Skip to content
Please enter a keyword to search

  • IEC TR 80001-2-2:2012

    Current The latest, up-to-date edition.

    Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  10-07-2012

    Publisher:  International Electrotechnical Committee

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    FOREWORD
    INTRODUCTION
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Use of SECURITY CAPABILITIES
    5 SECURITY CAPABILITIES
    6 Example of detailed specification under
      SECURITY CAPABILITY: Person authentication
      - PAUT
    7 References
    8 Other resources
    9 Standards and frameworks
    Annex A (informative) - Sample scenario showing the
            exchange of security information
    Annex B (informative) - Examples of regional specification
            on a few SECURITY CAPABILITIES
    Annex C (informative) - SECURITY CAPABILITY mapping to C-I-A-A
    Bibliography

    Abstract - (Show below) - (Hide below)

    IEC/TR 80001-2-2:2012(E), which is a technical report, creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. Intended use and local factors determine which exact capabilities will be useful in the dialog about risk. The capability descriptions in this report are intended to supply health delivery organizations (HDOs), medical device manufacturers (MDMs), and IT vendors with a basis for discussing risk and their respective roles and responsibilities toward its management. This discussion among the risk partners serves as the basis for one or more responsibility agreements as specified in IEC 80001-1.

    General Product Information - (Show below) - (Hide below)

    Development Note Stability date: 2017. (09/2017)
    Document Type Technical Report
    Publisher International Electrotechnical Committee
    Status Current

    Standards Referenced By This Book - (Show below) - (Hide below)

    AAMI TIR57 : 2016 PRINCIPLES FOR MEDICAL DEVICE SECURITY - RISK MANAGEMENT
    AAMI/IEC TIR80001-2-3:2012 APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-3: GUIDANCE FOR WIRELESS NETWORKS
    PD ISO/TR 80001-2-7:2015 Application of risk management for IT-networks incorporating medical devices. Application guidance Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1
    I.S. EN 82304-1:2017 HEALTH SOFTWARE - PART 1: GENERAL REQUIREMENTS FOR PRODUCT SAFETY
    PD IEC/TR 80001-2-9:2017 Application of risk management for it-networks incorporating medical devices Application guidance. Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities
    EN 82304-1:2017 Health Software - Part 1: General requirements for product safety
    AAMI/IEC TIR80001-2-5:2014 APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-5: APPLICATION GUIDANCE - GUIDANCE ON DISTRIBUTED ALARM SYSTEMS
    IEC TR 80001-2-1:2012 Application of risk management for IT-networks incorporating medical devices - Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples
    NEMA HN 1 : 2013 MANUFACTURER DISCLOSURE STATEMENT FOR MEDICAL DEVICE SECURITY
    BS EN 82304-1:2017 Health Software General requirements for product safety
    AAMI/IEC TIR80001-2-8:2016 APPLICATION OF RISK MANAGEMENT FOR IT NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-8: APPLICATION GUIDANCE - GUIDANCE ON STANDARDS FOR ESTABLISHING THE SECURITY CAPABILITIES IDENTIFIED IN IEC 80001-2-2
    IEC TR 80001-2-8:2016 Application of risk management for IT-networks incorporating medical devices - Part 2-8: Application guidance - Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2
    PD IEC/TR 80001-2-3:2012 Application of risk management for IT-networks incorporating medical devices Guidance for wireless networks
    PD IEC/TR 80001-2-8:2016 Application of risk management for IT-networks incorporating medical devices Application guidance. Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2
    ANSI/AAMI/IEC TIR80001-2-1:2012 APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL DEVICES - PART 2-1: STEP BY STEP RISK MANAGEMENT OF MEDICAL IT-NETWORKS - PRACTICAL APPLICATIONS AND EXAMPLES
    PD IEC/TR 80001-2-1:2012 Application of risk management for IT-networks incorporating medical devices Step-by-step risk management of medical IT-networks. Practical applications and examples
    IEC TR 80001-2-3:2012 Application of risk management for IT-networks incorporating medical devices - Part 2-3: Guidance for wireless networks
    PD IEC/TR 80001-2-5:2014 Application of risk management for IT-networks incorporating medical devices Application guidance. Guidance on distributed alarm systems
    IEC TR 80001-2-5:2014 Application of risk management for IT-networks incorporating medical devices - Part 2-5: Application guidance - Guidance on distributed alarm systems
    15/30246774 DC : 0 BS EN 82304-1 - HEALTH SOFTWARE - PART 1: GENERAL REQUIREMENTS FOR PRODUCT SAFETY
    AAMI/IEC TIR80001-2-7:2014 APPLICATION OF RISK MANAGEMENT FOR IT-NETWORKS INCORPORATING MEDICAL - APPLICATION GUIDANCE - PART 2-7: GUIDANCE FOR HEALTHCARE DELIVERY ORGANIZATIONS (HDOS) ON HOW TO SELF-ASSESS THEIR CONFORMANCE WITH IEC 80001-1
    IEEE/ANSI C63.27-2017 American National Standard for Evaluation of Wireless Coexistence
    BS IEC 82304-1 : 2016 HEALTH SOFTWARE - PART 1: GENERAL REQUIREMENTS FOR PRODUCT SAFETY
    ISO/TR 80001-2-7:2015 Application of risk management for IT-networks incorporating medical devices — Application guidance — Part 2-7: Guidance for healthcare delivery organizations (HDOs) on how to self-assess their conformance with IEC 80001-1
    AAMI TIR57:2016(R2023) Principles for medical device security—Risk management

    Standards Referencing This Book - (Show below) - (Hide below)

    IEC 80001-1:2010 Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities
    ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
    ISO/TR 27809:2007 Health informatics Measures for ensuring patient safety of health software
    ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
    IEEE 610.12-1990 IEEE Standard Glossary of Software Engineering Terminology
    ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
    IEC 60601-1-6:2010+AMD1:2013 CSV Medical electrical equipment - Part 1-6: General requirements for basic safety and essential performance - Collateral standard: Usability
    ISO 13485:2016 Medical devices Quality management systems Requirements for regulatory purposes
    ISO/IEC 27002:2013 Information technology Security techniques Code of practice for information security controls
    NEN 7510 : 2011 HEALTH INFORMATICS - INFORMATION SECURITY MANAGEMENT IN HEALTHCARE
    IEC 60601-1-8:2006+AMD1:2012 CSV Medical electrical equipment - Part 1-8: General requirements forbasic safety and essential performance - Collateral Standard: General requirements, tests and guidance for alarm systems inmedical electrical equipment and medical electrical systems
    IEC TR 80001-2-3:2012 Application of risk management for IT-networks incorporating medical devices - Part 2-3: Guidance for wireless networks
    ISO/IEC 20000-1:2011 Information technology Service management Part 1: Service management system requirements
    IEC 62304:2006+AMD1:2015 CSV Medical device software - Software life cycle processes
    ISO/IEC 20000-2:2012 Information technology Service management Part 2: Guidance on the application of service management systems
    ISO/IEC 27005:2011 Information technology Security techniques Information security risk management
    ISO/TS 13606-4:2009 Health informatics Electronic health record communication Part 4: Security
    IEC 60300-3-9:1995 Dependability management - Part 3: Application guide - Section 9: Risk analysis of technological systems
    IEC 61907:2009 Communication network dependability engineering
    ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
    ISO 14971:2007 Medical devices Application of risk management to medical devices
    IEC TR 80001-2-1:2012 Application of risk management for IT-networks incorporating medical devices - Part 2-1: Step by step risk management of medical IT-networks - Practical applications and examples
    ISO/TS 25238:2007 Health informatics Classification of safety risks from health software
    ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective