IEC/TR 80001-2-8, “Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2,” has just been released. It is intended to assist both Healthcare Delivery Organizations (HDOs) and Medical Device Manufacturers (MDMs) implement security controls for data held in networked systems. It provides guidance for the establishment of “each of the security capabilities presented in IEC TR 80001-2-2.”
Who should be using IEC/TR 80001-2-8? You should be using this technical report if you’re
- in charge of selecting controls for a medical device system based on ISO/IEC 27001,
- implementing commonly accepted information security controls, and/or
- developing security management guidelines for your organization.
What will IEC/TR 80001-2-8 help me do? It gives you a detailed set of controls for managing health information security. And it provides you with health information best practices guidelines. Using this report will help you ensure that the minimum requisite level of security that is appropriate for your situation will be met. This is essential to maintaining the confidentiality, integrity and available of personal health information in your possession.
What’s included in IEC/TR 80001-2-8? The 56-page report starts out with the usual scope, referenced documents, and definition sections. It then moves directly into the guidance section for establishing security capabilities. This main body of the document discusses 19 specific requirements like automatic logoff (ALOF), health data integrity and authenticity (IGAU) and malware detection/production (MLDP). For each requirement a table is provided that includes information on the applicable standard, the reference within the standard, and the control you’ll need. The publication concludes with an 11-item bibliography.
When you’re implementing a system that needs input from a number of standards or needs to meet requirements from a number of sources, it can be a challenge to keep them all straight. This is one reason that you’ll find this technical report to be so helpful. It consolidates the concept of security capabilities from IEC TR 80001-2-2 with the lists of security controls from a number of standards from a variety of sources. This will make it far easier for you to map security controls to security capabilities.
Now you need to get a copy of this standard and IEC reminds you to be sure to purchase your copy from an authorized distributor like Document Center Inc. You can search for and order any IEC standard at our webstore, www.document-center.com. For your convenience, here’s a direct link to the order page for IEC/TR 80001-2-8. It’s available to order as a paper copy or for pdf download. Should you prefer enterprise access, ask our staff about our Standards Online cloud subscription. You can reach them by phone (650-591-7600) or email (info@document-center.com).
Document Center Inc. has been providing standards to folks like you since 1982. We have a wide range of services available to support your proper use of this compliance documentation. Make us your Standards Experts!
