IEC has just released 3 new Technical Reports on the application of risk management for IT-networks incorporating medical devices and they’re available now from Document Center Inc. in both paper and pdf format. The three documents support IEC-80001-1, “Application of risk management for IT-networks incorporating medical devices – Part 1: Roles, responsibilities and activities.”
IEC/TR 80001-2-1:2012, Application of risk management for IT-networks incorporating medical devices – Part 2-1: Step by step risk management of medical IT-networks – Practical applications and examples
This document is a step-by-step guide to help in the application of risk management when creating or changing a medical IT-network. It provides easy to apply steps, examples, and information helping in the identification and control of risks. All relevant requirements in IEC 80001-1:2010 are addressed and links to other clauses and subclauses of IEC 80001-1 are addressed where appropriate (e.g. handover to release management and monitoring). This technical report focuses on practical risk management. It is not intended to provide a full outline or explanation of all requirements that are satisfactorily covered by IEC 80001-1.
This step-by-step guidance follows a 10-step process that follows subclause 4.4 of IEC 80001-1:2010, which specifically addresses risk analysis, risk evaluation and risk control. These activities are embedded within the full life cycle risk management process. They can never be the first step, as risk management follows the general process model which sets planning before any action.
IEC/TR 80001-2-2:2012, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
Part 2-1 creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls.
Intended use and local factors determine which exact capabilities will be useful in the dialog about risk. The capability descriptions in this report are intended to supply health delivery organizations (HDOs), medical device manufacturers (MDMs), and IT vendors with a basis for discussing risk and their respective roles and responsibilities toward its management. This discussion among the risk partners serves as the basis for one or more responsibility agreements as specified in IEC 80001-1.
IEC/TR 80001-2-3:2012, Application of risk management for IT-networks incorporating medical devices – Part 2-3: Guidance for wireless networks
This report supports the Healthcare Delivery Organizations (HDO) in the risk management of medical IT-networks that incorporate one or more wireless links. The report, as part of IEC 80001, considers the use of wirelessly networked medical devices on a medical IT-network and offers practical techniques to address the unique risk management requirements of operating wirelessly enabled medical devices in a safe, secure and effective manner. The targeted audience for this technical report is the HDO IT department, biomedical and clinical engineering departments, risk managers, and the people responsible for design and operation of the wireless IT network.
All IEC standards and other documents are available from Document Center Inc. at our webstore, www.document-center.com. Or contact us by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). You can purchase any standard you need as well as get further information on any standards-related questions you may have.