AAMI IEC-80001-2-8-2016 pdf download
AAMI IEC-80001-2-8-2016 pdf download.Application of risk management for IT networks incorporating medical devices—Part 2-8: Application guidance— Guidance on standards for establishing the security capabilities identifed in IEC 80001 -2-2.
This part of lEG 80001. which is a Technical Report, provides guidance to Health Delivery Organizations (HDOs) and MEDICAL DEVICE manufacturers (MDM5) for the application of the framework outlined in IEC TR 80001 -2-2. Managing the RISK Ifl connecting MEDICAL DEVICES to IT-NETWORKS requires the disclosure of security-related capabilities and RISKS. IEC TR 80001-2-2 presents a framework for this disclosure and the security dialog that surrounds the IEC 80001-1 RISK MANAGEMENT of IT-NETWORKS. IEC TR 80001 -2-2 presents an informative set of common, descriptive security-related capabilities that are useful in terms of gaining an understanding of user needs. This report addresses each of the SECURITY CAPABILITIES and identifies SECURITY CONTROLS for consideration by HDOs and MDMs during RISK MANAGEMENT activities, supplier selection, device selection, device implementation, operation etc.
It is not intended that the security standards referenced herein are exhaustive of all useful standards; rather, the purpose of this technical report is to identify SECURITY CONTROLS, which exist in these particular security standards (listed in the introduction of this technical report), that apply to each of the SECURITY
CAPABILITIES.
This report provides guidance to HDOs and MDM5 for the selection and implementation of management. operational, administrative and technical SECURITY CONTROLS to protect the confidentiality, integrity. availability and accountability of data and systems during development, operation and disposal.
All 19 SECURITY CAPABILITIES are not required in every case and the identified SECURITY CAPABILITIES included in this report should not be considered exhaustive in nature. The selection of SECURITY CAPABILITIES and SECURITY CONTROLS should be based on the RISK EVALUATION and the RISK tolerance with consideration for protection of patient SAFETY, life and health. INTENDED USE, operational environment. network structure and local factors should also determine which SECURITY CAPABILITIES are necessary and which SECURITY CONTROLS most suitably assist in establishing that SECURITY CAPABILITY.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are indispensable tar its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
lEG 80001-1:2010, Application of risk management for IT-networks incorporating medical devices — Part 1:
Roles, responsibilities and activities
IEC TR 80001 -2-2:2012, Application of risk management for IT-networks incorporating medical devices — Part 2-2: Guidance for the communication of medical device security needs, risks and controls6)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.AAMI IEC-80001-2-8 pdf download.