IEC 80001-1:2010

IEC 80001-1
Edition 1.0 2010-10
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Application of risk management for IT-networks incorporating medical devices –
Part 1: Roles, responsibilities and activities

Application de la gestion des risques aux réseaux des technologies de
l’information contenant des dispositifs médicaux –
Partie 1: Fonctions, responsabilités et activités

IEC 80001-1:2010

---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2010 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by
any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or
IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.
Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette
publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.

IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch

About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00


A propos de la CEI
La Commission Electrotechnique Internationale (CEI) est la première organisation mondiale qui élabore et publie des
normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications CEI
Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possédez
l’édition la plus récente, un corrigendum ou amendement peut avoir été publié.
ƒ Catalogue des publications de la CEI: www.iec.ch/searchpub/cur_fut-f.htm
Le Catalogue en-ligne de la CEI vous permet d’effectuer des recherches en utilisant différents critères (numéro de référence,
texte, comité d’études,…). Il donne aussi des informations sur les projets et les publications retirées ou remplacées.
ƒ Just Published CEI: www.iec.ch/online_news/justpub
Restez informé sur les nouvelles publications de la CEI. Just Published détaille deux fois par mois les nouvelles
publications parues. Disponible en-ligne et aussi par email.
ƒ Electropedia: www.electropedia.org
Le premier dictionnaire en ligne au monde de termes électroniques et électriques. Il contient plus de 20 000 termes et
définitions en anglais et en français, ainsi que les termes équivalents dans les langues additionnelles. Egalement appelé
Vocabulaire Electrotechnique International en ligne.
ƒ Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm
Si vous désirez nous donner des commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du
Service clients ou contactez-nous:
Email: csc@iec.ch
Tél.: +41 22 919 02 11
Fax: +41 22 919 03 00

---------------------- Page: 2 ----------------------
IEC 80001-1
Edition 1.0 2010-10
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Application of risk management for IT-networks incorporating medical devices –
Part 1: Roles, responsibilities and activities

Application de la gestion des risques aux réseaux des technologies de
l’information contenant des dispositifs médicaux –
Partie 1: Fonctions, responsabilités et activités

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
X
CODE PRIX
ICS 11.040.01; 35.240.80 ISBN 978-2-88912-221-9

---------------------- Page: 3 ----------------------
– 2 – 80001-1 © IEC:2010
CONTENTS
FOREWORD.4
INTRODUCTION.6
1 Scope.9
2 Terms and definitions .9
3 Roles and responsibilities.14
3.1 General .14
3.2 RESPONSIBLE ORGANIZATION .14
3.3 TOP MANAGEMENT responsibilities .15
3.4 MEDICAL IT-NETWORK RISK MANAGER .16
3.5 MEDICAL DEVICE manufacturer(s).17
3.6 Providers of other information technology.18
4 Life cycle RISK MANAGEMENT in MEDICAL IT-NETWORKS.19
4.1 Overview .19
4.2 RESPONSIBLE ORGANIZATION RISK MANAGEMENT.20
4.2.1 POLICY FOR RISK MANAGEMENT for incorporating MEDICAL DEVICES.20
4.2.2 RISK MANAGEMENT PROCESS.21
4.3 MEDICAL IT-NETWORK RISK MANAGEMENT planning and documentation .21
4.3.1 Overview .21
4.3.2 RISK-relevant asset description.22
4.3.3 MEDICAL IT-NETWORK documentation .22
4.3.4 RESPONSIBILITY AGREEMENT .22
4.3.5 RISK MANAGEMENT plan for the MEDICAL IT-NETWORK .24
4.4 MEDICAL IT-NETWORK RISK MANAGEMENT.24
4.4.1 Overview .24
4.4.2 RISK ANALYSIS .24
4.4.3 RISK EVALUATION .25
4.4.4 RISK CONTROL .25
4.4.5 RESIDUAL RISK evaluation and reporting .26
4.5 CHANGE-RELEASE MANAGEMENT and CONFIGURATION MANAGEMENT .27
4.5.1 CHANGE-RELEASE MANAGEMENT PROCESS.27
4.5.2 Decision on how to apply RISK MANAGEMENT.27
4.5.3 Go-live .29
4.6 Live network RISK MANAGEMENT.29
4.6.1 Monitoring .29
4.6.2 EVENT MANAGEMENT .29
5 Document control .30
5.1 Document control procedure.30
5.2 MEDICAL IT-NETWORK RISK MANAGEMENT FILE.30
Annex A (informative) Rationale.31
Annex B (informative) Overview of RISK MANAGEMENT relationships .35
Annex C (informative) Guidance on field of application .36
Annex D (informative) Relationship with ISO/IEC 20000-2:2005 Information technology
– Service management – Part 2: Code of practice.38
Bibliography.42

---------------------- Page: 4 ----------------------
80001-1 © IEC:2010 – 3 –
Figure 1 – Illustration of TOP MANAGEMENT responsibilities.16
Figure 2 – Overview of life cycle of MEDICAL IT-NETWORKS including RISK MANAGEMENT .20
Figure B.1 – Overview of roles and relationships .35
Figure D.1 – Service management processes .39

Table A.1 – Relationship between ISO 14971 and IEC 80001-1 .33
Table C.1 – IT-NETWORK scenarios that can be encountered in a clinical environment.36
Table D.1 – Relationship between IEC 80001-1 and ISO/IEC 20000-1:2005 or
ISO/IEC 20000-2:2005.40

---------------------- Page: 5 ----------------------
– 4 – 80001-1 © IEC:2010
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 1: Roles, responsibilities and activities


FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 80001-1 has been prepared by a joint working group of
subcommittee 62A: Common aspects of electrical equipment used in medical practice, of IEC
technical committee 62: Electrical equipment in medical practice and ISO technical committee
215: Health informatics.
It is published as a double logo standard.
The text of this standard is based on the following documents:
FDIS Report on voting
62A/703/FDIS 62A/718/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table. In ISO, the standard has been approved by 17 P-members
out of 18 having cast a vote.

---------------------- Page: 6 ----------------------
80001-1 © IEC:2010 – 5 –
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
Terms defined in Clause 2 of this standard are printed in SMALL CAPITALS.
For the purposes of this standard:
• “shall” means that compliance with a requirement is mandatory for compliance with this
standard;
• “should” means that compliance with a requirement is recommended but is not mandatory
for compliance with this standard;
• “may” is used to describe a permissible way to achieve compliance with a requirement;
and
• “establish” means to define, document, and implement.
A list of all parts of the IEC 80001 series, published under the general title Application of risk
management for IT-networks incorporating medical devices, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.

---------------------- Page: 7 ----------------------
– 6 – 80001-1 © IEC:2010
INTRODUCTION
An increasing number of MEDICAL DEVICEs are designed to exchange information electronically
with other equipment in the user environment, including other MEDICAL DEVICES. Such
information is frequently exchanged through an information technology network (IT-NETWORK)
that also transfers data of a more general nature.
At the same time, IT-NETWORKS are becoming increasingly vital to the clinical environment
and are now required to carry increasingly diverse traffic, ranging from life-critical patient data
requiring immediate delivery and response, to general corporate operations data and to email
containing potential malicious content (e.g. viruses).
For many jurisdictions, design and production of MEDICAL DEVICES is subject to regulation, and
to standards recognized by the regulators. Traditionally, regulators direct their attention to
MEDICAL DEVICE manufacturers, by requiring design features and by requiring a documented
PROCESS for design and manufacturing. MEDICAL DEVICES cannot be placed on the market in
these jurisdictions without evidence that those requirements have been met.
The use of the MEDICAL DEVICES by clinical staff is also subject to regulation. Members of
clinical staff have to be appropriately trained and qualified, and are increasingly subject to
defined PROCESSES designed to protect patients from unacceptable RISK.
In contrast, the incorporation of MEDICAL DEVICES into IT-NETWORKS in the clinical environment
1)
is a less regulated area. IEC 60601-1:2005 [1] requires MEDICAL DEVICE manufacturers to
include some information in ACCOMPANYING DOCUMENTS if the MEDICAL DEVICE is intended to be
connected to an IT-NETWORK. Standards are also in place covering common information
technology activities including planning, design and maintenance of IT-NETWORKS, for
instance ISO 20000-1:2005 [9]. However, until the publication of this standard, no standard
addressed how MEDICAL DEVICES can be connected to IT-NETWORKS, including general-purpose
IT-NETWORKS, to achieve INTEROPERABILITY without compromising the organization and
delivery of health care in terms of SAFETY, EFFECTIVENESS, and DATA AND SYSTEM SECURITY.
There remain a number of potential problems associated with the incorporation of MEDICAL
DEVICES into IT-NETWORKS, including:
– lack of consideration for RISK from use of IT-NETWORKS during evaluation of clinical RISK;
– lack of support from manufacturers of MEDICAL DEVICES for the incorporation of their
products into IT-NETWORKS, (e.g. the unavailability or inadequacy of information provided
by the manufacturer to the OPERATOR of the IT-NETWORK);
– incorrect operation or degraded performance (e.g. incompatibility or improper
configuration) resulting from combining MEDICAL DEVICES and other equipment on the same
IT-NETWORK;
– incorrect operation resulting from combining MEDICAL DEVICE SOFTWARE and other software
applications (e.g. open email systems or computer games) in the same IT-NETWORK;
– lack of security controls on many MEDICAL DEVICES; and
– the conflict between the need for strict change control of MEDICAL DEVICES and the need
for rapid response to the threat of cyberattack.
When these problems manifest themselves, unintended consequences frequently follow.
This standard is addressed to RESPONSIBLE ORGANIZATIONS, to manufacturers of MEDICAL
DEVICES, and to providers of other information technology.
___________
1)
Numbers in square brackets refer to the Bibliography.

---------------------- Page: 8 ----------------------
80001-1 © IEC:2010 – 7 –
This standard adopts the following principles as a basis for its normative and informative
sections:
– The incorporation or removal of a MEDICAL DEVICE or other components in an IT-NETWORK
is a task which requires design of the action; this might be out of the control of the
manufacturer of the MEDICAL DEVICE.
– RISK MANAGEMENT should be used before the incorporation of a MEDICAL DEVICE into an IT-
NETWORK takes place, and for any changes during the entire life cycle of the resulting
MEDICAL IT-NETWORK, to avoid unacceptable RISKS, including possible RISK to patients,
resulting from the incorporation of the MEDICAL DEVICE into the IT-NETWORK. Many things
are part of a RISK decision, such as liability, cost, or impact on mission. These should be
considered in determining acceptable RISK in addition to the requirements described in
this standard.
– Aspects of removal, maintenance, change or modification of equipment, items or
components should be addressed adequately in addition to the incorporation of MEDICAL
DEVICES.
– The manufacturer of the MEDICAL DEVICE is responsible for RISK MANAGEMENT of the
MEDICAL DEVICE during the design, implementation, and manufacturing of the MEDICAL
DEVICE. This standard does not cover the RISK MANAGEMENT PROCESS for the MEDICAL
DEVICE.
– The manufacturer of a MEDICAL DEVICE intended to be incorporated into an IT-NETWORK
might need to provide information about the MEDICAL DEVICE that is necessary to allow the
RESPONSIBLE ORGANIZATION to manage RISK according to this standard. This information
can include, as part of the ACCOMPANYING DOCUMENTS, instructions specifically addressed
to the person who incorporates a MEDICAL DEVICE into an IT-NETWORK.
– Such ACCOMPANYING DOCUMENTS should convey instructions about how to incorporate the
MEDICAL DEVICE into the IT-NETWORK, how the MEDICAL DEVICE transfers information over
the IT-NETWORK, and the minimum IT-NETWORK characteristics necessary to enable the
INTENDED USE of the MEDICAL DEVICE when it is incorporated into the IT-NETWORK. The
ACCOMPANYING DOCUMENTS should warn of possible hazardous situations associated with
failure or disruptions of the IT-NETWORK, and the misuse of the IT-NETWORK connection or
of the information that is transferred over the IT-NETWORK.
– RESPONSIBILITY AGREEMENTS can establish roles and responsibilities among those engaged
in the incorporation of a MEDICAL DEVICE into an IT-NETWORK, all aspects of the life cycle of
the resulting MEDICAL IT-NETWORK and all activities that form part of that life cycle.
– The RESPONSIBLE ORGANIZATION is required to appoint people to certain roles defined in
this standard. This standard defines the responsibilities of those roles. The most important
of those roles is the MEDICAL IT-NETWORK RISK MANAGER. This role can be assigned to
someone within the RESPONSIBLE ORGANIZATION or to an external contractor.
– The MEDICAL IT-NETWORK RISK MANAGER is responsible for ensuring that RISK MANAGEMENT
is included during the PROCESSES of:
• planning and design of new incorporations of MEDICAL DEVICES or changes to such
incorporations;
• putting the MEDICAL IT-NETWORK into use and the consequent use of the MEDICAL IT-
NETWORK; and
• CHANGE-RELEASE MANAGEMENT and change management of the IT-NETWORK during the
IT-NETWORK’S entire life cycle.
– RISK MANAGEMENT should be applied to address the following KEY PROPERTIES appropriate
for the IT-NETWORK incorporating a MEDICAL DEVICE:
• SAFETY (freedom from unacceptable RISK of physical injury or damage to the health of
people or damage to property or the environment);
• EFFECTIVENESS (ability to produce the intended result for the patient and the RESPONSIBLE
ORGANIZATION); and

---------------------- Page: 9 ----------------------
– 8 – 80001-1 © IEC:2010
• DATA AND SYSTEM SECURITY (an operational state of a MEDICAL IT-NETWORK in which
information assets (data and systems) are reasonably protected from degradation of
confidentiality, integrity, and availability).

---------------------- Page: 10 ----------------------
80001-1 © IEC:2010 – 9 –
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 1: Roles, responsibilities and activities



1 Scope
Recognizing that MEDICAL DEVICES are incorporated into IT-NETWORKS to achieve desirable
INTEROPERABILITY), this international standard defines the roles,
benefits (for example,
responsibilities and activities that are necessary for RISK MANAGEMENT of IT-NETWORKS
incorporating MEDICAL DEVICES to address SAFETY, EFFECTIVENESS and DATA AND SYSTEM

SECURITY (the KEY PROPERTIES). This international standard does not specify acceptable RISK
levels.
NOTE 1 The RISK MANAGEMENT activities described in this standard are derived from those in ISO 14971 [4 ]. Th e
relationship between ISO 14971 and this standard is described in A nne x A .
This standard applies after a MEDICAL DEVICE has been acquired by a RESPONSIBLE
ORGANIZATION and is a candidate for incorporation into an IT-NETWORK.
NOTE 2 This standard does not cover pre-market RISK MANAGEMENT.
This standard applies throughout the life cycle of IT-NETWORKS incorporating MEDICAL DEVICES.
NOTE 3 The life cycle management activities described in this standard are very similar to those of
ISO/IEC 20000-2 [10]. The relationship between ISO/IEC 20000-2 and this standard is described in A nne x D.
This standard applies where there is no single MEDICAL DEVICE manufacturer assuming
responsibility for addressing the KEY PROPERTIES of the IT-NETWORK incorporating a MEDICAL
DEVICE.
NOTE 4 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, the installation or
assembly of the MEDICAL DEVICE according to the manufacturer’s ACCOMPANYING DOCUMENTS is not subject to the
provisions of this standard regardless of who installs or assembles the MEDICAL DEVICE.
NOTE 5 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, additions to that
MEDICAL DEVICE or modification of the configuration of that MEDICAL DEVICE, other than as specified by the
manufacturer, is subject to the provisions of this standard.
This standard applies to RESPONSIBLE ORGANIZATIONS, MEDICAL DEVICE manufacturers and
providers of other information technology for the purpose of RISK MANAGEMENT of an IT-
NETWORK incorporating MEDICAL DEVICES as specified by the RESPONSIBLE ORGANIZATION.
This standard does not apply to personal use applications where the patient, OPERATOR and
RESPONSIBLE ORGANIZATION are one and the same person.
NOTE 6 In cases where a MEDICAL DEVICE is used at home under the supervision or instruction of the provider,
that provider is deemed to be the RESPONSIBLE ORGANIZATION. Personal use where the patient acquires and uses a
MEDICAL DEVICE without the supervision or instruction of a provider is out of scope of this standard.
This standard does not address regulatory or legal requirements.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply:

---------------------- Page: 11 ----------------------
– 10 – 80001-1 © IEC:2010
2.1
ACCOMPANYING DOCUMENT
a document accompanying a MEDICAL DEVICE or an accessory and containing information for
the RESPONSIBLE ORGANIZATION or OPERATOR, particularly regarding SAFETY
NOTE Adapted from IEC 60601-1:2005, definition 3.4.
2.2
CHANGE-RELEASE MANAGEMENT
PROCESS that ensures that all changes to the IT-NETWORK are assessed, approved,
implemented and reviewed in a controlled manner and that changes are delivered, distributed,
and tracked, leading to release of the change in a controlled manner with appropriate input
and output with CONFIGURATION MANAGEMENT
NOTE Adapted from ISO/IEC 20000-1:2005, Subclauses 9.2 (change management) and 10.1 (release
management).
2.3
CHANGE PERMIT
an outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified
change or type of change without further RISK MANAGEMENT Activities subject to specified
constraints
2.4
CONFIGURATION MANAGEMENT
a PROCESS that ensures that configuration information of components and the IT-NETWORK are
defined and maintained in an accurate and controlled manner, and provides a mechanism for
identifying, controlling and tracking versions of the IT-NETWORK
NOTE Adapted from ISO/IEC 20000-1:2005, Subclause 9.1.
2.5
DATA AND SYSTEMS SECURITY
an operational state of a MEDICAL IT-NETWORK in which information assets (data and systems)
are reasonably protected from degradation of confidentiality, integrity, and availability
NOTE 1 Security, when mentioned in this standard, should be taken to include DATA AND SYSTEMS SECURITY.
NOTE 2 DATA AND SYSTEMS SECURITY is assured through a framework of policy, guidance, infrastructure, and
services designed to protect information assets and the systems that acquire, transmit, store, and use information
in pursuit of the organization’s mission.
2.6
EFFECTIVENESS
ability to produce the intended result for the patient and the RESPONSIBLE ORGA
...