iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
IEC

IEC TR 80001-2-2:2012

(Main)

Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls

Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls

IEC/TR 80001-2-2:2012(E), which is a technical report, creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. Intended use and local factors determine which exact capabilities will be useful in the dialog about risk. The capability descriptions in this report are intended to supply health delivery organizations (HDOs), medical device manufacturers (MDMs), and IT vendors with a basis for discussing risk and their respective roles and responsibilities toward its management. This discussion among the risk partners serves as the basis for one or more responsibility agreements as specified in IEC 80001-1.

General Information

Status
Published
Publication Date
09-Jul-2012
ICS
01 - GENERALITIES. TERMINOLOGY. STANDARDIZATION. DOCUMENTATION
11.040.01 - Medical equipment in general
Technical Committee
SC 62A - Common aspects of medical equipment, software, and systems
Drafting Committee
JWG 7 - TC 62/SC 62A/JWG 7
Current Stage
PPUB - Publication issued
Start Date
30-Sep-2012
Completion Date
10-Jul-2012
Ref Project

Buy Standard

IEC TR 80001-2-2:2012 - Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controlsIEC TR 80001-2-2:2012 - Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
PreviousNext
Technical report
IEC TR 80001-2-2:2012 - Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
English language
54 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

IEC/TR 80001-2-2


Edition 1.0 2012-07




TECHNICAL



REPORT









colour

inside









Application of risk management for IT-networks incorporating medical devices –

Part 2-2: Guidance for the disclosure and communication of medical device

security needs, risks and controls




































IEC/TR 80001-2-2:2012(E)

---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2012 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.


IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch

About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

Useful links:

IEC publications search - www.iec.ch/searchpub Electropedia - www.electropedia.org
The advanced search enables you to find IEC publications The world's leading online dictionary of electronic and
by a variety of criteria (reference number, text, technical electrical terms containing more than 30 000 terms and
committee,…). definitions in English and French, with equivalent terms in
It also gives information on projects, replaced and additional languages. Also known as the International
withdrawn publications. Electrotechnical Vocabulary (IEV) on-line.

IEC Just Published - webstore.iec.ch/justpublished Customer Service Centre - webstore.iec.ch/csc
Stay up to date on all new IEC publications. Just Published If you wish to give us your feedback on this publication
details all new publications released. Available on-line and or need further assistance, please contact the
also once a month by email. Customer Service Centre: csc@iec.ch.

---------------------- Page: 2 ----------------------
IEC/TR 80001-2-2


Edition 1.0 2012-07




TECHNICAL



REPORT








colour

inside










Application of risk management for IT-networks incorporating medical devices –

Part 2-2: Guidance for the disclosure and communication of medical device

security needs, risks and controls


























INTERNATIONAL

ELECTROTECHNICAL

COMMISSION

PRICE CODE
XA


ICS 11.040.01 ISBN 978-2-83220-202-9



  Warning! Make sure that you obtained this publication from an authorized distributor.

---------------------- Page: 3 ----------------------
– 2 – TR 80001-2-2  IEC:2012(E)
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 8
3 Terms and definitions . 8
4 Use of SECURITY CAPABILITIES . 12
4.1 Structure of a SECURITY CAPABILITY entry. 12
4.2 Guidance for use of SECURITY CAPABILITIES in the RISK MANAGEMENT PROCESS . 12
4.3 Relationship of ISO 14971-based RISK MANAGEMENT to IT security RISK
MANAGEMENT . 13
5 SECURITY CAPABILITIES . 14
5.1 Automatic logoff – ALOF . 14
5.2 Audit controls – AUDT . 14
5.3 Authorization – AUTH .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

IEC
IEC 60601-1:2005/AMD2:2020(Amendment)
Amendment 2 - Medical electrical equipment - Part 1: General requirements for basic safety and essential performance
  • Standard
    51 pages
    English language
    sale 15% off
  • Standard
    104 pages
    English and French language
    sale 15% off
IEC
IEC 60601-1-8:2006/AMD2:2020(Amendment)
Amendment 2 - Medical electrical equipment - Part 1-8: General requirements for basic safety and essential performance - Collateral Standard: General requirements, tests and guidance for alarm systems in medical electrical equipment and medical electrical systems
  • Standard
    58 pages
    English language
    sale 15% off
  • Standard
    119 pages
    English and French language
    sale 15% off
IEC
IEC 60601-1-10:2007/AMD2:2020(Amendment)
Amendment 2 - Medical electrical equipment - Part 1-10: General requirements for basic safety and essential performance - Collateral Standard: Requirements for the development of physiologic closed-loop controllers
  • Standard
    21 pages
    English and French language
    sale 15% off
IEC
IEC 60601-1-11:2015/AMD1:2020(Amendment)
Amendment 1 - Medical electrical equipment - Part 1-11: General requirements for basic safety and essential performance - Collateral Standard: Requirements for medical electrical equipment and medical electrical systems used in the home healthcare environment
  • Standard
    16 pages
    English and French language
    sale 15% off
IEC
IEC 60601-1-9:2007/AMD2:2020(Amendment)
Amendment 2 - Medical electrical equipment - Part 1-9: General requirements for basic safety and essential performance - Collateral Standard: Requirements for environmentally conscious design
  • Standard
    8 pages
    English and French language
    sale 15% off
IEC
IEC 60601-1-6:2010/AMD2:2020(Amendment)
Amendment 2 - Medical electrical equipment - Part 1-6: General requirements for basic safety and essential performance - Collateral standard: Usability
  • Standard
    18 pages
    English and French language
    sale 15% off
IEC
IEC 60601-1-12:2014/AMD1:2020(Amendment)
Amendment 1 - Medical electrical equipment - Part 1-12: General requirements for basic safety and essential performance - Collateral Standard: Requirements for medical electrical equipment and medical electrical systems intended for use in the emergency medical services environment
  • Standard
    9 pages
    English and French language
    sale 15% off
IEC
IEC 62366-1:2015/AMD1:2020(Amendment)
Amendment 1 - Medical devices - Part 1: Application of usability engineering to medical devices
  • Standard
    38 pages
    English and French language
    sale 15% off
IEC
ISO TR 24971:2020(Main)
Medical devices - Guidance on the application of ISO 14971

This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019.
The risk management process can be part of a quality management system, for example one that is based on ISO 13485:2016[24], but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016 (Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook: ISO 13485:2016 - Medical devices - A practical guide.

  • Technical report
    87 pages
    English language
    sale 15% off
IEC
ISO 14971:2019(Main)
Medical devices - Application of risk management to medical devices

This document specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The process described in this document intends to assist manufacturers of medical devices to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The requirements of this document are applicable to all phases of the life cycle of a medical device. The process described in this document applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.
The process described in this document can also be applied to products that are not necessarily medical devices in some jurisdictions and can also be used by others involved in the medical device life cycle.
This document does not apply to:
- decisions on the use of a medical device in the context of any particular clinical procedure; or
- business risk management.
This document requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels.
Risk management can be an integral part of a quality management system. However, this document does not require the manufacturer to have a quality management system in place.
NOTE Guidance on the application of this document can be found in ISO/TR 24971[9].

  • Standard
    36 pages
    English language
    sale 15% off