Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software

This document specifies general requirements for ORGANIZATIONS in the application of RISK MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY whilst engaging appropriate stakeholders.

Anwendung des Risikomanagements für IT-Netzwerke, die Medizinprodukte beinhalten - Teil 1: Sicherheit, Effektivität, Daten- und Systemsicherheit bei Implementierung und Gebrauch von eingebundenen Medizinprodukten oder eingebundener Gesundheitssoftware

Application de la gestion des risques aux réseaux des technologies de l’information contenant des dispositifs médicaux - Partie 1: Sûreté, efficacité et sécurité dans la mise en œuvre et l'utilisation des dispositifs médicaux connectés ou des logiciels de santé connectés

L'IEC 80001-1:2021 spécifie des exigences générales au profit des ORGANISATIONS pour l’application de la GESTION DES RISQUES avant, pendant et après la connexion d’un SYSTEME TI DE SANTE au sein d’une INFRASTRUCTURE TI DE SANTE. Il traite des PROPRIETES CLES de SECURITE, d’EFFICACITE et de SURETE tout en impliquant les intervenants concernés. L'IEC 80001-1:2021 annule et remplace la première édition parue en 2010. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente: a) modification de la structure pour mieux s’aligner sur l’ISO 31000; b) établissement d’exigences en faveur d’une ORGANISATION dans l’application de la GESTION DES RISQUES; c) communication de la valeur, de l’objectif et de la finalité de la GESTION DES RISQUES à travers des principes qui favorisent la préservation des PROPRIETES CLES lors de la mise en œuvre et de l’utilisation des LOGICIELS DE SANTE et/ou SYSTEMES TI DE SANTE connectés.

Uporaba upravljanja tveganja za omrežja IT, ki vključujejo medicinske naprave - 1. del: Varnost, učinkovitost in varnost pri izvajanju in uporabi povezanih medicinskih pripomočkov ali povezane zdravstvene programske opreme (IEC 80001-1:2021)

Ta dokument določa splošne zahteve za ORGANIZACIJE, ki uporabljajo upravljanje tveganja pred, med in po povezovanju ZDRAVSTVENEGA SISTEMA IT v ZDRAVSTVENO INFRASTRUKTURO IT, tako da obravnava KLJUČNE LASTNOSTI VARNOSTI, UČINKOVITOSTI in ZAŠČITE ob vključevanju ustreznih deležnikov.

General Information

Status
Published
Publication Date
28-Oct-2021
Current Stage
6060 - Document made available - Publishing
Start Date
29-Oct-2021
Completion Date
29-Oct-2021

Relations

Buy Standard

Standard
EN IEC 80001-1:2022 - BARVE
English language
39 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-januar-2022
Nadomešča:
SIST EN 80001-1:2011
Uporaba upravljanja tveganja za omrežja IT, ki vključujejo medicinske naprave - 1.
del: Varnost, učinkovitost in varnost pri izvajanju in uporabi povezanih
medicinskih pripomočkov ali povezane zdravstvene programske opreme (IEC
80001-1:2021)
Application of risk management for IT-networks incorporating medical devices - Part 1:
Safety, effectiveness and security in the implementation and use of connected medical
devices or connected health software (IEC 80001-1:2021)
Sicherheit, Effektivität und Daten- und Systemsicherheit bei Implementierung und
Gebrauch von eingebundenen Medizinprodukten oder eingebundener
Gesundheitssoftware - Teil 1: Anwendung von Risikomanagement (IEC 80001-1:2021)
Application de la gestion des risques aux réseaux des technologies de l’information
contenant des dispositifs médicaux - Partie 1: Sûreté, efficacité et sécurité dans la mise
en œuvre et l'utilisation des dispositifs médicaux connectés ou des logiciels de santé
connectés (IEC 80001-1:2021)
Ta slovenski standard je istoveten z: EN IEC 80001-1:2021
ICS:
11.040.01 Medicinska oprema na Medical equipment in general
splošno
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 80001-1

NORME EUROPÉENNE
EUROPÄISCHE NORM
October 2021
ICS 11.040.01; 35.240.80 Supersedes EN 80001-1:2011 and all of its amendments
and corrigenda (if any)
English Version
Application of risk management for IT-networks incorporating
medical devices - Part 1: Safety, effectiveness and security in
the implementation and use of connected medical devices or
connected health software
(IEC 80001-1:2021)
Application de la gestion des risques aux réseaux des Sicherheit, Effektivität und Daten- und Systemsicherheit bei
technologies de l'information contenant des dispositifs Implementierung und Gebrauch von eingebundenen
médicaux - Partie 1: Sûreté, efficacité et sécurité dans la Medizinprodukten oder eingebundener
mise en œuvre et l'utilisation des dispositifs médicaux Gesundheitssoftware - Teil 1: Anwendung von
connectés ou des logiciels de santé connectés Risikomanagement
(IEC 80001-1:2021) (IEC 80001-1:2021)
This European Standard was approved by CENELEC on 2021-10-26. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 80001-1:2021 E

European foreword
The text of document 62A/1434/FDIS, future edition 2 of IEC 80001-1, prepared by SC 62A “Common
aspects of electrical equipment used in medical practice” of IEC/TC 62 “Electrical equipment in
medical practice” was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2022–07–26
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2024–10–26
document have to be withdrawn
This document supersedes EN 80001-1:2011 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 80001-1:2021 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
ISO 14971:2019 NOTE Harmonized as EN ISO 14971:2019 (not modified)
ISO 13940:2015 NOTE Harmonized as EN ISO 13940:2016 (not modified)
IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006 (not modified) +A11:2011

IEC 80001-1
Edition 2.0 2021-09
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Application of risk management for IT-networks incorporating medical devices –

Part 1: Safety, effectiveness and security in the implementation and use of

connected medical devices or connected health software

Application de la gestion des risques aux réseaux des technologies de

l’information contenant des dispositifs médicaux –

Partie 1: Sûreté, efficacité et sécurité dans la mise en œuvre et l'utilisation des

dispositifs médicaux connectés ou des logiciels de santé connectés

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 11.040.01; 35.240.80 ISBN 978-2-8322-9748-3

– 2 – IEC 80001-1:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 7
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 9
4 Principles . 10
5 Framework . 11
5.1 General . 11
5.2 Leadership and commitment . 11
5.3 Integrating RISK MANAGEMENT . 11
5.4 Design/planning . 12
5.4.1 General . 12
5.4.2 RISK MANAGEMENT FILE . 13
5.4.3 Understanding the organization and the SOCIOTECHNICAL ECOSYSTEM . 13
5.4.4 Articulating RISK MANAGEMENT commitment . 13
5.4.5 Assigning organizational roles, authorities, responsibilities and
accountabilities . 13
5.4.6 Allocating resources . 14
5.4.7 Establishing communication and consultation . 14
5.5 Implementation . 15
5.6 Evaluation . 15
5.7 Improvement . 15
6 RISK MANAGEMENT PROCESS . 15
6.1 Generic requirements. 15
6.1.1 General . 15
6.1.2 RISK ANALYSIS . 16
6.1.3 RISK EVALUATION . 18
6.1.4 RISK CONTROL . 19
6.2 Lifecycle specific requirements . 21
6.2.1 General . 21
6.2.2 Acquisition . 21
6.2.3 Installation, customization and configuration . 22
6.2.4 Integration, data migration, transition and validation . 22
6.2.5 Implementation, workflow optimization and training . 22
6.2.6 Operation and maintenance . 23
6.2.7 Decommission . 24
Annex A (informative) IEC 80001-1 requirements mapping table . 25
Annex B (informative) Guidance for accompanying document Information . 31
B.1 Foreword . 31
B.2 Information system categorization . 32
B.3 Overview. 32
B.4 Reference documents . 32
B.5 System level description . 32
B.5.1 Environment description . 32
B.5.2 Network ports, protocols and services . 33
B.5.3 Purpose of connection to the health IT infrastructure . 33

IEC 80001-1:2021 © IEC 2021 – 3 –
B.5.4 Networking requirements . 33
B.5.5 Required IT-network services . 33
B.5.6 Data flows and protocols . 33
B.6 Security and user access . 34
B.6.1 General . 34
B.6.2 Malware / antivirus / allow-list . 34
B.6.3 Security exclusions . 34
B.6.4 System access . 34
B.7 RISK MANAGEMENT . 36
Bibliography . 37

Figure 1 – Lifecycle framework addressing safety, effectiveness and security of health
software and health IT systems . 8
Figure 2 – RISK MANAGEMENT PROCESS . 12

Table A.1 – IEC 80001-1 requirements table . 25
Table B.1 – Organization name and location . 31
Table B.2 – Cybersecurity device characterization level . 32
Table B.3 – Ports, protocols and services . 33
Table B.4 – Information system name and title . 34
Table B.5 – Roles and privileges . 35
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.