iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
IEC

IEC TR 80001-2-9:2017

(Main)

Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities

Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities

IEC TR 80001-2-9:2017(E) establishes a security case framework and provides guidance to health care delivery organizations (HDO) and medical device manufacturers (MDM) for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices. Use of this part of 80001 is intended to be one of the possible means to bridge the gap between MDMs and HDOs in providing adequate information to support the HDOs risk management of IT-networks. This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy, rather, the intention is to complement risk management and in turn provide a greater level of assurance for a medical device by:
- mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern;
- providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls);
- providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities.
The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.

General Information

Status
Published
Publication Date
29-Jan-2017
ICS
01 - GENERALITIES. TERMINOLOGY. STANDARDIZATION. DOCUMENTATION
01.040.25 - Manufacturing engineering (Vocabularies)
11.040.01 - Medical equipment in general
25.040.40 - Industrial process measurement and control
35.240.80 - IT applications in health care technology
Technical Committee
SC 62A - Common aspects of medical equipment, software, and systems
Drafting Committee
JWG 7 - TC 62/SC 62A/JWG 7
Current Stage
PPUB - Publication issued
Start Date
27-Feb-2017
Completion Date
30-Jan-2017
Ref Project

Buy Standard

IEC TR 80001-2-9:2017 - Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilitiesIEC TR 80001-2-9:2017 - Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities
PreviousNext
Technical report
IEC TR 80001-2-9:2017 - Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities
English language
35 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC TR 80001-2-9
Edition 1.0 2017-01
TECHNICAL
REPORT
Application of risk management for it-networks incorporating medical devices –
Part 2-9: Application guidance – Guidance for use of security assurance cases
to demonstrate confidence in IEC TR 80001-2-2 security capabilities

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about
ISO/IEC copyright or have an enquiry about obtaining additional rights to this publication, please contact the address
below or your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC TR 80001-2-9
Edition 1.0 2017-01
TECHNICAL
REPORT
Application of risk management for it-networks incorporating medical devices –

Part 2-9: Application guidance – Guidance for use of security assurance cases

to demonstrate confidence in IEC TR 80001-2-2 security capabilities

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 11.040.01, 35.240.80 ISBN 978-2-8322-3907-0

– 2 – IEC TR 80001-2-9:2017 © IEC 2017
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references . 8
3 Terms, definitions and abbreviated terms . 9
3.1 Terms and definitions . 9
3.2 Abbreviated terms . 12
4 ASSURANCE case . 12
5 Use of this document . 13
5.1 Intended use . 13
5.2 Intended audience . 13
5.2.1 Intended purpose . 13
5.2.2 MEDICAL DEVICE MANUFACTURERS (MDM) . 13
5.2.3 Healthcare delivery organizations (HDO) . 14
5.2.4 Other stakeholders . 15
6 General guidelines. 15
6.1 General . 15
6.2 Overview of the SECURITY CASE framework . 15
6.3 Notation . 16
6.3.1 Components of a SECURITY CASE . 16
6.3.2 Goal . 16
6.3.3 Strategy . 17
6.3.4 Justification . 17
6.3.5 Context . 17
6.3.6 Solution (EVIDENCE) . 18
6.3.7 Stakeholder . 18
6.3.8 Notation extensions . 18
7 Developing the SECURITY CASE . 19
8 SECURITY CASE change management . 28
Annex A (informative) Exemplar SECURITY PATTERNS . 29
A.1 General . 29
A.2 Exemplar SECURITY PATTERN for person authentication (PAUT) — SECURITY
CAPABILITY PAUT established by MDM for a medical system . 29
A.2.1 Goal G6: Replay attack mitigated. 29
A.2.2 Goal G8: ‘Man-in-the-middle’ attack mitigated. 29
A.2.3 Goal G10: Brute force attack mitigated . 29
A.2.4 Goal G13, G14: Denial of service attacks due to account lockout
controls mitigated . 30
A.3 Exemplar SECURITY PATTERN for automatic logoff (ALOF) established for a
thin client terminal system . 31
A.3.1 Goal: Patient safety RISK with short session timeouts in OR mitigated . 31
A.3.2 Goal: Patient safety RISK with restoring sessions in the OR and ICU
mitigated . 31
A.4 Exemplar SECURITY PATTERN for audit controls (AUDT) for a system or a
device in a HDO facility such as a pharmacy system or an EMR, where
multiple people require access to the same data set— Goal G6: Keep a
correct audit trail of attending staff in the OR while sessions are kept open . 33

Bibliography . 35

Figure 1 – Example GOAL (top-level) . 17
Figure 2 – Example strategy . 17
Figure 3 – Example justification . 17
Figure 4 – Example context . 18
Figure 5 – Example solution (EVIDENCE) . 18
Figure 6 – Example stakeholder . 18
Figure 7 – Leading components – Steps 1 through 9 . 19
Figure 8 – SECURITY CAPABILITY pattern . 22
Figure 9 – SECURITY CASE structure . 27
Figure A.1 – Exemplar SECURITY PATTERN for PAUT . 30
Figure A.2 – Exemplar SECURITY PATTERN for ALOF . 32
Figure A.3 – Exemplar SECURITY PATTERN for AUDT . 34

Table 1 – Notation extensions . 18
Table 2 – SECURiTY CASE steps 1 through 9 . 20
Table 3 – SECURITY CASE steps 10 through 26 . 23

– 4 – IEC TR 80001-2-9:2017 © IEC 2017
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 2-9: Application guidance – Guidance for use of security assurance
cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a t
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC 60127-8:2018(Main)
Miniature fuses - Part 8: Fuse resistors with particular overcurrent protection

IEC 60127-8:2018 relates to fuse resistors with particular overcurrent protection rated up to AC 500 V and/or DC 500 V for printed circuits and other substrate systems, used for the protection of electric appliances, electronic equipment and component parts thereof, normally intended to be used indoors.
It does not apply to fuse resistors with particular overcurrent protection for appliances intended to be used under special conditions, such as in a corrosive or explosive atmosphere.
The object of this part of IEC 60127 is
a) to establish uniform requirements for fuse resistors with particular overcurrent protection so as to protect appliances or parts of appliances in the most suitable way;
b) to define the performance of the fuse resistors with particular overcurrent protection, so as to give guidance to manufacturers of electrical appliances and electronic equipment and to ensure replacement of fuse resistors with particular overcurrent protection by those of similar dimensions and characteristics;
c) to establish uniform test methods for fuse resistors with particular overcurrent protection, so as to allow verification of the values (for example rated dissipation, functioning characteristic and rated breaking capacity values) specified by the manufacturer.
This part of IEC 60127 applies in addition to the requirements of IEC 60127-1.
This first edition of IEC 60127-8 cancels and replaces IEC PAS 60127-8:2014.
This international standard is to be used in conjunction with IEC 60127-1.
Keywords: Miniature Fuses, Fuse-Resistors, Overcurrent Protection

  • Standard
    25 pages
    English language
    sale 15% off
  • Standard
    52 pages
    English language
    sale 15% off
  • Standard
    49 pages
    English and French language
    sale 15% off
IEC
IEC 61280-2-13:2024(Main)
Fibre optic communication subsystem test procedures - Part 2-13: Digital systems - Measurement of error vector magnitude

IEC 61280-2-13:2024 series defines a procedure for calculating the root-mean-square error vector magnitude of optical n-APSK signals from a set of measured symbols. It specifically defines the normalization of the reference states and a procedure for optimal scaling of the measured symbol states. The procedure described in this document applies to single-polarized optical signals as well as to conventional polarization-multiplexed signals with independently modulated polarization tributaries. In general, it is not advisable to apply these procedures without modification to signals, in which optical amplitude, phase, and polarization state are simultaneously modulated to encode the information data. This document does not specify any signal processing steps for extracting the symbols from the received optical signals, because these steps depend on the optical receiver and can vary with the type of the transmitted n-APSK signal. These and optional additional signal processing steps are defined in application-specific documents.

  • Standard
    49 pages
    English and French language
    sale 15% off
IEC
IEC 60127-8:2018/AMD1:2024(Amendment)
Amendment 1 - Miniature fuses - Part 8: Fuse resistors with particular overcurrent protection
  • Standard
    13 pages
    English and French language
    sale 15% off
IEC
IEC 62024-1:2024(Main)
High frequency inductive components - Electrical characteristics and measuring methods - Part 1: Nanohenry range chip inductor

IEC 62024-1:2024 is available as IEC 62024-1:2024 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62024-1:2024 specifies the electrical characteristics and measuring methods for the nanohenry range chip inductor that is normally used in the high frequency (over 100 kHz) range.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of S parameter measurement;
b) addition of the inductance, Q-factor and impedance of an inductor which are measured by the reflection coefficient method with a network analyzer;
c) addition of the resonance frequency of an inductor which is measured by a two-port network analyzer;
d) addition of the mounting method for a surface mounting inductor with Pb-free solder.

  • Standard
    102 pages
    English language
    sale 15% off
  • Standard
    63 pages
    English and French language
    sale 15% off
IEC
IEC 63412-1:2024(Main)
Ultrasonics - Shear-wave elastography - Part 1: Specifications for the user interface

IEC 63412-1:2024 specifies quantities and parameters which it is essential to provide to the user of shear-wave elastography systems, many in the image headers.
This document is applicable to medical-diagnostic, ultrasonic shear-wave elastography systems, exciting (internally or externally) shear waves and tracking their propagation within biological tissue.

  • Standard
    41 pages
    English and French language
    sale 15% off
IEC
IEC TS 62607-9-2:2024(Main)
Nanomanufacturing - Key control characteristics - Part 9-2: Nanomagnetic products - Magnetic field distribution: Magneto-optical indicator film technique

IEC TS 62607-9-2:2024, which is a Technical Specification, establishes a standardized method to determine the key control characteristic
• magnetic field distribution
of nanomagnetic materials, structures and devices by the
• magneto-optical indicator film technique.
The magnetic field distribution is derived by utilizing a magneto optical indicator film, which is a thin film of magneto-optic material that is placed on the surface of an object exhibiting a spatially varying magnetic field distribution. The Faraday effect is then employed to measure the magnetic field strength by analysing the rotation of the polarization plane of light passing through the magneto-optic film.
The method is applicable for measuring the stray field distribution of flat nanomagnetic materials, structures and devices.
- The method can especially be used to perform fast quantitative measurements of stray field distributions at the surface of an object.
- The magneto-optic indicator film technique (MOIF) is a fast, non-destructive method, making it an attractive option for materials analysis and testing in the industry.
- MOIF measurements can be done without any sample preparation and do not rely on specific surface properties of the object. It can be applied to the characterization of rough samples as well as of samples with non-magnetic cover layers.
- MOIF can quantitatively measure magnetic field distributions:
• with a one-shot measurement which typically takes a few seconds
• over areas of several square centimetres (over diameters of up to 15 cm with special techniques)
• in a field range from 1 mT to more than 100 mT
• with down to 1 µm spatial resolution
- Although techniques with nano-scale resolution are suitable for analysing the details of magnetic field structure, their ability to characterize larger areas is limited by their scanning area. Therefore, the MOIF technique is an indispensable complementary method that can offer a more comprehensive understanding of material properties.
This document focuses on the calibration procedures, calibrated measurement process, and evaluation of measurement uncertainty to ensure the traceability of quantitative magnetic field measurements obtained through the magneto-optic indicator film technique.

  • Technical specification
    771 pages
    English language
    sale 15% off
IEC
IEC TS 63336:2024(Main)
Commissioning of VSC HVDC systems

IEC TS 63336:2024, which is a technical specification, applies to the commissioning of voltage-sourced converter (VSC) high voltage direct current (HVDC) systems which consist of two converter stations and the connecting HVDC transmission line.
The tests are generally applied to all HVDC configurations and could require addition or deletion to match the given solution.
This document provides guidance on the planning of commissioning activities. The commissioning described in this document is implemented through on-site testing on the whole system functionality, including testing on the subsystem and system. This document provides the scope, procedures and acceptance criteria of the tests.
Factory system tests, on-site equipment tests, electrode tests, and trial operation are not included in this document.

  • Technical specification
    61 pages
    English language
    sale 15% off
IEC
IEC 63128:2019(Main)
Lighting control interface for dimming - Analogue voltage dimming interface for electronic current sourcing controlgear

IEC 63128:2019 specifies the analogue control interface of controlgear which has the function of controlling the output of the controlgear. The output of the controlgear is controlled between minimum/off and maximum values by the voltage control device sinking the controlgear current source.
This document does not specify safety requirements for the analogue interface of controlgear. Safety requirements are given in IEC 61347 (all parts).

  • Standard
    29 pages
    English language
    sale 15% off
  • Standard
    21 pages
    English and French language
    sale 15% off
IEC
IEC SRD 63476-1:2024(Main)
Smart city system ontology - Part 1: Gap analysis

IEC SRD 63476-1:2024 provides a gap analysis on ontology relevant standards for smart city systems to be used as a base document for mapping, developing and maintaining a set of ontology standards for smart city systems.
Ontology is becoming a key subject in the world of big data, AI, IoT, and smart city system standards. The following benefits of ontology are recognized as important with respect to interoperability, connectivity, traceability of digital content, particularly machine readability, executability and interpretability of digital content for decision making and actions.
- Increase interoperability across domains.
- Enable machine-readable code for computational reasoning and decision making.
- Create semantic linkages between data, information and knowledge systems.
- Build accessible APIs and semantic linkages between web-based data objects.
- Link data domains with shared concepts or canonical data models.
- Connect shared data concepts and definitions between domains.
However, ontology has a variety of definitions in different international standards. How to understand different meanings of ontology and select the right definition for the right stakeholders’ concerns for the right purposes is a big challenge for effective integration of business, data, information, knowledge and decision making, across disciplines, domains, systems, platforms and applications in smart cites. Moreover, how to deal with the grand challenges of interoperability of many and various ontologies to satisfy the demands from artificial intelligence and big data analytics are gaps to be filled in the area of smart city systems. How to develop digital content that is machine readable, executable and interpretable, working in the system without human effort for a smart city system are emerging needs to be studied. There are significant demands for better communication, coordination, cooperation, collaboration and connectivity of existing ontology standards to smart cities practical sectors. This document aims:
• to identify existing ontology standards from different Standards Development Organizations (SDOs) and to provide best practice examples and considerations of ontology standards development and maintenance for smart city systems;
• to identify gaps in existing ontology standards for smart city systems and the opportunities and challenges in ontology standards development taking into account multi-dimensional and muti-domain stakeholders’ concerns city wide, and to provide recommendations for ontology standards development and maintenance to enable integration, interoperability, efficiency and effectiveness of smart city systems.

  • Standardization document
    69 pages
    English language
    sale 15% off
IEC
IEC 60404-1-1:2004(Main)
Magnetic materials - Part 1-1: Classification - Surface insulations of electrical steel sheet, strip and laminations

Establishes a classification of surface insulations for electrical steel sheet, strip and laminations according to their general composition, relative insulating ability and function. These surface insulations are either oxide layers or applied coatings. The purpose of this classification is to create a nomenclature for the various types of surface insulations and to assist users of surface insulations by providing general information about the chemical nature and use of the surface insulations. It is not the intent of this classification to specify insulation requirements in terms of specific values of surface insulation resistance. Such requirements are agreed between the purchaser and the steel producer, where applicable. The classification is used in conjunction with the various specifications for cold rolled electrical steels (see the standards in the IEC 60404-8 series in Clause 2).

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    13 pages
    English and French language
    sale 15% off