IEC TR 80001-2-2:2012
Current
The latest, up-to-date edition.
Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
07-10-2012
FOREWORD
INTRODUCTION
1 Scope
2 Normative references
3 Terms and definitions
4 Use of SECURITY CAPABILITIES
5 SECURITY CAPABILITIES
6 Example of detailed specification under
SECURITY CAPABILITY: Person authentication
- PAUT
7 References
8 Other resources
9 Standards and frameworks
Annex A (informative) - Sample scenario showing the
exchange of security information
Annex B (informative) - Examples of regional specification
on a few SECURITY CAPABILITIES
Annex C (informative) - SECURITY CAPABILITY mapping to C-I-A-A
Bibliography
IEC/TR 80001-2-2:2012(E), which is a technical report, creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. Intended use and local factors determine which exact capabilities will be useful in the dialog about risk. The capability descriptions in this report are intended to supply health delivery organizations (HDOs), medical device manufacturers (MDMs), and IT vendors with a basis for discussing risk and their respective roles and responsibilities toward its management. This discussion among the risk partners serves as the basis for one or more responsibility agreements as specified in IEC 80001-1.
DevelopmentNote |
Stability date: 2017. (09/2017)
|
DocumentType |
Technical Report
|
Pages |
54
|
PublisherName |
International Electrotechnical Committee
|
Status |
Current
|
Standards | Relationship |
NEN NPR IEC/TR 80001-2-2 : 2012 | Identical |
AAMI IEC TIR 80001-2-2 : 2012 | Identical |
PD IEC/TR 80001-2-2:2012 | Identical |
AAMI TIR57 : 2016 | PRINCIPLES FOR MEDICAL DEVICE SECURITY - RISK MANAGEMENT |
AAMI/IEC TIR80001-2-3:2012 | APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-3: GUIDANCE FOR WIRELESS NETWORKS |
PD ISO/TR 80001-2-7:2015 | Application of risk management for IT-networks incorporating medical devices. Application guidance Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 |
I.S. EN 82304-1:2017 | HEALTH SOFTWARE - PART 1: GENERAL REQUIREMENTS FOR PRODUCT SAFETY |
PD IEC/TR 80001-2-9:2017 | Application of risk management for it-networks incorporating medical devices Application guidance. Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities |
EN 82304-1:2017 | Health Software - Part 1: General requirements for product safety |
AAMI/IEC TIR80001-2-5:2014 | APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-5: APPLICATION GUIDANCE - GUIDANCE ON DISTRIBUTED ALARM SYSTEMS |
IEC TR 80001-2-1:2012 | Application of risk management for IT-networks incorporating medical devices - Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples |
NEMA HN 1 : 2013 | MANUFACTURER DISCLOSURE STATEMENT FOR MEDICAL DEVICE SECURITY |
BS EN 82304-1:2017 | Health Software General requirements for product safety |
AAMI/IEC TIR80001-2-8:2016 | APPLICATION OF RISK MANAGEMENT FOR IT NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-8: APPLICATION GUIDANCE - GUIDANCE ON STANDARDS FOR ESTABLISHING THE SECURITY CAPABILITIES IDENTIFIED IN IEC 80001-2-2 |
IEC TR 80001-2-8:2016 | Application of risk management for IT-networks incorporating medical devices - Part 2-8: Application guidance - Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 |
PD IEC/TR 80001-2-3:2012 | Application of risk management for IT-networks incorporating medical devices Guidance for wireless networks |
PD IEC/TR 80001-2-8:2016 | Application of risk management for IT-networks incorporating medical devices Application guidance. Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 |
ANSI/AAMI/IEC TIR80001-2-1:2012 | APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-1: STEP BY STEP RISK MANAGEMENT OF MEDICAL IT-NETWORKS - PRACTICAL APPLICATIONS AND EXAMPLES |
PD IEC/TR 80001-2-1:2012 | Application of risk management for IT-networks incorporating medical devices Step-by-step risk management of medical IT-networks. Practical applications and examples |
IEC TR 80001-2-3:2012 | Application of risk management for IT-networks incorporating medical devices - Part 2-3: Guidance for wireless networks |
PD IEC/TR 80001-2-5:2014 | Application of risk management for IT-networks incorporating medical devices Application guidance. Guidance on distributed alarm systems |
IEC TR 80001-2-5:2014 | Application of risk management for IT-networks incorporating medical devices - Part 2-5: Application guidance - Guidance on distributed alarm systems |
15/30246774 DC : 0 | BS EN 82304-1 - HEALTH SOFTWARE - PART 1: GENERAL REQUIREMENTS FOR PRODUCT SAFETY |
AAMI/IEC TIR80001-2-7:2014 | APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL - APPLICATION GUIDANCE - PART 2-7: GUIDANCE FOR HEALTHCARE DELIVERY ORGANIZATIONS (HDOS) ON HOW TO SELF-ASSESS THEIR CONFORMANCE WITH IEC 80001-1 |
IEEE/ANSI C63.27-2017 | American National Standard for Evaluation of Wireless Coexistence |
BS IEC 82304-1 : 2016 | HEALTH SOFTWARE - PART 1: GENERAL REQUIREMENTS FOR PRODUCT SAFETY |
ISO/TR 80001-2-7:2015 | Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 |
AAMI TIR57:2016(R2023) | Principles for medical device security—Risk management |
IEC 80001-1:2010 | Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities |
ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO/TR 27809:2007 | Health informatics Measures for ensuring patient safety of health software |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
IEEE 610.12-1990 | IEEE Standard Glossary of Software Engineering Terminology |
ISO/IEC 15408-3:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
IEC 60601-1-6:2010+AMD1:2013 CSV | Medical electrical equipment - Part 1-6: General requirements for basic safety and essential performance - Collateral standard: Usability |
ISO 13485:2016 | Medical devices Quality management systems Requirements for regulatory purposes |
ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
NEN 7510 : 2011 | HEALTH INFORMATICS - INFORMATION SECURITY MANAGEMENT IN HEALTHCARE |
IEC 60601-1-8:2006+AMD1:2012 CSV | Medical electrical equipment - Part 1-8: General requirements forbasic safety and essential performance - Collateral Standard: General requirements, tests and guidance for alarm systems inmedical electrical equipment and medical electrical systems |
IEC TR 80001-2-3:2012 | Application of risk management for IT-networks incorporating medical devices - Part 2-3: Guidance for wireless networks |
ISO/IEC 20000-1:2011 | Information technology Service management Part 1: Service management system requirements |
IEC 62304:2006+AMD1:2015 CSV | Medical device software - Software life cycle processes |
ISO/IEC 20000-2:2012 | Information technology Service management Part 2: Guidance on the application of service management systems |
ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
ISO/TS 13606-4:2009 | Health informatics Electronic health record communication Part 4: Security |
IEC 60300-3-9:1995 | Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems |
IEC 61907:2009 | Communication network dependability engineering |
ISO/IEC 15408-1:2009 | Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
ISO 14971:2007 | Medical devices Application of risk management to medical devices |
IEC TR 80001-2-1:2012 | Application of risk management for IT-networks incorporating medical devices - Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples |
ISO/TS 25238:2007 | Health informatics Classification of safety risks from health software |
ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.