ISO TS 81001-2-1:2025
(Main)Health software and health IT systems safety, effectiveness and security - Part 2-1: Coordination - Guidance for the use of assurance cases for safety and security
This document establishes requirements and gives guidance on assurance case framework for healthcare delivery organizations (HDOs) and for health software and medical device manufacturers (MDMs) and can be used to support the communication and information transfer between all parties. An assurance case can be used to communicate information and knowledge about different risks to other roles.
This document establishes:
- an assurance case framework for HDOs and health software and MDMs for identifying, developing, interpreting, updating and maintaining assurance cases.
- one of the possible means to bridge the gap between manufacturers and HDOs in providing adequate information to support the HDOs risk management of IT-networks;
- best practice by leveraging ISO/IEC/IEEE 15026-2 and other standards to identify key considerations and for the structure and contents of an assurance case, e.g. iterative and continuous approaches;
- example structure, method and format to improve the consistency and comparability of assurance cases.
This document is applicable to all parties involved in the health software and health IT systems life cycle, including:
a) organizations, health informatics professionals and clinical leaders specifying, acquiring, designing, developing, integrating, implementing and operating health software and health IT systems, for example health software developers and MDMs, system integrators, system administrators (including cloud and other IT service providers);
b) healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services;
c) governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organization’s ability to consistently provide safe, effective and secure health software, health IT systems and services;
d) organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management;
e) providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems;
f) developers of related safety, effectiveness and security standards.
This document is for use by organizations and people who build, acquire, operate, maintain, use or decommission health software and health IT systems (including medical devices). It is applicable to all organizations involved, regardless of size, complexity or business model.
General Information
ISO/TS 81001-2-1
First edition
Health software and health IT
systems safety, effectiveness and
security —
Part 2-1:
Coordination — Guidance and
requirements for the use of
assurance cases for safety and
Sécurité, efficacité et sûreté des logiciels de santé et des systèmes
TI de santé —
Partie 2-1: Coordination — Orientations et exigences relatives à
l'utilisation des dossiers d'assurance en matière de sûreté et de
Reference number
ISO/TS 81001-2-1:2025(en) © ISO 2025
ISO/TS 81001-2-1:2025(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Assurance case . 4
4.1 Concepts .4
4.2 Healthcare delivery organizations (HDO) .4
4.3 Manufacturers .5
4.4 Other stakeholders .5
4.5 Benefits .5
4.6 Requirements .6
5 General requirements and recommendations. 6
5.1 Principles .6
5.2 Assurance case development process .6
5.2.1 General .6
5.2.2 Step 1: identify the goal .7
5.2.3 Step 2: define the basis of the goal .7
5.2.4 Step 3: identify the strategy .8
5.2.5 Step 4: define the basis on which the strategy is stated .8
5.2.6 Step 5: elaborate the strategy .8
5.2.7 Step 6: identify the solution .8
5.3 General considerations.8
5.4 Argument considerations .9
5.5 Evidence considerations .9
5.6 Notation .10
5.6.1 General .10
5.6.2 Goal .10
5.6.3 Strategy .10
5.6.4 Solution .10
5.6.5 Context .11
5.6.6 Assumption .11
5.6.7 Justification .11
5.6.8 SupportedBy relationship . 12
5.6.9 InContextOf relationship . 12
6 Developing an assurance case using GSN .12
6.1 General . 12
6.2 Step 1: identify the goal . 13
6.3 Step 2: define the basis on which the goal is stated . 13
6.4 Step 3: identify the strategy used to support the goal . 13
6.5 Step 4: define the basis on which the strategy is stated .14
6.6 Step 5: elaborate the strategy .14
6.7 Repeat Step 2: define the basis on which the goal is stated . 15
6.8 Repeat Step 4: define the basis on which the strategy is stated .16
6.9 Step 6: identify the basic solution .17
7 Assurance case change management .18
8 Security assurance case .18
Annex A (informative) Generic risk-based HIT assurance case pattern.20
Annex B (informative) IEC 80001-1 Compliance assurance case pattern .23
Annex C (informative) AI assurance case pattern .31
Annex D (informative) Security assurance case pattern.43
Annex E (informative) Assurance notation cross reference .44
Annex F (informative) Summary of assurance case requirements relative to organizations .45
Bibliography .46
