estimated.52.204.3.2.2 The estimation of the RISK shall be based on an estimation of the likelihood of each HAZARDand/or the SEVERITY of the consequences of each HAZARD.52.204.3.2.3 The SEVERITY level categorization method shall be recorded in the RISK MANAGEMENT FILE.52.204.3.2.4 The likelihood estimation method shall be either quantitative or qualitative and shall berecorded in the RISK MANAGEMENT FILE.SIST EN 60601-1-4:1998
601-1-4 © I EC:1996- 25 -52.204.3.2.5 The estimated RISK shall be recorded against each HAZARD in the RISK MANAGEMENTSUMMARY.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.204.4 RISK control52.204.4.1 RISK shall be controlled so that the estimated RISK of each identified HAZARD is madeacceptable.52.204.4.2 A RISK is acceptable if the RISK is less than or equal to the MAXIMUM TOLERABLE RISK and theRISK is made as low as reasonably practicable.52.204.4.3 Methods of RISK control shall reduce the likelihood of the HAZARD or reduce the SEVERITY ofthe HAZARD or both.52.204.4.4 RISK control methods shall be directed at the cause of the HAZARD (e.g. by reducing itslikelihood) or by introducing protective measures which operate when the cause of the HAZARD ispresent, or both, using the following priority:–inherent safe design;–protective measures including alarms;–adequate USER information on the RESIDUAL RISK.52.204.4.5 The requirement(s) to control the RISK shall be documented in the RISK MANAGEMENTSUMMARY (directly or as a cross reference).52.204.4.6 An evaluation of the effectiveness of the RISK controls shall be recorded in the RISKMANAGEMENT SUMMARY.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.205 Qualification of personnelThe design and modification of a PEMS shall be considered as an assigned task in accordance with 4.18of ISO 9001.Compliance is checked by inspection of the appropriate files.52.206 Requirement specification52.206.1 For the PEMS and each of its subsystems (e.g. for a PESS) there shall be a requirementspecification.NOTE - Example structures of a PEMS are given in annex EEE.52.206.2 The requirement specification shall detail the functions that are RISK-related. This includesfunctions that control RISKS arising froma)causes arising from environmental conditions;b)causes elsewhere in the PEMS;c)possible malfunctions.52.206.3 For each of these functions, the requirement specification shall give the level of SAFETYINTEGRITY necessary to control the RISKS.Compliance is checked by inspection of the RISK MANAGEMENT FILE.SIST EN 60601-1-4:1998
601-1-4 © IEC:1996- 27 -52.207 Architecture52.207.1 The architecture shall satisfy the requirement specification.52.207.2 For the PEMS and each of its subsystems, an architecture shall be specified.52.207.3 Where appropriate the specification shall include requirements for:a)allocation of RISK control measures to subsystems and components of the PEMS;NOTE - Subsystems and components include sensors, actuators, PESS and interfaces.b)redundancy;c)diversity;d)failure rates and modes of components;e)diagnostic coverage;f)common cause failures;g)systematic failures;h)test interval and duration;j)maintainability;k)protection from human intentional or unintentional causes.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.208 Design and implementation52.208.1 Where appropriate, the design shall be decomposed into subsystems, each having a designand test specification.52.208.2 Where appropriate, requirements shall be specified for:a)software development methods;b)electronic hardware;c)computer aided software engineering (CASE) tools;d)sensors;e)actuators;f)human-PEMS interface;g)energy sources;h)environmental conditions;j)programming language;k)third party software.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.209 VERIFICATION52.209.1 VERIFICATION of the implementation of SAFETY requirements shall be carried out.52.209.2 A VERIFICATION plan shall be produced to show how the SAFETY requirements for eachDEVELOPMENT LIFE-CYCLE phase will be verified.52.209.3 A reference to the methods and results of the VERIFICATION shall be included in the RISKMANAGEMENT SUMMARY.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.210 VALIDATION52.210.1 VALIDATION that SAFETY requirements are met shall be carried out.52.210.2 A VALIDATION plan shall be produced to show that correct SAFETY requirements have beenimplemented.SIST EN 60601-1-4:1998
601-1-4 ©IEC:1996- 29 -52.210.3 The leader of the team carrying out the VALIDATION shall be independent of the design team.52.210.4 All professional relationships of the members of the VALIDATION team with members of thedesign team shall be documented in the RISK MANAGEMENT FILE.52.210.5 No member of a design team shall validate his own design.52.210.6 A reference to the methods and results of the VALIDATION shall be included in the RISKMANAGEMENT FILE.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.211 Modification52.211.1 If any or all of a design results from a modification of an earlier design then either all of thisstandard applies as if it were a new design or the continued validity of any previous designdocumentation shall be assessed under a modification/change procedure.52.211.2 All relevant documents in the DEVELOPMENT LIFE-CYCLE shall be revised, amended, reviewed,approved under a document control scheme in accordance with 4.5.2 of ISO 9001 or equivalent.Compliance is checked by inspection of the RISK MANAGEMENT FILE.52.212 Assessment52.212.1 Assessment shall be carried out to ensure that the PEMS has been developed in accordancewith the requirements of this standard and recorded in the RISK MANAGEMENT FILE. This may be carriedout by internal audit.Compliance is checked by inspection of the RISK MANAGEMENT FILE.SIST EN 60601-1-4:1998
601-1-4 ©I EC:1996- 31 -Annex AAA(normative)Terminology - Index of defined termsIEC 788 rm-.-.Name of unit in the International System SI rm-.-.*Derived term without definition rm-.-.+Term without definition rm-.-.-Name of earlier unit rm-.-. •Shortened term rm-.-.sClause 2 of the General Standard NG-2.Clause 2 of IEC 601-1-4 (present publication) 2.201.ACCOMPANYING DOCUMENTS NG-2.1.4DEVELOPMENT LIFE-CYCLE 2.201.1HAZARD (see SAFETY HAZARD)HAZARD ANALYSIS 2.201.2INSTRUCTIONS FOR USErm-82-02MANUFACTURER rm-85-03-MAXIMUM TOLERABLE RISK 2.201.3MEDICAL ELECTRICAL EQUIPMENT NG-2.2.15MEDICAL ELECTRICAL SYSTEM IEC 601-1-1, 2.203NORMAL USE NG-2.10.8OPERATOR rm-85-02PATIENT NG-2.12.4PROGRAMMABLE ELECTRICAL MEDICAL SYSTEM (PEMS) 2.201.4PROGRAMMABLE ELECTRONIC SUBSYSTEM (PESS) 2.201.5RESIDUAL RISK 2.201.6RISK 2.201.7RISK MANAGEMENT FILE 2.201.8RISK MANAGEMENT SUMMARY 2.201.9SAFETY 2.201.10SAFETY HAZARD 2.201.11SAFETY INTEGRITY2.201.12SEVERITY 2.201.13SINGLE FAULT CONDITION NG-2.10.11USERrm-85-01VALIDATION 2.201.14VERIFICATION 2.201.15SIST EN 60601-1-4:1998
601-1-4 © I EC:1996- 33 -Annex BBB(informative)RationaleGeneralThis standard requires that a process with certain elements be established and followed because thesubject technology is not amenable to pass/fail tests on the finished product. The approach is to statewhat is required, leaving the user of this Collateral Standard to determine how this is achieved. This issimilar to the approach taken in the ISO 9000 series. As users are expected to be qualified, detail hasbeen kept to a minimum. Iteration of portions of the process is expected, but no requirements have beengiven because the need to repeat processes is unique to a particular project. Iterations also arise fromthe more detailed understanding that
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.