IEC 80001-1:2021

FINAL
INTERNATIONAL IEC/FDIS
DRAFT
STANDARD 80001-1
ISO/TC 215
Safety, effectiveness and security
Secretariat: ANSI
in the implementation and use
Voting begins on:
2021-02-12 of connected medical devices or
connected health software —
Voting terminates on:
2021-04-09
Part 1:
Application of risk management
Member bodies are requested to consult relevant national interests in IEC/SC
62A before casting their ballot to the e-Balloting application.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
IEC/FDIS 80001-1:2021(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. IEC 2021

IEC/FDIS 80001-1:2021(E)
ii © IEC 2021 – All rights reserved

– 2 – IEC FDIS 80001-1 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 7
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 9
4 Principles . 11
5 Framework . 12
5.1 General . 12
5.2 Leadership and commitment . 12
5.3 Integrating RISK MANAGEMENT . 12
5.4 Design/planning . 12
5.4.1 General . 12
5.4.2 RISK MANAGEMENT FILE . 13
5.4.3 Understanding the organization and the SOCIOTECHNICAL ECOSYSTEM . 13
5.4.4 Articulating RISK MANAGEMENT commitment . 14
5.4.5 Assigning organizational roles, authorities, responsibilities and
accountabilities . 14
5.4.6 Allocating resources . 15
5.4.7 Establishing communication and consultation . 15
5.5 Implementation . 15
5.6 Evaluation . 16
5.7 Improvement . 16
6 RISK MANAGEMENT PROCESS . 16
6.1 Generic requirements. 16
6.1.1 General . 16
6.1.2 RISK ANALYSIS . 17
6.1.3 RISK EVALUATION . 19
6.1.4 RISK CONTROL . 19
6.2 Lifecycle specific requirements . 22
6.2.1 General . 22
6.2.2 Acquisition . 22
6.2.3 Installation, customization and configuration . 22
6.2.4 Integration, data migration, transition and validation . 23
6.2.5 Implementation, workflow optimization and training . 23
6.2.6 Operation and maintenance . 23
6.2.7 Decommission . 25
Annex A (informative) IEC 80001-1 requirements mapping table . 26
Annex B (informative) Guidance for accompanying document Information . 33
B.1 Foreword . 33
B.2 Information system categorization . 34
B.3 Overview. 34
B.4 Reference documents . 34
B.5 System level description . 34
B.5.1 Environment description . 34
B.5.2 Network ports, protocols and services . 35

IEC FDIS 80001-1 © IEC 2021 – 3 –
B.5.3 Purpose of connection to the health IT infrastructure . 35
B.5.4 Networking requirements . 35
B.5.5 Required IT-network services . 35
B.5.6 Data flows and protocols . 35
B.6 Security and user access . 36
B.6.1 General . 36
B.6.2 Malware / antivirus / whitelisting . 36
B.6.3 Security exclusions . 36
B.6.4 System access . 36
B.7 RISK MANAGEMENT . 38
Bibliography . 39

Figure 1 – Lifecycle framework addressing safety, effectiveness and security of health

IT software and health IT systems. 8
Figure 2 – RISK MANAGEMENT PROCESS . 13

Table A.1 – IEC 80001-1 requirements table . 26
Table B.1 – Organization name and location . 33
Table B.2 – Cybersecurity device characterization level . 34
Table B.3 – Ports, protocols and services . 35
Table B.4 – Information system name and title . 36
Table B.5 – Roles and privileges . 37

– 4 – IEC FDIS 80001-1 © IEC 2021
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY, EFFECTIVENESS AND SECURITY IN THE IMPLEMENTATION
AND USE OF CONNECTED MEDICAL DEVICES
OR CONNECTED HEALTH SOFTWARE –

Part 1: Application of risk management

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 80001-1 has been prepared by a Joint Working Group of
Subcommittee 62A: Common aspects of electrical equipment used in medical practice, of IEC
Technical Committee 62: Electrical equipment in medical practice, and of ISO Technical
Committee 215: Health informatics.
It is published as a double logo standard.
This second edition cancels and replaces the first edition published in 2010. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) structure changed to better align with ISO 31000;
b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT;

IEC FDIS 80001-1 © IEC 2021 – 5 –
c) communication of the value, intention and purpose of RISK MANAGEMENT through principles
that support preservation of the KEY PROPERTIES during the implementation and use of
connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.
The text of this document is based on the following documents:
FDIS Report on voting
62A/XX/FDIS 62A/XX/RVD
Full information on the voting for the approval of this document can be found in the report on
voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
In this document, the following print types are used:
• requirements and definitions: roman type;
• test specifications: italic type;
• informative material appearing outside of tables, such as notes, examples and references: in smaller type.
Normative text of tables is also in a smaller type;
• TERMS DEFINED IN CLAUSE 3 OF THIS DOCUMENT OR AS NOTED ARE PRINTED IN SMALL CAPITALS.
In referring to the structure of this document, the term
• “clause” means one of the five numbered divisions within the table of contents, inclusive of
all subdivisions (e.g. Clause 5 includes subclauses 5.1, 5.2, etc.);
• “subclause” means a numbered subdivision of a clause (e.g. 5.1, 5.2 and 5.3 are all
subclauses of Clause 5).
References to clauses within this document are preceded by the term “Clause” followed by the
clause number. References to subclauses within this particular standard are by number only.
In this document, the conjunctive “or” is used as an “inclusive or” so a statement is true if any
combination of the conditions is true.
The verbal forms used in this document conform to usage described in Clause 7 of the ISO/IEC
Directives, Part 2. For the purposes of this document, the auxiliary verb:
• “shall” means that compliance with a requirement or a test is mandatory for compliance with
this document;
• “should” means that compliance with a requirement or a test is recommended but is not
mandatory for compliance with this document;
• “may” is used to describe a permissible way to achieve compliance with a requirement or
test.
A list of all parts of the IEC 80001 series, published under the general title Safety, effectiveness
and security in the implementation and use of connected medical devices or connected health
software, can be found on the IEC website.
Future standards in this series will carry the new general title as cited above. Titles of existing
standards in this series will be updated at the time of the next edition.

– 6 – IEC FDIS 80001-1 © IEC 2021
The committee has decided that the contents of this standard will remain unchanged until the
stability date indicated on the IEC website under "https://webstore.iec.ch" in the data related to
the specific standard. At this date, the standard will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

IEC FDIS 80001-1 © IEC 2021 – 7 –
INTRODUCTION
HEALTHCARE DELIVERY ORGANIZATIONS rely on safe, effective and secure systems as business-
critical factors. However, ineffective management of the implementation and use of connected
systems can threaten the ability to deliver health services.
Connected systems that deliver health services, generally involve multiple software
applications, various medical devices and complex HEALTH IT SYSTEMS that rely upon shared
infrastructure including wired or wireless networks, point to point connections, application
servers and data storage, interface engines, security and performance management software,
etc. These HEALTH IT INFRASTRUCTURES are often used for both clinical (e.g. patient monitoring
systems) and non-clinical organizational functions (e.g. accounting, scheduling, social
networking, multimedia, file sharing). These connected systems can involve small departmental
networks to large integrated infrastructures spanning multiple locations as well as cloud-based
services operated by third parties. The requirements in this document are intended for multiple
stakeholders involved in the application of RISK MANAGEMENT to systems that include HEALTH IT
SYSTEMS and / or HEALTH IT INFRASTRUCTURE.
Within the context of ISO 81001-1, this document covers the generic lifecycle phase
“implementation and clinical use” (see the lifecycle diagram in Figure 1).

– 8 – IEC FDIS 80001-1 © IEC 2021

Figure 1 – Lifecycle framework addressing safety, effectiveness and security
of health IT software and health IT systems
This document facilitates ORGANIZATIONS in using or adapting existing work practices and
processes, personnel and tools wherever practicable to address the requirements of this
document. For example, if an organization has an existing RISK MANAGEMENT PROCESS, this can
be used or adapted to support the three KEY PROPERTIES of SAFETY, EFFECTIVENESS, and
SECURITY. Requirements are defined such that they can be evaluated and as such support an
ORGANIZATION in verifying and demonstrating the degree of compliance with this document.
The RISK MANAGEMENT requirements of this document are based upon existing concepts adapted
and extended for use by all stakeholders supporting implementation and clinical use of
connected HEALTH SOFTWARE and HEALTH IT SYSTEMS (including medical devices). This
document aligns with ISO 81001-1, ISO Guide 63, IEC Guide 120.

IEC FDIS 80001-1 © IEC 2021 – 9 –
SAFETY, EFFECTIVENESS AND SECURITY IN THE IMPLEMENTATION
AND USE OF CONNECTED MEDICAL DEVICES
OR CONNECTED HEALTH SOFTWARE –

Part 1: Application of risk management

1 Scope
This document specifies general requirements for ORGANIZATIONS in the application of RISK
before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT
MANAGEMENT
INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY
whilst engaging appropriate stakeholders.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this standard. For dated references, only the edition cited applies.
For undated references, the latest edition of the referenced document (including any
amendments) applies.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
NOTE With the exception of the terms and definitions listed in this clause, all terms and definitions used in this
standard are taken from ISO 81001-1:20—.
3.1
CONSEQUENCE
outcome of an event affecting objectives
Note 1 to entry: A CONSEQUENCE can be certain or uncertain and can have positive or negative direct or indirect
effects on objectives.
Note 2 to entry: CONSEQUENCES can be expressed qualitatively or quantitatively.
Note 3 to entry: Any CONSEQUENCE can escalate through cascading and cumulative effects.
[SOURCE:ISO 31000:2018, 3.6]
– 10 – IEC FDIS 80001-1 © IEC 2021
3.2
HEALTHCARE
care activities, services, management or supplies related to the health of an individual or
population
Note 1 to entry: This includes more than performing procedures for subjects of care. It includes, for example, the
management of information about patients, health status and relations within the HEALTHCARE delivery framework
and may also include the management of clinical knowledge.
[SOURCE: ISO 13940:2015, 3.1.1, modified – The definition was reworded to include
population.]
3.3
INCIDENT
unplanned interruption to a service a reduction in the quality of a service or an event that has
not yet impacted the service to the customer or user
[SOURCE: ISO/IEC 20000-1:2018, 3.2.5]
3.4
INITIAL RISK
RISK derived during risk estimation taking into consideration any retained RISK control measures
[SOURCE: ISO/IEC/IEEE 15026-1:2019, 3.3.3, modified – The definition was reworded.]
3.5
LIKELIHOOD
chance of something happening
Note 1 to entry: In risk management terminology, the word “LIKELIHOOD” is used to refer to the chance of something
happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and
described using general terms or mathematically (such as a probability or a frequency over a given time period).
Note 2 to entry: The English term “LIKELIHOOD” does not have a direct equivalent in some languages; instead, the
equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted as
a mathematical term. Therefore, in risk management terminology, “LIKELIHOOD” is used with the intent that it should
have the same broad interpretation as the term “probability” has in many languages other than English.
[SOURCE: ISO 31000:2018, 3.7]
3.6
PROCESS
set of interrelated or interacting activities which transforms inputs into outputs
Note 1 to entry: The term “activities” covers use of resources.
[SOURCE: IEC 80001-1:2010, 2.19]
3.7
HEALTH IT RISK MANAGER
person accountable for risk management of a health IT system
[SOURCE: IEC 80001-1:2010, 2.17, modified – Replacement of the term "medical IT-network
risk manager" with "health risk manager", and replacement in the definition "medical IT-network"
with "health IT system".]
IEC FDIS 80001-1 © IEC 2021 – 11 –
3.8
RISK MANAGEMENT PLAN
description of how the elements and resources of the risk management PROCESS will be
implemented within an organization or project
[SOURCE: ISO/IEC 16085:2006, 3.11]
4 Principles
The following principles provide the basis for RISK MANAGEMENT. They communicate the value,
intention and purpose of RISK MANAGEMENT and their application supports the preservation of
the KEY PROPERTIES during the implementation and use of HEALTH IT SYSTEMS within a HEALTH IT
INFRASTRUCTURE:
– RISK MANAGEMENT is an integral part of an ORGANIZATION’S activities at all stages of the
HEALTH IT SYSTEM lifecycle;
– accountability for the RISK MANAGEMENT PROCESS remains with the HEALTHCARE DELIVERY
ORGANIZATION;
– a HEALTHCARE DELIVERY ORGANIZATION may assign responsibility for RISK MANAGEMENT of the
HEALTH IT SYSTEM and/or HEALTH IT INFRASTRUCTURE to a different ORGANIZATION such as
providers of HEALTH IT SYSTEMS, HEALTH IT INFRASTRUCTURE or a collaboration of HEALTHCARE
DELIVERY ORGANIZATIONS.
RISK MANAGEMENT creates and protects value. It contributes to the demonstrable maintenance
or/and improvement of SAFETY, EFFECTIVENESS and SECURITY in the implementation and use of
connected HEALTH IT SYSTEMS.
– A structured and comprehensive approach to RISK MANAGEMENT contributes to consistent
and comparable clinical outcomes;
– The RISK MANAGEMENT PROCESS is scalable and can be customised and made proportionate
to the ORGANIZATION’S objectives;
– Appropriate and timely involvement of stakeholders leads to improved awareness and
alignment across the ORGANIZATION and enables informed RISK MANAGEMENT;
– RISKS can emerge, change or disappear as new HEALTHCARE tools and methodologies are
developed. Proactive RISK MANAGEMENT anticipates, detects, acknowledges and responds to
changes and events in a timely manner;
– The inputs to RISK MANAGEMENT are based on historical and current information, as well as
future expectations. RISK MANAGEMENT explicitly considers any limitations and uncertainties
associated with such information and expectations. Information should be timely, clear and
available to relevant stakeholders;
– The SOCIOTECHNICAL ECOSYSTEM significantly influences all aspects of RISK MANAGEMENT at
each level within the HEALTHCARE DELIVERY ORGANIZATION and at each lifecycle stage; and
– RISK MANAGEMENT is a continuous activity, improved through learning and experience. RISK
MANAGEMENT strengthens the ORGANIZATION resilience and supports the ORGANIZATION’S
business needs and objectives.
NOTE RISK is balanced across the KEY PROPERTIES wherever practical.

– 12 – IEC FDIS 80001-1 © IEC 2021
5 Framework
5.1 General
The purpose of the RISK MANAGEMENT framework is to assist the ORGANIZATION in integrating the
RISK MANAGEMENT with other significant activities and functions. Effective RISK MANAGEMENT
depends on its integration with the governance of the ORGANIZATION, including decision-making.
This requires support from all stakeholders, particularly TOP MANAGEMENT. Requirements in this
document apply to HEALTHCARE DELIVERY ORGANIZATIONS and other ORGANIZATIONS seeking
conformance with this RISK MANAGEMENT framework. Those requirements that apply to
HEALTHCARE DELIVERY ORGANIZATIONS only are clearly identified.
5.2 Leadership and commitment
It is the responsibility of the TOP MANAGEMENT of the ORGANIZATION to ensure that RISK
MANAGEMENT is implemented throughout the HEALTH IT SYSTEM lifecycle, and that its effectiveness
is evaluated.
The ORGANIZATION shall establish and adhere to a defined PROCESS for RISK MANAGEMENT.
5.3 Integrating RISK MANAGEMENT
Effective integration of RISK MANAGEMENT relies on an understanding of the ORGANIZATION’S
structures and context. Structures differ depending on the ORGANIZATION’S purpose, goals and
complexity. The RISK is managed in every part of the ORGANIZATION’S structure. Everyone in an
ORGANIZATION is responsible for managing RISK.
RISK MANAGEMENT is a dynamic and iterative PROCESS that can be customised to the
Integrating
ORGANIZATION’S culture and objectives. The RISK MANAGEMENT should be part of, and not
separate from, organizational purpose, governance, leadership, commitment, strategy,
objectives and operations.
5.4 Design/planning
5.4.1 General
The safe acquisition, installation, integration, implementation, clinical use, maintenance and
decommissioning of a HEALTH IT SYSTEM is dependent on effective RISK MANAGEMENT planning.
Planning activities apply to new implementations and modifications to existing HEALTH IT
SYSTEMS.
HEALTH IT SYSTEM RISK MANAGEMENT PLAN is to document and schedule the
The purpose of the
RISK MANAGEMENT activities throughout all lifecycle phases of the HEALTH IT SYSTEM and describe
how a specific HEALTH IT SYSTEM project will adhere to the RISK MANAGEMENT PLAN. The RISK
MANAGEMENT PROCESS which establishes the requirements of this document is depicted at
Figure 2 and applies throughout the lifecycle of the HEALTH IT SYSTEM.

IEC FDIS 80001-1 © IEC 2021 – 13 –

Figure 2 – RISK MANAGEMENT PROCESS
The extent of the RISK MANAGEMENT PLAN should be flexible and commensurate with the scale
and scope of functionality of the HEALTH IT SYSTEM whilst addressing the RISK MANAGEMENT
requirements specified within this document. The contents of the RISK MANAGEMENT PLAN should
include:
– a framework for RISK ANALYSIS;
– defined risk acceptance criteria for individual risks and the overall RESIDUAL RISK;
– a list of the relevant procedures, policies and resources required; and
– a reference to any ACCOMPANYING DOCUMENTS
5.4.2 RISK MANAGEMENT FILE
The ORGANIZATION shall:
a) establish, at the start of a project, a HEALTH IT SYSTEM RISK MANAGEMENT FILE;
b) maintain the RISK MANAGEMENT FILE throughout the lifecycle of the HEALTH IT SYSTEM; and
c) ensure that the RISK MANAGEMENT FILE is recoverable in the event of failure.
The HEALTH IT SYSTEM RISK MANAGEMENT FILE provides a store of all records which relate to the
RISK MANAGEMENT PROCESS and any decisions that influence RISK MANAGEMENT.
5.4.3 Understanding the organization and the SOCIOTECHNICAL ECOSYSTEM
Before starting the design and implementation of the RISK MANAGEMENT PLAN it is important to
evaluate and understand the internal and external SOCIOTECHNICAL ECOSYSTEM as this will
significantly influence the design of the PROCESS.
The ORGANIZATION shall establish and maintain a defined list of ASSETS that interface with or
constitute part of a HEALTH IT SYSTEM.

– 14 – IEC FDIS 80001-1 © IEC 2021
Factors which can affect the external SOCIOTECHNICAL ECOSYSTEM include but are not limited to:
key drivers and trends which affect the ORGANIZATION’S objectives; contractual relationships and
commitments; the complexity of networks and dependencies and any local regulatory
conditions.
Factors which can affect the internal SOCIOTECHNICAL ECOSYSTEM include but are not limited to:
ORGANIZATION; the governance, structure and
the vision, mission and values of the
accountabilities of the ORGANIZATION; and standards adopted by the ORGANIZATION and the
ORGANIZATION’S capability and assets.
5.4.4 Articulating RISK MANAGEMENT commitment
It is the responsibility of the ORGANIZATION’S TOP MANAGEMENT to demonstrate and articulate
their continual commitment to RISK MANAGEMENT by establishing and applying a RISK
MANAGEMENT PLAN and appraising the EFFECTIVENESS of RISK MANAGEMENT activities.
The ORGANIZATION’S TOP MANAGEMENT shall:
a) be accountable for ensuring that the ORGANIZATION adheres to the HEALTH IT SYSTEM RISK
MANAGEMENT PLAN;
b) be accountable for ensuring that the ORGANIZATION achieves compliance with this document;
and
HEALTH IT SYSTEM.
c) authorise the sale or deployment of the
5.4.5 Assigning organizational roles, authorities, responsibilities and
accountabilities
It is the responsibility of the ORGANIZATION’S TOP MANAGEMENT to ensure that the authorities,
RISK MANAGEMENT are
responsibilities and accountabilities for relevant roles with respect to
assigned and communicated at all levels of the organization. This will include identifying
accountable individuals who have the authority to manage RISK and the appointment of a HEALTH
IT RISK MANAGER who holds responsibility for the implementation of the RISK MANAGEMENT
PROCESS.
THE ORGANIZATION’S TOP MANAGEMENT shall:
a) identify a HEALTH IT RISK MANAGER who has the necessary qualifications, knowledge and
competence for the application of RISK MANAGEMENT to HEALTH IT SYSTEMS;
NOTE 1 As a minimum, the list of approvers will include the HEALTH IT RISK MANAGER.
b) ensure that the roles and responsibilities of the personnel engaged in RISK MANAGEMENT
activities, including the roles who can review and approve the RISK MANAGEMENT artefacts,
are defined and recorded;
c) ensure that all personnel performing the roles are aware of their responsibilities with respect
to following the ORGANIZATIONS RISK MANAGEMENT PROCESS.
The HEALTH IT RISK MANAGER shall:
d) be responsible for ensuring that the RISK MANAGEMENT PROCESS is followed;
e) be responsible for reporting on the RISK MANAGEMENT PROCESS to the TOP MANAGEMENT.
The responsibilities of the HEALTH IT RISK MANAGER apply to new HEALTH IT SYSTEM
implementations and modifications to existing HEALTH IT SYSTEMS.
The ORGANIZATION shall:
f) incorporate the results of the RISK MANAGEMENT activities undertaken through these
requirements in the assurance case and record them in the RISK MANAGEMENT FILE.
NOTE 2 The concept of an assurance case is described in ISO 81001-1.

IEC FDIS 80001-1 © IEC 2021 – 15 –
5.4.6 Allocating resources
The level of resources required to support RISK MANAGEMENT will need to be commensurate with
the scale, complexity and RISK profile of the HEALTH IT SYSTEM and is also dependent on the
HEALTH IT SYSTEM deployment timescales. The assessment of the required resources may be
guided by experience gained from previous deployments.
Appropriate resources for RISK MANAGEMENT can include, but are not limited to: people with the
appropriate skills, experience and competence, the organization’s RISK MANAGEMENT
PROCESSES, methods and tools and information and knowledge management systems.
THE ORGANIZATION’S TOP MANAGEMENT shall:
RISK MANAGEMENT;
a) provide sufficient resources to support
b) ensure that personnel engaged in RISK MANAGEMENT are suitably qualified and experienced.
The organization should consider the capabilities of, and constraints on, existing resources and
ensure that the nominated resources have sufficient time available to allow them to apply a
suitable level of effort to ensure the RISK MANAGEMENT PROCESS is completed in a robust and
competent manner.
5.4.7 Establishing communication and consultation
Communication involves sharing information with targeted audiences and consultation involves
participants providing information with the understanding that it will contribute to and shape
decisions or other activities. Communication and consultation methods and content shall reflect
the expectations of all stakeholders.
Communication and consultation shall be timely and ensure that relevant information is
collected, collated, synthesised and shared as appropriate. Where the responsibility for RISK
MANAGEMENT is shared the details will be recorded in a RESPONSIBILITY AGREEMENT.
ORGANIZATION shall:
The
a) establish effective means of sharing information with internal and external RISK
MANAGEMENT stakeholders;
b) establish effective means of gathering information from internal and external RISK
MANAGEMENT stakeholders; and
c) retain communications that have an impact on RISK MANAGEMENT outcomes.
Internal and external RISK MANAGEMENT stakeholders could include: OPERATORS, HEALTH IT
SYSTEM MANUFACTURERS, technical support function, internal IT function and other facilities
management functions.
5.5 Implementation
Successful implementation of the RISK MANAGEMENT PROCESS requires the engagement and
awareness of stakeholders. This enables ORGANIZATIONS to explicitly address uncertainty in
decision making, whilst also ensuring that any new or subsequent uncertainty is considered as
soon as it arises.
Successful implementation of the RISK MANAGEMENT PROCESS will be achieved through
adherence to the RISK MANAGEMENT PLAN. The RISK MANAGEMENT PLAN should clearly define the
associated timescales, milestones and resource requirements.

– 16 – IEC FDIS 80001-1 © IEC 2021
5.6 Evaluation
Compliance to the RISK MANAGEMENT PLAN and effectiveness of the risk management PROCESS
should be periodically evaluated. The evaluations may be conducted annually or more frequently
as circumstances change.
The ORGANIZATION shall:
a) evaluate the EFFECTIVENESS of the RISK MANAGEMENT PROCESS at defined intervals; and
b) record evidence of the evaluation in the RISK MANAGEMENT FILE.
Evaluation of the EFFECTIVENESS of the RISK MANAGEMENT PROCESS should include a review of
concerns and incidents relating to the HEALTH IT SYSTEM and assess their impact on the KEY
, monitor the timeliness of INCIDENT reporting; and review EVENT MANAGEMENT.
PROPERTIES
5.7 Improvement
The ORGANIZATION should strive to continually improve the suitability, adequacy and
EFFECTIVENESS of the RISK MANAGEMENT PROCESS and the way that the RISK MANAGEMENT PROCESS
is implemented. As gaps or improvement opportunities are identified, the ORGANIZATION can
develop plans and tasks and assign them to those accountable for implementation. Once
implemented these improvements can contribute to the enhancement of RISK MANAGEMENT.
The ORGANIZATION shall:
a) continually monitor and adapt the RISK MANAGEMENT PROCESS to address external and
internal changes; and
b) record evidence of any improvements in the RISK MANAGEMENT FILE.
By continually monitoring and adapting its RISK MANAGEMENT PROCESS the ORGANIZATION can
optimise the effectivity and efficiency of the PROCESS.
6 RISK MANAGEMENT PROCESS
6.1 Generic requirements
6.1.1 General
The generic RISK MANAGEMENT PROCESS is depicted in Figure 2. Three key activities, which are
supported by related sub-activities, are conducted in a continual cycle through-out the lifecycle
of a HEALTH IT SYSTEM from initial acquisition through to decommission. Requirements in this
document apply to HEALTHCARE DELIVERY ORGANIZATIONS and other ORGANIZATIONS seeking
conformance with this RISK MANAGEMENT framework. Those requirements that apply to
HEALTHCARE DELIVERY ORGANIZATIONS only are clearly identified.
The ORGANIZATION shall:
a) at the start of the project establish a RISK MANAGEMENT PLAN detailing the RISK ANALYSIS, RISK
EVALUATION and RISK CONTROL activities to be undertaken;
b) maintain the clinical RISK MANAGEMENT PLAN in the RISK MANAGEMENT FILE throughout the
lifecycle of the HEALTH IT SYSTEM;
c) record the justification for any deviations from the RISK MANAGEMENT PLAN within the RISK
MANAGEMENT FILE;
d) at the start of the project establish an ASSURANCE CASE for the project;
e) incorporate the results of the RISK MANAGEMENT activities undertaken through these
requirements in the ASSURANCE CASE and record them in the RISK MANAGEMENT FILE.

IEC FDIS 80001-1 © IEC 2021 – 17 –
6.1.2 RISK ANALYSIS
6.1.2.1 General
RISK ANALYSIS involves establishing the scope of the HEALTH IT SYSTEM both in terms of its
INTENDED USE. Once this is understood, analysis
technological architecture, functionality and its
is conducted to identify any HAZARDS that could occur. The RISK associated with identified
HAZARDS is then estimated. This is best achieved through a multi-disciplinary workshop typically
involving competent representatives from the following specialist areas
– TOP MANAGEMENT;
– HEALTHCARE professionals;
– business owners;
– SYSTEM INTEGRATORS;
– IMPLEMENTERS;
– ADMINISTRATORS;
– USERS; and
– SECURITY practitioners
The scale, complexity and level of RISK will vary across different HEALTH IT SYSTEM deployments.
It is important to recognise this and ensure the level of resources required to support the
PROCESS is commensurate.
6.1.2.2 Defining the purpose and scope of the PROCESS
Prior to commencing RISK ANALYSIS activities for any HEALTH IT SYSTEM deployment or
modification it is essential to define the scope of the RISK ANALYSIS. Defining the scope correctly
will bound the extent of the RISK ANALYSIS as well as ensuring that all areas impacted by the
deployment are considered. It is important to understand how the HEALTH SOFTWARE or MEDICAL
DEVICE will integrate with the existing HEALTH IT INFRASTRUCTURE. Consideration should also be
given to any data migration required to support the deployment.
ORGANIZATION shall:
The
a) define the HEALTHCARE setting in which the HEALTH IT SYSTEM will be deployed and used;
b) define the INTENDED USE of the HEALTH IT SYSTEM in the context of supporting HEALTHCARE;
c) identify the USERS of the HEALTH IT SYSTEM;
d) define the scale and complexity of the deployment HEALTH IT SYSTEM including the integration
of components within the HEALTH IT SYSTEM;
HEALTH IT SYSTEM functional and data dependencies.
e) identify and consider any inter/intra
Additionally, a HEALTHCARE DELIVERY ORGANIZATION shall:
f) define the scale and complexity of the HEALTH IT SYSTEM deployment including the integration
of the HEALTH IT SYSTEM within the HEALTH IT INFRASTRUCTURE; and
g) gather suitable and sufficient information via ACCOMPANYING DOCUMENTS from each MEDICAL
DEVICE MANUFACTURER or HEALTH IT SYSTEM MANUFACTURER to support RISK MANAGEMENT.
For recommendations of suitable and sufficient information via ACCOMPANYING DOCUMENTS, see
“Guidance for accompanying document information” in Annex B. Additional details on system
security are detailed in IEC TR 80001-2-2:2012 and IEC TR 80001-2-8:2016 and reflected in
the manufacturer disclosure statement for medical device security. The responsibility
agreement in ISO/TR 80001-2-6:2014 provides information on the formation of contractual or
RFP arrangements between the HEALTHCARE DELIVERY ORGANIZATION and the HEALTH IT SYSTEM
provider.
– 18 – IEC FDIS 80001-1 © IEC 2021
The ORGANIZATION shall:
RISK MANAGEMENT activities undertaken through the
h) incorporate the results of the
requirements in this subclause in the ASSURANCE CASE and record them in the RISK
MANAGEMENT FILE.
6.1.2.3 HAZARD identification
The purpose of HAZARD identification is to uncover and describe events or conditions that have
the potential to result in HARM when the HEALTH IT SYSTEM is deployed or used.
It is recommended that a HAZARD workshop is run to support complete HAZARD identification
involving stakeholders suggested in 6.1.2. HAZARD identification activities should be undertaken
using a recognised technique such as Structured What If Technique (SWIFT) and consider:
• the HEALTHCARE delivery processes that will be impacted by the HEALTH IT SYSTEM, including
workflow and human factors considerations;
• the intended use of the HEALTH IT SYSTEM within the HEALTHCARE DELIVERY ORGANIZATION(S);
• the interdependencies associated with the health it system, including data-flows;
The ORGANIZATION shall:
a) identify and document known, and foreseeable HAZARDS associated with deployment of the
HEALTH IT SYSTEM and its use under both normal and foreseeable operating conditions;
b) review HAZARDS identified in the ACCOMPANYING DOCUMENTS provided by the HEALTH
SOFTWARE or MEDICAL DEVICE MANUFACTURER or provided by suppliers of other key system
components for applicability in the context of deployment, use or decommissioning of the
HEALTH IT SYSTEM; and
c) where no HAZARDS are identified, record the justification for this conclusion within the RISK
MANAGEMENT FILE.
Additionally, the HEALTHCARE DELIVERY ORGANIZATION shall:
d) consider HAZARDS associated with the integration of the HEALTH IT SYSTEM into the HEALTH IT
INFRASTRUCTURE.
It will be necessary to identify and record any vulnerabilities and/or threats to the HEALTH IT
SYSTEM and/or its integration into the HEALTH IT INFRASTRUCTURE
The ORGANIZATION shall:
e) incorporate the results of the RISK MANAGEMENT activities undertaken through the
requirements in this subclause in the ASSURANCE CASE and record them in the RISK
MANAGEMENT FILE.
6.1.2.4 RISK ESTIMATION
RISK ESTIMATION is the PROCESS of categorising the RISK of the identified HAZARD by determining
the HAZARD causes and CONSEQUENCES and considering the LIKELIHOOD of HARM occurring as a
result of the HAZARD and the SEVERITY of that HARM.
Using the criteria specified in the RISK MANAGEMENT PLAN, for each identified HAZARD the
ORGANIZATION shall:
a) estimate the SEVERITY of the CONSEQUENCE of the HARM;
b) estimate the LIKELIHOOD of HARM;
c) estimate and record the resulting RISK.

IEC FDIS 80001-1 © IEC 2021 – 19 –
RISK criteria can v
...