Category
Technical Report
Organisation
ID
IEC/TR 80001-2-9:2017
Type
Standard
Version
1
Access
Fees apply to access
Status
Active
Created
Jan 2017
This technical report establishes a security case framework and provides guidance to healthcare delivery organisations and medical device manufacturers for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices.
This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy. Rather, the intention is to complement risk management and in turn provide a greater level of assurance for medical devices through the following processes: mapping specific risk management steps to each of the IEC/TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a reusable security pattern, providing guidance on the selection and presentation of appropriate security controls to establish security capabilities, and providing evidence to support the implementation of a security control.
Main sections:
· Scope
· Normative references
· Terms, definitions and abbreviated terms
· Assurance case
· Use of this document
· General guidelines
· Developing the security case
· Security case change management
· Annex A: Exemplar security patterns
This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy. Rather, the intention is to complement risk management and in turn provide a greater level of assurance for medical devices through the following processes: mapping specific risk management steps to each of the IEC/TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a reusable security pattern, providing guidance on the selection and presentation of appropriate security controls to establish security capabilities, and providing evidence to support the implementation of a security control.
Main sections:
· Scope
· Normative references
· Terms, definitions and abbreviated terms
· Assurance case
· Use of this document
· General guidelines
· Developing the security case
· Security case change management
· Annex A: Exemplar security patterns
Access Application of risk management for IT-networks incorporating medical devices – Part 2-9: Application guidance – Guidance for use of security assurance cases to demonstrate confidence in IEC/TR 80001-2-2 security capabilities
By accessing this content, you are leaving this website. The Agency takes no responsibility for the accuracy of content on the destination page.