BS PD ISO TR 80001-2-6-2014 Application of risk management for IT-networks incorporating medical device Application guidance Guidance for responsibility agreements《包含医疗设备IT网络的风险管理应用 应用指南 责任协议指南》.pdf

1、BSI Standards Publication PD ISO/TR 80001-2-6:2014 Application of risk management for IT-networks incorporating medical devices Part 2-6: Application guidance Guidance for responsibility agreementsPD ISO/TR 80001-2-6:2014 PUBLISHED DOCUMENT National foreword This Published Document is the UK impleme

2、ntation of ISO/TR 80001-2-6:2014. The UK participation in its preparation was entrusted to Technical Committee CH/62/1, Common aspects of Electrical Equipment used in Medical Practice. A list of organizations represented on this committee can be obtained on request to its secretary. This publication

3、 does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 82507 1 ICS 11.040.01; 35.240.80 Compliance with a British Standard cannot confer

4、 immunity from legal obligations. This Published Document was published under the authority of the Standards Policy and Strategy Committee on 30 November 2014. Amendments issued since publication Date Text affectedPD ISO/TR 80001-2-6:2014Reference number ISO/TR 80001-2-6:2014(E) ISO 2014TECHNICAL RE

5、PORT ISO/TR 80001-2-6 First edition 2014-12-01 Application of risk management for IT-networks incorporating medical device Part 2-6: Application guidance Guidance for responsibility agreements Application de la gestion des risques pour les rseaux intgrant appareils mdicaux Partie 2-6: Application gu

6、idage Orientation des accords de responsabilit PD ISO/TR 80001-2-6:2014 ISO/TR 80001-2-6:2014(E) COPYRIGHT PROTECTED DOCUMENT ISO 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mecha

7、nical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01

8、 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2014 All rights reservedPD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved iii Contents Page Foreword iv Introduction . v 1 Scope 1 1.1 Purpose 1 1.2 Prerequisites 1 2 Normat

9、ive references 1 3 Terms and definitions . 1 4 Key aspects for RESPONSIBILITY AGREEMENTS 5 4.1 Reasons and rationale 5 4.2 Participants 5 4.3 Proposed types of RESPONSIBILITY AGREEMENTS . 5 4.4 Communication control 5 4.4.1 Bilateral versus multilateral RESPONSIBILITY AGREEMENTS 5 4.4.2 Non-disclosu

10、re agreements . 5 4.4.3 Update of information and documentation . 6 4.5 Responsibility for establishing 6 4.6 Methods for determination and of responsibilities 6 4.7 Life cycle considerations 6 5 Elements of a RESPONSIBILITY AGREEMENT 7 Annex A (informative) RACI chart 11 Annex B (informative) Typic

11、al documents 12 PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) iv ISO 2014 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally car

12、ried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

13、 ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare Interna

14、tional Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committe

15、e has collected data of a different kind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and

16、does not have to be reviewed until the data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent right

17、s. ISO TR 80001-2-6 was prepared by Technical Committee ISO/TC 215, Health informatics, jointly with IEC Subcommittee IEC/SC 62A. ISO/IEC TR 80001 consists of the following parts, under the general title Application of risk management for IT-networks incorporating medical devices. Part 1: Roles, res

18、ponsibilities and activities Part 2-1: Step-by-step risk management of medical IT-networks Practical applications and examples Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls Part 2-3: Guidance for wireless networks Part 2-4: Application g

19、uidance General implementation guidance for Healthcare Delivery Organizations Part 2-5: Application guidance Guidance on distributed alarm systems (in development) Part 2-6: Application guidance Guidance for responsibility agreements Part 2-7: IT-networks incorporating medical devices - Part 2-7: Ap

20、plication Guidance - Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 (in development) Part 2-8: Application of risk management for IT-networks incorporating medical devices Part 2-8: Application guidance - Guidance on standards for estab

21、lishing the security capabilities identified in IEC 80001-2-2 (in development) PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved vIntroduction 0.1 Background IEC 80001-1 was developed to meet the need to managing RISKS associated with the increasing prevalence of MEDICAL

22、 DEVICES being connected to general purpose IT-NETWORKS. The standard introduces the notion of a RESPONSIBILITY AGREEMENT covering roles and responsibilities of the stakeholders. This Technical Report provides practical guidance to RESPONSIBLE ORGANIZATIONS on establishing a RESPONSIBILITY AGREEMENT

23、 among all stakeholders involved, namely the RESPONSIBLE ORGANIZATION, the MEDICAL DEVICE manufacturer(s) and the IT supplier(s). Examples of situations where a RESPONSIBILITY AGREEMENT could prove useful when an IT-NETWORK incorporates MEDICAL DEVICES. The benefits of the RESPONSIBILITY AGREEMENT i

24、nclude: a) The roles and responsibilities of the stakeholders are identified and communicated in written form. It is essential to have a clear understanding of the clinical dependencies on the network and to identify the roles and responsibilities of the stakeholders, including clinical staff and th

25、e MEDICAL DEVICE manufacturers. The organization or department responsible for configurations control and maintenance of the IT- NETWORK should have, or establish if necessary, change control procedures to manage the RISKS to services supported by the network arising from the implementation of chang

26、es to network (e.g. software upgrade to network components). EXAMPLE 1 Common examples include software upgrades for antivirus software or bug fixes in networking switches and routers. Before upgrading hard/soft/firmware on infrastructure supporting MEDICAL DEVICES and medical systems, it is importa

27、nt that MEDICAL DEVICES that can be impacted are identified through an impact assessment. To undertake such an assessment requires either detailed engineering knowledge of each component and its dependencies or for example, the co-operation of the respective manufacturer. Whichever party takes respo

28、nsibility for this should then review and validate their systems on the new hard/soft/firmware. It is also important to ensure that whenever practicable, there is a back-out/regression plan which has also been tested. In this scenario, the RESPONSIBILITY AGREEMENT would set out the responsibilities

29、of each party, e.g., How such activities would be initiated, who would notify whom, when, with what information and how would they be expected to respond. There have already been documented instances where MEDICAL DEVICES have been adversely affected from such changes and this was one reason for US

30、FDAs “Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software.“ See: http:/www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077812.htm b) A clinical user of a MEDICAL DEVICE can desire to connect the MEDICAL DEVICE to a g

31、eneral purpose IT- NETWORK. Having a PROCESS in place to inform and involve relevant stakeholders early in the planning stage (i.e., prior to go live) could help avert uninformed decision making and implementation that could adversely impact other clinical systems that rely on the IT-NETWORK. EXAMPL

32、E 2 Demand already exists for this capability, e.g., delivery of MEDICAL DEVICE alarms via wireless communications devices carried by PATIENT care staff, automated/remote programming of infusion therapy pumps and Admit/Discharge/Transfer data feeds to medical monitoring systems. When doing so requir

33、es multiple otherwise independent stakeholders to be responsible for aspects of the systems development, implementation and operation, and maintenance, it is imperative that all stakeholders are explicitly aware and accepting of their responsibilities. A RESPONSIBILITY AGREEMENT serves as a vehicle

34、to accomplish this. PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) vi ISO 2014 All rights reserved0.2 Normative requirements from IEC 80001-1 In addition to the languages of subclause 4.3.4 describing the RESPONSIBILITY AGREEMENT, subclauses 3.5 and 3.6 require information to be made available to

35、 the RESPONSIBLE ORGANIZATION by MEDICAL DEVICE manufacturers and IT supplier, respectively. Both subclauses acknowledge the possibility that the information identified may be insufficient to address the RESPONSIBLE ORGANIZATIONS RISK MANAGEMENT needs by including the following notes: NOTE 1 Where t

36、he content made available does not meet the RESPONSIBLE ORGANIZATIONS RISK MANAGEMENT need, additional content can be made available under a RESPONSIBILITY AGREEMENT. NOTE 2 A RESPONSIBILITY AGREEMENT between the RESPONSIBLE ORGANIZATION and a MEDICAL DEVICE manufacturer can be used to identify and

37、share the documentation needed. PD ISO/TR 80001-2-6:2014 TECHNICAL REPORT ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved 1Application of risk management for IT-networks incorporating medical devices Part 2-6: Application guidance Part 2-6: Guidance for responsiblity agreements 1 Scope 1.1 Pur

38、pose This Technical Report provides guidance on implementing RESPONSIBILITY AGREEMENTS, which are described in IEC 80001-1 as used to establish the roles and responsibilities among the stakeholders engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK in order to support compliance to

39、IEC 80001-1. Stakeholders may include RESPONSIBLE ORGANIZATIONS, IT suppliers, MEDICAL DEVICE manufacturers and others. The goal of the RESPONSIBILITY AGREEMENT is that these roles and responsibilities should cover the complete lifecycle of the resulting MEDICAL IT-NETWORK. 1.2 Prerequisites The RES

40、PONSIBLE ORGANIZATIONS (ROs) TOP MANAGEMENT has accepted responsibility for the successful implementation of IEC 80001-1. As required by IEC 80001-1, the RO has created and approved policies for the RISK MANAGEMENT PROCESS and RISK acceptability criteria while balancing the three KEY PROPERTIES with

41、 the mission of the RO. The RO has identified and provisioned adequate resources and assigned qualified personnel to perform tasks related to the standard. The RO has appointed a MEDICAL IT-NETWORK RISK MANAGER and is prepared to establish the RESPONSIBILITY AGREEMENT. 2 Normative references The fol

42、lowing document, in whole or in part, is normatively referenced in this document and is indispensable for its application. As a dated reference, only the edition cited applies. IEC 80001-1:2010, Application of risk management for IT -networks incorporating medical devices Part 1: Roles, responsibili

43、ties and activities 3 Terms and definitions 3.1 CHANGE PERMIT outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT activities subject to specified constraints SOURCE: IEC 80001-1:2010, 2.3 3.2 DATA AND SYSTEM

44、 SECURITY operational state of a MEDICAL IT-NETWORK in which information assets (data and systems) are reasonably protected from degradation of confidentiality, integrity, and availability PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) 2 ISO 2014 All rights reservedSOURCE: IEC 80001-1:2010, 2.5 3

45、.3 EFFECTIVENESS ability to produce the intended result for the subject of care and the RESPONSIBLE ORGANIZATION SOURCE: IEC 80001-1:2010, 2.6 3.4 EVENT MANAGEMENT PROCESS that ensures that all events that can or might negatively impact the operation of the IT-NETWORK are captured, assessed, and man

46、aged in a controlled manner SOURCE: IEC 80001-1:2010, 2.7 3.5 HARM physical injury or damage to the health of people, or damage to property or the environment, or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY SOURCE: IEC 80001-1:2010, 2.8 3.6 HAZARD potential source of HARM SOURC

47、E: IEC 80001-1:2010, 2.9 3.7 INFORMATION TECHNOLOGY branch of engineering that deals with the use of computers and telecommunications to retrieve, store, and transmit information 3.8 IT-NETWORK electronic data transmission facility which can comprise of just a point-to-point wire link between two de

48、vices, or a complex arrangement of transmission lines. SOURCE: IEC 80001-1:2010, 2.12 3.9 KEY PROPERTIES three RISK managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY) of MEDICAL IT- NETWORKS SOURCE: IEC 80001-1:2010, 2.13 3.10 MEDICAL DEVICE Means any instrument, apparatu

49、s, implement, machine, appliance, implant, in vitro reagent or calibrator, software, material or other similar or related article a) intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the specific purpose(s) of: diagnosis, prevention, monitoring, treatment or alleviation of disease, diagnosis, monitoring, treatment, alleviation of or compensation for an injury, PD ISO/TR 80001-2-6:2014 ISO TR 80001-2-6:2014(E) ISO 2014 All rights res