欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS PD ISO TR 80001-2-6-2014 Application of risk management for IT-networks incorporating medical device Application guidance Guidance for responsibility agreements《包含医疗设备IT网络的风险管理应用 应用指南 责任协议指南》.pdf

    • 资源ID:398872       资源大小:1,022KB        全文页数:26页
    • 资源格式: PDF        下载积分:5000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要5000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS PD ISO TR 80001-2-6-2014 Application of risk management for IT-networks incorporating medical device Application guidance Guidance for responsibility agreements《包含医疗设备IT网络的风险管理应用 应用指南 责任协议指南》.pdf

    1、BSI Standards Publication PD ISO/TR 80001-2-6:2014 Application of risk management for IT-networks incorporating medical devices Part 2-6: Application guidance Guidance for responsibility agreementsPD ISO/TR 80001-2-6:2014 PUBLISHED DOCUMENT National foreword This Published Document is the UK impleme

    2、ntation of ISO/TR 80001-2-6:2014. The UK participation in its preparation was entrusted to Technical Committee CH/62/1, Common aspects of Electrical Equipment used in Medical Practice. A list of organizations represented on this committee can be obtained on request to its secretary. This publication

    3、 does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 82507 1 ICS 11.040.01; 35.240.80 Compliance with a British Standard cannot confer

    4、 immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 November 2014. Amendments issued since publication Date Text affectedPD ISO/TR 80001-2-6:2014Reference number ISO/TR 80001-2-6:2014(E) ISO 2014TECHNICAL RE

    5、PORT ISO/TR 80001-2-6 First edition 2014-12-01 Application of risk management for IT-networks incorporating medical device Part 2-6: Application guidance Guidance for responsibility agreements Application de la gestion des risques pour les rseaux intgrant appareils mdicaux Partie 2-6: Application gu

    6、idage Orientation des accords de responsabilit PD ISO/TR 80001-2-6:2014 ISO/TR 80001-2-6:2014(E) COPYRIGHT PROTECTED DOCUMENT ISO 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mecha

    7、nical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01

    8、 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2014 All rights reservedPD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved iii Contents Page Foreword iv Introduction . v 1 Scope 1 1.1 Purpose 1 1.2 Prerequisites 1 2 Normat

    9、ive references 1 3 Terms and definitions . 1 4 Key aspects for RESPONSIBILITY AGREEMENTS 5 4.1 Reasons and rationale 5 4.2 Participants 5 4.3 Proposed types of RESPONSIBILITY AGREEMENTS . 5 4.4 Communication control 5 4.4.1 Bilateral versus multilateral RESPONSIBILITY AGREEMENTS 5 4.4.2 Non-disclosu

    10、re agreements . 5 4.4.3 Update of information and documentation . 6 4.5 Responsibility for establishing 6 4.6 Methods for determination and of responsibilities 6 4.7 Life cycle considerations 6 5 Elements of a RESPONSIBILITY AGREEMENT 7 Annex A (informative) RACI chart 11 Annex B (informative) Typic

    11、al documents 12 PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) iv ISO 2014 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally car

    12、ried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

    13、 ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare Interna

    14、tional Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committe

    15、e has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and

    16、does not have to be reviewed until the data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent right

    17、s. ISO TR 80001-2-6 was prepared by Technical Committee ISO/TC 215, Health informatics, jointly with IEC Subcommittee IEC/SC 62A. ISO/IEC TR 80001 consists of the following parts, under the general title Application of risk management for IT-networks incorporating medical devices. Part 1: Roles, res

    18、ponsibilities and activities Part 2-1: Step-by-step risk management of medical IT-networks Practical applications and examples Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls Part 2-3: Guidance for wireless networks Part 2-4: Application g

    19、uidance General implementation guidance for Healthcare Delivery Organizations Part 2-5: Application guidance Guidance on distributed alarm systems (in development) Part 2-6: Application guidance Guidance for responsibility agreements Part 2-7: IT-networks incorporating medical devices - Part 2-7: Ap

    20、plication Guidance - Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 (in development) Part 2-8: Application of risk management for IT-networks incorporating medical devices Part 2-8: Application guidance - Guidance on standards for estab

    21、lishing the security capabilities identified in IEC 80001-2-2 (in development) PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved vIntroduction 0.1 Background IEC 80001-1 was developed to meet the need to managing RISKS associated with the increasing prevalence of MEDICAL

    22、 DEVICES being connected to general purpose IT-NETWORKS. The standard introduces the notion of a RESPONSIBILITY AGREEMENT covering roles and responsibilities of the stakeholders. This Technical Report provides practical guidance to RESPONSIBLE ORGANIZATIONS on establishing a RESPONSIBILITY AGREEMENT

    23、 among all stakeholders involved, namely the RESPONSIBLE ORGANIZATION, the MEDICAL DEVICE manufacturer(s) and the IT supplier(s). Examples of situations where a RESPONSIBILITY AGREEMENT could prove useful when an IT-NETWORK incorporates MEDICAL DEVICES. The benefits of the RESPONSIBILITY AGREEMENT i

    24、nclude: a) The roles and responsibilities of the stakeholders are identified and communicated in written form. It is essential to have a clear understanding of the clinical dependencies on the network and to identify the roles and responsibilities of the stakeholders, including clinical staff and th

    25、e MEDICAL DEVICE manufacturers. The organization or department responsible for configurations control and maintenance of the IT- NETWORK should have, or establish if necessary, change control procedures to manage the RISKS to services supported by the network arising from the implementation of chang

    26、es to network (e.g. software upgrade to network components). EXAMPLE 1 Common examples include software upgrades for antivirus software or bug fixes in networking switches and routers. Before upgrading hard/soft/firmware on infrastructure supporting MEDICAL DEVICES and medical systems, it is importa

    27、nt that MEDICAL DEVICES that can be impacted are identified through an impact assessment. To undertake such an assessment requires either detailed engineering knowledge of each component and its dependencies or for example, the co-operation of the respective manufacturer. Whichever party takes respo

    28、nsibility for this should then review and validate their systems on the new hard/soft/firmware. It is also important to ensure that whenever practicable, there is a back-out/regression plan which has also been tested. In this scenario, the RESPONSIBILITY AGREEMENT would set out the responsibilities

    29、of each party, e.g., How such activities would be initiated, who would notify whom, when, with what information and how would they be expected to respond. There have already been documented instances where MEDICAL DEVICES have been adversely affected from such changes and this was one reason for US

    30、FDAs “Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software.“ See: http:/www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077812.htm b) A clinical user of a MEDICAL DEVICE can desire to connect the MEDICAL DEVICE to a g

    31、eneral purpose IT- NETWORK. Having a PROCESS in place to inform and involve relevant stakeholders early in the planning stage (i.e., prior to go live) could help avert uninformed decision making and implementation that could adversely impact other clinical systems that rely on the IT-NETWORK. EXAMPL

    32、E 2 Demand already exists for this capability, e.g., delivery of MEDICAL DEVICE alarms via wireless communications devices carried by PATIENT care staff, automated/remote programming of infusion therapy pumps and Admit/Discharge/Transfer data feeds to medical monitoring systems. When doing so requir

    33、es multiple otherwise independent stakeholders to be responsible for aspects of the systems development, implementation and operation, and maintenance, it is imperative that all stakeholders are explicitly aware and accepting of their responsibilities. A RESPONSIBILITY AGREEMENT serves as a vehicle

    34、to accomplish this. PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) vi ISO 2014 All rights reserved0.2 Normative requirements from IEC 80001-1 In addition to the languages of subclause 4.3.4 describing the RESPONSIBILITY AGREEMENT, subclauses 3.5 and 3.6 require information to be made available to

    35、 the RESPONSIBLE ORGANIZATION by MEDICAL DEVICE manufacturers and IT supplier, respectively. Both subclauses acknowledge the possibility that the information identified may be insufficient to address the RESPONSIBLE ORGANIZATIONS RISK MANAGEMENT needs by including the following notes: NOTE 1 Where t

    36、he content made available does not meet the RESPONSIBLE ORGANIZATIONS RISK MANAGEMENT need, additional content can be made available under a RESPONSIBILITY AGREEMENT. NOTE 2 A RESPONSIBILITY AGREEMENT between the RESPONSIBLE ORGANIZATION and a MEDICAL DEVICE manufacturer can be used to identify and

    37、share the documentation needed. PD ISO/TR 80001-2-6:2014 TECHNICAL REPORT ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved 1Application of risk management for IT-networks incorporating medical devices Part 2-6: Application guidance Part 2-6: Guidance for responsiblity agreements 1 Scope 1.1 Pur

    38、pose This Technical Report provides guidance on implementing RESPONSIBILITY AGREEMENTS, which are described in IEC 80001-1 as used to establish the roles and responsibilities among the stakeholders engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK in order to support compliance to

    39、IEC 80001-1. Stakeholders may include RESPONSIBLE ORGANIZATIONS, IT suppliers, MEDICAL DEVICE manufacturers and others. The goal of the RESPONSIBILITY AGREEMENT is that these roles and responsibilities should cover the complete lifecycle of the resulting MEDICAL IT-NETWORK. 1.2 Prerequisites The RES

    40、PONSIBLE ORGANIZATIONS (ROs) TOP MANAGEMENT has accepted responsibility for the successful implementation of IEC 80001-1. As required by IEC 80001-1, the RO has created and approved policies for the RISK MANAGEMENT PROCESS and RISK acceptability criteria while balancing the three KEY PROPERTIES with

    41、 the mission of the RO. The RO has identified and provisioned adequate resources and assigned qualified personnel to perform tasks related to the standard. The RO has appointed a MEDICAL IT-NETWORK RISK MANAGER and is prepared to establish the RESPONSIBILITY AGREEMENT. 2 Normative references The fol

    42、lowing document, in whole or in part, is normatively referenced in this document and is indispensable for its application. As a dated reference, only the edition cited applies. IEC 80001-1:2010, Application of risk management for IT -networks incorporating medical devices Part 1: Roles, responsibili

    43、ties and activities 3 Terms and definitions 3.1 CHANGE PERMIT outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT activities subject to specified constraints SOURCE: IEC 80001-1:2010, 2.3 3.2 DATA AND SYSTEM

    44、 SECURITY operational state of a MEDICAL IT-NETWORK in which information assets (data and systems) are reasonably protected from degradation of confidentiality, integrity, and availability PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) 2 ISO 2014 All rights reservedSOURCE: IEC 80001-1:2010, 2.5 3

    45、.3 EFFECTIVENESS ability to produce the intended result for the subject of care and the RESPONSIBLE ORGANIZATION SOURCE: IEC 80001-1:2010, 2.6 3.4 EVENT MANAGEMENT PROCESS that ensures that all events that can or might negatively impact the operation of the IT-NETWORK are captured, assessed, and man

    46、aged in a controlled manner SOURCE: IEC 80001-1:2010, 2.7 3.5 HARM physical injury or damage to the health of people, or damage to property or the environment, or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY SOURCE: IEC 80001-1:2010, 2.8 3.6 HAZARD potential source of HARM SOURC

    47、E: IEC 80001-1:2010, 2.9 3.7 INFORMATION TECHNOLOGY branch of engineering that deals with the use of computers and telecommunications to retrieve, store, and transmit information 3.8 IT-NETWORK electronic data transmission facility which can comprise of just a point-to-point wire link between two de

    48、vices, or a complex arrangement of transmission lines. SOURCE: IEC 80001-1:2010, 2.12 3.9 KEY PROPERTIES three RISK managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY) of MEDICAL IT- NETWORKS SOURCE: IEC 80001-1:2010, 2.13 3.10 MEDICAL DEVICE Means any instrument, apparatu

    49、s, implement, machine, appliance, implant, in vitro reagent or calibrator, software, material or other similar or related article a) intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the specific purpose(s) of: diagnosis, prevention, monitoring, treatment or alleviation of disease, diagnosis, monitoring, treatment, alleviation of or compensation for an injury, PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) ISO 2014 All rights res


    注意事项

    本文(BS PD ISO TR 80001-2-6-2014 Application of risk management for IT-networks incorporating medical device Application guidance Guidance for responsibility agreements《包含医疗设备IT网络的风险管理应用 应用指南 责任协议指南》.pdf)为本站会员(terrorscript155)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开