SIST EN 82304-1:2017
(Main)Health Software - Part 1: General requirements for product safety (IEC 82304-1:2016)
Health Software - Part 1: General requirements for product safety (IEC 82304-1:2016)
This Part of 82304 applies to the SAFETY and SECURITY of HEALTH SOFTWARE PRODUCTS
designed to operate on general computing platforms and intended to be placed on the market
without dedicated hardware, and its primary focus is on the requirements for MANUFACTURERS.
Gesundheitssoftware - Teil 1: Allgemeine Anforderungen für die Produktsicherheit
Logiciels de santé - Partie 1: Exigences générales pour la sécurité des produits
L'IEC 82304-1:2016 s'applique à la sécurité et à la sureté des produits logiciels de santé conçus pour fonctionner sur des plates-formes informatiques générales et destinés à être commercialisés sans matériel dédié. Ce document se concentre principalement sur les exigences destinées aux fabricants. Il couvre le cycle de vie complet y compris la conception, le développement, la validation, l'installation, la maintenance et l'élimination des produits logiciels de santé.
Programska oprema v zdravstvu - 1. del: Splošne zahteve za varnost proizvodov (IEC 82304-1:2016)
Ta del 82304 se uporablja za VARNOST in ZAŠČITOZDRAVSTVENE PROGRAMSKE OPREME, ki je zasnovana za delovanje na splošnih računalniških platformah in namenjena za dajanje na trg brez namenske strojne opreme, pri čemer se osredotoča predvsem na zahteve za IZDELOVALCE.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN 82304-1:2017
01-oktober-2017
Programska oprema v zdravstvu - 1. del: Splošne zahteve za varnost proizvodov
(IEC 82304-1:2016)
Health Software - Part 1: General requirements for product safety (IEC 82304-1:2016)
Ta slovenski standard je istoveten z: EN 82304-1:2017
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST EN 82304-1:2017 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN 82304-1:2017
---------------------- Page: 2 ----------------------
SIST EN 82304-1:2017
EUROPEAN STANDARD EN 82304-1
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2017
ICS 35.240.80
English Version
Health Software - Part 1: General requirements for product
safety
(IEC 82304-1:2016)
Logiciels de santé - Partie 1: Exigences générales pour la Gesundheitssoftware - Teil 1: Allgemeine Anforderungen für
sécurité des produits die Produktsicherheit
(IEC 82304-1:2016) (IEC 82304-1:2016)
This European Standard was approved by CENELEC on 2016-12-01. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 82304-1:2017 E
---------------------- Page: 3 ----------------------
SIST EN 82304-1:2017
EN 82304-1:2017
European foreword
The text of document 62A/1140/FDIS, future edition 1 of IEC 82304-1, prepared by IEC/SC 62A
"Common aspects of electrical equipment used in medical practice" of IEC/TC 62 "Electrical
equipment in medical practice" was submitted to the IEC-CENELEC parallel vote and approved by
CENELEC as EN 82304-1:2017.
The following dates are fixed:
• latest date by which the document has (dop) 2018-03-01
to be implemented at national level by
publication of an identical national
standard or by endorsement
(dow) 2020-09-01
• latest date by which the national
standards conflicting with the
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CENELEC by the European
Commission and the European Free Trade Association.
Endorsement notice
The text of the International Standard IEC 82304-1:2016 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 60601 (series) NOTE Harmonized as EN 60601 (series).
IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006.
IEC 61907:2009 NOTE Harmonized as EN 61907:2010.
IEC 62366-1:2015 NOTE Harmonized as EN 62366-1:2015.
IEC 80001-1:2010 NOTE Harmonized as EN 80001-1:2011.
ISO 9000:2015 NOTE Harmonized as EN ISO 9000:2015.
ISO 13485:2015 NOTE Harmonized as EN ISO 13485:2016.
ISO 14971:2007 NOTE Harmonized as EN ISO 14971:2012.
2
---------------------- Page: 4 ----------------------
SIST EN 82304-1:2017
EN 82304-1:2017
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 62304 2006 Medical device software - Software life- EN 62304 2006
cycle processes
- - + corrigendum Nov. 2008
+ A1 2015 + A1 2015
3
---------------------- Page: 5 ----------------------
SIST EN 82304-1:2017
---------------------- Page: 6 ----------------------
SIST EN 82304-1:2017
IEC 82304-1
Edition 1.0 2016-10
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Health software –
Part 1: General requirements for product safety
Logiciels de santé –
Partie 1: Exigences générales pour la sécurité des produits
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 35.240.80 ISBN 978-2-8322-3733-5
Warning! Make sure that you obtained this publication from an authorized distributor.
Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.
---------------------- Page: 7 ----------------------
SIST EN 82304-1:2017
– 2 – IEC 82304-1:2016 © IEC 2016
CONTENTS
FOREWORD . 3
INTRODUCTION . 5
1 Scope . 6
1.1 Purpose . 6
1.2 Field of application . 6
1.3 Compliance . 6
2 Normative references . 6
3 Terms and definitions . 7
4 * HEALTH SOFTWARE PRODUCT requirements . 10
4.1 General requirements and initial RISK ASSESSMENT . 10
4.2 HEALTH SOFTWARE PRODUCT use requirements . 11
4.3 VERIFICATION of HEALTH SOFTWARE PRODUCT use requirements . 11
4.4 Updating HEALTH SOFTWARE PRODUCT use requirements . 12
4.5 System requirements . 12
4.6 VERIFICATION of system requirements . 12
4.7 Updating HEALTH SOFTWARE PRODUCT system requirements . 12
5 * HEALTH SOFTWARE – Software life cycle processes . 13
6 * HEALTH SOFTWARE PRODUCT VALIDATION . 13
6.1 VALIDATION plan . 13
6.2 Performing VALIDATION . 13
6.3 VALIDATION report . 14
7 HEALTH SOFTWARE PRODUCT identification and ACCOMPANYING DOCUMENTS . 14
7.1 * Identification . 14
7.2 ACCOMPANYING DOCUMENTS . 14
7.2.1 General . 14
7.2.2 Instructions for use . 15
7.2.3 Technical description . 17
8 Post-market activities for the HEALTH SOFTWARE PRODUCT . 18
8.1 General . 18
8.2 SOFTWARE MAINTENANCE . 18
8.3 Re-VALIDATION . 19
8.4 Post-market communication on the HEALTH SOFTWARE PRODUCT . 19
8.5 Decommissioning and disposal of the HEALTH SOFTWARE PRODUCT . 19
Annex A (informative) Rationale . 20
A.1 General . 20
A.2 Requirements for HEALTH SOFTWARE PRODUCTS . 21
A.3 Rationale for particular clauses and subclauses . 22
Bibliography . 26
Figure A.1 – HEALTH SOFTWARE application domains and scope of related standards . 22
Figure A.2 – IEC 82304-1: HEALTH SOFTWARE PRODUCT processes . 23
Table A.1 – Examples of software (SW) in or not in the scope of this document . 21
---------------------- Page: 8 ----------------------
SIST EN 82304-1:2017
IEC 82304-1:2016 © IEC 2016 – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
HEALTH SOFTWARE –
Part 1: General requirements for product safety
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 82304-1 has been prepared by subcommittee 62A: Common
aspects of electrical equipment used in medical practice, of IEC technical committee 62:
Electrical equipment in medical practice, and ISO technical committee 215: Health
informatics.
It is published as a double logo standard.
The text of this standard is based on the following documents of IEC:
FDIS Report on voting
62A/1140/FDIS 62A/1151/RVD
Full information on the voting for the approval of this part of this standard can be found in the
report on voting indicated in the above table. In ISO, the standard has been approved by 21 P
members out of 22 having cast a vote.
---------------------- Page: 9 ----------------------
SIST EN 82304-1:2017
– 4 – IEC 82304-1:2016 © IEC 2016
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
Terms defined in Clause 3 of this standard are printed in SMALL CAPITALS.
For the purposes of this standard:
– “shall” means that compliance with a requirement is mandatory for compliance with this
standard;
– “should” means that compliance with a requirement is recommended but is not mandatory
for compliance with this standard;
– “may” is used to describe a permissible way to achieve compliance with a requirement;
and
– “establish” means to define, document, and implement.
An asterisk (* ) as the first character of a title or at the beginning of a paragraph or table title
indicates that there is guidance or rationale related to that item in Annex A.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
NOTE The attention of National Committees is drawn to the fact that manufacturers and testing organizations may
need a transitional period following publication of a new, amended or revised IEC or ISO publication in which to
make products in accordance with the new requirements and to equip themselves for conducting new or revised
tests. It is the recommendation of the committee that the content of this publication be adopted for mandatory
implementation nationally not earlier than 3 years from the date of publication.
---------------------- Page: 10 ----------------------
SIST EN 82304-1:2017
IEC 82304-1:2016 © IEC 2016 – 5 –
INTRODUCTION
HEALTH SOFTWARE PRODUCTS, within the context of this document, are software-only products.
These products are intended to be used with computing equipment not explicitly developed for
running the software. HEALTH SOFTWARE PRODUCTS may require specified platforms.
HEALTH SOFTWARE PRODUCTS are intended by their MANUFACTURER for managing, maintaining
or improving health of individual persons, or the delivery of care. Some HEALTH SOFTWARE can
contribute to a HAZARDOUS SITUATION. Accordingly, Clause 5 requires a RISK MANAGEMENT
process for all HEALTH SOFTWARE. For HEALTH SOFTWARE that can contribute to a HAZARDOUS
SITUATION, RISK CONTROL is needed to prevent HARM or reduce the likelihood of HARM
occurring. Testing of the finished product is not, by itself, adequate to address the SAFETY of
HEALTH SOFTWARE. Therefore, requirements for the processes by which the HEALTH SOFTWARE
is developed are necessary. This document relies heavily on IEC 62304:2006 and
IEC 62304:2006/AMD1:2015 for the software development process which can be applied to
HEALTH SOFTWARE PRODUCTS.
Whether a HEALTH SOFTWARE PRODUCT has to meet regulatory requirements is a matter of
national legislation. This document makes no attempt to determine whether a HEALTH
SOFTWARE PRODUCT is or should be regulated.
This document aims to provide requirements for the SAFETY and SECURITY of HEALTH
SOFTWARE PRODUCTS; it can only provide such requirements for software-only products.
Situations where HEALTH SOFTWARE is a part of—or embedded in— a physical device are
outside the scope of this document as these combined products are considered separately in,
for example, IEC 60601-1 and associated collateral and particular standards.
This document understands health in a meaning similar to the WHO definition: “Health is a
state of complete physical, mental and social well-being and not merely the absence of
disease or infirmity” (WHO, 1946). This definition appears not highly suitable for practical
purposes: ”a state of complete well-being” or the inclusion of social well-being could be
interpreted more widely than seems reasonable. For example dating software, games, or flight
simulator software could be considered within the scope of the standard. That is clearly not
the intent. However, a precise definition – or even delineation – of “health” for practical use in
“HEALTH SOFTWARE” is not available.
HEALTH SOFTWARE refers to software that contributes to the health of individual people as
observed and/or demonstrated using measurable health parameters or clinical expertise. This
is a subset of “health” as defined by the WHO. The requirements of the standard apply to the
software that impacts such health parameters, and/or to software where SECURITY violations
would undermine privacy or confidentiality of health and wellbeing information.
The reader is kindly referred to the Table A.1 for examples of what is in the scope and what is
outside the scope of this document.
---------------------- Page: 11 ----------------------
SIST EN 82304-1:2017
– 6 – IEC 82304-1:2016 © IEC 2016
HEALTH SOFTWARE –
Part 1: General requirements for product safety
1 Scope
1.1 Purpose
This Part of 82304 applies to the SAFETY and SECURITY of HEALTH SOFTWARE PRODUCTS
designed to operate on general computing platforms and intended to be placed on the market
without dedicated hardware, and its primary focus is on the requirements for MANUFACTURERS.
1.2 Field of application
This document covers the entire lifecycle including design, development, VALIDATION,
installation, maintenance, and disposal of HEALTH SOFTWARE PRODUCTS.
In each referenced standard, the term “medical device” or “medical device software” is to be
substituted by the term “HEALTH SOFTWARE” or “HEALTH SOFTWARE PRODUCT”, as appropriate.
Where the term “patient” is used, either in this document or in a referenced standard, it refers
to the person for whose health benefit the HEALTH SOFTWARE is used.
IEC 82304-1 does not apply to HEALTH SOFTWARE which is intended to become part of a
specific hardware designed for health use. Specifically, IEC 82304-1 does not apply to:
a) medical electrical equipment or systems covered by the IEC 60601/IEC 80601 series;
b) in vitro diagnostic equipment covered by the IEC 61010 series; or
c) implantable devices covered by the ISO 14708 series.
NOTE This document also applies to HEALTH SOFTWARE PRODUCTS (e.g. medical apps, health apps) intended to be
used in combination with mobile computing platforms.
1.3 Compliance
Compliance with this document is determined by inspection of all documentation required by
this document.
Assessment of compliance is carried out and documented by the MANUFACTURER. Where the
HEALTH SOFTWARE PRODUCT is subject to regulatory requirements, external assessment may
take place.
Where this document normatively references parts or clauses of other standards focused on
SAFETY or SECURITY, the MANUFACTURER may use alternative methods to demonstrate
compliance with the requirements of this document. These alternative methods may be used if
the process results of such alternative methods, including traceability, are demonstrably
equivalent and the RESIDUAL RISK remains acceptable.
NOTE The term “conformance” is used in ISO/IEC 12207 where the term “compliance” is used in this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
---------------------- Page: 12 ----------------------
SIST EN 82304-1:2017
IEC 82304-1:2016 © IEC 2016 – 7 –
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 62304:2006, Medical device software – Software life cycle processes
IEC 62304:2006/AMD1:2015
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
ACCOMPANYING DOCUMENT
document accompanying HEALTH SOFTWARE containing information for the RESPONSIBLE
ORGANIZATION or USER, particularly regarding SAFETY and/or SECURITY
[SOURCE: IEC 60601-1:2005, 3.4, modified – Replace "ME EQUIPMENT, ME SYSTEM, equipment
and accessory" by "HEALTH SOFTWARE" and replace "OPERATOR" by "USER" and added “and/or
SECURITY”.]
3.2
ANOMALY
any condition that deviates from the expected based on requirements specifications, design
documents, standards, etc. or from someone’s perceptions or experiences.
Note 1 to entry: ANOMALIES can be found during, but not limited to, the review, test, analysis, compilation, or use
of HEALTH SOFTWARE or applicable documentation.
[SOURCE: Based on IEEE 1044:1993, 3.1]
3.3
HARM
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.4
HAZARD
potential source of HARM
Note 1 to entry: Potential sources of HARM include breach of SECURITY and reduction of effectiveness.
[SOURCE: ISO/IEC Guide 51:2014, 3.2, modified – Note 1 to entry has been added.]
3.5
HAZARDOUS SITUATION
circumstance in which people, property or the environment is/are exposed to one or more
HAZARDS
[SOURCE: ISO/IEC Guide 51:2014, 3.4]
---------------------- Page: 13 ----------------------
SIST EN 82304-1:2017
– 8 – IEC 82304-1:2016 © IEC 2016
3.6
* HEALTH SOFTWARE
software intended to be used specifically for managing, maintaining or improving health of
individual persons, or the delivery of care
Note 1 to entry: HEALTH SOFTWARE fully includes what is considered software as a medical device (see rationale
in A.1).
Note 2 to entry: The scope of this document refers to the subset of HEALTH SOFTWARE that is intended to run on
general computing platforms.
3.7
HEALTH SOFTWARE PRODUCT
combination of HEALTH SOFTWARE and ACCOMPANYING DOCUMENTS
3.8
INTENDED USE
INTENDED PURPOSE
use for which a product, process or service is intended according to the specifications,
instructions and information provided by the MANUFACTURER
[SOURCE: ISO 14971:2007, 2.5]
3.9
IT-NETWORK
INFORMATION TECHNOLOGY NETWORK
a system or systems composed of communicating nodes and transmission links to provide
physically linked or wireless transmission between two or more specified communication
nodes
Note 1 to entry: The scope of the IT-NETWORK in this document is defined by the RESPONSIBLE ORGANIZATION
based on where the HEALTH SOFTWARE in the IT-NETWORK is located and the defined use of the IT-NETWORK. It can
contain IT infrastructure, home health, or general computing components or systems not intended by design to be
used in a healthcare setting. See also 7.2.3.2.
[SOURCE: IEC 61907:2009, 3.1.1, modified – The definition has been rephrased and Note 1
to entry has been added.]
3.10
MANUFACTURER
natural or legal person with responsibility for the design, development, packaging, or labelling
of a HEALTH SOFTWARE PRODUCT, or adapting a HEALTH SOFTWARE PRODUCT before it is placed
on the market or put into service, regardless of whether these operations are carried out by
that person or on that person's behalf by a third party
Note 1 to entry: For a definition of labelling, see ISO 13485:2016, 3.8.
Note 2 to entry: Developer” or “developer organization” are commonly used terms instead of MANUFACTURER in the
context of health information technology.
3.11
RESIDUAL RISK
RISK remaining after RISK CONTROL measures have been taken
[SOURCE: ISO 14971:2007, 2.15]
3.12
RESPONSIBLE ORGANIZATION
entity accountable for the use and proper operation of a HEALTH SOFTWARE PRODUCT
Note 1 to entry: An accountable entity is, for example, a hospital, a healthcare provider, or a telehealth
organization.
---------------------- Page: 14 ----------------------
SIST EN 82304-1:2017
IEC 82304-1:2016 © IEC 2016 – 9 –
[SOURCE: IEC 60601-1:2005, 3.101, modified – Replaced " maintenance of an ME
EQUIPMENT or an ME SYSTEM" by " proper operation of a HEALTH SOFTWARE PRODUCT".]
3.13
RISK
combination of the probability of occurrence of HARM and the severity of that HARM
Note 1 to entry: The probability of occurrence includes the exposure to a HAZARDOUS SITUATION and the possibility
to avoid or limit the HARM
[SOURCE: ISO/IEC Guide 51:2014, 3.9, modified – Note 1 to entry updated to remove the
reference to hazardous event.]
3.14
RISK ANALYSIS
systematic use of available information to identify HAZARDS and to estimate the RISK
[SOURCE: ISO/IEC Guide 51:2014, 3.10]
3.15
RISK ASSESSMENT
overall process comprising a RISK ANALYSIS and a RISK EVALUATION
[SOURCE: ISO/IEC Guide 51:2014, 3.11]
3.16
RISK CONTROL
process in which decisions are made and measures implemented by which RISKS are reduced
to, or maintained within, specified levels
[SOURCE: ISO/IEC Guide 63:2012, 2.12]
3.17
RISK EVALUATION
process of comparing the estimated RISK against given RISK criteria to determine the
acceptability of the RISK
[SOURCE: ISO/IEC Guide 63:2012, 2.14]
3.18
RISK MANAGEMENT
systematic application of management policies, procedures and practices to the tasks of
analyzing, evaluating, controlling, and MONITORING RISK
[SOURCE: ISO/IEC Guide 63:2012, 2.15]
3.19
SAFETY
freedom from unacceptable RISK
[SOURCE: ISO/IEC Guide 63:2012, 2.16]
3.20
SECURITY
protection of information and data so that unauthorized persons or systems cannot read or
modify them and authorized persons or systems are not denied access to them
---------------------- Page: 15 ----------------------
SIST EN 82304-1:2017
– 10 – IEC 82304-1:2016 © IEC 2016
[SOURCE: ISO 12207:2008, 4.39]
3.21
SOFTWARE MAINTENANCE
modification of HEALTH SOFTWARE PRODUCT after release for INTENDED USE, for one or more of
the following reasons:
a) corrective, as fixing faults;
b) adaptive, as adapting to new hard- or software platform;
c) perfective, as implementing new requirements;
d) preventive, as making the product more maintainable
Note 1 to entry: See also ISO/IEC 14764:2006.
3.22
USER
person interacting with the HEALTH SOFTWARE PRODUCT
Note 1 to entry: In general, a USER is not consider
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.