|
SLOVENSKI STANDARD
01-januar-2022
Nadomešča:
SIST EN 80001-1:2011
Uporaba upravljanja tveganja za omrežja IT, ki vključujejo medicinske naprave - 1.
del: Varnost, učinkovitost in varnost pri izvajanju in uporabi povezanih
medicinskih pripomočkov ali povezane zdravstvene programske opreme (IEC
80001-1:2021)
Application of risk management for IT-networks incorporating medical devices - Part 1:
Safety, effectiveness and security in the implementation and use of connected medical
devices or connected health software (IEC 80001-1:2021)
Sicherheit, Effektivität und Daten- und Systemsicherheit bei Implementierung und
Gebrauch von eingebundenen Medizinprodukten oder eingebundener
Gesundheitssoftware - Teil 1: Anwendung von Risikomanagement (IEC 80001-1:2021)
Application de la gestion des risques aux réseaux des technologies de l’information
contenant des dispositifs médicaux - Partie 1: Sûreté, efficacité et sécurité dans la mise
en œuvre et l'utilisation des dispositifs médicaux connectés ou des logiciels de santé
connectés (IEC 80001-1:2021)
Ta slovenski standard je istoveten z: EN IEC 80001-1:2021
ICS:
11.040.01 Medicinska oprema na Medical equipment in general
splošno
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 80001-1
NORME EUROPÉENNE
EUROPÄISCHE NORM
October 2021
ICS 11.040.01; 35.240.80 Supersedes EN 80001-1:2011 and all of its amendments
and corrigenda (if any)
English Version
Application of risk management for IT-networks incorporating
medical devices - Part 1: Safety, effectiveness and security in
the implementation and use of connected medical devices or
connected health software
(IEC 80001-1:2021)
Application de la gestion des risques aux réseaux des Sicherheit, Effektivität und Daten- und Systemsicherheit bei
technologies de l'information contenant des dispositifs Implementierung und Gebrauch von eingebundenen
médicaux - Partie 1: Sûreté, efficacité et sécurité dans la Medizinprodukten oder eingebundener
mise en œuvre et l'utilisation des dispositifs médicaux Gesundheitssoftware - Teil 1: Anwendung von
connectés ou des logiciels de santé connectés Risikomanagement
(IEC 80001-1:2021) (IEC 80001-1:2021)
This European Standard was approved by CENELEC on 2021-10-26. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 80001-1:2021 E
European foreword
The text of document 62A/1434/FDIS, future edition 2 of IEC 80001-1, prepared by SC 62A “Common
aspects of electrical equipment used in medical practice” of IEC/TC 62 “Electrical equipment in
medical practice” was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2022–07–26
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2024–10–26
document have to be withdrawn
This document supersedes EN 80001-1:2011 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 80001-1:2021 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
ISO 14971:2019 NOTE Harmonized as EN ISO 14971:2019 (not modified)
ISO 13940:2015 NOTE Harmonized as EN ISO 13940:2016 (not modified)
IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006 (not modified) +A11:2011
IEC 80001-1
Edition 2.0 2021-09
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Application of risk management for IT-networks incorporating medical devices –
Part 1: Safety, effectiveness and security in the implementation and use of
connected medical devices or connected health software
Application de la gestion des risques aux réseaux des technologies de
l’information contenant des dispositifs médicaux –
Partie 1: Sûreté, efficacité et sécurité dans la mise en œuvre et l'utilisation des
dispositifs médicaux connectés ou des logiciels de santé connectés
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 11.040.01; 35.240.80 ISBN 978-2-8322-9748-3
– 2 – IEC 80001-1:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 7
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 9
4 Principles . 10
5 Framework . 11
5.1 General . 11
5.2 Leadership and commitment . 11
5.3 Integrating RISK MANAGEMENT . 11
5.4 Design/planning . 12
5.4.1 General . 12
5.4.2 RISK MANAGEMENT FILE . 13
5.4.3 Understanding the organization and the SOCIOTECHNICAL ECOSYSTEM . 13
5.4.4 Articulating RISK MANAGEMENT commitment . 13
5.4.5 Assigning organizational roles, authorities, responsibilities and
accountabilities . 13
5.4.6 Allocating resources . 14
5.4.7 Establishing communication and consultation . 14
5.5 Implementation . 15
5.6 Evaluation . 15
5.7 Improvement . 15
6 RISK MANAGEMENT PROCESS . 15
6.1 Generic requirements. 15
6.1.1 General . 15
6.1.2 RISK ANALYSIS . 16
6.1.3 RISK EVALUATION . 18
6.1.4 RISK CONTROL . 19
6.2 Lifecycle specific requirements . 21
6.2.1 General . 21
6.2.2 Acquisition . 21
6.2.3 Installation, customization and configuration . 22
6.2.4 Integration, data migration, transition and validation . 22
6.2.5 Implementation, workflow optimization and training . 22
6.2.6 Operation and maintenance . 23
6.2.7 Decommission . 24
Annex A (informative) IEC 80001-1 requirements mapping table . 25
Annex B (informative) Guidance for accompanying document Information . 31
B.1 Foreword . 31
B.2 Information system categorization . 32
B.3 Overview. 32
B.4 Reference documents . 32
B.5 System level description . 32
B.5.1 Environment description . 32
B.5.2 Network ports, protocols and services . 33
B.5.3 Purpose of connection to the health IT infrastructure . 33
IEC 80001-1:2021 © IEC 2021 – 3 –
B.5.4 Networking requirements . 33
B.5.5 Required IT-network services . 33
B.5.6 Data flows and protocols . 33
B.6 Security and user access . 34
B.6.1 General . 34
B.6.2 Malware / antivirus / allow-list . 34
B.6.3 Security exclusions . 34
B.6.4 System access . 34
B.7 RISK MANAGEMENT . 36
Bibliography . 37
Figure 1 – Lifecycle framework addressing safety, effectiveness and security of health
software and health IT systems . 8
Figure 2 – RISK MANAGEMENT PROCESS . 12
Table A.1 – IEC 80001-1 requirements table . 25
Table B.1 – Organization name and location . 31
Table B.2 – Cybersecurity device characterization level . 32
Table B.3 – Ports, protocols and services . 33
Table B.4 – Information system name and title . 34
Table B.5 – Roles and privileges . 35
...