1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationApplication of risk management for IT-networks incorporating medical devicesPart 1: Roles, responsibilities and activitiesBS EN 80001-1:2011National forewordThis British Standard
2、 is the UK implementation of EN 80001-1:2011. It is identical to IEC 80001-1:2010.The UK participation in its preparation was entrusted by Technical CommitteeCH/62, Electrical Equipment in Medical Practice, to Subcommittee CH/62/1, Common aspects of Electrical Equipment used in Medical Practice, wit
3、h contribution from IST/35, Health Informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011ISBN 97
4、8 0 580 57854 0 ICS 11.040.01; 35.240.80Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2011.Amendments issued since publicationAmd. No. Date Text affec
5、tedBRITISH STANDARDBS EN 80001-1:2011EUROPEAN STANDARD EN 80001-1 NORME EUROPENNE EUROPISCHE NORM March 2011 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marn
6、ix 17, B - 1000 Brussels 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 80001-1:2011 E ICS 11.040.01; 35.240.80 English version Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, re
7、sponsibilities and activities (IEC 80001-1:2010) Application de la gestion des risques aux rseaux des technologies de linformation contenant des dispositifs mdicaux - Partie 1: Fonctions, responsabilits et activits (CEI 80001-1:2010) Anwendung des Risikomanagements fr IT-Netzwerke, die Medizinproduk
8、te beinhalten - Teil 1: Aufgaben, Verantwortlichkeiten und Aktivitten (IEC 80001-1:2010) This European Standard was approved by CENELEC on 2011-02-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the st
9、atus of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German
10、). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria,
11、Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 80001-1:20
12、11EN 80001-1:2011 - 2 - Foreword The text of document 62A/703/FDIS, future edition 1 of IEC 80001-1, prepared by SC 62A, Common aspects of electrical equipment used in medical practice, of IEC TC 62, Electrical equipment in medical practice, was submitted to the IEC-CENELEC parallel vote and was app
13、roved by CENELEC as EN 80001-1 on 2011-02-01. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights. The following dates were fixed: latest date
14、 by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-11-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2014-02-01 Terms defined in Clause 2 of this standard are printe
15、d in SMALL CAPITALS. For the purposes of this standard: “shall” means that compliance with a requirement is mandatory for compliance with this standard; “should” means that compliance with a requirement is recommended but is not mandatory for compliance with this standard; “may” is used to describe
16、a permissible way to achieve compliance with a requirement; and “establish” means to define, document, and implement. _ Endorsement notice The text of the International Standard IEC 80001-1:2010 was approved by CENELEC as a European Standard without any modification. In the official version, for Bib
17、liography, the following notes have to be added for the standards indicated: 1 IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006 (not modified). 2 IEC 61907:2009 NOTE Harmonized as EN 61907:2010 (not modified). 3 IEC 62304:2006 NOTE Harmonized as EN 62304:2006 (not modified). 4 ISO 14971:2007 NOTE
18、 Harmonized as EN ISO 14971:2009 (not modified). 7 ISO 16484-2:2004 NOTE Harmonized as EN ISO 16484-2:2004 (not modified). 8 ISO 9000:2005 NOTE Harmonized as EN ISO 9000:2005 (not modified). _ BS EN 80001-1:2011 2 80001-1 IEC:2010 CONTENTS INTRODUCTION. 6 1 Scope.9 2 Terms and definitions 9 3 Roles
19、and responsibilities.14 3.1 General .14 3.2 RESPONSIBLE ORGANIZATION . 14 3.3 TOP MANAGEMENT responsibilities . .15 3.4 MEDICAL IT-NETWORK RISK MANAGER 16 3.5 MEDICAL DEVICE manufacturer(s). 17 3.6 Providers of other information technology. 18 4 Life cycle RISK MANAGEMENT in MEDICAL IT-NETWORKS. .19
20、 4.1 Overview .19 4.2 RESPONSIBLE ORGANIZATION RISK MANAGEMENT.20 4.2.1 POLICY FOR RISK MANAGEMENT for incorporating MEDICAL DEVICES 20 4.2.2 RISK MANAGEMENT PROCESS .21 4.3 MEDICAL IT-NETWORK RISK MANAGEMENT planning and documentation . 21 4.3.1 Overview . 21 4.3.2 RISK-relevant asset description22
21、 4.3.3 MEDICAL IT-NETWORK documentation .22 4.3.4 RESPONSIBILITY AGREEMENT .22 4.3.5 RISK MANAGEMENT plan for the MEDICAL IT-NETWORK . 24 4.4 MEDICAL IT-NETWORK RISK MANAGEMENT24 4.4.1 Overview . 24 4.4.2 RISK ANALYSIS . 24 4.4.3 RISK EVALUATION .25 4.4.4 RISK CONTROL . 25 4.4.5 RESIDUAL RISK evalua
22、tion and reporting . 26 4.5 CHANGE-RELEASE MANAGEMENT and CONFIGURATION MANAGEMENT . .27 4.5.1 CHANGE-RELEASE MANAGEMENT PROCESS. 27 4.5.2 Decision on how to apply RISK MANAGEMENT .27 4.5.3 Go-live .29 4.6 Live network RISK MANAGEMENT . 29 4.6.1 Monitoring .29 4.6.2 EVENT MANAGEMENT . 29 5 Document
23、control . .30 5.1 Document control procedure. .30 5.2 MEDICAL IT-NETWORK RISK MANAGEMENT FILE . .30 Annex A (informative) Rationale. .31 Annex B (informative) Overview of RISK MANAGEMENT relationships . .35 Annex C (informative) Guidance on field of application . . 36 Annex D (informative) Relations
24、hip with ISO/IEC 20000-2:2005 Information technology Service management Part 2: Code of practice38 Bibliography. 42 BS EN 80001-1:201180001-1 IEC:2010 3 Figure 1 Illustration of TOP MANAGEMENT responsibilities. 16 Figure 2 Overview of life cycle of MEDICAL IT-NETWORKS including RISK MANAGEMENT 20 Fi
25、gure B.1 Overview of roles and relationships . .35 Figure D.1 Service management processes 39 Table A.1 Relationship between ISO 14971 and IEC 80001-1 . 33 Table C.1 IT-NETWORK scenarios that can be encountered in a clinical environment. 36 Table D.1 Relationship between IEC 80001-1 and ISO/IEC 2000
26、0-1:2005 or ISO/IEC 20000-2:2005. 40 BS EN 80001-1:2011 6 80001-1 IEC:2010 INTRODUCTION An increasing number of MEDICAL DEVICEs are designed to exchange information electronically with other equipment in the user environment, including other MEDICAL DEVICES. Such information is frequently exchanged
27、through an information technology network (IT-NETWORK) that also transfers data of a more general nature. At the same time, IT-NETWORKS are becoming increasingly vital to the clinical environment and are now required to carry increasingly diverse traffic, ranging from life-critical patient data requ
28、iring immediate delivery and response, to general corporate operations data and to email containing potential malicious content (e.g. viruses). For many jurisdictions, design and production of MEDICAL DEVICES is subject to regulation, and to standards recognized by the regulators. Traditionally, reg
29、ulators direct their attention to MEDICAL DEVICE manufacturers, by requiring design features and by requiring a documented PROCESS for design and manufacturing. MEDICAL DEVICES cannot be placed on the market in these jurisdictions without evidence that those requirements have been met. The use of th
30、e MEDICAL DEVICES by clinical staff is also subject to regulation. Members of clinical staff have to be appropriately trained and qualified, and are increasingly subject to defined PROCESSES designed to protect patients from unacceptable RISK. In contrast, the incorporation of MEDICAL DEVICES into I
31、T-NETWORKS in the clinical environment is a less regulated area. IEC 60601-1:2005 11)requires MEDICAL DEVICE manufacturers to include some information in ACCOMPANYING DOCUMENTS if the MEDICAL DEVICE is intended to be connected to an IT-NETWORK. Standards are also in place covering common information
32、 technology activities including planning, design and maintenance of IT-NETWORKS, for instance ISO 20000-1:2005 9. However, until the publication of this standard, no standard addressed how MEDICAL DEVICES can be connected to IT-NETWORKS, including general-purpose IT-NETWORKS, to achieve INTEROPERAB
33、ILITY without compromising the organization and delivery of health care in terms of SAFETY, EFFECTIVENESS, and DATA AND SYSTEM SECURITY. There remain a number of potential problems associated with the incorporation of MEDICAL DEVICES into IT-NETWORKS, including: lack of consideration for RISK from u
34、se of IT-NETWORKS during evaluation of clinical RISK; lack of support from manufacturers of MEDICAL DEVICES for the incorporation of their products into IT-NETWORKS, (e.g. the unavailability or inadequacy of information provided by the manufacturer to the OPERATOR of the IT-NETWORK); incorrect opera
35、tion or degraded performance (e.g. incompatibility or improper configuration) resulting from combining MEDICAL DEVICES and other equipment on the same IT-NETWORK; incorrect operation resulting from combining MEDICAL DEVICE SOFTWARE and other software applications (e.g. open email systems or computer
36、 games) in the same IT-NETWORK; lack of security controls on many MEDICAL DEVICES; and the conflict between the need for strict change control of MEDICAL DEVICES and the need for rapid response to the threat of cyberattack. When these problems manifest themselves, unintended consequences frequently
37、follow. This standard is addressed to RESPONSIBLE ORGANIZATIONS, to manufacturers of MEDICAL DEVICES, and to providers of other information technology. _ 1)Numbers in square brackets refer to the Bibliography. BS EN 80001-1:201180001-1 IEC:2010 7 This standard adopts the following principles as a ba
38、sis for its normative and informative sections: The incorporation or removal of a MEDICAL DEVICE or other components in an IT-NETWORKis a task which requires design of the action; this might be out of the control of the manufacturer of the MEDICAL DEVICE. RISK MANAGEMENT should be used before the in
39、corporation of a MEDICAL DEVICE into an IT-NETWORK takes place, and for any changes during the entire life cycle of the resulting MEDICAL IT-NETWORK, to avoid unacceptable RISKS, including possible RISK to patients, resulting from the incorporation of the MEDICAL DEVICE into the IT-NETWORK. Many thi
40、ngs are part of a RISK decision, such as liability, cost, or impact on mission. These should be considered in determining acceptable RISK in addition to the requirements described in this standard. Aspects of removal, maintenance, change or modification of equipment, items or components should be ad
41、dressed adequately in addition to the incorporation of MEDICAL DEVICES. The manufacturer of the MEDICAL DEVICE is responsible for RISK MANAGEMENT of theMEDICAL DEVICE during the design, implementation, and manufacturing of the MEDICAL DEVICE. This standard does not cover the RISK MANAGEMENT PROCESS
42、for the MEDICAL DEVICE. The manufacturer of a MEDICAL DEVICE intended to be incorporated into an IT-NETWORKmight need to provide information about the MEDICAL DEVICE that is necessary to allow the RESPONSIBLE ORGANIZATION to manage RISK according to this standard. This information can include, as pa
43、rt of the ACCOMPANYING DOCUMENTS, instructions specifically addressed to the person who incorporates a MEDICAL DEVICE into an IT-NETWORK. Such ACCOMPANYING DOCUMENTS should convey instructions about how to incorporate the MEDICAL DEVICE into the IT-NETWORK, how the MEDICAL DEVICE transfers informati
44、on over the IT-NETWORK, and the minimum IT-NETWORK characteristics necessary to enable the INTENDED USE of the MEDICAL DEVICE when it is incorporated into the IT-NETWORK. The ACCOMPANYING DOCUMENTS should warn of possible hazardous situations associated with failure or disruptions of the IT-NETWORK,
45、 and the misuse of the IT-NETWORK connection or of the information that is transferred over the IT-NETWORK. RESPONSIBILITY AGREEMENTS can establish roles and responsibilities among those engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK, all aspects of the life cycle of the resulti
46、ng MEDICAL IT-NETWORK and all activities that form part of that life cycle. The RESPONSIBLE ORGANIZATION is required to appoint people to certain roles defined in this standard. This standard defines the responsibilities of those roles. The most important of those roles is the MEDICAL IT-NETWORK RIS
47、K MANAGER. This role can be assigned to someone within the RESPONSIBLE ORGANIZATION or to an external contractor. The MEDICAL IT-NETWORK RISK MANAGER is responsible for ensuring that RISK MANAGEMENTis included during the PROCESSES of: planning and design of new incorporations of MEDICAL DEVICES or c
48、hanges to such incorporations; putting the MEDICAL IT-NETWORK into use and the consequent use of the MEDICAL IT-NETWORK; and CHANGE-RELEASE MANAGEMENT and change management of the IT-NETWORK during the IT-NETWORKS entire life cycle. RISK MANAGEMENT should be applied to address the following KEY PROP
49、ERTIES appropriate for the IT-NETWORK incorporating a MEDICAL DEVICE: SAFETY (freedom from unacceptable RISK of physical injury or damage to the health of people or damage to property or the environment); EFFECTIVENESS (ability to produce the intended result for the patient and the RESPONSIBLE ORGANIZATION); and BS EN 80001-1:2011 8 80001-1 IEC:2010 DATA AND SYSTEM SECURITY (an operational state of a MEDICAL I