iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN IEC 80001-1:2022

(Main)

Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software (IEC 80001-1:2021)

Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software (IEC 80001-1:2021)

This document specifies general requirements for ORGANIZATIONS in the application of RISK
MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT
INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY
whilst engaging appropriate stakeholders.

Sicherheit, Effektivität und Daten- und Systemsicherheit bei Implementierung und Gebrauch von eingebundenen Medizinprodukten oder eingebundener Gesundheitssoftware - Teil 1: Anwendung von Risikomanagement (IEC 80001-1:2021)

Application de la gestion des risques aux réseaux des technologies de l’information contenant des dispositifs médicaux - Partie 1: Sûreté, efficacité et sécurité dans la mise en œuvre et l'utilisation des dispositifs médicaux connectés ou des logiciels de santé connectés (IEC 80001-1:2021)

L'IEC 80001-1:2021 spécifie des exigences générales au profit des ORGANISATIONS pour l’application de la GESTION DES RISQUES avant, pendant et après la connexion d’un SYSTEME TI DE SANTE au sein d’une INFRASTRUCTURE TI DE SANTE. Il traite des PROPRIETES CLES de SECURITE, d’EFFICACITE et de SURETE tout en impliquant les intervenants concernés.
L'IEC 80001-1:2021 annule et remplace la première édition parue en 2010. Cette édition constitue une révision technique.
Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente:
a) modification de la structure pour mieux s’aligner sur l’ISO 31000;
b) établissement d’exigences en faveur d’une ORGANISATION dans l’application de la GESTION DES RISQUES;
c) communication de la valeur, de l’objectif et de la finalité de la GESTION DES RISQUES à travers des principes qui favorisent la préservation des PROPRIETES CLES lors de la mise en œuvre et de l’utilisation des LOGICIELS DE SANTE et/ou SYSTEMES TI DE SANTE connectés.

Uporaba upravljanja tveganja za omrežja IT, ki vključujejo medicinske naprave - 1. del: Varnost, učinkovitost in varnost pri izvajanju in uporabi povezanih medicinskih pripomočkov ali povezane zdravstvene programske opreme (IEC 80001-1:2021)

Ta dokument določa splošne zahteve za ORGANIZACIJE, ki uporabljajo upravljanje tveganja pred, med in po povezovanju ZDRAVSTVENEGA SISTEMA IT v ZDRAVSTVENO INFRASTRUKTURO IT, tako da obravnava KLJUČNE LASTNOSTI VARNOSTI, UČINKOVITOSTI in ZAŠČITE ob vključevanju ustreznih deležnikov.

General Information

Status
Published
Publication Date
23-Nov-2021
ICS
11.040.01 - Medical equipment in general
35.240.80 - IT applications in health care technology
Technical Committee
IEMO - Electrical equipment in medical practice
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
10-Nov-2021
Due Date
15-Jan-2022
Completion Date
24-Nov-2021
Ref Project
EN IEC 80001-1:2021 - Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software

Relations

Revised
SIST EN 80001-1:2011 - Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities (IEC 80001-1:2010)
Effective Date
27-Feb-2018
Replaces
SIST EN 80001-1:2011 - Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities (IEC 80001-1:2010)
Effective Date
02-Nov-2021

Buy Standard

EN IEC 80001-1:2022 - BARVEEN IEC 80001-1:2022 - BARVE
PreviousNext
Standard
EN IEC 80001-1:2022 - BARVE
English language
39 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN IEC 80001-1:2022
01-januar-2022
Nadomešča:
SIST EN 80001-1:2011
Uporaba upravljanja tveganja za omrežja IT, ki vključujejo medicinske naprave - 1.
del: Varnost, učinkovitost in varnost pri izvajanju in uporabi povezanih
medicinskih pripomočkov ali povezane zdravstvene programske opreme (IEC
80001-1:2021)
Application of risk management for IT-networks incorporating medical devices - Part 1:
Safety, effectiveness and security in the implementation and use of connected medical
devices or connected health software (IEC 80001-1:2021)
Sicherheit, Effektivität und Daten- und Systemsicherheit bei Implementierung und
Gebrauch von eingebundenen Medizinprodukten oder eingebundener
Gesundheitssoftware - Teil 1: Anwendung von Risikomanagement (IEC 80001-1:2021)
Application de la gestion des risques aux réseaux des technologies de l’information
contenant des dispositifs médicaux - Partie 1: Sûreté, efficacité et sécurité dans la mise
en œuvre et l'utilisation des dispositifs médicaux connectés ou des logiciels de santé
connectés (IEC 80001-1:2021)
Ta slovenski standard je istoveten z: EN IEC 80001-1:2021
ICS:
11.040.01 Medicinska oprema na Medical equipment in general
splošno
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
SIST EN IEC 80001-1:2022 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 80001-1:2022

---------------------- Page: 2 ----------------------
SIST EN IEC 80001-1:2022


EUROPEAN STANDARD EN IEC 80001-1

NORME EUROPÉENNE

EUROPÄISCHE NORM
October 2021
ICS 11.040.01; 35.240.80 Supersedes EN 80001-1:2011 and all of its amendments
and corrigenda (if any)
English Version
Application of risk management for IT-networks incorporating
medical devices - Part 1: Safety, effectiveness and security in
the implementation and use of connected medical devices or
connected health software
(IEC 80001-1:2021)
Application de la gestion des risques aux réseaux des Sicherheit, Effektivität und Daten- und Systemsicherheit bei
technologies de l'information contenant des dispositifs Implementierung und Gebrauch von eingebundenen
médicaux - Partie 1: Sûreté, efficacité et sécurité dans la Medizinprodukten oder eingebundener
mise en œuvre et l'utilisation des dispositifs médicaux Gesundheitssoftware - Teil 1: Anwendung von
connectés ou des logiciels de santé connectés Risikomanagement
(IEC 80001-1:2021) (IEC 80001-1:2021)
This European Standard was approved by CENELEC on 2021-10-26. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN IEC 80001-1:2021 E

---------------------- Page: 3 ----------------------
SIST EN IEC 80001-1:2022
EN IEC 80001-1:2021 (E)
European foreword
The text of document 62A/1434/FDIS, future edition 2 of IEC 80001-1, prepared by SC 62A “Common
aspects of electrical equipment used in medical practice” of IEC/TC 62 “Electrical equipment in
medical practice” was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
EN IEC 80001-1:2021.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2022–07–26
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2024–10–26
document have to be withdrawn
This document supersedes EN 80001-1:2011 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 80001-1:2021 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
ISO 14971:2019 NOTE Harmonized as EN ISO 14971:2019 (not modified)
ISO 13940:2015 NOTE Harmonized as EN ISO 13940:2016 (not modified)
IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006 (not modified) +A11:2011


2

---------------------- Page: 4 ----------------------
SIST EN IEC 80001-1:2022




IEC 80001-1


Edition 2.0 2021-09




INTERNATIONAL



STANDARD




NORME


INTERNATIONALE
colour

inside










Application of risk management for IT-networks incorporating medical devices –

Part 1: Safety, effectiveness and security in the implementation and use of

connected medical devices or connected health software



Application de la gestion des risques aux réseaux des technologies de

l’information contenant des dispositifs médicaux –


Partie 1: Sûreté, efficacité et sécurité dans la mise en œuvre et l'utilisation des

dispositifs médicaux connectés ou des logiciels de santé connectés












INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE


INTERNATIONALE




ICS 11.040.01; 35.240.80 ISBN 978-2-8322-9748-3




Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

---------------------- Page: 5 ----------------------
SIST EN IEC 80001-1:2022
– 2 – IEC 80001-1:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 7
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 9
4 Principles . 10
5 Framework . 11
5.1 General . 11
5.2 Leadership and commitment . 11
5.3 Integrating RISK MANAGEMENT . 11
5.4 Design/planning . 12
5.4.1 General . 12
5.4.2 RISK MANAGEMENT FILE . 13
5.4.3 Understanding the organization and the SOCIOTECHNICAL ECOSYSTEM . 13
5.4.4 Articulating RISK MANAGEMENT commitment . 13
5.4.5 Assigning organizational roles, authorities, responsibilities and
accountabilities . 13
5.4.6 Allocating resources . 14
5.4.7 Establishing communication and consultation . 14
5.5 Implementation . 15
5.6 Evaluation . 15
5.7 Improvement . 15
6 RISK MANAGEMENT PROCESS . 15
6.1 Generic requirements. 15
6.1.1 General . 15
6.1.2 RISK ANALYSIS . 16
6.1.3 RISK EVALUATION . 18
6.1.4 RISK CONTROL . 19
6.2 Lifecycle specific requirements . 21
6.2.1 General . 21
6.2.2 Acquisition . 21
6.2.3 Installation, customization and configuration . 22
6.2.4 Integration, data migration, transition and validation . 22
6.2.5 Implementation, workflow optimization and training . 22
6.2.6 Operation and maintenance . 23
6.2.7 Decommission . 24
Annex A (informative) IEC 80001-1 requirements mapping table . 25
Annex B (informative) Guidance for accompanying document Information . 31
B.1 Foreword . 31
B.2 Information system categorization . 32
B.3 Overview. 32
B.4 Reference documents . 32
B.5 System level description . 32
B.5.1 Environment description . 32
B.5.2 Network ports, protocols and services . 33
B.5.3 Purpose of connection to the health IT infrastructure . 33

---------------------- Page: 6 ----------------------
SIST EN IEC 80001-1:2022
IEC 80001-1:2021 © IEC 2021 – 3 –
B.5.4 Networking requirements . 33
B.5.5 Required IT-network services . 33
B.5.6 Data flows and protocols . 33
B.6 Security and user access . 34
B.6.1 General . 34
B.6.2 Malware / antivirus / allow-list . 34
B.6.3 Security exclusions . 34
B.6.4 System access . 34
B.7 RISK MANAGEMENT . 36
Bibliography . 37

Figure 1 – Lifecycle framework addressing safety, effectiveness and security of health
software and health IT systems . 8
Figure 2 – RISK MANAGEMENT PROCESS . 12

Table A.1 – IEC 80001-1 requirements table . 25
Table B.1 – Organization name and location . 31
Table B.2 – Cybersecurity device characterization level . 32
Table B.3 – Ports, protocols and services . 33
Table B.4 – Information system name and title . 34
Table B.5 – Roles and privileges . 35

---------------------- Page: 7 ----------------------
SIST EN IEC 80001-1:2022
– 4 – IEC 80001-1:2021 © IEC 2021
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 1: Safety, effectiveness and security in the implementation and use
of connected medical devices or connected health software

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international
co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and
in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,
Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their
preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with
may participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for
Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence between
any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent
rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 80001-1 has been prepared by a Joint Working Group of
Subcommittee 62A: Common aspects of electrical equipment used in medical practice, of IEC
Technical Committee 62: Electrical equipment in medical practice, and of ISO Technical
Committee 215: Health informatics.
It is published as a double logo standard.
This second edition cancels and replaces the first edition published in 2010. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) structure changed to better align with ISO 31000;
b) establishment of requirements for an ORGANIZATION in the application of RISK MANAGEMENT;

---------------------- Page: 8 ----------------------
SIST EN IEC 80001-1:2022
IEC 80001-1:2021 © IEC 2021 – 5 –
c) communication of the value, intention and purpose of RISK MANAGEMENT through principles
that support preservation of the KEY PROPERTIES during the implementation and use of
connected HEALTH SOFTWARE and/or HEALTH IT SYSTEMS.
The text of this document is based on the following documents:
FDIS Report on voting
62A/1434/FDIS 62A/1448/RVD

Full information on the voting for the approval of this document can be found in the report on
voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
In this document, the following print types are used:
• requirements and definitions: roman type;
• test specifications: italic type;
• informative material appearing outside of tables, such as notes, examples and references: in smaller type.
Normative text of tables is also in a smaller type;
• TERMS DEFINED IN CLAUSE 3 OF THIS DOCUMENT OR AS NOTED ARE PRINTED IN SMALL CAPITALS.
In referring to the structure of this document, the term
• “clause” means one of the five numbered divisions within the table of contents, inclusive of
all subdivisions (e.g. Clause 5 includes subclauses 5.1, 5.2, etc.);
• “subclause” means a numbered subdivision of a clause (e.g. 5.1, 5.2 and 5.3 are all
subclauses of Clause 5).
References to clauses within this document are preceded by the term “Clause” followed by the
clause number. References to subclauses within this particular standard are by number only.
In this document, the conjunctive “or” is used as an “inclusive or” so a statement is true if any
combination of the conditions is true.
The verbal forms used in this document conform to usage described in Clause 7 of the ISO/IEC
Directives, Part 2. For the purposes of this document, the auxiliary verb:
• “shall” means that compliance with a requirement or a test is mandatory for compliance with
this document;
• “should” means that compliance with a requirement or a test is recommended but is not
mandatory for compliance with this document;
• “may” is used to describe a permissible way to achieve compliance with a requirement or
test.
A list of all parts of the IEC 80001 series, published under the general title Safety, effectiveness
and security in the implementation and use of connected medical devices or connected health
software, can be found on the IEC website.
Future standards in this series will carry the new general title as cited above. Titles of existing
standards in this series will be updated at the time of the next edition.

---------------------- Page: 9 ----------------------
SIST EN IEC 80001-1:2022
– 6 – IEC 80001-1:2021 © IEC 2021
The committee has decided that the contents of this standard will remain unchanged until the
stability date indicated on the IEC website under "https://webstore.iec.ch" in the data related to
the specific standard. At this date, the standard will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

IMPORTANT – The "colour inside" logo on the cover page of this document indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this document using a colour printer.

---------------------- Page: 10 ----------------------
SIST EN IEC 80001-1:2022
IEC 80001-1:2021 © IEC 2021 – 7 –
INTRODUCTION
HEALTHCARE DELIVERY ORGANIZATIONS rely on safe, effective and secure systems as business-
critical factors. However, ineffective management of the implementation and use of connected
systems can threaten the ability to deliver health services.
Connected systems that deliver health services, generally involve multiple software
applications, various medical devices and complex HEALTH IT SYSTEMS that rely upon shared
infrastructure including wired or wireless networks, point to point connections, application
servers and data storage, interface engines, security and performance management software,
etc. These HEALTH IT INFRASTRUCTURES are often used for both clinical (e.g. patient monitoring
systems) and non-clinical organizational functions (e.g. accounting, scheduling, social
networking, multimedia, file sharing). These connected systems can involve small departmental
networks to large integrated infrastructures spanning multiple locations as well as cloud-based
services operated by third parties. The requirements in this document are intended for multiple
stakeholders involved in the application of RISK MANAGEMENT to systems that include HEALTH IT
SYSTEMS and / or HEALTH IT INFRASTRUCTURE.
Within the context of ISO 81001-1, this document covers the generic lifecycle phase
“implementation and clinical use” (see the lifecycle diagram in Figure 1).

---------------------- Page: 11 ----------------------
SIST EN IEC 80001-1:2022
– 8 – IEC 80001-1:2021 © IEC 2021

Figure 1 – Lifecycle framework addressing safety, effectiveness and security
of health software and health IT systems
ORGANIZATIONS in using or adapting existing work practices and
This document facilitates
processes, personnel and tools wherever practicable to address the requirements of this
document. For example, if an organization has an existing RISK MANAGEMENT PROCESS, this can
be used or adapted to support the three KEY PROPERTIES of SAFETY, EFFECTIVENESS, and
SECURITY. Requirements are defined such that they can be evaluated and as such support an
ORGANIZATION in verifying and demonstrating the degree of compliance with this document.
RISK MANAGEMENT requirements of this document are based upon existing concepts adapted
The
and extended for use by all stakeholders supporting implementation and clinical use of
connected HEALTH SOFTWARE and HEALTH IT SYSTEMS (including medical devices). This
document aligns with ISO 81001-1, ISO/IEC Guide 63, IEC Guide 120.

---------------------- Page: 12 ----------------------
SIST EN IEC 80001-1:2022
IEC 80001-1:2021 © IEC 2021 – 9 –
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 1: Safety, effectiveness and security in the implementation and use
of connected medical devices or connected health software




1 Scope
This document specifies general requirements for ORGANIZATIONS in the application of RISK
MANAGEMENT before, during and after the connection of a HEALTH IT SYSTEM within a HEALTH IT
INFRASTRUCTURE, by addressing the KEY PROPERTIES of SAFETY, EFFECTIVENESS and SECURITY
whilst engaging appropriate stakeholders.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
NOTE For the purpose of this document, the terms and definitions given in ISO 81001-1:20XX and the following
apply.
3.1
CONSEQUENCE
outcome of an event affecting objectives
Note 1 to entry: A CONSEQUENCE can be certain or uncertain and can have positive or negative direct or indirect
effects on objectives.
Note 2 to entry: CONSEQUENCES can be expressed qualitatively or quantitatively.
Note 3 to entry: Any CONSEQUENCE can escalate through cascading and cumulative effects.
[SOURCE:ISO 31000:2018, 3.6]
3.2
HEALTHCARE
care activities, services, management or supplies related to the health of an individual or
population
Note 1 to entry: This includes more than performing procedures for subjects of care. It includes, for example, the
management of information about patients, health status and relations within the HEALTHCARE delivery framework
and may also include the management of clinical knowledge.
[SOURCE: ISO 13940:2015, 3.1.1, modified – The definition was reworded to include
population.]

---------------------- Page: 13 ----------------------
SIST EN IEC 80001-1:2022
– 10 – IEC 80001-1:2021 © IEC 2021
3.3
INCIDENT
unplanned interruption to a service a reduction in the quality of a service or an event that has
not yet impacted the service to the customer or user
[SOURCE: ISO/IEC 20000-1:2018, 3.2.5]
3.4
INITIAL RISK
RISK derived during risk estimation taking into consideration any retained RISK control measures
[SOURCE: ISO/IEC/IEEE 15026-1:2019, 3.3.3, modified – The definition was reworded.]
3.5
LIKELIHOOD
chance of something happening
Note 1 to entry: In risk management terminology, the word “LIKELIHOOD” is used to refer to the chance of something
happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and
described using general terms or mathematically (such as a probability or a frequency over a given time period).
Note 2 to entry: The English term “LIKELIHOOD” does not have a direct equivalent in some languages; instead, the
equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted as
a mathematical term. Therefore, in risk management terminology, “LIKELIHOOD” is used with the intent that it should
have the same broad interpretation as the term “probability” has in many languages other than English.
[SOURCE: ISO 31000:2018, 3.7]
3.6
PROCESS
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: The term “activities” covers use of resources.
[SOURCE: IEC 81001-1:2021, 3.2.10]
3.7
HEALTH IT RISK MANAGER
person accountable for risk management of a HEALTH IT SYSTEM
3.8
RISK MANAGEMENT PLAN
description of how the elements and resources of the risk management PROCESS will be
implemented within an organization or project
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.3529]
4 Principles
The following principles provide the basis for RISK MANAGEMENT. They communicate the value,
intention and purpose of RISK MANAGEMENT and their application supports the preservation of
the KEY PROPERTIES during the implementation and use of HEALTH IT SYSTEMS within a HEALTH IT
INFRASTRUCTURE:
– RISK MANAGEMENT is an integral part of an ORGANIZATION’S activities at all stages of the
HEALTH IT SYSTEM lifecycle;
– accountability for the RISK MANAGEMENT PROCESS remains with the HEALTHCARE DELIVERY
ORGANIZATION;

---------------------- Page: 14 ----------------------
SIST EN IEC 80001-1:2022
IEC 80001-1:2021 © IEC 2021 – 11 –
– a HEALTHCA
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN IEC 81001-5-1:2022(Main)
Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle (IEC 81001-5-1:2021)
EN IEC 81001-5-1:2022

1.1 Purpose
This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformity to IEC 62443-4-1 - taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES.
[Fig. 1]
The purpose is to increase the information SECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves.
It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in IEC 81001-1.
This document excludes specification of ACCOMPANYING DOCUMENTATION contents.
1.2 Field of application
This document applies to the development and maintenance of HEALTH SOFTWARE by a MANUFACTURER, but recognizes the critical importance of bi-lateral communication with organizations (e.g. HDOs) who have SECURITY responsibilities for the HEALTH SOFTWARE and the systems it is incorporated into, once the software has been developed and released. The IEC/ISO 81001-5 series of standards (for which this is part 1, is therefore being designed to include future parts addressing SECURITY that apply to the implementation, operations and use phases of the LIFE CYCLE for organizations such as HDOs.
Medical device software is a subset of HEALTH SOFTWARE. Therefore, this document applies to:
− Software as part of a medical device;
− Software as part of hardware specifically intended for health use;
− Software as a medical device (SaMD); and
− Software-only PRODUCT for other health use.
Note: In this document, the scope of software considered part of the LIFE CYCLE ACTIVITIES for secure HEALTH SOFTWARE is larger and includes more software (drivers, platforms, operating systems) than for SAFETY, because for SECURITY the focus will be on any use including foreseeable unauthorized access rather than just the INTENDED USE.
[Fig. 2]
1.3 Conformance
HEALTH SOFTWARE conformance with this document is defined as implementing all of the PROCESSES, ACTIVITIES, and TASKS identified in the normative parts of this document - with the exception of Annex F.
Conformance of TRANSITIONAL HEALTH SOFTWARE with Annex F of this document is defined as only implementing the PROCESSES, ACTIVITIES, and TASKS identified in Annex F of this document.
Conformance is determined by inspection and establishing traceability of the PROCESSES, ACTIVITIES and TASKS required.
The quality management system may be implemented according to ISO 13485 or other equivalent quality management system standards.
IEC 62304 specifies ACTIVITIES, based on the software SAFETY classification. The required ACTIVITIES are indicated in the normative text of IEC 62304 as "[Class A, B, C]", "[Class B, C]" or "[Class C]", indicating that they are required selectively depending on the classification of the software to which they apply. The requirements in this document have a special focus on information SECURITY and therefore do not follow the concept of SAFETY classes. For conformity to this document the selection of ACTIVITIES is independent of SAFETY classes.
Implementing the PROCESSES, ACTIVITIES and TASKS specified in this document is sufficient to implement the PROCESS requirements of IEC 62443-4-1. MANUFACTURERS may implement the specifications for Annex E in order to achieve full conformity to IEC 62443-4-1.
This document requires establishing one or more PROCESSES that comprise of identified ACTIVITIES. The LIFE CYCLE PROCESSES shall implement these ACTIVITIES. None of the requirements in this document requires to implement these ACTIVITIES as one single PROCESS or as separate PROCESSES. The ACTIVITIES specified in this document will typically be part of an existing LIFE CYCLE PROCESS.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 80001-1:2011
Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities (IEC 80001-1:2010)
EN 80001-1:2011

Recognizing that MEDICAL DEVICES are incorporated into IT-NETWORKS to achieve desirable benefits (for example, INTEROPERABILITY), this international standard defines the roles, responsibilities and activities that are necessary for RISK MANAGEMENT of IT-NETWORKS incorporating MEDICAL DEVICES to address SAFETY, EFFECTIVENESS and DATA AND SYSTEMSECURITY (the KEY PROPERTIES). This international standard does not specify acceptable RISK levels.
NOTE 1 The RISK MANAGEMENT activities described in this standard are derived from those in ISO 14971 [4]. The relationship between ISO 14971 and this standard is described in Annex A.
This standard applies after a MEDICAL DEVICE has been acquired by a RESPONSIBLE ORGANIZATION and is a candidate for incorporation into an IT-NETWORK.
NOTE 2 This standard does not cover pre-market RISK MANAGEMENT.
This standard applies throughout the life cycle of IT-NETWORKS incorporating MEDICAL DEVICES.
NOTE 3 The life cycle management activities described in this standard are very similar to those of
ISO/IEC 20000-2 [10]. The relationship between ISO/IEC 20000-2 and this standard is described in Annex D.
This standard applies where there is no single MEDICAL DEVICE manufacturer assuming responsibility for addressing the KEY PROPERTIES of the IT-NETWORK incorporating a MEDICAL
DEVICE.
NOTE 4 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, the installation or assembly of the MEDICAL DEVICE according to the manufacturer’s ACCOMPANYING DOCUMENTS is not subject to the provisions of this standard regardless of who installs or assembles the MEDICAL DEVICE.
NOTE 5 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, additions to that MEDICAL DEVICE or modification of the configuration of that MEDICAL DEVICE, other than as specified by the manufacturer, is subject to the provisions of this standard.
This standard applies to RESPONSIBLE ORGANIZATIONS, MEDICAL DEVICE manufacturers and
providers of other information technology for the purpose of RISK MANAGEMENT of an ITNETWORK incorporating MEDICAL DEVICES as specified by the RESPONSIBLE ORGANIZATION.
This standard does not apply to personal use applications where the patient, OPERATOR and RESPONSIBLE ORGANIZATION are one and the same person.
NOTE 6 In cases where a MEDICAL DEVICE is used at home under the supervision or instruction of the provider, that provider is deemed to be the RESPONSIBLE ORGANIZATION. Personal use where the patient acquires and uses a MEDICAL DEVICE without the supervision or instruction of a provider is out of scope of this standard. This standard does not address regulatory or legal requirements.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 81001-5-1:2022(Main)
Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle (IEC 81001-5-1:2021)
EN IEC 81001-5-1:2022

1.1 Purpose
This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformity to IEC 62443-4-1 - taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES.
[Fig. 1]
The purpose is to increase the information SECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves.
It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in IEC 81001-1.
This document excludes specification of ACCOMPANYING DOCUMENTATION contents.
1.2 Field of application
This document applies to the development and maintenance of HEALTH SOFTWARE by a MANUFACTURER, but recognizes the critical importance of bi-lateral communication with organizations (e.g. HDOs) who have SECURITY responsibilities for the HEALTH SOFTWARE and the systems it is incorporated into, once the software has been developed and released. The IEC/ISO 81001-5 series of standards (for which this is part 1, is therefore being designed to include future parts addressing SECURITY that apply to the implementation, operations and use phases of the LIFE CYCLE for organizations such as HDOs.
Medical device software is a subset of HEALTH SOFTWARE. Therefore, this document applies to:
− Software as part of a medical device;
− Software as part of hardware specifically intended for health use;
− Software as a medical device (SaMD); and
− Software-only PRODUCT for other health use.
Note: In this document, the scope of software considered part of the LIFE CYCLE ACTIVITIES for secure HEALTH SOFTWARE is larger and includes more software (drivers, platforms, operating systems) than for SAFETY, because for SECURITY the focus will be on any use including foreseeable unauthorized access rather than just the INTENDED USE.
[Fig. 2]
1.3 Conformance
HEALTH SOFTWARE conformance with this document is defined as implementing all of the PROCESSES, ACTIVITIES, and TASKS identified in the normative parts of this document - with the exception of Annex F.
Conformance of TRANSITIONAL HEALTH SOFTWARE with Annex F of this document is defined as only implementing the PROCESSES, ACTIVITIES, and TASKS identified in Annex F of this document.
Conformance is determined by inspection and establishing traceability of the PROCESSES, ACTIVITIES and TASKS required.
The quality management system may be implemented according to ISO 13485 or other equivalent quality management system standards.
IEC 62304 specifies ACTIVITIES, based on the software SAFETY classification. The required ACTIVITIES are indicated in the normative text of IEC 62304 as "[Class A, B, C]", "[Class B, C]" or "[Class C]", indicating that they are required selectively depending on the classification of the software to which they apply. The requirements in this document have a special focus on information SECURITY and therefore do not follow the concept of SAFETY classes. For conformity to this document the selection of ACTIVITIES is independent of SAFETY classes.
Implementing the PROCESSES, ACTIVITIES and TASKS specified in this document is sufficient to implement the PROCESS requirements of IEC 62443-4-1. MANUFACTURERS may implement the specifications for Annex E in order to achieve full conformity to IEC 62443-4-1.
This document requires establishing one or more PROCESSES that comprise of identified ACTIVITIES. The LIFE CYCLE PROCESSES shall implement these ACTIVITIES. None of the requirements in this document requires to implement these ACTIVITIES as one single PROCESS or as separate PROCESSES. The ACTIVITIES specified in this document will typically be part of an existing LIFE CYCLE PROCESS.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 11073-10418:2014/AC:2017(Corrigendum)
Health informatics - Personal health device communication - Part 10418: Device specialization - International Normalized Ratio (INR) monitor - Technical Corrigendum 1 (ISO/IEEE 11073-10418:2014/Cor 1:2016)
EN ISO 11073-10418:2014/AC:2016

ISO corr

  • Corrigendum
    20 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 11073-10418:2014(Main)
Health informatics - Personal health device communication - Part 10418: Device specialization: International Normalized Ratio (INR) monitor (ISO 11073-10418:2014, Corrected version 2014-05-01)
EN ISO 11073-10418:2014

The scope of this standard is to establish a normative definition of communication between personal telehealth International Normalized Ratio (INR) devices (agents) and managers (e.g. cell phones, personal computers, personal health appliances, and set top boxes) in a manner that enables plug-and-play interoperability. It leverages work done in other ISO/IEEE 11073 standards including existing terminology, information profiles, application profile standards, and transport standards. It specifies the use of specific term codes, formats, and behaviors in telehealth environments restricting optionality in base frameworks in favor of interoperability. This standard defines a common core of functionality of INR devices. In the context of personal health devices, INR monitoring refers to the measurement of the prothrombin time (PT) that is used to assess the level of anticoagulant therapy and its presentation as the International Normalized Ratio compared to the prothrombin time of normal blood plasma. Applications of the INR monitor include the management of the therapeutic level of anticoagulant used in the treatment of a variety of conditions. This standard provides the data modeling and its transport shim layer according to IEEE Std 11073-20601aTM-2010 and does not specify the measurement method.

  • Standard
    76 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    76 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 80001-1:2011
Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities (IEC 80001-1:2010)
EN 80001-1:2011

Recognizing that MEDICAL DEVICES are incorporated into IT-NETWORKS to achieve desirable benefits (for example, INTEROPERABILITY), this international standard defines the roles, responsibilities and activities that are necessary for RISK MANAGEMENT of IT-NETWORKS incorporating MEDICAL DEVICES to address SAFETY, EFFECTIVENESS and DATA AND SYSTEMSECURITY (the KEY PROPERTIES). This international standard does not specify acceptable RISK levels.
NOTE 1 The RISK MANAGEMENT activities described in this standard are derived from those in ISO 14971 [4]. The relationship between ISO 14971 and this standard is described in Annex A.
This standard applies after a MEDICAL DEVICE has been acquired by a RESPONSIBLE ORGANIZATION and is a candidate for incorporation into an IT-NETWORK.
NOTE 2 This standard does not cover pre-market RISK MANAGEMENT.
This standard applies throughout the life cycle of IT-NETWORKS incorporating MEDICAL DEVICES.
NOTE 3 The life cycle management activities described in this standard are very similar to those of
ISO/IEC 20000-2 [10]. The relationship between ISO/IEC 20000-2 and this standard is described in Annex D.
This standard applies where there is no single MEDICAL DEVICE manufacturer assuming responsibility for addressing the KEY PROPERTIES of the IT-NETWORK incorporating a MEDICAL
DEVICE.
NOTE 4 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, the installation or assembly of the MEDICAL DEVICE according to the manufacturer’s ACCOMPANYING DOCUMENTS is not subject to the provisions of this standard regardless of who installs or assembles the MEDICAL DEVICE.
NOTE 5 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, additions to that MEDICAL DEVICE or modification of the configuration of that MEDICAL DEVICE, other than as specified by the manufacturer, is subject to the provisions of this standard.
This standard applies to RESPONSIBLE ORGANIZATIONS, MEDICAL DEVICE manufacturers and
providers of other information technology for the purpose of RISK MANAGEMENT of an ITNETWORK incorporating MEDICAL DEVICES as specified by the RESPONSIBLE ORGANIZATION.
This standard does not apply to personal use applications where the patient, OPERATOR and RESPONSIBLE ORGANIZATION are one and the same person.
NOTE 6 In cases where a MEDICAL DEVICE is used at home under the supervision or instruction of the provider, that provider is deemed to be the RESPONSIBLE ORGANIZATION. Personal use where the patient acquires and uses a MEDICAL DEVICE without the supervision or instruction of a provider is out of scope of this standard. This standard does not address regulatory or legal requirements.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 12349:2023(Main)
Mechanical vibration - Guide to the health effects of vibration on the human body
CEN/TR 12349:2023

The aim of this CEN report is to provide information on the possible adverse health effects caused by exposure to vibration at work.  the report addresses manufacturers as well as employers and employees using vibrating machinery in order to improve their understanding of the possible health problems arising from occupational exposure to vibration.

  • Technical report
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 80004-1:2023(Main)
Nanotechnologies - Vocabulary - Part 1: Core vocabulary (ISO 80004-1:2023)
EN ISO 80004-1:2023

This document defines core terms in the field of nanotechnology. This document is intended to facilitate communication between organizations and individuals in industry and those who interact with them.

  • Standard
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 3262-22:2023(Main)
Extenders - Specifications and methods of test - Part 22: Flux-calcined kieselguhr (ISO 3262-22:2023)
EN ISO 3262-22:2023

This document specifies requirements and corresponding methods of test for flux-calcined kieselguhr.

  • Standard
    11 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 18473-4:2023(Main)
Functional pigments and extenders for special applications - Part 4: Nanoscale titanium dioxide for photocatalytic application (ISO 18473-4:2022)
EN ISO 18473-4:2023

This document specifies requirements and corresponding test methods for nanoscale titanium dioxide (TiO2) in either powder or suspension form for photocatalytic application.
This document is applicable to modified nanoscale titanium dioxide for photocatalytic application. Such modification can be surface treatment, coating, doping and combination thereof.

  • Standard
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day