Taxonomy Structure
The taxonomy follows a four-level cascade where each level narrows the hazard category:
The Four Levels
Level 1 — Root Category
The root of the taxonomy is Energy. IEC 60601-1 takes an energy-based approach to hazard identification: every hazard ultimately traces to some form of energy that can cause harm.Level 2 — Energy Type
Level 2 classifies the broad category of energy involved:| L2 Category | IEC 60601-1 Scope | Example Hazards |
|---|---|---|
| Electrical | Electrical energy hazards from mains, battery, or signal circuits | Leakage current, dielectric breakdown, static discharge |
| Mechanical | Kinetic, potential, or pressure energy | Moving parts, sharp edges, fluid pressure, structural failure |
| Thermal | Heat or cold energy transfer | Burns from hot surfaces, tissue damage from cold, thermal runaway |
| Radiation | Electromagnetic, acoustic, or optical energy | Electromagnetic interference, ultrasonic exposure, laser/LED light |
Level 3 — Mechanism
Level 3 identifies the specific energy transfer mechanism. For the Electrical category, examples include:- Leakage current — Unintended current flow through the patient or operator
- Shock — Deliberate or accidental direct contact with energized conductors
- Electromagnetic interference — Energy coupling that disrupts device function
Level 4 — Specific Hazard
Level 4 pinpoints the exact hazard source. Under Leakage current:- Earth leakage — Current flowing through protective earth
- Enclosure leakage — Current flowing through accessible conductive parts
- Patient leakage — Current flowing through applied parts to the patient
Dependent Enum Cascade
In the risksheet, the four levels are implemented as cascading dependent enumerations. Selecting a Level 1 value filters the available Level 2 options, which in turn filter Level 3, and so on. This prevents invalid combinations (for example, selecting “Earth leakage” under “Mechanical” energy). The cascade operates at the risksheet column level. When a user changes the L1 value, the L2 dropdown refreshes to show only the children of the selected L1 category. This behavior is configured through the risksheet template’s hazard taxonomy columns.How the Taxonomy Connects to Risk Records
Hazards exist in a reusable Hazards Catalog (68 entries in the Catalogs space). Risk records in the HARA link to catalog hazards through thehasHazard link role:
| Entity | Link Role | Direction |
|---|---|---|
| Risk Record | hasHazard | Risk Record —> Hazard |
| Risk Record | hasHarm | Risk Record —> Harm |
- Filtering by category — Show all risk records related to electrical hazards
- Gap analysis — Identify taxonomy branches with no associated risk records
- Regulatory mapping — Map hazard categories directly to IEC 60601-1 clauses
Harms Catalog
Separate from the hazard catalog, a Standard Harms catalog defines 25 harm entries. Each harm carries a severity level (1-5, Negligible to Catastrophic). Risk records link to harms through thehasHarm link role.
The separation of hazards from harms is an ISO 14971 principle: the same hazard (e.g., electrical leakage) can lead to different harms (minor tingling vs. cardiac arrest) depending on the circumstances. Keeping them separate enables accurate risk scoring by combining the specific hazard’s probability with the specific harm’s severity.
Example: Smart Infusion Pump
For the reference Smart Infusion Pump, the taxonomy covers hazards across all six subsystems:| Subsystem | Primary L2 Categories | Example L4 Hazards |
|---|---|---|
| Fluid Pumping & Housing | Mechanical, Thermal | Tubing occlusion, pump door crush, motor overheating |
| Control & Processing | Electrical, Radiation (EMI) | Firmware malfunction, memory corruption, EMI susceptibility |
| User Interface | Electrical, Radiation (Optical) | Display failure, keypad malfunction, LED overexposure |
| Sensing & Monitoring | Electrical, Mechanical | Sensor drift, false alarm, occlusion detection failure |
| Power Management | Electrical, Thermal | Battery thermal runaway, power loss, charging fault |
| External Communications | Radiation (RF) | Data corruption, wireless interference, unauthorized access |
Related Pages
- IEC 60601 Hazard Taxonomy Cascade — Full enumeration reference for all four levels
- Identify Hazards and Harm Scenarios — Step-by-step guide to using the taxonomy during HARA
- Use Hazard and Harm Catalogs — How to browse and link catalog entries
- Dual Risk Methodology: HARA and DFMEA — How HARA and DFMEA share the harm catalog