Reviewing Risk Management with IEC 60601-1 – Part 2

11 April 2011

On March 28, the blog entry explored how certification to IEC 60601-1 is not possible without compliance with ISO 14971. The blog topic also covered how important it is that manufacturers consult a third party testing partner during the development of the risk management file.

Third-party testing companies can review elements in a quick and efficient manner to help companies avoid any downtime – with the assistance of the manufacturer. The manufacturer submits the appropriate RMF checklists and supporting documentation to the testing company prior to submitting the device for evaluation. Why? It is understood that certain requirements in the RMF are dependant upon completion of the device.

But the question remains: What are the requirements that a risk management file (RMF) needs to meet (as they relate to 60601-1) to comply with ISO 14971 and how does this process work?

According to Clause 4.2 of IEC 60601-1, the policy for determining acceptable risk and the acceptability of residual risk(s) shall be established by the manufacturer.

This risk management policy shall address the following:

  • Appropriate to the purpose of the organization
  • Include commitments to comply with requirements & continually improve the effectiveness of the risk management process
  • Provide framework for establishing and reviewing risk management objectives
  • Communicated and understood by organization
  • Reviewed and updated accordingly

Acceptability or unacceptability of this risk is determined by the manufacturer in conjunction with the manufacturer's policy for determining acceptable risk. The residual risks addressed by these requirements (including risks tied to IEC 60601-1) are presumed to be acceptable unless there is objective evidence to the contrary.

To learn more about Third Edition and or to speak with an Intertek expert on this subject matter, e-mail us at