PD ISO/TR 17791:2013

Specifies guidance to National Member Bodies (NMBs) and readers by identifying a coherent set of international standards relevant to the development, implementation and use of safer health software.

This Technical Report provides guidance to National Member Bodies (NMBs) and readers by identifying a coherent set of international standards relevant to the development, implementation and use of safer health software. The framework presented in this Technical Report, together with the mapping of standards to the framework, illustrate relevant standards and how they can optimally be applied. The mapping works to clearly demonstrate where standards gaps and overlaps exist. Specifically, this Technical Report:

• identifies a coherent set of international standards that promote the patient-safe (or safer) development, implementation and use of health software,

• provides guidance on the applicability of these standards towards enabling optimal safety in health software within overall risk management and quality management approaches, as well as within the lifecycle steps and processes of health software development,

• addresses the health software safety issues that remain, either as gaps or overlaps between or among the identified standards, and

• discusses how those gaps and overlaps could be addressed—in the short or long term—through revision of the current standards or the development of new ones.

Harm to the operators of health software, should any such risk exist, is outside the scope of this Technical Report.

While there are references in this Technical Report relating to the regulation of health software, it is neither the purpose nor the intention of this Technical Report to prescribe, enforce or endorse regulation; this is recognized as primarily a national or jurisdictional responsibility and is outside the scope of the Technical Report. This Technical Report does, however, attempt to establish an international standards framework that will be globally recognized and accepted, as well as to provide guidance by which jurisdictional authorities within NMBs can choose to propose the implementation of the framework in a regulatory context, if this is desired. Therefore, while it might be beneficial to encourage NMBs to work towards harmonization in regulatory environments, it is not the purpose or intention in any way of this Technical Report to be so prescriptive.

Furthermore, where a standard is recommended for use in this Technical Report, it is not intended to imply that full compliance with all requirements of any recommended standard should be implemented. Compliance is therefore also outside the scope of this Technical Report.