IEC 60601 – Essential Performance, Safety and Risk Management

May 13, 2019

Background

IEC 60601 is a series of technical standards for the safety and essential performance of medical electrical equipment. Although if focuses primarily on electromechanical devices, it also applies to aspects of the software components. It is a widely recognized standard that most, if not all, medical device companies have to comply with.

The concept of Essential Performance of a Medical Device is at the center of IEC 60601-1. It is intended to be one of the inputs to the Risk Management Process.

What is Essential Performance?

Any function identified as Essential Performance must be maintained after the applicable tests listed in the standard. In practice it must be ensured in any single fault condition.

Essential performance is defined as “performance of a clinical function, other than that related to basic safety, where loss or degradation beyond the limits specified by the MANUFACTURER results in an unacceptable risk. NOTE: ESSENTIAL PERFORMANCE is most easily understood by considering whether its absence or degradation would result in an unacceptable RISK”.

Par 4.3 of 60601-1 then goes into the details of how to determine what Essential Performance is for a specific medical device. It is intended to be a risk-based approach, where failures resulting in unacceptable risks are pointers to essential performance.

But, as required by ISO 14971, unacceptable risk is by definition, well, not acceptable. The manufacturer must mitigate it to bring it to an acceptable level. So, after mitigation, all risk should be acceptable. Does it mean there is no Essential Performance?

At the same time, the risk levels before mitigation could be scored significantly high due to uncertainty in the design and lack of data. Many of them could be at an Unacceptable level. This may result then in an unnecessary flooding of Essential Performance.

Approach to Determine Essential Performance

Annex A of IEC 60601-1 provides some insight on a balanced determination of Essential Performance. It suggests that taking the list of hazards and harms then scoring them assuming P1=1, would lead to the correct identification of this performance. If P1 is not available, then it is required to define the probability of each harm happening assuming that the fault occurs. Limiting the selection to the identified hazards and harms will provide a much smaller list. The standards also specifies that Basic Safety requirements, covered by the different clauses, are not to be considered Essential Performance, and should not be listed as such.

The resulting Essential Performance should be a concise list of basic characteristics without which the device would be “too dangerous” to use; risk controls can also be essential performance, e.g. the correct operation of alarms under single fault condition.  This list is typically quite short, and is not uncommon for devices not to have any Essential Performance.

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

6 Steps to Agile Risk Management in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
June 19, 2025

Balancing agile development with regulatory compliance feels like trying to mix oil and water. But what if I told you there’s a way to integrate risk management directly into your Jira workflow without sacrificing speed or compliance?  Based on a recent webinar with Aaron Morris, I’ve distilled the process into...

Solution Partners to verticals and business users
Picture of Marion Lepmets

Marion Lepmets

CEO
June 11, 2025

For years, Atlassian solution partners have built successful businesses around helping IT teams configure Jira and Confluence, manage licenses, and handle technical implementations. But that world is rapidly changing. Atlassian is shifting its focus from IT admins to business users in specific departments and industries – and partners who don’t...

Agile
Picture of Monika Isak

Monika Isak

Head of Growth
June 2, 2025

For regulated industries – such as Pharma, MedTech, FinTech and Aviation – compliance isn’t optional; it’s mandatory. Tools like Jira and Confluence are powerful, but their true potential is only realized when configured to meet industry-specific regulatory requirements. This is where industry consultants come into play, offering expertise that goes...