Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC 80001-2-2

The IEC 80001-1 standard provides the roles, responsibilities and activities necessary for risk management. A previous technical report, IEC/TR 80001-2-2, provides additional guidance in relation to how security capabilities might be referenced (disclosed and discussed) in both the risk management process and stakeholder communications and agreements.

This technical report provides guidance to health delivery organisations and medical device manufacturers on the establishment of each of the security capabilities presented in IEC/TR 80001-2-2. It contains an informative set of common, descriptive security capabilities intended to be the starting point for a security-centric discussion between the vendor and purchaser or among a larger group of stakeholders involved in a medical device IT network project.

Main sections:

· Scope

· Normative references

· Terms and definitions

· Guidance for establishing security capabilities: General, ALOF, AUDT, AUTH, CNFS, CSUP, DIDT, DTBK, EMRG, IGAU, MLDP, NAUT, PAUT, PLOK, RDMP, SAHD, SGUD, STCF, TXCF AND TXIG