iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/TS 81001-2-1:2025

(Main)

Health software and health IT systems safety, effectiveness and security — Part 2-1: Coordination — Guidance and requirements for the use of assurance cases for safety and security

Health software and health IT systems safety, effectiveness and security — Part 2-1: Coordination — Guidance and requirements for the use of assurance cases for safety and security

This document establishes requirements and gives guidance on assurance case framework for healthcare delivery organizations (HDOs) and for health software and medical device manufacturers (MDMs) and can be used to support the communication and information transfer between all parties. An assurance case can be used to communicate information and knowledge about different risks to other roles. This document establishes: — an assurance case framework for HDOs and health software and MDMs for identifying, developing, interpreting, updating and maintaining assurance cases. — one of the possible means to bridge the gap between manufacturers and HDOs in providing adequate information to support the HDOs risk management of IT-networks; — best practice by leveraging ISO/IEC/IEEE 15026-2 and other standards to identify key considerations and for the structure and contents of an assurance case, e.g. iterative and continuous approaches; — example structure, method and format to improve the consistency and comparability of assurance cases. This document is applicable to all parties involved in the health software and health IT systems life cycle, including: a) organizations, health informatics professionals and clinical leaders specifying, acquiring, designing, developing, integrating, implementing and operating health software and health IT systems, for example health software developers and MDMs, system integrators, system administrators (including cloud and other IT service providers); b) healthcare service delivery organizations, healthcare providers and others who use health software and health IT systems in providing health services; c) governments, health system funders, monitoring agencies, professional organizations and customers seeking confidence in an organization’s ability to consistently provide safe, effective and secure health software, health IT systems and services; d) organizations and interested parties seeking to improve communication in managing safety, effectiveness and security risks through a common understanding of the concepts and terminology used in safety, effectiveness and security management; e) providers of training, assessment or advice in safety, effectiveness and security risk management for health software and health IT systems; f) developers of related safety, effectiveness and security standards. This document is for use by organizations and people who build, acquire, operate, maintain, use or decommission health software and health IT systems (including medical devices). It is applicable to all organizations involved, regardless of size, complexity or business model.

Sécurité, efficacité et sûreté des logiciels de santé et des systèmes TI de santé — Partie 2-1: Coordination — Orientations et exigences relatives à l'utilisation des dossiers d'assurance en matière de sûreté et de sécurité

General Information

Status
Published
Publication Date
09-Jan-2025
ICS
35.240.80 - IT applications in health care technology
Technical Committee
ISO/TC 215 - Health informatics
Drafting Committee
ISO/TC 215 - Health informatics
Current Stage
6060 - International Standard published
Start Date
10-Jan-2025
Due Date
10-Jan-2025
Completion Date
10-Jan-2025
Ref Project

Buy Standard

ISO/TS 81001-2-1:2025 - Health software and health IT systems safety, effectiveness and security — Part 2-1: Coordination — Guidance and requirements for the use of assurance cases for safety and security Released:10. 01. 2025ISO/TS 81001-2-1:2025 - Health software and health IT systems safety, effectiveness and security — Part 2-1: Coordination — Guidance and requirements for the use of assurance cases for safety and security Released:10. 01. 2025
PreviousNext
Technical specification
ISO/TS 81001-2-1:2025 - Health software and health IT systems safety, effectiveness and security — Part 2-1: Coordination — Guidance and requirements for the use of assurance cases for safety and security Released:10. 01. 2025
English language
46 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


Technical
Specification
ISO/TS 81001-2-1
First edition
Health software and health IT
2025-01
systems safety, effectiveness and
security —
Part 2-1:
Coordination — Guidance and
requirements for the use of
assurance cases for safety and
security
Sécurité, efficacité et sûreté des logiciels de santé et des systèmes
TI de santé —
Partie 2-1: Coordination — Orientations et exigences relatives à
l'utilisation des dossiers d'assurance en matière de sûreté et de
sécurité
Reference number
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 2
3 Terms and definitions . 2
4 Assurance case . 4
4.1 Concepts .4
4.2 Healthcare delivery organizations (HDO) .4
4.3 Manufacturers .5
4.4 Other stakeholders .5
4.5 Benefits .5
4.6 Requirements .6
5 General requirements and recommendations. 6
5.1 Principles .6
5.2 Assurance case development process .6
5.2.1 General .6
5.2.2 Step 1: identify the goal .7
5.2.3 Step 2: define the basis of the goal .7
5.2.4 Step 3: identify the strategy .8
5.2.5 Step 4: define the basis on which the strategy is stated .8
5.2.6 Step 5: elaborate the strategy .8
5.2.7 Step 6: identify the solution .8
5.3 General considerations.8
5.4 Argument considerations .9
5.5 Evidence considerations .9
5.6 Notation .10
5.6.1 General .10
5.6.2 Goal .10
5.6.3 Strategy .10
5.6.4 Solution .10
5.6.5 Context .11
5.6.6 Assumption .11
5.6.7 Justification .11
5.6.8 SupportedBy relationship . 12
5.6.9 InContextOf relationship . 12
6 Developing an assurance case using GSN .12
6.1 General . 12
6.2 Step 1: identify the goal . 13
6.3 Step 2: define the basis on which the goal is stated . 13
6.4 Step 3: identify the strategy used to support the goal . 13
6.5 Step 4: define the basis on which the strategy is stated .14
6.6 Step 5: elaborate the strategy .14
6.7 Repeat Step 2: define the basis on which the goal is stated . 15
6.8 Repeat Step 4: define the basis on which the strategy is stated .16
6.9 Step 6: identify the basic solution .17
7 Assurance case change management .18
8 Security assurance case .18
Annex A (informative) Generic risk-based HIT assurance case pattern.20
Annex B (informative) IEC 80001-1 Compliance assurance case pattern .23
Annex C (informative) AI assurance case pattern .31

iii
Annex D (informative) Security assurance case pattern.43
Annex E (informative) Assurance notation cross reference .44
Annex F (informative) Summary of assurance case requirements relative to organizations .45
Bibliography .46

iv
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared jointly by Technical Committee ISO/TC 215, Health informatics, and Technical
Committee IEC/TC 62, Medical equipment, software, and systems, Subcommittee SC A, Common aspects of
medical equipment, software, and systems.
A list of all parts in the ISO/IEC 81001 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.ht
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/TS 7122:2024(Main)
Health informatics — Guidelines for exchanging data generated by portable polymerase chain reaction (PCR) devices for point-of-care testing (POCT) between screening centre and clinical laboratory

This document identifies specialized use cases related to the information exchange between clinical laboratories and portable polymerase chain reaction (PCR) devices designed for real-time testing to diagnose infectious diseases. This document introduces the portable PCR devices for point-of-care testing (POCT). Characteristic and differentiated use cases of these devices are listed separately from those that occur with portable POCT devices in existing clinical laboratory. This document is applicable, but not limited, to the following use cases of portable PCR devices for POCT: a) general test; b) reconciliation of patient information; c) cancel and rerun test; d) on-site quality control (QC) process. This document also provides guidelines on how to represent and exchange results from portable PCR testing devices in a POCT environment applicable to the use cases described above. This document is not intended to provide guidelines relating to traditional diagnostic testing results within a clinical laboratory and does not cover cybersecurity aspect.

  • Technical specification
    16 pages
    English language
    sale 15% off
ISO
ISO/TS 17117-3:2024(Main)
Health informatics — Terminological resources — Part 3: Terminology implementation maturity model (TIMM)

The document defines the progression of implementation of terminology capability in information systems. This document does not specify requirements for any specific terminological resource. It is intended to provide a basis for conformance criteria for terminological resources capabilities in specific use cases. This document does not cover in detail the software being used, though the capabilities of that software are included and impact the level of maturity reached. This document is applicable to terminological resources of all types, terminologies, classifications, value sets, code systems, and value domains.

  • Technical specification
    16 pages
    English language
    sale 15% off
ISO
ISO 14199:2024(Main)
Health informatics — Information models — Biomedical Research Integrated Domain Group (BRIDG) Model

This document is complementary to the Biomedical Research Integrated Domain Group (BRIDG) model. It is a high-level overview of BRIDG in general and BRIDG version 5.3.1 in specific. This document also provides necessary links to artifacts that detail the changes between BRIDG v3.2 and BRIDG v5.3.1[5] and to the BRIDG Release Download page.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO/TS 6204:2024(Main)
Health Informatics — Categorial structures for representation of Ayurvedic medicinal water — Decocting process in Ayurveda

This document specifies categorial structures including characterizing categories, domain constraints and semantic links for the representation of preparation of a decoction – an Ayurvedic medicinal water. This document does not cover: — the specification of categorial structures for hot infusion and cold infusion; — the specification of categorial structures for the representation of post-manufacturing processes such as packaging and labelling of Ayurvedic medicinal water; — individual Ayurvedic or herbal medicinal products.

  • Technical specification
    5 pages
    English language
    sale 15% off
ISO
ISO/TS 5788:2024(Main)
Health informatics — Internet healthcare service pattern

This document specifies the core elements, the description model and typical categories of internet healthcare service patterns. This document applies to the development and application of internet healthcare service patterns.

  • Technical specification
    11 pages
    English language
    sale 15% off
ISO
ISO/TS 5384:2024(Main)
Health informatics — Categorial structure and data elements for the identification and exchange of immunization data

This document specifies an immunization categorial structure and data elements for use as the basis for an immunization registry and in digital health solutions that require interaction with the immunization registry and other systems in the management of immunization information. The data set includes data element descriptions, requirements, considerations for implementation and conformance with the following use cases: — populate an immunization registry; — record and/or share a current immunization event; — record and/or share a historic immunization event; — create and/or share an immunization history; — create an immunization reminder; — create anonymized immunization reports; — schedule a new immunization event. This document has adopted data element names from relevant ISO standards and leverages and elaborates on the immunization data element descriptions and constraints provided in HL7 specifications. The structure of the data element definition provides: — business rules and requirements (e.g. rationale for including the data element and how the data element supports the use case); — the meaning of absent data and how it can be addressed; — how to represent the data if more information is required to clarify data type use and will include value set considerations. The use case and related data elements out of scope for this document include adverse event following an immunization.

  • Technical specification
    22 pages
    English language
    sale 15% off
ISO
ISO/IEEE 11073-10700:2024(Main)
Health informatics — Device interoperability — Part 10700: Point‐of‐care medical device communication — Standard for base requirements for participants in a Service‐oriented Device Connectivity (SDC) system

This standard specifies the base set of Participant Key Purposes (PKPs) for the Service-oriented Device Connectivity (SDC) series of standards. PKPs are role-based sets of requirements for products in order to support safe, effective, and secure interoperability in medical IT networks at point-of-care environments such as the intensive care unit (ICU), operating room (OR) or other acute care settings. This standard specifies both product development process and technical requirements.

  • Standard
    46 pages
    English language
    sale 15% off
  • Standard
    51 pages
    French language
    sale 15% off
ISO
ISO/IEEE 11073-10701:2024(Main)
Health informatics — Device interoperability — Part 10701: Point-of-care medical device communication — Metric provisioning by participants in a Service-oriented Device Connectivity (SDC) system

This standard specifies a set of Participant Key Purposes (PKPs) pertaining to metric data exchange for the Service-oriented Device Connectivity (SDC) series of standards. PKPs are role-based sets of requirements for products in order to support safe, effective, and secure interoperability in medical IT networks at point-of-care environments such as the intensive care unit (ICU), operating room (OR) or other acute care settings. This standard specifies both product development process and technical requirements.

  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    38 pages
    French language
    sale 15% off
ISO
ISO/IEEE 11073-10472:2024(Main)
Health informatics — Device interoperability — Part 10472: Personal health device communication — Device specialization — Medication monitor

Within the context of the ISO/IEEE 11073 family of standards for device communication, this standard establishes a normative definition of the communication between medication monitoring devices and managers (e.g., cell phones, personal computers, personal health appliances, set top boxes) in a manner that enables plug-and-play interoperability. It leverages appropriate portions of existing standards, including ISO/IEEE 11073 terminology, information models and application profile. It specifies the use of specific term codes, formats, and behaviors in telehealth environments restricting ambiguity in base frameworks in favor of interoperability. This standard defines a common core of communication functionality for medication monitors. In this context, medication monitors are defined as devices that have the ability to determine and communicate (to a manager) measures of a user’s adherence to a medication regime.

  • Standard
    65 pages
    English language
    sale 15% off
  • Standard
    68 pages
    French language
    sale 15% off
ISO
ISO/IEEE 11073-10471:2024(Main)
Health informatics — Device interoperability — Part 10471: Personal health device communication — Device specialization — Independent living activity hub

Within the context of the ISO/IEEE 11073 family of standards for device communication, this standard establishes a normative definition of the communication between independent living activity hubs and managers (e.g., cell phones, personal computers, personal health appliances, and set top boxes) in a manner that enables plug-and-play interoperability. It leverages appropriate portions of existing standards, including ISO/IEEE 11073 terminology and information models. It specifies the use of specific term codes, formats, and behaviors in telehealth environments restricting ambiguity in base frameworks in favor of interoperability. This standard defines a common core of communication functionality for independent living activity hubs. In this context, independent living activity hubs are defined as devices that communicate with simple situation monitors (binary sensors), normalize information received from the simple environmental monitors, and provide this normalized information to one or more managers. This information can be examined, for example, to determine when a person’s activities/behaviors have deviated significantly from what is normal for them such that relevant parties can be notified. Independent living activity hubs will normalize information from the following simple situation monitors (binary sensors) for the initial release of the proposed standard: fall sensor, motion sensor, door sensor, bed/chair occupancy sensor, light switch sensor, smoke sensor, (ambient) temperature threshold sensor, personal emergency response system (PERS), and enuresis sensor (bed-wetting).

  • Standard
    109 pages
    English language
    sale 15% off
  • Standard
    109 pages
    French language
    sale 15% off