iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/TR 80001-2-7:2015

(Main)

Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1

Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1

ISO/TR 80001-2-7:2015 is to provide guidance to HDOs on self-assessment of their conformance against IEC 80001‑1.

Application du management du risque aux réseaux des technologies de l'information contenant les dispositifs médicaux — Conseils pour les applications — Partie 2-7: Directives de prestation de soins de santé organisations sur la façon de s'auto-évaluer leur conformité avec la norme IEC 80001-1

General Information

Status
Published
Publication Date
16-Mar-2015
ICS
11.040.01 - Medical equipment in general
35.240.80 - IT applications in health care technology
Technical Committee
ISO/TC 215 - Health informatics
Drafting Committee
ISO/TC 215/JWG 7 - Joint ISO/TC 215 - IEC/SC 62A WG: Safe, effective and secure health software and health IT systems, including those incorporating medical devices
Current Stage
9599 - Withdrawal of International Standard
Due Date
09-Dec-2024
Completion Date
09-Dec-2024
Ref Project

Buy Standard

ISO/TR 80001-2-7:2015 - Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 Released:3/17/2015ISO/TR 80001-2-7:2015 - Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 Released:3/17/2015
PreviousNext
Technical report
ISO/TR 80001-2-7:2015 - Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 Released:3/17/2015
English language
102 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/TR 80001-2-7:2015 - Application of risk management for IT-networks incorporating medical devices -- Application guidanceISO/TR 80001-2-7:2015 - Application of risk management for IT-networks incorporating medical devices -- Application guidance
PreviousNext
Technical report
ISO/TR 80001-2-7:2015 - Application of risk management for IT-networks incorporating medical devices -- Application guidance
English language
102 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/TR
REPORT 80001-2-7
First edition
2015-04-01
Application of risk management for
IT-networks incorporating medical
devices — Application guidance —
Part 2-7:
Guidance for Healthcare Delivery
Organizations (HDOs) on how to self-
assess their conformance with IEC
80001-1
Application du management du risque aux réseaux des technologies
de l’information contenant les dispositifs médicaux — Conseils pour
les applications —
Partie 2-7: Directives de prestation de soins de santé organisations sur
la façon de s’auto-évaluer leur conformité avec la norme IEC 80001-1
Reference number
©
ISO 2015
© ISO 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Assessment Method . 2
4.1 Prerequisites . 2
4.2 Assessment Method Overview . 2
4.3 Assessment Stages . 3
4.3.1 Stage 1 — Defining Assessment Scope . 3
4.3.2 Stage 2 — Stakeholder Involvement . 3
4.3.3 Stage 3 — Information Collection and Evaluation . 3
4.3.4 Stage 4 — Findings Report. 3
4.3.5 Stage 5 — Presentation of Findings . 4
4.3.6 Stage 6 — Improvement Plan (optional) . 4
4.3.7 Stage 7 — Follow-up Assessment (optional) . 4
4.4 Process attribute rating scale . 4
4.4.1 Rating of process attributes . 4
4.4.2 Process attribute rating values . 4
4.5 Capability Levels . 5
4.6 Tailoring the Assessment Method . 5
Annex A (informative) Assessment Method . 7
Annex B (informative) Process Reference Model .38
Annex C (informative) Process Assessment Model .50
Annex D (informative) Abbreviations and Process Identifiers .100
Bibliography .102
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT), see the following URL: Foreword — Supplementary information.
The committee responsible for this document is ISO/TC 215, Heath informatics.
ISO/IEC/TR 80001 consists of the following parts, under the general title Application of risk management
for IT-networks incorporating medical devices:
— Part 1: Roles, responsibilities and activities
— Part 2-1: Step-by-step risk management of medical IT-networks; Practical applications and Examples
— Part 2-2: Guidance for the communication of medical device security needs, risks and controls
— Part 2-3: Guidance for wireless networks
— Part 2-4: General implementation guidance for Healthcare Delivery Organizations
— Part 2-5: Application guidance — Guidance for distributed alarm systems
— Part 2-6: Application guidance — Guidance for responsibility agreements
— Part 2-7: Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance
with IEC 80001-1
The following parts are under preparation:
— Part 2-8: Application guidance — Guidance on standards for establishing the security capabilities
identified in IEC 80001-2-2
iv © ISO 2015 – All rights reserved

Introduction
This part of ISO/TR 80001 provides guidance for a Healthcare Delivery Organization (HDO) that wishes
to self-assess its implementation of the processes of IEC 80001-1. This part of ISO/TR 80001 can be used
to assess Medical IT-Network projects where IEC 80001-1 has been determined to be applicable. This
part of ISO/TR 80001 provides an exemplar assessment method which includes a set of questions which
can be used to assess the performance of risk management of a Medical IT-Network incorporating a
medical device. This assessment method can be used in its presented form or can be tailored to meet the
needs of a specific HDO. A Process Reference Model (PRM) and an example Process Assessment Model
(PAM) that meet the requirements of ISO/IEC 15504-2 are included in the Appendices of this part of
ISO/TR 80001. The PRM and PAM can be used to provide a standardized basis for tailoring the exemplar
assessment method where required.
This part of ISO/TR 80001 can be used in a number of ways including the following.
a) The assessment method can be used to perform an assessment to determine conformance
against IEC 80001-1.
b) In instances where conformance has been established, the assessment method can also be used to
assess risk management processes and determine the capability level at which these processes are
being performed.
c) Based on the context of the HDO being assessed, the assessment method can be tailored to address
the individual HDO use, needs and concerns.
The results of the assessment will highlight any weaknesses within current risk management processes
and can be used as a basis for the improvement of these processes. Where necessary, modification of the
assessment method can be undertaken with reference to the PRM and PAM for IEC 80001-1 which are
also included in this part of ISO/TR 80001. This approach allows for a lightweight assessment approach
to which more rigour can be added if required. For example, a re-assessment may be required in
instances where an initial assessment revealed weaknesses in the current risk management processes
and improvements have subsequently been made which require re-assessment to assess their impact
on conformance. A re-assessment may also be performed in instances where confirmation is required
that process improvement measures which have been undertaken have resulted in the achievement of
a higher capability level.
This part of ISO/TR 80001 provides the following:
— guidance for a HDO to self-assess implementation of the processes of IEC 80001-1;
— an exemplar assessment method which
— includes a set of questions,
— can be used to assess the performance of risk management of a Medical IT-Network incorporating
a medical device,
— can be used in its presented form, and
— can be tailored on a standardised basis using the included PRM and PAM;
— a PRM that meet the requirements of ISO/IEC 15504-2;
— an example PAM that meet the requirements of ISO/IEC 15504-2.
NOTE This part of ISO/TR 80001 contains original material that is © 2013, Dundalk Institute of Technology,
Ireland. Permission is granted to ISO and IEC to reproduce and circulate this material, this being without prejudice
to the rights of Dundalk Institute of Technology to exploit the original text elsewhere.
TECHNICAL REPORT ISO/TR 80001-2-7:2015(E)
Application of risk management for IT-networks
incorporating medical devices — Application guidance —
Part 2-7:
Guidance for Healthcare Delivery Organizations (HDOs) on
how to self-assess their conformance with IEC 80001-1
1 Scope
The purpose of this part of ISO/TR 80001 is to provide guidance to HDOs on self-assessment of their
conformance against IEC 80001-1.
The purpose of this part of ISO/TR 80001 is to
a) provide guidance to HDOs on self-assessment of their conformance against IEC 80001-1,
b) provide an exemplar assessment method which can be used by HDOs in varying contexts to assess
themselves against IEC 80001-1,
c) define a PRM comprising a set of processes, described in terms of process purpose and outcomes
that demonstrate coverage of the requirements of IEC 80001-1, and
d) define a PAM that meets the requirements of ISO/IEC 15504-2 and that supports the performance of
an assessment by providing indicators for guidance on the interpretation of the process purposes and
outcomes as defined in IEC 80001-1 (PRM) and the process attributes as defined in ISO/IEC 15504-2.
This part of ISO/TR 80001 does not introduce any requirements in addition to those expressed in
IEC 80001-1.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
Members of ISO and IEC maintain registers of currently valid International Standards.
IEC 80001-1:2010, Application of Risk Management for IT-Networks incorporating Medical Devices — Part
1: Roles, responsibilities and activities
ISO/IEC 15504-1, Information technology — Process assessment — Part 1: Concepts and vocabulary
ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an assessment
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and IEC 80001-1
apply.
...


TECHNICAL ISO/TR
REPORT 80001-2-7
First edition
2015-04-01
Application of risk management for
IT-networks incorporating medical
devices — Application guidance —
Part 2-7:
Guidance for Healthcare Delivery
Organizations (HDOs) on how to self-
assess their conformance with IEC
80001-1
Application du management du risque aux réseaux des technologies
de l’information contenant les dispositifs médicaux — Conseils pour
les applications —
Partie 2-7: Directives de prestation de soins de santé organisations sur
la façon de s’auto-évaluer leur conformité avec la norme IEC 80001-1
Reference number
©
ISO 2015
© ISO 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Assessment Method . 2
4.1 Prerequisites . 2
4.2 Assessment Method Overview . 2
4.3 Assessment Stages . 3
4.3.1 Stage 1 — Defining Assessment Scope . 3
4.3.2 Stage 2 — Stakeholder Involvement . 3
4.3.3 Stage 3 — Information Collection and Evaluation . 3
4.3.4 Stage 4 — Findings Report. 3
4.3.5 Stage 5 — Presentation of Findings . 4
4.3.6 Stage 6 — Improvement Plan (optional) . 4
4.3.7 Stage 7 — Follow-up Assessment (optional) . 4
4.4 Process attribute rating scale . 4
4.4.1 Rating of process attributes . 4
4.4.2 Process attribute rating values . 4
4.5 Capability Levels . 5
4.6 Tailoring the Assessment Method . 5
Annex A (informative) Assessment Method . 7
Annex B (informative) Process Reference Model .38
Annex C (informative) Process Assessment Model .50
Annex D (informative) Abbreviations and Process Identifiers .100
Bibliography .102
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT), see the following URL: Foreword — Supplementary information.
The committee responsible for this document is ISO/TC 215, Heath informatics.
ISO/IEC/TR 80001 consists of the following parts, under the general title Application of risk management
for IT-networks incorporating medical devices:
— Part 1: Roles, responsibilities and activities
— Part 2-1: Step-by-step risk management of medical IT-networks; Practical applications and Examples
— Part 2-2: Guidance for the communication of medical device security needs, risks and controls
— Part 2-3: Guidance for wireless networks
— Part 2-4: General implementation guidance for Healthcare Delivery Organizations
— Part 2-5: Application guidance — Guidance for distributed alarm systems
— Part 2-6: Application guidance — Guidance for responsibility agreements
— Part 2-7: Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance
with IEC 80001-1
The following parts are under preparation:
— Part 2-8: Application guidance — Guidance on standards for establishing the security capabilities
identified in IEC 80001-2-2
iv © ISO 2015 – All rights reserved

Introduction
This part of ISO/TR 80001 provides guidance for a Healthcare Delivery Organization (HDO) that wishes
to self-assess its implementation of the processes of IEC 80001-1. This part of ISO/TR 80001 can be used
to assess Medical IT-Network projects where IEC 80001-1 has been determined to be applicable. This
part of ISO/TR 80001 provides an exemplar assessment method which includes a set of questions which
can be used to assess the performance of risk management of a Medical IT-Network incorporating a
medical device. This assessment method can be used in its presented form or can be tailored to meet the
needs of a specific HDO. A Process Reference Model (PRM) and an example Process Assessment Model
(PAM) that meet the requirements of ISO/IEC 15504-2 are included in the Appendices of this part of
ISO/TR 80001. The PRM and PAM can be used to provide a standardized basis for tailoring the exemplar
assessment method where required.
This part of ISO/TR 80001 can be used in a number of ways including the following.
a) The assessment method can be used to perform an assessment to determine conformance
against IEC 80001-1.
b) In instances where conformance has been established, the assessment method can also be used to
assess risk management processes and determine the capability level at which these processes are
being performed.
c) Based on the context of the HDO being assessed, the assessment method can be tailored to address
the individual HDO use, needs and concerns.
The results of the assessment will highlight any weaknesses within current risk management processes
and can be used as a basis for the improvement of these processes. Where necessary, modification of the
assessment method can be undertaken with reference to the PRM and PAM for IEC 80001-1 which are
also included in this part of ISO/TR 80001. This approach allows for a lightweight assessment approach
to which more rigour can be added if required. For example, a re-assessment may be required in
instances where an initial assessment revealed weaknesses in the current risk management processes
and improvements have subsequently been made which require re-assessment to assess their impact
on conformance. A re-assessment may also be performed in instances where confirmation is required
that process improvement measures which have been undertaken have resulted in the achievement of
a higher capability level.
This part of ISO/TR 80001 provides the following:
— guidance for a HDO to self-assess implementation of the processes of IEC 80001-1;
— an exemplar assessment method which
— includes a set of questions,
— can be used to assess the performance of risk management of a Medical IT-Network incorporating
a medical device,
— can be used in its presented form, and
— can be tailored on a standardised basis using the included PRM and PAM;
— a PRM that meet the requirements of ISO/IEC 15504-2;
— an example PAM that meet the requirements of ISO/IEC 15504-2.
NOTE This part of ISO/TR 80001 contains original material that is © 2013, Dundalk Institute of Technology,
Ireland. Permission is granted to ISO and IEC to reproduce and circulate this material, this being without prejudice
to the rights of Dundalk Institute of Technology to exploit the original text elsewhere.
TECHNICAL REPORT ISO/TR 80001-2-7:2015(E)
Application of risk management for IT-networks
incorporating medical devices — Application guidance —
Part 2-7:
Guidance for Healthcare Delivery Organizations (HDOs) on
how to self-assess their conformance with IEC 80001-1
1 Scope
The purpose of this part of ISO/TR 80001 is to provide guidance to HDOs on self-assessment of their
conformance against IEC 80001-1.
The purpose of this part of ISO/TR 80001 is to
a) provide guidance to HDOs on self-assessment of their conformance against IEC 80001-1,
b) provide an exemplar assessment method which can be used by HDOs in varying contexts to assess
themselves against IEC 80001-1,
c) define a PRM comprising a set of processes, described in terms of process purpose and outcomes
that demonstrate coverage of the requirements of IEC 80001-1, and
d) define a PAM that meets the requirements of ISO/IEC 15504-2 and that supports the performance of
an assessment by providing indicators for guidance on the interpretation of the process purposes and
outcomes as defined in IEC 80001-1 (PRM) and the process attributes as defined in ISO/IEC 15504-2.
This part of ISO/TR 80001 does not introduce any requirements in addition to those expressed in
IEC 80001-1.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
Members of ISO and IEC maintain registers of currently valid International Standards.
IEC 80001-1:2010, Application of Risk Management for IT-Networks incorporating Medical Devices — Part
1: Roles, responsibilities and activities
ISO/IEC 15504-1, Information technology — Process assessment — Part 1: Concepts and vocabulary
ISO/IEC 15504-2:2003, Information technology — Process assessment — Part 2: Performing an assessment
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 15504-1 and IEC 80001-1
apply.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
IEC 80001-1:2021(Main)
Application of risk management for IT-networks incorporating medical devices — Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software

This document specifies general requirements for ORGANIZATIONS in the application of RISK MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY whilst engaging appropriate stakeholders. IEC 80001-1:2021 cancels and replaces the first edition published in 2010. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) structure changed to better align with ISO 31000; b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT; c) communication of the value, intention and purpose of RISK MANAGEMENT through principles that support preservation of the KEY PROPERTIES during the implementation and use of connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.

  • Draft
    31 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-9:2017(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-9: Application guidance — Guidance for use of security assurance cases to demonstrate confidence in IEC/TR 80001-2-2 security capabilities

IEC TR 80001-2-9:2017(E) establishes a security case framework and provides guidance to health care delivery organizations (HDO) and medical device manufacturers (MDM) for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices. Use of this part of 80001 is intended to be one of the possible means to bridge the gap between MDMs and HDOs in providing adequate information to support the HDOs risk management of IT-networks. This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy, rather, the intention is to complement risk management and in turn provide a greater level of assurance for a medical device by: - mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern; - providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls); - providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities. The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.

  • Technical report
    28 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-8:2016(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-8: Application guidance — Guidance on standards for establishing the security capabilities identified in IEC 80001-2-2

IEC TR 80001-2-8:2016(E), which is a Technical Report, provides guidance to Health Delivery Organizations (HDOs) and Medical Device Manufacturers (MDMs) for the application of the framework outlined in IEC TR 80001-2-2.

  • Technical report
    43 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-5:2014(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-5: Application guidance — Guidance for distributed alarm systems

IEC TR 80001-2-5:2014(E) which is a technical report, gives guidance and practical techniques for responsible organizations, medical device manufacturers and providers of other information technology in the application of IEC 80001-1:2010 for the risk management of distributed alarm systems. This technical report applies to the transmission of alarm conditions between sources, integrator and communicators where at least one source is a medical device and at least one communication path utilizes a medical IT-network. This technical report provides recommendations for the integration, communication of responses and redirection (to another operator) of alarm conditions from one or more sources to ensure safety and effectiveness. Data and systems security is an important consideration for the risk management of distributed alarm systems.

  • Technical report
    33 pages
    English language
    sale 15% off
ISO
ISO/TR 80001-2-6:2014(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-6: Application guidance — Guidance for responsibility agreements

ISO/TR 80001-2-6:2014 provides guidance on implementing RESPONSIBILITY AGREEMENTS, which are described in IEC 80001-1 as used to establish the roles and responsibilities among the stakeholders engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK in order to support compliance to IEC 80001-1. Stakeholders may include RESPONSIBLE ORGANIZATIONS, IT suppliers, MEDICAL DEVICE manufacturers and others. The goal of the RESPONSIBILITY AGREEMENT is that these roles and responsibilities should cover the complete lifecycle of the resulting MEDICAL IT-NETWORK.

  • Technical report
    15 pages
    English language
    sale 15% off
  • Technical report
    15 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-4:2012(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-4: General implementation guidance for Healthcare Delivery Organizations

IEC/TR 80001-2-4:2012(E), which is a technical report, provides guidance to help a healthcare delivery organization fulfilling its obligations as a responsible organization in the application of IEC 80001-1. A healthcare delivery organization includes hospitals, doctors' offices, community care homes and clinics. Specifically, this guide helps the healthcare delivery organization assess the impact of IEC 80001-1 on the organization and establish a series of business as usual processes to manage RISK in the creation, maintenance and upkeep of its medical IT-networks. This technical report will be useful to those responsible for establishing an IEC 80001-1 compliant risk management framework within a healthcare delivery organization that is expecting to establish one or more medical IT-networks. It provides help through the key decisions and steps required to establish a risk management framework, before the organization embarks on a detailed risk assessment of an individual instance of a medical IT-network. The steps are supported by a series of decision points to steer the responsible organization through the process of understanding the medical IT-network context and identifying any organizational changes required to execute the responsibilities of top management.

  • Technical report
    18 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-1:2012(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-1: Step by Step Risk Management of Medical IT-Networks; Practical Applications and Examples

IEC/TR 80001-2-1:2012(E), which is a technical report, is a step-by-step guide to help in the application of risk management when creating or changing a medical IT-network. It provides easy to apply steps, examples, and information helping in the identification and control of risks. All relevant requirements in IEC 80001-1:2010 are addressed and links to other clauses and subclauses of IEC 80001-1 are addressed where appropriate (e.g. handover to release management and monitoring). This technical report focuses on practical risk management. It is not intended to provide a full outline or explanation of all requirements that are satisfactorily covered by IEC 80001-1. This step-by-step guidance follows a 10-step process that follows subclause 4.4 of IEC 80001-1:2010, which specifically addresses risk analysis, risk evaluation and risk control. These activities are embedded within the full life cycle risk management process. They can never be the first step, as risk management follows the general process model which sets planning before any action.

  • Technical report
    59 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-2:2012(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-2: Guidance for the communication of medical device security needs, risks and controls

IEC/TR 80001-2-2:2012(E), which is a technical report, creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. Intended use and local factors determine which exact capabilities will be useful in the dialog about risk. The capability descriptions in this report are intended to supply health delivery organizations (HDOs), medical device manufacturers (MDMs), and IT vendors with a basis for discussing risk and their respective roles and responsibilities toward its management. This discussion among the risk partners serves as the basis for one or more responsibility agreements as specified in IEC 80001-1.

  • Technical report
    48 pages
    English language
    sale 15% off
ISO
IEC/TR 80001-2-3:2012(Main)
Application of risk management for IT-networks incorporating medical devices — Part 2-3: Guidance for wireless networks

IEC/TR 80001-2-3:2012(E), which is a technical report, supports the Healthcare Delivery Organizations (HDO) in the risk management of medical IT-networks that incorporate one or more wireless links. The report, as part of IEC 80001, considers the use of wirelessly networked medical devices on a medical IT-network and offers practical techniques to address the unique risk management requirements of operating wirelessly enabled medical devices in a safe, secure and effective manner. The targeted audience for this technical report is the HDO IT department, biomedical and clinical engineering departments, risk managers, and the people responsible for design and operation of the wireless IT network.

  • Technical report
    41 pages
    English language
    sale 15% off
ISO
IEC 80001-1:2021(Main)
Application of risk management for IT-networks incorporating medical devices — Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software

This document specifies general requirements for ORGANIZATIONS in the application of RISK MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY whilst engaging appropriate stakeholders. IEC 80001-1:2021 cancels and replaces the first edition published in 2010. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) structure changed to better align with ISO 31000; b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT; c) communication of the value, intention and purpose of RISK MANAGEMENT through principles that support preservation of the KEY PROPERTIES during the implementation and use of connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.

  • Draft
    31 pages
    English language
    sale 15% off