IEC 60601-1 defines a PESS, a Programmable Electronic Subsystem, as a system based on one or more central processing units, including their software and interfaces.
The standard does not reveal what it means by system; in this context, it is a medical device component. For this, IEC 60601-1 sets out specific requirements for the PESS.
PESS: Regulatory requirements
The regulatory requirements for Programmable Electronic Subsystems (PESS) are taken from IEC 60601-1:
- Risk analysis: The manufacturer must analyze the possible consequences of a faulty PESS or a faulty interaction of different subsystems. Manufacturers usually use FMEA for this risk analysis.
- Requirements specification: The manufacturer must specify the requirements for each Programmable Electronic Subsystem. You can read how to fulfill these requirements in the next chapter.
- Risk control: Some of the requirements for the individual PESS stem from risk control measures. Manufacturers must specifically verify that these requirements are met and thus the effectiveness of the measures.
- PESS verification: Even if the V-model, including that shown in IEC 60601-1, suggests otherwise, there are no explicit requirements for verification of the individual Programmable Electronic Subsystems. Verification is only required for all functions that contain measures relating to BASIC SAFETY, ESSENTIAL PERFORMANCE CHARACTERISTICS, or RISK CONTROL.
Specifying a PESS
Specify the requirements for a PESS from a black box perspective, i.e., describe how the Programmable Electronic Subsystem must behave via its interfaces.
Types of interfaces
The typical hardware interfaces of a PESS include
- Electrical interface (to the power supply, e.g., to the mains or a battery)
- Sensor interfaces (more on this below)
- Acoustic interfaces (such as alarms, although these are assigned to the user interface)
- Pneumatic interfaces
- etc.
Then, there are almost always data interfaces.
PESS requirements = software requirements?
A common question is how PESS requirements and software requirements differ. The answer depends on the PESS architecture:
If the system architect chooses a standard PC or a standard controller, there are typically few functions,that are not handled by the software. That is, the PESS requirements and software requirements pretty much similar. The electrical interface, namely the power supply of the PESS or the hardware, is an exception.
If, on the other hand, the manufacturer develops specific hardware, and the hardware provides parts of the clinical functions the intersection between PESS and software requirements is smaller.
Risk management for PESS
A PESS itself cannot harm directly, even if many manufacturers argue it to be. Instead, the PESS can be an element in a chain of causes that can lead to an external malfunction of the medical device and then to harm with a certain probability and severity – and thus to a risk.
Therefore, do not commission developers or suppliers of Programmable Electronic Subsystems with the risk analysis for this PESS. You can only ask them to specify the possible external failures of this component, together with the probability of this failure.
To know the possible failures, you need precise PESS requirements/specifications (see above).
The Medical Device University shows you step-by-step how to specify a PESS and how to analyze and control the risks.
