ImageVerifierCode 换一换
格式:PDF , 页数:46 ,大小:984.82KB ,
资源ID:578753      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-578753.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf)为本站会员(fuellot230)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationApplication of risk management for IT-networks incorporating medical devicesPart 1: Roles, responsibilities and activitiesBS EN 80001-1:2011National forewordThis British Standard

2、 is the UK implementation of EN 80001-1:2011. It is identical to IEC 80001-1:2010.The UK participation in its preparation was entrusted by Technical CommitteeCH/62, Electrical Equipment in Medical Practice, to Subcommittee CH/62/1, Common aspects of Electrical Equipment used in Medical Practice, wit

3、h contribution from IST/35, Health Informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011ISBN 97

4、8 0 580 57854 0 ICS 11.040.01; 35.240.80Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2011.Amendments issued since publicationAmd. No. Date Text affec

5、tedBRITISH STANDARDBS EN 80001-1:2011EUROPEAN STANDARD EN 80001-1 NORME EUROPENNE EUROPISCHE NORM March 2011 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marn

6、ix 17, B - 1000 Brussels 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 80001-1:2011 E ICS 11.040.01; 35.240.80 English version Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, re

7、sponsibilities and activities (IEC 80001-1:2010) Application de la gestion des risques aux rseaux des technologies de linformation contenant des dispositifs mdicaux - Partie 1: Fonctions, responsabilits et activits (CEI 80001-1:2010) Anwendung des Risikomanagements fr IT-Netzwerke, die Medizinproduk

8、te beinhalten - Teil 1: Aufgaben, Verantwortlichkeiten und Aktivitten (IEC 80001-1:2010) This European Standard was approved by CENELEC on 2011-02-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the st

9、atus of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German

10、). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria,

11、Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 80001-1:20

12、11EN 80001-1:2011 - 2 - Foreword The text of document 62A/703/FDIS, future edition 1 of IEC 80001-1, prepared by SC 62A, Common aspects of electrical equipment used in medical practice, of IEC TC 62, Electrical equipment in medical practice, was submitted to the IEC-CENELEC parallel vote and was app

13、roved by CENELEC as EN 80001-1 on 2011-02-01. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights. The following dates were fixed: latest date

14、 by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-11-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2014-02-01 Terms defined in Clause 2 of this standard are printe

15、d in SMALL CAPITALS. For the purposes of this standard: “shall” means that compliance with a requirement is mandatory for compliance with this standard; “should” means that compliance with a requirement is recommended but is not mandatory for compliance with this standard; “may” is used to describe

16、a permissible way to achieve compliance with a requirement; and “establish” means to define, document, and implement. _ Endorsement notice The text of the International Standard IEC 80001-1:2010 was approved by CENELEC as a European Standard without any modification. In the official version, for Bib

17、liography, the following notes have to be added for the standards indicated: 1 IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006 (not modified). 2 IEC 61907:2009 NOTE Harmonized as EN 61907:2010 (not modified). 3 IEC 62304:2006 NOTE Harmonized as EN 62304:2006 (not modified). 4 ISO 14971:2007 NOTE

18、 Harmonized as EN ISO 14971:2009 (not modified). 7 ISO 16484-2:2004 NOTE Harmonized as EN ISO 16484-2:2004 (not modified). 8 ISO 9000:2005 NOTE Harmonized as EN ISO 9000:2005 (not modified). _ BS EN 80001-1:2011 2 80001-1 IEC:2010 CONTENTS INTRODUCTION. 6 1 Scope.9 2 Terms and definitions 9 3 Roles

19、and responsibilities.14 3.1 General .14 3.2 RESPONSIBLE ORGANIZATION . 14 3.3 TOP MANAGEMENT responsibilities . .15 3.4 MEDICAL IT-NETWORK RISK MANAGER 16 3.5 MEDICAL DEVICE manufacturer(s). 17 3.6 Providers of other information technology. 18 4 Life cycle RISK MANAGEMENT in MEDICAL IT-NETWORKS. .19

20、 4.1 Overview .19 4.2 RESPONSIBLE ORGANIZATION RISK MANAGEMENT.20 4.2.1 POLICY FOR RISK MANAGEMENT for incorporating MEDICAL DEVICES 20 4.2.2 RISK MANAGEMENT PROCESS .21 4.3 MEDICAL IT-NETWORK RISK MANAGEMENT planning and documentation . 21 4.3.1 Overview . 21 4.3.2 RISK-relevant asset description22

21、 4.3.3 MEDICAL IT-NETWORK documentation .22 4.3.4 RESPONSIBILITY AGREEMENT .22 4.3.5 RISK MANAGEMENT plan for the MEDICAL IT-NETWORK . 24 4.4 MEDICAL IT-NETWORK RISK MANAGEMENT24 4.4.1 Overview . 24 4.4.2 RISK ANALYSIS . 24 4.4.3 RISK EVALUATION .25 4.4.4 RISK CONTROL . 25 4.4.5 RESIDUAL RISK evalua

22、tion and reporting . 26 4.5 CHANGE-RELEASE MANAGEMENT and CONFIGURATION MANAGEMENT . .27 4.5.1 CHANGE-RELEASE MANAGEMENT PROCESS. 27 4.5.2 Decision on how to apply RISK MANAGEMENT .27 4.5.3 Go-live .29 4.6 Live network RISK MANAGEMENT . 29 4.6.1 Monitoring .29 4.6.2 EVENT MANAGEMENT . 29 5 Document

23、control . .30 5.1 Document control procedure. .30 5.2 MEDICAL IT-NETWORK RISK MANAGEMENT FILE . .30 Annex A (informative) Rationale. .31 Annex B (informative) Overview of RISK MANAGEMENT relationships . .35 Annex C (informative) Guidance on field of application . . 36 Annex D (informative) Relations

24、hip with ISO/IEC 20000-2:2005 Information technology Service management Part 2: Code of practice38 Bibliography. 42 BS EN 80001-1:201180001-1 IEC:2010 3 Figure 1 Illustration of TOP MANAGEMENT responsibilities. 16 Figure 2 Overview of life cycle of MEDICAL IT-NETWORKS including RISK MANAGEMENT 20 Fi

25、gure B.1 Overview of roles and relationships . .35 Figure D.1 Service management processes 39 Table A.1 Relationship between ISO 14971 and IEC 80001-1 . 33 Table C.1 IT-NETWORK scenarios that can be encountered in a clinical environment. 36 Table D.1 Relationship between IEC 80001-1 and ISO/IEC 2000

26、0-1:2005 or ISO/IEC 20000-2:2005. 40 BS EN 80001-1:2011 6 80001-1 IEC:2010 INTRODUCTION An increasing number of MEDICAL DEVICEs are designed to exchange information electronically with other equipment in the user environment, including other MEDICAL DEVICES. Such information is frequently exchanged

27、through an information technology network (IT-NETWORK) that also transfers data of a more general nature. At the same time, IT-NETWORKS are becoming increasingly vital to the clinical environment and are now required to carry increasingly diverse traffic, ranging from life-critical patient data requ

28、iring immediate delivery and response, to general corporate operations data and to email containing potential malicious content (e.g. viruses). For many jurisdictions, design and production of MEDICAL DEVICES is subject to regulation, and to standards recognized by the regulators. Traditionally, reg

29、ulators direct their attention to MEDICAL DEVICE manufacturers, by requiring design features and by requiring a documented PROCESS for design and manufacturing. MEDICAL DEVICES cannot be placed on the market in these jurisdictions without evidence that those requirements have been met. The use of th

30、e MEDICAL DEVICES by clinical staff is also subject to regulation. Members of clinical staff have to be appropriately trained and qualified, and are increasingly subject to defined PROCESSES designed to protect patients from unacceptable RISK. In contrast, the incorporation of MEDICAL DEVICES into I

31、T-NETWORKS in the clinical environment is a less regulated area. IEC 60601-1:2005 11)requires MEDICAL DEVICE manufacturers to include some information in ACCOMPANYING DOCUMENTS if the MEDICAL DEVICE is intended to be connected to an IT-NETWORK. Standards are also in place covering common information

32、 technology activities including planning, design and maintenance of IT-NETWORKS, for instance ISO 20000-1:2005 9. However, until the publication of this standard, no standard addressed how MEDICAL DEVICES can be connected to IT-NETWORKS, including general-purpose IT-NETWORKS, to achieve INTEROPERAB

33、ILITY without compromising the organization and delivery of health care in terms of SAFETY, EFFECTIVENESS, and DATA AND SYSTEM SECURITY. There remain a number of potential problems associated with the incorporation of MEDICAL DEVICES into IT-NETWORKS, including: lack of consideration for RISK from u

34、se of IT-NETWORKS during evaluation of clinical RISK; lack of support from manufacturers of MEDICAL DEVICES for the incorporation of their products into IT-NETWORKS, (e.g. the unavailability or inadequacy of information provided by the manufacturer to the OPERATOR of the IT-NETWORK); incorrect opera

35、tion or degraded performance (e.g. incompatibility or improper configuration) resulting from combining MEDICAL DEVICES and other equipment on the same IT-NETWORK; incorrect operation resulting from combining MEDICAL DEVICE SOFTWARE and other software applications (e.g. open email systems or computer

36、 games) in the same IT-NETWORK; lack of security controls on many MEDICAL DEVICES; and the conflict between the need for strict change control of MEDICAL DEVICES and the need for rapid response to the threat of cyberattack. When these problems manifest themselves, unintended consequences frequently

37、follow. This standard is addressed to RESPONSIBLE ORGANIZATIONS, to manufacturers of MEDICAL DEVICES, and to providers of other information technology. _ 1)Numbers in square brackets refer to the Bibliography. BS EN 80001-1:201180001-1 IEC:2010 7 This standard adopts the following principles as a ba

38、sis for its normative and informative sections: The incorporation or removal of a MEDICAL DEVICE or other components in an IT-NETWORKis a task which requires design of the action; this might be out of the control of the manufacturer of the MEDICAL DEVICE. RISK MANAGEMENT should be used before the in

39、corporation of a MEDICAL DEVICE into an IT-NETWORK takes place, and for any changes during the entire life cycle of the resulting MEDICAL IT-NETWORK, to avoid unacceptable RISKS, including possible RISK to patients, resulting from the incorporation of the MEDICAL DEVICE into the IT-NETWORK. Many thi

40、ngs are part of a RISK decision, such as liability, cost, or impact on mission. These should be considered in determining acceptable RISK in addition to the requirements described in this standard. Aspects of removal, maintenance, change or modification of equipment, items or components should be ad

41、dressed adequately in addition to the incorporation of MEDICAL DEVICES. The manufacturer of the MEDICAL DEVICE is responsible for RISK MANAGEMENT of theMEDICAL DEVICE during the design, implementation, and manufacturing of the MEDICAL DEVICE. This standard does not cover the RISK MANAGEMENT PROCESS

42、for the MEDICAL DEVICE. The manufacturer of a MEDICAL DEVICE intended to be incorporated into an IT-NETWORKmight need to provide information about the MEDICAL DEVICE that is necessary to allow the RESPONSIBLE ORGANIZATION to manage RISK according to this standard. This information can include, as pa

43、rt of the ACCOMPANYING DOCUMENTS, instructions specifically addressed to the person who incorporates a MEDICAL DEVICE into an IT-NETWORK. Such ACCOMPANYING DOCUMENTS should convey instructions about how to incorporate the MEDICAL DEVICE into the IT-NETWORK, how the MEDICAL DEVICE transfers informati

44、on over the IT-NETWORK, and the minimum IT-NETWORK characteristics necessary to enable the INTENDED USE of the MEDICAL DEVICE when it is incorporated into the IT-NETWORK. The ACCOMPANYING DOCUMENTS should warn of possible hazardous situations associated with failure or disruptions of the IT-NETWORK,

45、 and the misuse of the IT-NETWORK connection or of the information that is transferred over the IT-NETWORK. RESPONSIBILITY AGREEMENTS can establish roles and responsibilities among those engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK, all aspects of the life cycle of the resulti

46、ng MEDICAL IT-NETWORK and all activities that form part of that life cycle. The RESPONSIBLE ORGANIZATION is required to appoint people to certain roles defined in this standard. This standard defines the responsibilities of those roles. The most important of those roles is the MEDICAL IT-NETWORK RIS

47、K MANAGER. This role can be assigned to someone within the RESPONSIBLE ORGANIZATION or to an external contractor. The MEDICAL IT-NETWORK RISK MANAGER is responsible for ensuring that RISK MANAGEMENTis included during the PROCESSES of: planning and design of new incorporations of MEDICAL DEVICES or c

48、hanges to such incorporations; putting the MEDICAL IT-NETWORK into use and the consequent use of the MEDICAL IT-NETWORK; and CHANGE-RELEASE MANAGEMENT and change management of the IT-NETWORK during the IT-NETWORKS entire life cycle. RISK MANAGEMENT should be applied to address the following KEY PROP

49、ERTIES appropriate for the IT-NETWORK incorporating a MEDICAL DEVICE: SAFETY (freedom from unacceptable RISK of physical injury or damage to the health of people or damage to property or the environment); EFFECTIVENESS (ability to produce the intended result for the patient and the RESPONSIBLE ORGANIZATION); and BS EN 80001-1:2011 8 80001-1 IEC:2010 DATA AND SYSTEM SECURITY (an operational state of a MEDICAL I

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1