IEC/FDIS 80001-1

FINAL
INTERNATIONAL IEC/FDIS
DRAFT
STANDARD 80001-1
ISO/TC 215
Safety, effectiveness and security
Secretariat: ANSI
in the implementation and use
Voting begins on:
2021-02-12 of connected medical devices or
connected health software —
Voting terminates on:
2021-04-09
Part 1:
Application of risk management
Member bodies are requested to consult relevant national interests in IEC/SC
62A before casting their ballot to the e-Balloting application.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
IEC/FDIS 80001-1:2021(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. IEC 2021
---------------------- Page: 1 ----------------------
IEC/FDIS 80001-1:2021(E)
ii © IEC 2021 – All rights reserved
---------------------- Page: 2 ----------------------
– 2 – IEC FDIS 80001-1 © IEC 2021
CONTENTS

FOREWORD ........................................................................................................................... 4

INTRODUCTION ..................................................................................................................... 7

1 Scope .............................................................................................................................. 9

2 Normative references ...................................................................................................... 9

3 Terms and definitions ...................................................................................................... 9

4 Principles ...................................................................................................................... 11

5 Framework .................................................................................................................... 12

5.1 General ................................................................................................................. 12

5.2 Leadership and commitment ................................................................................. 12

5.3 Integrating RISK MANAGEMENT ................................................................................ 12

5.4 Design/planning .................................................................................................... 12

5.4.1 General ......................................................................................................... 12

5.4.2 RISK MANAGEMENT FILE ................................................................................... 13

5.4.3 Understanding the organization and the SOCIOTECHNICAL ECOSYSTEM ............... 13

5.4.4 Articulating RISK MANAGEMENT commitment .................................................... 14

accountabilities .............................................................................................. 14

5.4.6 Allocating resources ...................................................................................... 15

5.4.7 Establishing communication and consultation ................................................ 15

5.5 Implementation ..................................................................................................... 15

5.6 Evaluation ............................................................................................................. 16

5.7 Improvement ......................................................................................................... 16

6 RISK MANAGEMENT PROCESS ............................................................................................ 16

6.1 Generic requirements............................................................................................ 16

6.1.1 General ......................................................................................................... 16

6.1.2 RISK ANALYSIS ................................................................................................ 17

6.1.3 RISK EVALUATION ............................................................................................ 19

6.1.4 RISK CONTROL ................................................................................................ 19

6.2 Lifecycle specific requirements ............................................................................. 22

6.2.1 General ......................................................................................................... 22

6.2.2 Acquisition ..................................................................................................... 22

6.2.3 Installation, customization and configuration .................................................. 22

6.2.4 Integration, data migration, transition and validation ...................................... 23

6.2.5 Implementation, workflow optimization and training ....................................... 23

6.2.6 Operation and maintenance ........................................................................... 23

6.2.7 Decommission ............................................................................................... 25

Annex A (informative) IEC 80001-1 requirements mapping table .......................................... 26

Annex B (informative) Guidance for accompanying document Information ............................ 33

B.1 Foreword .............................................................................................................. 33

B.2 Information system categorization ......................................................................... 34

B.3 Overview............................................................................................................... 34

B.4 Reference documents ........................................................................................... 34

B.5 System level description ....................................................................................... 34

B.5.1 Environment description ................................................................................ 34

B.5.2 Network ports, protocols and services ........................................................... 35

B.5.3 Purpose of connection to the health IT infrastructure ..................................... 35

B.5.4 Networking requirements ............................................................................... 35

B.5.5 Required IT-network services ........................................................................ 35

B.5.6 Data flows and protocols ............................................................................... 35

B.6 Security and user access ...................................................................................... 36

B.6.1 General ......................................................................................................... 36

B.6.2 Malware / antivirus / whitelisting .................................................................... 36

B.6.3 Security exclusions ........................................................................................ 36

B.6.4 System access .............................................................................................. 36

B.7 RISK MANAGEMENT ................................................................................................. 38

Bibliography .......................................................................................................................... 39

Figure 1 – Lifecycle framework addressing safety, effectiveness and security of health

IT software and health IT systems........................................................................................... 8

Figure 2 – RISK MANAGEMENT PROCESS .................................................................................. 13

Table A.1 – IEC 80001-1 requirements table ......................................................................... 26

Table B.1 – Organization name and location ......................................................................... 33

Table B.2 – Cybersecurity device characterization level ........................................................ 34

Table B.3 – Ports, protocols and services ............................................................................. 35

Table B.4 – Information system name and title ...................................................................... 36

Table B.5 – Roles and privileges ........................................................................................... 37

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international

co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and

in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,

Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their

preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with

may participate in this preparatory work. International, governmental and non-governmental organizations liaising

with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for

Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence between

any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent

rights. IEC shall not be held responsible for identifying any or all such patent rights.

Subcommittee 62A: Common aspects of electrical equipment used in medical practice, of IEC

Technical Committee 62: Electrical equipment in medical practice, and of ISO Technical

This second edition cancels and replaces the first edition published in 2010. This edition

This edition includes the following significant technical changes with respect to the previous

b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT;

c) communication of the value, intention and purpose of RISK MANAGEMENT through principles

that support preservation of the KEY PROPERTIES during the implementation and use of

Full information on the voting for the approval of this document can be found in the report on

This document has been drafted in accordance with the ISO/IEC Directives, Part 2.

• informative material appearing outside of tables, such as notes, examples and references: in smaller type.

• TERMS DEFINED IN CLAUSE 3 OF THIS DOCUMENT OR AS NOTED ARE PRINTED IN SMALL CAPITALS.

• “clause” means one of the five numbered divisions within the table of contents, inclusive of

• “subclause” means a numbered subdivision of a clause (e.g. 5.1, 5.2 and 5.3 are all

References to clauses within this document are preceded by the term “Clause” followed by the

clause number. References to subclauses within this particular standard are by number only.

In this document, the conjunctive “or” is used as an “inclusive or” so a statement is true if any

The verbal forms used in this document conform to usage described in Clause 7 of the ISO/IEC

• “shall” means that compliance with a requirement or a test is mandatory for compliance with

• “should” means that compliance with a requirement or a test is recommended but is not

• “may” is used to describe a permissible way to achieve compliance with a requirement or

A list of all parts of the IEC 80001 series, published under the general title Safety, effectiveness

and security in the implementation and use of connected medical devices or connected health

Future standards in this series will carry the new general title as cited above. Titles of existing

The committee has decided that the contents of this standard will remain unchanged until the

stability date indicated on the IEC website under "https://webstore.iec.ch" in the data related to

IMPORTANT – The "colour inside" logo on the cover page of this document indicates

that it contains colours which are considered to be useful for the correct understanding

of its contents. Users should therefore print this document using a colour printer.

HEALTHCARE DELIVERY ORGANIZATIONS rely on safe, effective and secure systems as business-

critical factors. However, ineffective management of the implementation and use of connected

Connected systems that deliver health services, generally involve multiple software

applications, various medical devices and complex HEALTH IT SYSTEMS that rely upon shared

infrastructure including wired or wireless networks, point to point connections, application

servers and data storage, interface engines, security and performance management software,

etc. These HEALTH IT INFRASTRUCTURES are often used for both clinical (e.g. patient monitoring

systems) and non-clinical organizational functions (e.g. accounting, scheduling, social

networking, multimedia, file sharing). These connected systems can involve small departmental

networks to large integrated infrastructures spanning multiple locations as well as cloud-based

services operated by third parties. The requirements in this document are intended for multiple

stakeholders involved in the application of RISK MANAGEMENT to systems that include HEALTH IT

Within the context of ISO 81001-1, this document covers the generic lifecycle phase

This document facilitates ORGANIZATIONS in using or adapting existing work practices and

processes, personnel and tools wherever practicable to address the requirements of this

document. For example, if an organization has an existing RISK MANAGEMENT PROCESS, this can

be used or adapted to support the three KEY PROPERTIES of SAFETY, EFFECTIVENESS, and

SECURITY. Requirements are defined such that they can be evaluated and as such support an

ORGANIZATION in verifying and demonstrating the degree of compliance with this document.

The RISK MANAGEMENT requirements of this document are based upon existing concepts adapted

and extended for use by all stakeholders supporting implementation and clinical use of

connected HEALTH SOFTWARE and HEALTH IT SYSTEMS (including medical devices). This

This document specifies general requirements for ORGANIZATIONS in the application of RISK

before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT

INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this standard. For dated references, only the edition cited applies.

For undated references, the latest edition of the referenced document (including any

ISO and IEC maintain terminological databases for use in standardization at the following

NOTE With the exception of the terms and definitions listed in this clause, all terms and definitions used in this

Note 1 to entry: A CONSEQUENCE can be certain or uncertain and can have positive or negative direct or indirect

Note 3 to entry: Any CONSEQUENCE can escalate through cascading and cumulative effects.

care activities, services, management or supplies related to the health of an individual or

Note 1 to entry: This includes more than performing procedures for subjects of care. It includes, for example, the

management of information about patients, health status and relations within the HEALTHCARE delivery framework

[SOURCE: ISO 13940:2015, 3.1.1, modified – The definition was reworded to include

unplanned interruption to a service a reduction in the quality of a service or an event that has

RISK derived during risk estimation taking into consideration any retained RISK control measures

[SOURCE: ISO/IEC/IEEE 15026-1:2019, 3.3.3, modified – The definition was reworded.]

Note 1 to entry: In risk management terminology, the word “LIKELIHOOD” is used to refer to the chance of something

happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and

described using general terms or mathematically (such as a probability or a frequency over a given time period).

Note 2 to entry: The English term “LIKELIHOOD” does not have a direct equivalent in some languages; instead, the

equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted as

a mathematical term. Therefore, in risk management terminology, “LIKELIHOOD” is used with the intent that it should

have the same broad interpretation as the term “probability” has in many languages other than English.

set of interrelated or interacting activities which transforms inputs into outputs

[SOURCE: IEC 80001-1:2010, 2.17, modified – Replacement of the term "medical IT-network

risk manager" with "health risk manager", and replacement in the definition "medical IT-network"

description of how the elements and resources of the risk management PROCESS will be

The following principles provide the basis for RISK MANAGEMENT. They communicate the value,

intention and purpose of RISK MANAGEMENT and their application supports the preservation of

the KEY PROPERTIES during the implementation and use of HEALTH IT SYSTEMS within a HEALTH IT

– RISK MANAGEMENT is an integral part of an ORGANIZATION’S activities at all stages of the

– accountability for the RISK MANAGEMENT PROCESS remains with the HEALTHCARE DELIVERY

– a HEALTHCARE DELIVERY ORGANIZATION may assign responsibility for RISK MANAGEMENT of the

HEALTH IT SYSTEM and/or HEALTH IT INFRASTRUCTURE to a different ORGANIZATION such as

providers of HEALTH IT SYSTEMS, HEALTH IT INFRASTRUCTURE or a collaboration of HEALTHCARE

RISK MANAGEMENT creates and protects value. It contributes to the demonstrable maintenance

or/and improvement of SAFETY, EFFECTIVENESS and SECURITY in the implementation and use of

– A structured and comprehensive approach to RISK MANAGEMENT contributes to consistent

– The RISK MANAGEMENT PROCESS is scalable and can be customised and made proportionate

– Appropriate and timely involvement of stakeholders leads to improved awareness and

– RISKS can emerge, change or disappear as new HEALTHCARE tools and methodologies are

developed. Proactive RISK MANAGEMENT anticipates, detects, acknowledges and responds to

– The inputs to RISK MANAGEMENT are based on historical and current information, as well as

future expectations. RISK MANAGEMENT explicitly considers any limitations and uncertainties

associated with such information and expectations. Information should be timely, clear and

– The SOCIOTECHNICAL ECOSYSTEM significantly influences all aspects of RISK MANAGEMENT at

each level within the HEALTHCARE DELIVERY ORGANIZATION and at each lifecycle stage; and

– RISK MANAGEMENT is a continuous activity, improved through learning and experience. RISK

MANAGEMENT strengthens the ORGANIZATION resilience and supports the ORGANIZATION’S

The purpose of the RISK MANAGEMENT framework is to assist the ORGANIZATION in integrating the

RISK MANAGEMENT with other significant activities and functions. Effective RISK MANAGEMENT

depends on its integration with the governance of the ORGANIZATION, including decision-making.

This requires support from all stakeholders, particularly TOP MANAGEMENT. Requirements in this

document apply to HEALTHCARE DELIVERY ORGANIZATIONS and other ORGANIZATIONS seeking

conformance with this RISK MANAGEMENT framework. Those requirements that apply to

It is the responsibility of the TOP MANAGEMENT of the ORGANIZATION to ensure that RISK

MANAGEMENT is implemented throughout the HEALTH IT SYSTEM lifecycle, and that its effectiveness

The ORGANIZATION shall establish and adhere to a defined PROCESS for RISK MANAGEMENT.

Effective integration of RISK MANAGEMENT relies on an understanding of the ORGANIZATION’S

structures and context. Structures differ depending on the ORGANIZATION’S purpose, goals and

complexity. The RISK is managed in every part of the ORGANIZATION’S structure. Everyone in an

RISK MANAGEMENT is a dynamic and iterative PROCESS that can be customised to the

ORGANIZATION’S culture and objectives. The RISK MANAGEMENT should be part of, and not

separate from, organizational purpose, governance, leadership, commitment, strategy,

The safe acquisition, installation, integration, implementation, clinical use, maintenance and

decommissioning of a HEALTH IT SYSTEM is dependent on effective RISK MANAGEMENT planning.

Planning activities apply to new implementations and modifications to existing HEALTH IT

RISK MANAGEMENT activities throughout all lifecycle phases of the HEALTH IT SYSTEM and describe

how a specific HEALTH IT SYSTEM project will adhere to the RISK MANAGEMENT PLAN. The RISK

MANAGEMENT PROCESS which establishes the requirements of this document is depicted at

The extent of the RISK MANAGEMENT PLAN should be flexible and commensurate with the scale

and scope of functionality of the HEALTH IT SYSTEM whilst addressing the RISK MANAGEMENT

requirements specified within this document. The contents of the RISK MANAGEMENT PLAN should

– defined risk acceptance criteria for individual risks and the overall RESIDUAL RISK;

a) establish, at the start of a project, a HEALTH IT SYSTEM RISK MANAGEMENT FILE;

b) maintain the RISK MANAGEMENT FILE throughout the lifecycle of the HEALTH IT SYSTEM; and

The HEALTH IT SYSTEM RISK MANAGEMENT FILE provides a store of all records which relate to the

Before starting the design and implementation of the RISK MANAGEMENT PLAN it is important to

evaluate and understand the internal and external SOCIOTECHNICAL ECOSYSTEM as this