iTeh Standards logo
EURUSD
Your shopping cart is empty.
ISO

IEC/AWI 81001-5-1

(Main)

Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle

Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle

This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformance to IEC 62443-4-1 – taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES. The purpose is to increase the CYBERSECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves. It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in ISO 81001-1. This document excludes specification of ACCOMPANYING DOCUMENTATION contents.

Sécurité, efficacité et sûreté des logiciels de santé et des systèmes TI de santé — Partie 5-1: Sûreté — Activités du cycle de vie du produit

Le présent document définit les exigences de CYCLE DE VIE relatives au développement et à la maintenance des LOGICIELS DE SANTE, nécessaires pour venir à l’appui de la conformité à l’IEC 62443-4-1 – compte tenu des besoins spécifiques pour les LOGICIELS DE SANTE. L’ensemble des PROCESSUS, ACTIVITES et TACHES décrits dans le présent document établit un cadre commun pour des PROCESSUS sécurisés du CYCLE DE VIE DES LOGICIELS DE SANTE. Ces processus ont pour objet de renforcer la CYBERSECURITE des LOGICIELS DE SANTE par l'établissement de certaines ACTIVITES et TACHES dans les PROCESSUS DU CYCLE DE VIE desdits LOGICIELS, ainsi que par le renforcement de la SURETE des PROCESSUS DU CYCLE DE VIE DES LOGICIELS proprement dit. Il est important de maintenir un équilibre approprié des propriétés clés (SECURITE, efficacité et SURETE) traitées dans l’ISO 81001-1. Le présent document exclut la spécification du contenu de la DOCUMENTATION D’ACCOMPAGNEMENT.

General Information

Status
Not Published
ICS
35.030 - IT Security
35.080 - Software
35.240.80 - IT applications in health care technology
Technical Committee
ISO/TC 215 - Health informatics
Drafting Committee
ISO/TC 215/JWG 7 - Joint ISO/TC 215 - IEC/SC 62A WG: Safe, effective and secure health software and health IT systems, including those incorporating medical devices
Current Stage
1099 - New project approved
Start Date
22-Sep-2025
Completion Date
27-Dec-2025
Ref Project

Relations

Revises
IEC 81001-5-1:2021 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle
Effective Date
16-Oct-2025
IEC/AWI 81001-5-1 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle Released:15. 12. 2025IEC/AWI 81001-5-1 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle Released:15. 12. 2025
PreviousNext
Draft
IEC/AWI 81001-5-1 - Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle Released:15. 12. 2025
English language
3 pages
sale 15% off
sale 15% off

Standards Content (Sample)


IEC 81001-5-1:2021/ISH1:2025 © IEC 2025
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
IEC 81001-5-1
Edition 1.0  2021-12
Health software and health IT systems safety, effectiveness and security -
Part 5-1: Security - Activities in the product life cycle

INTERPRETATION SHEET 1
This interpretation sheet has been prepared by subcommittee 62A: Common aspects of medical
equipment, software, and systems, of IEC technical committee 62: Medical equipment,
software, and systems.
The text of this interpretation sheet is based on the following documents:
DISH Report on voting
62A/1692/DISH 62A/1706/RVDISH
Full information on the voting for the approval of this interpretation sheet can be found in the
report on voting indicated in the above table.

___________
This interpretation sheet is intended to clarify the following:
a) Requirements which are needed to provide essential ACCOMPANYING DOCUMENTATION to the
operators of the HEALTH SOFTWARE product regarding the transfer of risk related to software
items from the MANUFACTURER to the responsible organization or operator.
b) Requirements which are needed to maintain SECURITY of the HEALTH SOFTWARE product
Interpretation of IEC 81001-5-1:2021, Introduction, 0.2
The HEALTH SOFTWARE is part of a connected and complex healthcare ecosystem, which is
integrated into a surrounding HEALTH IT SYSTEM and HEALTH IT INFRASTRUCTURE. ISO 81001-1
provides a definition of the sociotechnical ecosystem in which the HEALTH SOFTWARE operates
in, and how to reference the security aspect of the HEALTH SOFTWARE within an IT-system inside
a broader HEALTHCARE SYSTEM.
ICS 11.040.01, 35.240.80
IEC 81001-5-1:2021-12/ISH1:2025-11(en)

IEC 81001-5-1:2021/ISH1:2025 © IEC 2025
Interpretation of IEC 81001-5-1:2021, 4.1
4.1.7 Disclosing SECURITY-related issues
NOTE 1 This activity is related to 9.3 through 9.5 where additional supporting details are provided.
NOTE 2 On a) “CVSS” and “ranking” address the rating of the severity and characteristics of security vulnerabilities.
4.1.9 ACCOMPANYING DOCUMENTATION review
NOTE For clarification, the documents mentioned with “SECURITY guidelines” are detailed in 5.8.2 and 5.8.7.
Interpretation of IEC 81001-5-1:2021, 4.3
4.3 SOFTWARE ITEM classification relating to risk transfer
NOTE 1 (foundations, intentions):
Table 1 – SOFTWARE ITEM classification mapped to affected clauses

* Implied inclusion in clause since IEC 81001-5-1:2021, Clause 3 explicitly defines SUPPORTED SOFTWARE “includes
MAINTAINED SOFTWARE” and REQUIRED SOFTWARE “includes SUPPORTED SOFTWARE”.
SOFTWARE ITEM classification related to risk transfer from 4.3 is clarified as follows:
a) The SOFTWARE ITEM classification categories are nested, but only to ensure clauses that
explicitly mention a category are also understood to include the nested categories. Table 1
above notes all clauses that detail requirements specific to a SOFTWARE ITEM classification
and notes the implicit inclusion of nested categories. Further requirements of SOFTWARE
ITEM classification that are not explicit in an associated clause are not part of this document.
b) The manufacturer shall apply risk transfer activities for all SOFTWARE ITEMS according to their
associated category. An organization’s policy and procedures may choose different terms
for these classifications if clauses citing requirements for these SOFTWARE ITEM
classifications are satisfied. Risks for all SOFTWARE ITEMS should be identified and managed
(5.2.3), updates for SOFTWARE ITEMS controlled by the manufacturer or PRODUCT user should
be communicated (6.3.1) and updates to manufacturer provided SOFTWARE ITEMS should be
made available (6.3.2) and have verifiable integrity (6.3.3). For 4.3, any declaration of
conformance, or internal policy/procedure, should state the alternative terminology
leveraged and how it maps to the sp
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Frequently Asked Questions

IEC/AWI 81001-5-1 is a draft published by the International Organization for Standardization (ISO). Its full title is "Health software and health IT systems safety, effectiveness and security — Part 5-1: Security — Activities in the product life cycle". This standard covers: This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformance to IEC 62443-4-1 – taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES. The purpose is to increase the CYBERSECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves. It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in ISO 81001-1. This document excludes specification of ACCOMPANYING DOCUMENTATION contents.

This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformance to IEC 62443-4-1 – taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES. The purpose is to increase the CYBERSECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves. It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in ISO 81001-1. This document excludes specification of ACCOMPANYING DOCUMENTATION contents.

IEC/AWI 81001-5-1 is classified under the following ICS (International Classification for Standards) categories: 35.030 - IT Security; 35.080 - Software; 35.240.80 - IT applications in health care technology. The ICS classification helps identify the subject area and facilitates finding related standards.

IEC/AWI 81001-5-1 has the following relationships with other standards: It is inter standard links to IEC 81001-5-1:2021. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

You can purchase IEC/AWI 81001-5-1 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of ISO standards.

This May Also Interest You

ISO
ISO 21805:2023/Amd 1:2025(Amendment)
Guidance and recommendations on design, selection and installation of vents to safeguard the structural integrity of enclosures protected by gaseous fire-extinguishing systems — Amendment 1
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC 11801-1:2017/Amd 1:2025/Cor 1:2025(Corrigendum)
Information technology — Generic cabling for customer premises — Part 1: General requirements — Amendment 1 — Technical Corrigendum 1
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 29125:2017/Amd 2:2024/Cor 1:2025(Corrigendum)
Information technology — Telecommunications cabling requirements for remote powering of terminal equipment — Amendment 2 — Technical Corrigendum 1
  • Technical specification
    4 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 29125:2017/Amd 1:2020/Cor 1:2025(Corrigendum)
Information technology — Telecommunications cabling requirements for remote powering of terminal equipment — Amendment 1 — Technical Corrigendum 1
  • Technical specification
    1 page
    English language
    sale 15% off
ISO
ISO 22544:2025(Main)
Laboratory design — Vocabulary

This document defines the core terms and definitions in the field of laboratory design.

  • Standard
    30 pages
    English language
    sale 15% off
  • Draft
    38 pages
    French language
    sale 15% off
ISO
ISO/IEC TR 25219:2025(Main)
Personal identification — ISO-compliant driving licence — Considerations for early adopters of ISO/IEC 18013-7

This document specifies considerations that can be of use to implementers and developers that elect to participate in work around updates to ISO/IEC TS 18013-7 . These considerations are intended to support the improvements, to maximize backward compatibility and to, at minimum, maintain the security and privacy properties already embodied in ISO/IEC TS 18013-7 . This document also provides additional information related to these considerations.

  • Technical report
    3 pages
    English language
    sale 15% off
ISO
ISO 13315-5:2025(Main)
Environmental management for concrete and concrete structures — Part 5: Execution of concrete structures

This document provides the principles and procedures of environmental management for execution activities of concrete structures, which comprises earthwork/foundation work, formwork, reinforcement work, concreting work and waste treatment. Additional works for concrete structures such as electric work and utility work are outside the scope of this standard.

  • Standard
    20 pages
    English language
    sale 15% off
ISO
ISO 6670:2025(Main)
Instant coffee — Sampling method for bulk units with liners

1.1 This document specifies a sampling method for a consignment of instant coffee, shipped in 10 package units or more. This document is applicable to cases which have inner linings of moisture-resistant material hermetically sealed because of the hygroscopic nature of instant coffee and which are in package units greater than 10 kg net mass, typically up to 50 kg. This document is also applicable to units of more than 50 kg, usually called “big bags” or “supersacks”. The cases are generally made of cardboard of appropriate strength and the big bags are made of suitable plastic material. 1.2 This document is also applicable to the selection and preparation of a sufficiently representative sample of the consignment, which is intended: a) to serve as a basis for an offer for sale; b) for examination to verify that the instant coffee to be offered for sale satisfies the producer’s sales specification; c) for examination to determine one or more of the characteristics of the instant coffee for technical, commercial, administrative and arbitration purposes; d) for retention as a reference sample for use, if required, in litigation. 1.3 This document is applicable to all types of instant coffee, as defined in ISO 3509, contained in all types of units with liners, with the exception stated in 1.4. 1.4 For bulk density and particle size, this document is applicable to spray-dried powder and freeze-dried instant coffees only, as defined in ISO 3509, due to the intrinsic fragility of particles of agglomerated instant coffee, which leads to greater breakdown and headspace in the final packed units for the consumer.

  • Standard
    6 pages
    English language
    sale 15% off
ISO
ISO 5725-2:2025(Main)
Accuracy (trueness and precision) of measurement methods and results — Part 2: Basic method for the determination of repeatability and reproducibility of a standard measurement method

1.1 This document — amplifies the general principles for designing experiments for the numerical estimation of the precision of measurement methods by means of a collaborative interlaboratory experiment, — provides a detailed practical description of the basic method for routine use in estimating the precision of measurement methods, and — provides guidance to all personnel concerned with designing, performing or analysing the results of the tests for estimating precision. NOTE Modifications to this basic method for particular purposes are given in other parts of ISO 5725. 1.2 It is concerned exclusively with measurement methods which yield measurements on a continuous scale and give a single value as the test result, although this single value can be the outcome of a calculation from a set of observations. 1.3 It assumes that in the design and performance of the precision experiment, all the principles as laid down in ISO 5725-1 are observed. The basic method uses the same number of test results in each laboratory, with each laboratory analysing the same levels of test sample; i.e. a balanced uniform-level experiment. The basic method applies to procedures that have been standardized and are in regular use in a number of laboratories. 1.4 The statistical model of ISO 5725-1:2023, Clause 5, is accepted as a suitable basis for the interpretation and analysis of the test results, the distribution of which is approximately normal. 1.5 The basic method, as described in this document, (usually) estimates the precision of a measurement method: a) when it is required to determine the repeatability and reproducibility standard deviations as defined in ISO 5725-1; b) when the materials to be used are homogeneous, or when the effects of heterogeneity can be included in the precision values; c) when the use of a balanced uniform-level layout is acceptable. 1.6 The same approach can be used to make a preliminary estimate of precision for measurement methods which have not reached standardization or are not in routine use.

  • Standard
    67 pages
    English language
    sale 15% off
  • Standard
    71 pages
    French language
    sale 15% off
ISO
ISO 5925:2025(Main)
Smoke-control door, shutter assemblies and self-closing glazed elements — Ambient-temperature and medium-temperature leakage tests

This document describes a test that determines the rate of leakage of ambient (cold) and medium (warm) temperature smoke from one side of door and shutter assemblies to the other under the specified test conditions. This test method is applicable to door and shutter assemblies and self-closing operable glazed elements of different configurations intended for the purpose of controlling the passage of smoke in case of fire. Wherever door and shutter assemblies are referred to in this document, it also applies to self-closing glazed elements. The fire resistance of glazed elements is determined by tests in accordance with ISO 3009. The acceptable leakage rates for different situations are not addressed in this document, but rather are specified by the regulations of the controlling authorities.

  • Standard
    23 pages
    English language
    sale 15% off