Critical Component List (CCL) in Medical Device Manufacturing

Why is the Critical Component List (CCL) Important?

In the development of medical devices, the control of safety-critical components plays a central role. A Critical Component List (CCL) is not just a “nice to have”, but an essential tool for:

  • Ensuring product safety
  • Supporting risk management
  • Compliance with regulatory requirements
  • Preparation for certifications (e.g. Notified Bodies, FDA, etc.)

Nevertheless, in many projects the CCL is either created too late, maintained incompletely, or not systematically linked to risk management.

Critical Component List in Regulatory Context

The CCL is not explicitly required as a term in standards or regulations, but it is indirectly derived from several requirements:

ISO 14971 (ISO/TR 24971 Annex A):

  • Identification of hazards and characteristics related to safety → Identification of components in the medical device considering whether characteristics relevant to safety are known.

IEC 60601-1: Requirements for safety-relevant components

  • All components, the failure of which could result in a hazardous situation shall be used in accordance with their specified ratings and included in the risk management process;
  • If the failure of a component could lead to an unacceptable risk, that component shall exhibit characteristics of high reliability.

IEC 60601-1: Implementation of “Means of Protection” (MOP, MOOP, MOPP)

  • The reliability of components that are used as means of protection shall be assessed for the conditions of use in the ME equipment;
  • These parts typically require testing either according to IEC 60601-1 itself or according to an appropriate component standard.

EU MDR – Article 23 clearly states:

  • The replacement of critical components must not impair the safety and performance characteristics of the product;
  • Manufacturers must demonstrate that spare parts do not negatively affect the original safety and performance of the device.

Especially for safety-critical components (e.g. isolation barriers, power supplies, sensors, protective circuits), clear identification within the CCL is essential.

Source: adobe stock

What is a Critical Component?

A Critical Component is any component whose failure or malfunction:

  • can cause a safety risk;
  • can impact compliance with regulatory requirements;
  • is essential for protective measures.

Typical examples include:

  • Isolation barriers (e.g. optocouplers, transformers)
  • Fuses and protective circuits
  • Sensors with safety functions
  • Control-related hardware (e.g. watchdog ICs)
  • Components with direct impact on patient protection

What Needs to Be Considered?

The objective is not simply to create a random list of components. Certified components should be purchased or tested according to the applicable standard requirements.

To ensure that a component is not considered critical from a risk and especially systematic component failure perspective, the manufacturer must ensure that:

  • the component behaves according to specification, and
  • the specification itself is correct.

Additional considerations may include:

  • Additional verification of the specification itself
  • Special incoming inspection requirements for subcomponents or externally sourced components
  • Quality assurance agreements with suppliers to avoid systematic faults, for example through mandatory end-of-line testing methods
  • Additional supplier audit requirements, including audit frequency and evaluation criteria
  • Management of supplier dependency risks through:
    – contractual obligations,
    – guaranteed supply agreements,
    – defined quality levels,
    – delivery timelines,
    – or the establishment of alternative suppliers / second sources.

Purpose of the Critical Component List

The CCL fulfills several functions simultaneously:

  1. Transparency
    Which components are safety-critical – and why?

  1. Traceability
    Linkage to:
    – Hazard Analysis
    – FMEA / DFMEA
    – Safety Requirements

  1. Supply Chain Control
    – Supplier approval
    – Second source evaluation
    – Incoming inspections & audits

  1. Verification & Validation
    – Which components require special testing?
    – Which components must be certified?

Dijaz Maric, Quality & Safety Consultant

Need support with Critical Component Lists, IEC 60601, or medical device risk management? Our team supports manufacturers with functional safety, compliance strategy, and audit preparation.

Contact us for bespoke consultancy or join one of our upcoming online courses.

Learn more

Critical Component List (CCL) in the Context of IEC 61010

IEC 61010-1 follows a protection-principle-based approach. The objective is not only functionality, but also protection against hazards such as:

  • Electric shock
  • Overtemperature / fire
  • Mechanical hazards

And this is exactly where the CCL becomes important again: all components implementing a protective function are, by definition, “critical”.

Examples include:

  • Components implementing protective functions (Means of Protection)
    – Insulation systems (Basic / Double / Reinforced)
    – Clearance and creepage distances
    – Protective earth connections
  • Components limiting energy
    – Fuses
    – Current limiting resistors
    – Power supplies with limited output power
  • Components ensuring thermal safety
    – Thermal fuses
    – Thermistors
    – Cooling concepts

We must be able to demonstrate:

  • which components are safety-relevant,
  • that they are suitable,
  • and that they are correctly applied.

And this is exactly what the CCL supports.

Typical Example: Power Supply of a Laboratory Device

Hazard:
– Electric shock

Requirement according to IEC 61010:
– Double or reinforced insulation

Design implementation:
– Transformer with reinforced insulation
– Optocoupler in the feedback path

Source: adobe stock

How is a CCL Created?

Typically, the inputs are first collected based on:
– System architecture / block diagrams
– Risk analyses such as DFMEA

Risk/Criticality is then evaluated based on questions such as:
– Does failure lead to a hazard?
– Is redundancy available?
– Is the component part of a protective measure?

Afterwards, the safety criticality of the component is assessed.

CCL Best Practice

Every critical component should be traceable to:

  • Hazard
  • Failure mode
  • Risk control

Example:

Hazard: Electric shock
Control: Isolation barrier
Component: Optocoupler

→ MUST be included in the CCL

Conclusion

The Critical Component List is a key element for:

  • Safe product development
  • Regulatory compliance
  • Auditable processes

The CCL is linked to the current version of the product. However, this does not mean that the CCL cannot be modified. Most Notified Bodies do not require complete re-certification for every change, but such modifications must still be properly planned and implemented (impact analysis, required testing and verification, etc.).

However, companies that actively use the CCL throughout the development process not only reduce risks, but also significantly reduce future audit findings.

By Dijaz Maric, Quality Management & Reliability Engineering Consultant

Learn
more

Looking to strengthen your team’s understanding of IEC 60601, ISO 14971, or safety-critical component management? Explore our training and consultancy services for medical device manufacturers.

CONTACT

Form

We look forward to hearing from you.

    Show privacy policy

    Contact

    Address Austria:
    Lorit Consultancy GmbH
    Siezenheimer Straße 35
    5020 Salzburg / Austria

    Tel: +43 676 338 8884
    info@lorit-consultancy.com

    Address UK:
    Lorit Consultancy Ltd
    1 Craigathie Road
    Roslin Midlothian / Scotland EH25 9BG

    Tel: +44 7708 360023
    info@lorit-consultancy.com

    Partner of
    • Copyright © 2026
    • To top