Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls

Category

Technical Report

Organisation

International Organization for Standardization (ISO)

IEC/TR 80001-2-2:2012

Type

Standard

Version

Access

Fees apply to access

Status

Active

Created

Jul 2012

This technical report creates a framework for the disclosure of security-related capabilities and risks necessary for managing risk when connecting medical devices to IT networks. It also supports the security dialogue surrounding IEC 80001-1 and informs the responsibility agreements specified in that standard.

The report describes a set of common, high-level security-related capabilities that are useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. The descriptions are intended to provide health delivery organisations, medical device manufacturers and IT vendors with a basis for discussing risk and their respective roles and responsibilities towards its management.

Main sections:

· Scope

· Normative references

· Terms and definitions

· Use of security capabilities

· Security capabilities

· Example of detailed specification under security capability: Person authentication – PAUT

· References

· Other resources

· Standards and frameworks

Access Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls

By accessing this content, you are leaving this website. The Agency takes no responsibility for the accuracy of content on the destination page.

Access Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls

Explore the Standards Catalogue