SIST EN 80001-1:2011

SLOVENSKI STANDARD
01-maj-2011
8SRUDEDXSUDYOMDQMDWYHJDQMD]DRPUHåMD,7NLYNOMXþXMHMRPHGLFLQVNHQDSUDYH
GHO9ORJHRGJRYRUQRVWLLQGHMDYQRVWL,(&
Application of risk management for IT-networks incorporating medical devices - Part 1:
Roles, responsibilities and activities (IEC 80001-1:2010)
Anwendung des Risikomanagements für IT-Netzwerke, die Medizinprodukte beinhalten -
Teil 1: Aufgaben, Verantwortlichkeiten und Aktivitäten (IEC 80001-1:2010)
Application de la gestion des risques aux réseaux des technologies de l’information
contenant des dispositifs médicaux - Partie 1: Fonctions, responsabilités et activités (CEI
80001-1:2010)
Ta slovenski standard je istoveten z: EN 80001-1:2011
ICS:
11.040.01 Medicinska oprema na Medical equipment in general
splošno
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 80001-1
NORME EUROPÉENNE
March 2011
EUROPÄISCHE NORM
ICS 11.040.01; 35.240.80
English version
Application of risk management for IT-networks incorporating medical
devices -
Part 1: Roles, responsibilities and activities
(IEC 80001-1:2010)
Application de la gestion des risques aux Anwendung des Risikomanagements für
réseaux des technologies de l’information IT-Netzwerke, die Medizinprodukte
contenant des dispositifs médicaux - beinhalten -
Partie 1: Fonctions, responsabilités et Teil 1: Aufgaben, Verantwortlichkeiten und
activités Aktivitäten
(CEI 80001-1:2010) (IEC 80001-1:2010)

This European Standard was approved by CENELEC on 2011-02-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Management Centre: Avenue Marnix 17, B - 1000 Brussels

© 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 80001-1:2011 E
Foreword
The text of document 62A/703/FDIS, future edition 1 of IEC 80001-1, prepared by SC 62A, Common
aspects of electrical equipment used in medical practice, of IEC TC 62, Electrical equipment in medical
practice, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 80001-1 on 2011-02-01.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent
rights.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2011-11-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2014-02-01
Terms defined in Clause 2 of this standard are printed in SMALL CAPITALS.
For the purposes of this standard:
— “shall” means that compliance with a requirement is mandatory for compliance with this standard;
— “should” means that compliance with a requirement is recommended but is not mandatory for
compliance with this standard;
— “may” is used to describe a permissible way to achieve compliance with a requirement; and
— “establish” means to define, document, and implement.
__________
Endorsement notice
The text of the International Standard IEC 80001-1:2010 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
[1] IEC 60601-1:2005 NOTE  Harmonized as EN 60601-1:2006 (not modified).
[2] IEC 61907:2009 NOTE  Harmonized as EN 61907:2010 (not modified).
[3] IEC 62304:2006 NOTE  Harmonized as EN 62304:2006 (not modified).
[4] ISO 14971:2007 NOTE  Harmonized as EN ISO 14971:2009 (not modified).
[7] ISO 16484-2:2004 NOTE  Harmonized as EN ISO 16484-2:2004 (not modified).
[8] ISO 9000:2005 NOTE  Harmonized as EN ISO 9000:2005 (not modified).
__________
IEC 80001-1
Edition 1.0 2010-10
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Application of risk management for IT-networks incorporating medical devices –
Part 1: Roles, responsibilities and activities

Application de la gestion des risques aux réseaux des technologies de
l’information contenant des dispositifs médicaux –
Partie 1: Fonctions, responsabilités et activités

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
X
CODE PRIX
ICS 11.040.01; 35.240.80 ISBN 978-2-88912-221-9

– 2 – 80001-1 © IEC:2010
CONTENTS
FOREWORD.4
INTRODUCTION.6
1 Scope.9
2 Terms and definitions .9
3 Roles and responsibilities.14
3.1 General .14
3.2 RESPONSIBLE ORGANIZATION .14
3.3 TOP MANAGEMENT responsibilities .15
3.4 MEDICAL IT-NETWORK RISK MANAGER .16
3.5 MEDICAL DEVICE manufacturer(s).17
3.6 Providers of other information technology.18
4 Life cycle RISK MANAGEMENT in MEDICAL IT-NETWORKS.19
4.1 Overview .19
4.2 RESPONSIBLE ORGANIZATION RISK MANAGEMENT.20
4.2.1 POLICY FOR RISK MANAGEMENT for incorporating MEDICAL DEVICES.20
4.2.2 RISK MANAGEMENT PROCESS.21
4.3 MEDICAL IT-NETWORK RISK MANAGEMENT planning and documentation .21
4.3.1 Overview .21
4.3.2 RISK-relevant asset description.22
4.3.3 MEDICAL IT-NETWORK documentation .22
4.3.4 RESPONSIBILITY AGREEMENT .22
4.3.5 RISK MANAGEMENT plan for the MEDICAL IT-NETWORK .24
4.4 MEDICAL IT-NETWORK RISK MANAGEMENT.24
4.4.1 Overview .24
4.4.2 RISK ANALYSIS .24
4.4.3 RISK EVALUATION .25
4.4.4 RISK CONTROL .25
4.4.5 RESIDUAL RISK evaluation and reporting .26
4.5 CHANGE-RELEASE MANAGEMENT and CONFIGURATION MANAGEMENT .27
4.5.1 CHANGE-RELEASE MANAGEMENT PROCESS.27
4.5.2 Decision on how to apply RISK MANAGEMENT.27
4.5.3 Go-live .29
4.6 Live network RISK MANAGEMENT.29
4.6.1 Monitoring .29
4.6.2 EVENT MANAGEMENT .29
5 Document control .30
5.1 Document control procedure.30
5.2 MEDICAL IT-NETWORK RISK MANAGEMENT FILE.30
Annex A (informative) Rationale.31
Annex B (informative) Overview of RISK MANAGEMENT relationships .35
Annex C (informative) Guidance on field of application .36
Annex D (informative) Relationship with ISO/IEC 20000-2:2005 Information technology
– Service management – Part 2: Code of practice.38
Bibliography.42

80001-1 © IEC:2010 – 3 –
Figure 1 – Illustration of TOP MANAGEMENT responsibilities.16
Figure 2 – Overview of life cycle of MEDICAL IT-NETWORKS including RISK MANAGEMENT .20
Figure B.1 – Overview of roles and relationships .35
Figure D.1 – Service management processes .39

Table A.1 – Relationship between ISO 14971 and IEC 80001-1 .33
Table C.1 – IT-NETWORK scenarios that can be encountered in a clinical environment.36
Table D.1 – Relationship between IEC 80001-1 and ISO/IEC 20000-1:2005 or
ISO/IEC 20000-2:2005.40

– 4 – 80001-1 © IEC:2010
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 1: Roles, responsibilities and activities

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 80001-1 has been prepared by a joint working group of
subcommittee 62A: Common aspects of electrical equipment used in medical practice, of IEC
technical committee 62: Electrical equipment in medical practice and ISO technical committee
215: Health informatics.
It is published as a double logo standard.
The text of this standard is based on the following documents:
FDIS Report on voting
62A/703/FDIS 62A/718/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table. In ISO, the standard has been approved by 17 P-members
out of 18 having cast a vote.
80001-1 © IEC:2010 – 5 –
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
Terms defined in Clause 2 of this standard are printed in SMALL CAPITALS.
For the purposes of this standard:
• “shall” means that compliance with a requirement is mandatory for compliance with this
standard;
• “should” means that compliance with a requirement is recommended but is not mandatory
for compliance with this standard;
• “may” is used to describe a permissible way to achieve compliance with a requirement;
and
• “establish” means to define, document, and implement.
A list of all parts of the IEC 80001 series, published under the general title Application of risk
management for IT-networks incorporating medical devices, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – 80001-1 © IEC:2010
INTRODUCTION
An increasing number of MEDICAL DEVICEs are designed to exchange information electronically
with other equipment in the user environment, including other MEDICAL DEVICES. Such
information is frequently exchanged through an information technology network (IT-NETWORK)
that also transfers data of a more general nature.
At the same time, IT-NETWORKS are becoming increasingly vital to the clinical environment
and are now required to carry increasingly diverse traffic, ranging from life-critical patient data
requiring immediate delivery and response, to general corporate operations data and to email
containing potential malicious content (e.g. viruses).
For many jurisdictions, design and production of MEDICAL DEVICES is subject to regulation, and
to standards recognized by the regulators. Traditionally, regulators direct their attention to
MEDICAL DEVICE manufacturers, by requiring design features and by requiring a documented
PROCESS for design and manufacturing. MEDICAL DEVICES cannot be placed on the market in
these jurisdictions without evidence that those requirements have been met.
The use of the MEDICAL DEVICES by clinical staff is also subject to regulation. Members of
clinical staff have to be appropriately trained and qualified, and are increasingly subject to
defined PROCESSES designed to protect patients from unacceptable RISK.
In contrast, the incorporation of MEDICAL DEVICES into IT-NETWORKS in the clinical environment
1)
is a less regulated area. IEC 60601-1:2005 [1] requires MEDICAL DEVICE manufacturers to
include some information in ACCOMPANYING DOCUMENTS if the MEDICAL DEVICE is intended to be
connected to an IT-NETWORK. Standards are also in place covering common information
technology activities including planning, design and maintenance of IT-NETWORKS, for
instance ISO 20000-1:2005 [9]. However, until the publication of this standard, no standard
addressed how MEDICAL DEVICES can be connected to IT-NETWORKS, including general-purpose
IT-NETWORKS, to achieve INTEROPERABILITY without compromising the organization and
delivery of health care in terms of SAFETY, EFFECTIVENESS, and DATA AND SYSTEM SECURITY.
There remain a number of potential problems associated with the incorporation of MEDICAL
DEVICES into IT-NETWORKS, including:
– lack of consideration for RISK from use of IT-NETWORKS during evaluation of clinical RISK;
– lack of support from manufacturers of MEDICAL DEVICES for the incorporation of their
products into IT-NETWORKS, (e.g. the unavailability or inadequacy of information provided
by the manufacturer to the OPERATOR of the IT-NETWORK);
– incorrect operation or degraded performance (e.g. incompatibility or improper
configuration) resulting from combining MEDICAL DEVICES and other equipment on the same
IT-NETWORK;
– incorrect operation resulting from combining MEDICAL DEVICE SOFTWARE and other software
applications (e.g. open email systems or computer games) in the same IT-NETWORK;
– lack of security controls on many MEDICAL DEVICES; and
– the conflict between the need for strict change control of MEDICAL DEVICES and the need
for rapid response to the threat of cyberattack.
When these problems manifest themselves, unintended consequences frequently follow.
This standard is addressed to RESPONSIBLE ORGANIZATIONS, to manufacturers of MEDICAL
DEVICES, and to providers of other information technology.
___________
1)
Numbers in square brackets refer to the Bibliography.

80001-1 © IEC:2010 – 7 –
This standard adopts the following principles as a basis for its normative and informative
sections:
– The incorporation or removal of a MEDICAL DEVICE or other components in an IT-NETWORK
is a task which requires design of the action; this might be out of the control of the
manufacturer of the MEDICAL DEVICE.
– RISK MANAGEMENT should be used before the incorporation of a MEDICAL DEVICE into an IT-
NETWORK takes place, and for any changes during the entire life cycle of the resulting
MEDICAL IT-NETWORK, to avoid unacceptable RISKS, including possible RISK to patients,
resulting from the incorporation of the MEDICAL DEVICE into the IT-NETWORK. Many things
are part of a RISK decision, such as liability, cost, or impact on mission. These should be
considered in determining acceptable RISK in addition to the requirements described in
this standard.
– Aspects of removal, maintenance, change or modification of equipment, items or
components should be addressed adequately in addition to the incorporation of MEDICAL
DEVICES.
– The manufacturer of the MEDICAL DEVICE is responsible for RISK MANAGEMENT of the
MEDICAL DEVICE during the design, implementation, and manufacturing of the MEDICAL
DEVICE. This standard does not cover the RISK MANAGEMENT PROCESS for the MEDICAL
DEVICE.
– The manufacturer of a MEDICAL DEVICE intended to be incorporated into an IT-NETWORK
might need to provide information about the MEDICAL DEVICE that is necessary to allow the
RESPONSIBLE ORGANIZATION to manage RISK according to this standard. This information
can include, as part of the ACCOMPANYING DOCUMENTS, instructions specifically addressed
to the person who incorporates a MEDICAL DEVICE into an IT-NETWORK.
– Such ACCOMPANYING DOCUMENTS should convey instructions about how to incorporate the
MEDICAL DEVICE into the IT-NETWORK, how the MEDICAL DEVICE transfers information over
the IT-NETWORK, and the minimum IT-NETWORK characteristics necessary to enable the
INTENDED USE of the MEDICAL DEVICE when it is incorporated into the IT-NETWORK. The
ACCOMPANYING DOCUMENTS should warn of possible hazardous situations associated with
failure or disruptions of the IT-NETWORK, and the misuse of the IT-NETWORK connection or
of the information that is transferred over the IT-NETWORK.
– RESPONSIBILITY AGREEMENTS can establish roles and responsibilities among those engaged
in the incorporation of a MEDICAL DEVICE into an IT-NETWORK, all aspects of the life cycle of
the resulting MEDICAL IT-NETWORK and all activities that form part of that life cycle.
– The RESPONSIBLE ORGANIZATION is required to appoint people to certain roles defined in
this standard. This standard defines the responsibilities of those roles. The most important
of those roles is the MEDICAL IT-NETWORK RISK MANAGER. This role can be assigned to
someone within the RESPONSIBLE ORGANIZATION or to an external contractor.
– The MEDICAL IT-NETWORK RISK MANAGER is responsible for ensuring that RISK MANAGEMENT
is included during the PROCESSES of:
• planning and design of new incorporations of MEDICAL DEVICES or changes to such
incorporations;
• putting the MEDICAL IT-NETWORK into use and the consequent use of the MEDICAL IT-
NETWORK; and
• CHANGE-RELEASE MANAGEMENT and change management of the IT-NETWORK during the
IT-NETWORK’S entire life cycle.
– RISK MANAGEMENT should be applied to address the following KEY PROPERTIES appropriate
for the IT-NETWORK incorporating a MEDICAL DEVICE:
• SAFETY (freedom from unacceptable RISK of physical injury or damage to the health of
people or damage to property or the environment);
• EFFECTIVENESS (ability to produce the intended result for the patient and the RESPONSIBLE
ORGANIZATION); and
– 8 – 80001-1 © IEC:2010
• DATA AND SYSTEM SECURITY (an operational state of a MEDICAL IT-NETWORK in which
information assets (data and systems) are reasonably protected from degradation of
confidentiality, integrity, and availability).

80001-1 © IEC:2010 – 9 –
APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS
INCORPORATING MEDICAL DEVICES –

Part 1: Roles, responsibilities and activities

1 Scope
Recognizing that MEDICAL DEVICES are incorporated into IT-NETWORKS to achieve desirable
INTEROPERABILITY), this international standard defines the roles,
benefits (for example,
responsibilities and activities that are necessary for RISK MANAGEMENT of IT-NETWORKS
incorporating MEDICAL DEVICES to address SAFETY, EFFECTIVENESS and DATA AND SYSTEM

SECURITY (the KEY PROPERTIES). This international standard does not specify acceptable RISK
levels.
NOTE 1 The RISK MANAGEMENT activities described in this standard are derived from those in ISO 14971 [4 ]. Th e
relationship between ISO 14971 and this standard is described in A nne x A .
This standard applies after a MEDICAL DEVICE has been acquired by a RESPONSIBLE
ORGANIZATION and is a candidate for incorporation into an IT-NETWORK.
NOTE 2 This standard does not cover pre-market RISK MANAGEMENT.
This standard applies throughout the life cycle of IT-NETWORKS incorporating MEDICAL DEVICES.
NOTE 3 The life cycle management activities described in this standard are very similar to those of
ISO/IEC 20000-2 [10]. The relationship between ISO/IEC 20000-2 and this standard is described in A nne x D.
This standard applies where there is no single MEDICAL DEVICE manufacturer assuming
responsibility for addressing the KEY PROPERTIES of the IT-NETWORK incorporating a MEDICAL
DEVICE.
NOTE 4 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, the installation or
assembly of the MEDICAL DEVICE according to the manufacturer’s ACCOMPANYING DOCUMENTS is not subject to the
provisions of this standard regardless of who installs or assembles the MEDICAL DEVICE.
NOTE 5 If a single manufacturer specifies a complete MEDICAL DEVICE that includes a network, additions to that
MEDICAL DEVICE or modification of the configuration of that MEDICAL DEVICE, other than as specified by the
manufacturer, is subject to the provisions of this standard.
This standard applies to RESPONSIBLE ORGANIZATIONS, MEDICAL DEVICE manufacturers and
providers of other information technology for the purpose of RISK MANAGEMENT of an IT-
NETWORK incorporating MEDICAL DEVICES as specified by the RESPONSIBLE ORGANIZATION.
This standard does not apply to personal use applications where the patient, OPERATOR and
RESPONSIBLE ORGANIZATION are one and the same person.
NOTE 6 In cases where a MEDICAL DEVICE is used at home under the supervision or instruction of the provider,
that provider is deemed to be the RESPONSIBLE ORGANIZATION. Personal use where the patient acquires and uses a
MEDICAL DEVICE without the supervision or instruction of a provider is out of scope of this standard.
This standard does not address regulatory or legal requirements.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply:

– 10 – 80001-1 © IEC:2010
2.1
ACCOMPANYING DOCUMENT
a document accompanying a MEDICAL DEVICE or an accessory and containing information for
the RESPONSIBLE ORGANIZATION or OPERATOR, particularly regarding SAFETY
NOTE Adapted from IEC 60601-1:2005, definition 3.4.
2.2
CHANGE-RELEASE MANAGEMENT
PROCESS that ensures that all changes to the IT-NETWORK are assessed, approved,
implemented and reviewed in a controlled manner and that changes are delivered, distributed,
and tracked, leading to release of the change in a controlled manner with appropriate input
and output with CONFIGURATION MANAGEMENT
NOTE Adapted from ISO/IEC 20000-1:2005, Subclauses 9.2 (change management) and 10.1 (release
management).
2.3
CHANGE PERMIT
an outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified
change or type of change without further RISK MANAGEMENT Activities subject to specified
constraints
2.4
CONFIGURATION MANAGEMENT
a PROCESS that ensures that configuration information of components and the IT-NETWORK are
defined and maintained in an accurate and controlled manner, and provides a mechanism for
identifying, controlling and tracking versions of the IT-NETWORK
NOTE Adapted from ISO/IEC 20000-1:2005, Subclause 9.1.
2.5
DATA AND SYSTEMS SECURITY
an operational state of a MEDICAL IT-NETWORK in which information assets (data and systems)
are reasonably protected from degradation of confidentiality, integrity, and availability
NOTE 1 Security, when mentioned in this standard, should be taken to include DATA AND SYSTEMS SECURITY.
NOTE 2 DATA AND SYSTEMS SECURITY is assured through a framework of policy, guidance, infrastructure, and
services designed to protect information assets and the systems that acquire, transmit, store, and use information
in pursuit of the organization’s mission.
2.6
EFFECTIVENESS
ability to produce the intended result for the patient and the RESPONSIBLE ORGANIZATION
2.7
EVENT MANAGEMENT
a PROCESS that ensures that all events that can or might negatively impact the operation of
the IT-NETWORK are captured, assessed, and managed in a controlled manner
NOTE Adapted from ISO/IEC 20000-1:2005, Subclauses 8.2 (incident management) and 8.3 (problem
management).
2.8
HARM
physical injury or damage to the health of people, or damage to property or the environment,
or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY
NOTE Adapted from ISO 14971:2007, definition 2.2.

80001-1 © IEC:2010 – 11 –
2.9
HAZARD
potential source of HARM
[ISO 14971:2007, definition 2.3]
2.10
INTENDED USE
INTENDED PURPOSE
use for which a product, PROCESS or service is intended according to the specifications,
instructions and information provided by the manufacturer
[ISO 14971: 2007, definition 2.5]
2.11
INTEROPERABILITY
a property permitting diverse systems or components to work together for a specified purpose
2.12
IT-NETWORK (INFORMATION TECHNOLOGY NETWORK)
a system or systems composed of communicating nodes and transmission links to provide
physically linked or wireless transmission between two or more specified communication
nodes
NOTE 1 Adapted from IEC 61907:2009, definition 3.1.1.
NOTE 2 The scope of the MEDICAL IT-NETWORK in this standard is defined by the RESPONSIBLE ORGANIZATION
based on where the MEDICAL DEVICES in the MEDICAL IT-NETWORK are located and the defined use of the network. It
can contain IT infrastructure, home health and non-clinical contexts. See also 4. 3. 3.
2.13
KEY PROPERTIES
three risk managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY)
of MEDICAL IT-NETWORKS
2.14
MEDICAL DEVICE
means any instrument, apparatus, implement, machine, appliance, implant, in vitro reagent or
calibrator, software, material or other similar or related article:
a) intended by the manufacturer to be used, alone or in combination, for human beings for
one or more of the specific purpose(s) of:
– diagnosis, prevention, monitoring, treatment or alleviation of disease,
– diagnosis, monitoring, treatment, alleviation of or compensation for an injury,
– investigation, replacement, modification, or support of the anatomy or of a physiological
process,
– supporting or sustaining life,
– control of conception,
– disinfection of medical devices,
– providing information for medical or diagnostic purposes by means of in vitro
examination of specimens derived from the human body; and
b) which does not achieve its primary intended action in or on the human body by pharmacological,
immunological or metabolic means, but which may be assisted in its intended function by such
means.
– 12 – 80001-1 © IEC:2010
NOTE 1 The definition of a device for in vitro examination includes, for example, reagents, calibrators, sample
collection and storage devices, control materials, and related instruments or apparatus. The information provided
by such an in vitro diagnostic device may be for diagnostic, monitoring or compatibility purposes. In some
jurisdictions, some in vitro diagnostic devices, including reagents and the like, may be covered by separate
regulations.
NOTE 2 Products which may be considered to be medical devices in some jurisdictions but for which there is not
yet a harmonized approach, are:
– aids for disabled/handicapped people;
– devices for the treatment/diagnosis of diseases and injuries in animals;
– accessories for medical devices (see Note 3);
– disinfection substances;
– devices incorporating animal and human tissues which may meet the requirements of the above definition but
are subject to different controls.
NOTE 3 Accessories intended specifically by manufacturers to be used together with a ‘parent’ medical device to
enable that medical device to achieve its intended purpose should be subject to the same GHTF procedures as
apply to the medical device itself. For example, an accessory will be classified as though it is a medical device in
its own right. This may result in the accessory having a different classification than the ‘parent’ device.
NOTE 4 Components to medical devices are generally controlled through the manufacturer’s quality management
system and the conformity assessment procedures for the device. In some jurisdictions, components are included
in the definition of a ‘medical device’.
[GHTF SG1/N29R16:2005]
2.15
MEDICAL DEVICE SOFTWARE
software system that has been developed for the purpose of being incorporated into the
MEDICAL DEVICE or that is intended for use as a MEDICAL DEVICE in its own right
[IEC 62304:2006, definition 3.12, modified]
2.16
MEDICAL IT-NETWORK
an IT-NETWORK that incorporates at least one MEDICAL DEVICE
2.17
MEDICAL IT-NETWORK RISK MANAGER
person accountable for RISK MANAGEMENT of a MEDICAL IT-NETWORK
2.18
OPERATOR
person handling equipment
[IEC 60601-1:2005, definition 3.73]
2.19
PROCESS
set of interrelated or interacting activities which transforms inputs into outputs
[ISO 14971:2007, definition 2.13]
NOTE The term “activities” covers use of resources.
2.20
RESIDUAL RISK
RISK remaining after RISK CONTROL measures have been taken
[ISO 14971:2007, definition 2.15]

80001-1 © IEC:2010 – 13 –
2.21
RESPONSIBILITY AGREEMENT
one or more documents that together fully define the responsibilities of all relevant
stakeholders
NOTE This agreement can be a legal document, e.g. a contract.
2.22
RESPONSIBLE ORGANIZATION
entity accountable for the use and maintenance of a MEDICAL IT-NETWORK
NOTE 1 The accountable entity can be, for example, a hospital, a private clinician or a telehealth organization.
NOTE 2 Adapted from IEC 60601-1:2005 definition 3.101.
2.23
RISK
combination of the probability of occurrence of HARM and the severity of that HARM
[ISO 14971:2007, definition 2.16]
2.24
RISK ANALYSIS
systematic use of available information to identify HAZARDS and to estimate the RISK
[ISO 14971:2007, definition 2.17]
2.25
RISK ASSESSMENT
overall PROCESS comprising a RISK ANALYSIS and a RISK EVALUATION
[ISO/IEC Guide 51:1999, definition 3.12]
2.26
RISK CONTROL
PROCESS in which decisions are made and measures implemented by which RISKS are reduced
to, or maintained within, specified levels
[ISO 14971:2007, definition 2.19]
2.27
RISK EVALUATION
PROCESS of comparing the estimated RISK against given RISK criteria to determine the
acceptability of the RISK
[ISO 14971:2007, definition 2.21]
2.28
RISK MANAGEMENT
systematic application of management policies, procedures and practices to the tasks of
analyzing, evaluating, controlling, and monitoring RISK
[ISO 14971:2007, definition 2.22]
2.29
RISK MANAGEMENT FILE
set of records and other documents that are produced by RISK MANAGEMENT

– 14 – 80001-1 © IEC:2010
[ISO 14971:2007, definition 2.23]
2.30
SAFETY
freedom from unacceptable RISK of physical injury or damage to the health of people or
damage to property or the environment
NOTE Adapted from ISO 14971:2007, definition 2.24.
2.31
TOP MANAGEMENT
person or group of people who direct(s) and control(s) the RESPONSIBLE ORGANIZATION
accountable for a MEDICAL IT-NETWORK at the highest level
NOTE Adapted from ISO 9000:2005, definition 3.2.7.
2.32
VERIFICATION
confirmation through provision of objective evidence that specified requirements have been
fulfilled
NOTE 1 The term “verified” is used to designate the corresponding status.
NOTE 2 Confirmation can comprise activities such as:
– performing alternative calculations;
– comparing a new design specification with a similar proven design specification;
– undertaking tests and demonstrations; and
– reviewing documents prior to issue.
[ISO 14971:2007, definition 2.28]
NOTE 3 In design and development, VERIFICATION concerns the PROCESS of examining the result of a given
activity to determine conformity with the stated requirement for that activity.
3 Roles and responsibilities
3.1 General
Incorporation and modification of equipment or software of a MEDICAL IT-NETWORK shall be
performed under a framework of clearly defined responsibilities. At a minimum, the parties,
responsibilities and requirements identified in subclauses 3. 2 thr o ug h 3.6 shall be defined.
For the particular MEDICAL IT-NETWORK being considered, the RESPONSIBLE ORGANIZATION shall
establish and maintain a MEDICAL IT-NETWORK RISK MANAGEMENT FILE.
All documentation related to the requirements of this standard for RESPONSIBLE ORGANIZATIONS
as well as all supporting documentation shall be maintained in a MEDICAL IT-NETWORK RISK
MANAGEMENT FILE. This file shall contain the current CONFIGURATION MANAGEMENT information
for the MEDICAL IT-NETWORK.
NOTE The CONFIGURATION MANAGEMENT information can be included in the MEDICAL IT-NETWORK RISK MANAGEMENT
FILE either through explicit documentation or by reference, for example, to a live database.
Compliance is checked by inspection of the MEDICAL IT-NETWORK RISK MANAGEMENT FILE.
3.2 RESPONSIBLE ORGANIZATION
The overall responsibility for RISK MANAGEMENT for a MEDICAL IT-NETWORK shall stay within the
RESPONSIBLE ORGANIZATION.
80001-1 © IEC:2010 – 15 –
The RESPONSIBLE ORGANIZATION shall be the owner of the RISK MANAGEMENT PROCESS for the
MEDICAL IT-NETWORK, spanning planning, design, installation, device connection,
configuration, use/operation, maintenance, and device decommissioning.
Compliance is checked by assessment of the RESPONSIBLE ORGANIZATION.
3.3 TOP MANAGEMENT responsibilities
For RISK MANAGEMENT of MEDICAL IT-NETWORKS, TOP MANAGEMENT shall be accountable for:
a) establishing a policy for RISK MANAGEMENT for incorporating MEDICAL DEVICES;
b) defining the policy for determining acceptable RISK, taking into account relevant
international standards and national or regional regulations;
c) ensuring the provision of adequate resources;
d) ensuring the assignment of qualified personnel for management, performance of work and
assessment activities; and
e) reviewing the results of RISK MANAGEMENT activities, including EVENT MANAGEMENT (see
4.6.2), at defined intervals to ensure the continuing suitability and the effectiveness of the
RISK MANAGEMENT PROCESS.
The above shall be documented in the MEDICAL IT-NETWORK RISK MANAGEMENT FILE.
TOP MANAGEMENT shall appoint a MEDICAL IT-NETWORK RISK MANAGER, who has the necessary
qualifications, knowledge and competence for RISK MANAGEMENT applied to MEDICAL IT-
NETWORKS (see 3. 4) .
TOP MANAGEMENT shall identify the people responsible for the following tasks and ensure that
they co-operate with the MEDICAL IT-NETWORK RISK MANAGER:
f) gathering, analysis, assessment and storage of information needed for RISK MANAGEMENT;
g) lifecycle management of MEDICAL DEVICES incorporated in IT-NETWORKS;
h) reviewing and accepting RESIDUAL RISK on behalf of TOP MANAGEMENT;
i) maintenance of MEDICAL IT-NETWORKS; and
j) choice of and procurement of MEDICAL DEVICES.
TOP MANAGEMENT shall ensure that participation in the RISK MANAGEMENT PROCESS for MEDICAL
IT-NETWORKS includes management responsible for:
k) MEDICAL IT-NETWORKS;
l) general IT activities;
m) life-cycle management of MEDICAL DEVICES connected to IT-NETWORKS;
EXAMPLE biomedical engineering, radiological engineering
n) the use of MEDICAL DEVICES; and
EXAMPLE experienced users from clinical departments
o) maintenance and technical support for MEDICAL DEVICES.
EXAMPLE biomedical engineering department
TOP MANAGEMENT shall ensure:
– 16 – 80001-1 © IEC:2010
p) that all supervision, operation, installation and maintenance of MEDICAL IT-NETWORK(S)
throughout the life cycle is made according to the RISK MANAGEMENT plan and follows the
results of the IT-NETWORK RISK MANAGEMENT PROCESS, whoever performs these tasks;
q) that all parties performing supervision, operation, installation, service, troubleshooting and
maintenance of MEDICAL IT-NETWORK(S) are adequately informed about their responsibility
according to this standard, including their responsibility for maintaining the effectiveness
of RISK CONTROLS.
NOTE The TOP MANAGEMENT responsibilities are illustrated in Figure 1.

RESPONSIBLE ORGANIZATION
TOP MANAGEMENT responsibilities
Policies for
• RISK MANAGEMENT PROCESS
• RISK acceptability criteria
• Balancing the three KEY PROPERITIES with the
mission of the RESPONSIBLE ORGANIZATION
Resources
• Provision of adequate resources
• Assignment of qualified personnel
• Appointment of the MEDICAL IT-NETWORK RISK
MANAGER
• Enforcement of RESPONSIBILITY AGREEMENTS
RISK MANAGEMENT PROCESS
• Clear connection to other PROCESSES
• Ensuring continuing suitability and
effectiveness
• Reviewing results at defined intervals

IEC  2388/10
Figure 1 – Illustration of TOP MANAGEMENT responsibilities
Compliance is checked by inspection of the MEDICAL IT-NETWORK RISK MANAGEMENT FILE.
3.4 MEDICAL IT-NETWORK RISK MANAGER
The MEDICAL IT-NETWORK RISK MANAGER shall be responsible for the management of the RISK
MANAGEMENT PROCESS.
The MEDICAL IT-NETWORK RISK MANAGER shall supervise the execution of the RISK MANAGEMENT
PROCESS to maintain the KEY PROPERTIES of the MEDICAL IT-NETWORK.

80001-1 © IEC:2010 – 17 –
The MEDICAL IT-NETWORK RISK MANAGER shall be responsible for the following aspects of the
RISK MANAGEMENT of IT-NETWORKS incorporating MEDICAL DEVICES:
a) Overall management of the RISK MANAGEMENT PROCESS;
b) reporting on the RISK MANAGEMENT PROCESS to the TOP MANAGEMENT; and
c)
...