EURUSD
Your shopping cart is empty.
IEC

IEC 81001-5-1:2021/ISH1:2025

(Main)

Interpretation Sheet 1 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle

Interpretation Sheet 1 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle

Feuille d'interprétation 1 - Logiciels de santé et sécurité, efficacité et sûreté des systèmes TI de santé - Partie 5-1: Sûreté - Activités du cycle de vie du produit

General Information

Status
Published
Publication Date
03-Dec-2025
ICS
11.040.01 - Medical equipment in general
35.240.80 - IT applications in health care technology
Technical Committee
SC 62A - Common aspects of medical equipment, software, and systems
Current Stage
BPUB - Publication being printed
Start Date
14-Nov-2025
Completion Date
07-Nov-2025
Ref Project

Relations

Revised
IEC 81001-5-1:2021 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle
Effective Date
26-Oct-2025
IEC 81001-5-1:2021/ISH1:2025 - Interpretation Sheet 1 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle Released:12/4/2025IEC 81001-5-1:2021/ISH1:2025 - Interpretation Sheet 1 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle Released:12/4/2025
PreviousNext
Standard
IEC 81001-5-1:2021/ISH1:2025 - Interpretation Sheet 1 - Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle Released:12/4/2025
English language
3 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
IEC 81001-5-1
Edition 1.0  2021-12
Health software and health IT systems safety, effectiveness and security -
Part 5-1: Security - Activities in the product life cycle

INTERPRETATION SHEET 1
This interpretation sheet has been prepared by subcommittee 62A: Common aspects of medical
equipment, software, and systems, of IEC technical committee 62: Medical equipment,
software, and systems.
The text of this interpretation sheet is based on the following documents:
DISH Report on voting
62A/1692/DISH 62A/1706/RVDISH
Full information on the voting for the approval of this interpretation sheet can be found in the
report on voting indicated in the above table.

___________
This interpretation sheet is intended to clarify the following:
a) Requirements which are needed to provide essential ACCOMPANYING DOCUMENTATION to the
operators of the HEALTH SOFTWARE product regarding the transfer of risk related to software
items from the MANUFACTURER to the responsible organization or operator.
b) Requirements which are needed to maintain SECURITY of the HEALTH SOFTWARE product
Interpretation of IEC 81001-5-1:2021, Introduction, 0.2
The HEALTH SOFTWARE is part of a connected and complex healthcare ecosystem, which is
integrated into a surrounding HEALTH IT SYSTEM and HEALTH IT INFRASTRUCTURE. ISO 81001-1
provides a definition of the sociotechnical ecosystem in which the HEALTH SOFTWARE operates
in, and how to reference the security aspect of the HEALTH SOFTWARE within an IT-system inside
a broader HEALTHCARE SYSTEM.
ICS 11.040.01, 35.240.80
IEC 81001-5-1:2021-12/ISH1:2025-11(en)

Interpretation of IEC 81001-5-1:2021, 4.1
4.1.7 Disclosing SECURITY-related issues
NOTE 1 This activity is related to 9.3 through 9.5 where additional supporting details are provided.
NOTE 2 On a) “CVSS” and “ranking” address the rating of the severity and characteristics of security vulnerabilities.
4.1.9 ACCOMPANYING DOCUMENTATION review
NOTE For clarification, the documents mentioned with “SECURITY guidelines” are detailed in 5.8.2 and 5.8.7.
Interpretation of IEC 81001-5-1:2021, 4.3
4.3 SOFTWARE ITEM classification relating to risk transfer
NOTE 1 (foundations, intentions):
Table 1 – SOFTWARE ITEM classification mapped to affected clauses

* Implied inclusion in clause since IEC 81001-5-1:2021, Clause 3 explicitly defines SUPPORTED SOFTWARE “includes
MAINTAINED SOFTWARE” and REQUIRED SOFTWARE “includes SUPPORTED SOFTWARE”.
SOFTWARE ITEM classification related to risk transfer from 4.3 is clarified as follows:
a) The SOFTWARE ITEM classification categories are nested, but only to ensure clauses that
explicitly mention a category are also understood to include the nested categories. Table 1
above notes all clauses that detail requirements specific to a SOFTWARE ITEM classification
and notes the implicit inclusion of nested categories. Further requirements of SOFTWARE
ITEM classification that are not explicit in an associated clause are not part of this document.
b) The manufacturer shall apply risk transfer activities for all SOFTWARE ITEMS according to their
associated category. An organization’s policy and procedures may choose different terms
for these classifications if clauses citing requirements for these SOFTWARE ITEM
classifications are satisfied. Risks for all SOFTWARE ITEMS should be identified and managed
(5.2.3), updates for SOFTWARE ITEMS controlled by the manufacturer or PRODUCT user should
be communicated (6.3.1) and updates to manufacturer provided SOFTWARE ITEMS should be
made available (6.3.2) and have verifiable integrity (6.3.3). For 4.3, any declaration of
conformance, or internal policy/procedure, should state the alternative terminology
leveraged and how it maps to the sp
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC 81001-5-1:2021(Main)
Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle

IEC 81001-5-1:2021 defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformance to IEC 62443-4-1 – taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES.
The purpose is to increase the CYBERSECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves.
It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in ISO 81001-1.
This document excludes specification of ACCOMPANYING DOCUMENTATION contents.
The contents of the Interpretation sheet 1 (2025-12) have been included in this copy.

  • Standard
    114 pages
    English and French language
    sale 15% off
IEC
IEC 80001-1:2021(Main)
Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software

IEC 80001-1:2021 specifies general requirements for ORGANIZATIONS in the application of RISK MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY whilst engaging appropriate stakeholders.
IEC 80001-1:2021 cancels and replaces the first edition published in 2010. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) structure changed to better align with ISO 31000;
b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT;
c) communication of the value, intention and purpose of RISK MANAGEMENT through principles that support preservation of the KEY PROPERTIES during the implementation and use of connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.

  • Standard
    75 pages
    English and French language
    sale 15% off
IEC
ISO TR 80002-2:2017(Main)
Medical device software - Part 2: Validation of software for medical device quality systems

ISO/TR 80002-2:2017(E) applies to any software used in device design, testing, component acceptance, manufacturing, labelling, packaging, distribution and complaint handling or to automate any other aspect of a medical device quality system as described in ISO 13485.
ISO/TR 80002-2:2017 applies to
- software used in the quality management system,
- software used in production and service provision, and
- software used for the monitoring and measurement of requirements.
It does not apply to
- software used as a component, part or accessory of a medical device, or
- software that is itself a medical device.

  • Technical report
    84 pages
    English language
    sale 15% off
IEC
IEC TR 80001-2-9:2017(Main)
Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities

IEC TR 80001-2-9:2017(E) establishes a security case framework and provides guidance to health care delivery organizations (HDO) and medical device manufacturers (MDM) for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices. Use of this part of 80001 is intended to be one of the possible means to bridge the gap between MDMs and HDOs in providing adequate information to support the HDOs risk management of IT-networks. This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy, rather, the intention is to complement risk management and in turn provide a greater level of assurance for a medical device by:
- mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern;
- providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls);
- providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities.
The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.

  • Technical report
    35 pages
    English language
    sale 15% off
IEC
ISO TR 80001-2-7:2015(Main)
Application of risk management for IT-networks incorporating medical devices -- Application guidance -- Part 2-7: Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1

ISO/TR 80001-2-7:2015 is to provide guidance to HDOs on self-assessment of their conformance against IEC 80001-1.

  • Technical report
    102 pages
    English language
    sale 15% off
IEC
IEC TR 80001-2-5:2014(Main)
Application of risk management for IT-networks incorporating medical devices - Part 2-5: Application guidance - Guidance on distributed alarm systems

IEC TR 80001-2-5:2014(E) which is a technical report, gives guidance and practical techniques for responsible organizations, medical device manufacturers and providers of other information technology in the application of IEC 80001-1:2010 for the risk management of distributed alarm systems. This technical report applies to the transmission of alarm conditions between sources, integrator and communicators where at least one source is a medical device and at least one communication path utilizes a medical IT-network. This technical report provides recommendations for the integration, communication of responses and redirection (to another operator) of alarm conditions from one or more sources to ensure safety and effectiveness. Data and systems security is an important consideration for the risk management of distributed alarm systems.

  • Technical report
    39 pages
    English language
    sale 15% off
IEC
ISO TR 80001-2-6:2014(Main)
Application of risk management for IT-networks incorporating medical devices -- Part 2-6: Application guidance -- Guidance for responsibility agreements

ISO/TR 80001-2-6:2014 provides guidance on implementing RESPONSIBILITY AGREEMENTS, which are described in IEC 80001-1 as used to establish the roles and responsibilities among the stakeholders engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK in order to support compliance to IEC 80001-1. Stakeholders may include RESPONSIBLE ORGANIZATIONS, IT suppliers, MEDICAL DEVICE manufacturers and others. The goal of the RESPONSIBILITY AGREEMENT is that these roles and responsibilities should cover the complete lifecycle of the resulting MEDICAL IT-NETWORK.

  • Technical report
    15 pages
    English language
    sale 15% off
IEC
IEC 80001-1:2010(Main)
Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities

IEC 80001-1:2010 Recognizing that medical devices are incorporated into IT-networks to achieve desirable benefits (for example, interoperability), defines the roles, responsibilities and activities that are necessary for risk management of IT-networks incorporating medical devices to address safety, effectiveness and data and system security (the key properties). IEC 80001-1:2010 does not specify acceptable risk levels. IEC 80001-1:2010 applies after a medical device has been acquired by a responsible organization and is a candidate for incorporation into an IT-network. It applies throughout the life cycle of IT-networks incorporating medical devices. IEC 80001-1:2010 applies where there is no single medical device manufacturer assuming responsibility for addressing the key properties of the IT-network incorporating a medical device. IEC 80001-1:2010 applies to responsible organizations, medical device manufacturers and providers of other information technology for the purpose of risk management of an IT-network incorporating medical devices as specified by the responsible organization. It does not apply to personal use applications where the patient, operator and responsible organization are one and the same person.

  • Standard
    86 pages
    English and French language
    sale 15% off
IEC
IEC 62024-1:2024/COR1:2025(Corrigendum)
Corrigendum 1 - High frequency inductive components - Electrical characteristics and measuring methods - Part 1: Nanohenry range chip inductor

IEC 62024-1:2024 specifies the electrical characteristics and measuring methods for the nanohenry range chip inductor that is normally used in the high frequency (over 100 kHz) range.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of S parameter measurement;
b) addition of the inductance, Q-factor and impedance of an inductor which are measured by the reflection coefficient method with a network analyzer;
c) addition of the resonance frequency of an inductor which is measured by a two-port network analyzer;
d) addition of the mounting method for a surface mounting inductor with Pb-free solder.

  • Standard
    2 pages
    English and French language
    sale 15% off
IEC
IEC 62541-19:2025(Main)
OPC unified architecture - Part 19: Dictionary Reference

IEC 62541-19: 2025 defines an Information Model of the OPC Unified Architecture. The Information Model describes the basic infrastructure to reference from an OPC UA Information Model to external dictionaries like IEC Common Data Dictionary or ECLASS.

  • Standard
    15 pages
    English language
    sale 15% off
  • Standard
    15 pages
    French language
    sale 15% off
  • Standard
    30 pages
    English and French language
    sale 15% off