BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf

上传人:fuellot230 文档编号:578753 上传时间:2018-12-13 格式:PDF 页数:46 大小:984.82KB
下载 相关 举报
BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf_第1页
第1页 / 共46页
BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf_第2页
第2页 / 共46页
BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf_第3页
第3页 / 共46页
BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf_第4页
第4页 / 共46页
BS EN 80001-1-2011 Application of risk management for IT-networks incorporating medical devices Roles responsibilities and activities《集合医疗设备的IT网络的风险管理应用程序 作用 职责和行为》.pdf_第5页
第5页 / 共46页
亲,该文档总共46页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationApplication of risk management for IT-networks incorporating medical devicesPart 1: Roles, responsibilities and activitiesBS EN 80001-1:2011National forewordThis British Standard

2、 is the UK implementation of EN 80001-1:2011. It is identical to IEC 80001-1:2010.The UK participation in its preparation was entrusted by Technical CommitteeCH/62, Electrical Equipment in Medical Practice, to Subcommittee CH/62/1, Common aspects of Electrical Equipment used in Medical Practice, wit

3、h contribution from IST/35, Health Informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011ISBN 97

4、8 0 580 57854 0 ICS 11.040.01; 35.240.80Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2011.Amendments issued since publicationAmd. No. Date Text affec

5、tedBRITISH STANDARDBS EN 80001-1:2011EUROPEAN STANDARD EN 80001-1 NORME EUROPENNE EUROPISCHE NORM March 2011 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marn

6、ix 17, B - 1000 Brussels 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 80001-1:2011 E ICS 11.040.01; 35.240.80 English version Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, re

7、sponsibilities and activities (IEC 80001-1:2010) Application de la gestion des risques aux rseaux des technologies de linformation contenant des dispositifs mdicaux - Partie 1: Fonctions, responsabilits et activits (CEI 80001-1:2010) Anwendung des Risikomanagements fr IT-Netzwerke, die Medizinproduk

8、te beinhalten - Teil 1: Aufgaben, Verantwortlichkeiten und Aktivitten (IEC 80001-1:2010) This European Standard was approved by CENELEC on 2011-02-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the st

9、atus of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German

10、). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria,

11、Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 80001-1:20

12、11EN 80001-1:2011 - 2 - Foreword The text of document 62A/703/FDIS, future edition 1 of IEC 80001-1, prepared by SC 62A, Common aspects of electrical equipment used in medical practice, of IEC TC 62, Electrical equipment in medical practice, was submitted to the IEC-CENELEC parallel vote and was app

13、roved by CENELEC as EN 80001-1 on 2011-02-01. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights. The following dates were fixed: latest date

14、 by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-11-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2014-02-01 Terms defined in Clause 2 of this standard are printe

15、d in SMALL CAPITALS. For the purposes of this standard: “shall” means that compliance with a requirement is mandatory for compliance with this standard; “should” means that compliance with a requirement is recommended but is not mandatory for compliance with this standard; “may” is used to describe

16、a permissible way to achieve compliance with a requirement; and “establish” means to define, document, and implement. _ Endorsement notice The text of the International Standard IEC 80001-1:2010 was approved by CENELEC as a European Standard without any modification. In the official version, for Bib

17、liography, the following notes have to be added for the standards indicated: 1 IEC 60601-1:2005 NOTE Harmonized as EN 60601-1:2006 (not modified). 2 IEC 61907:2009 NOTE Harmonized as EN 61907:2010 (not modified). 3 IEC 62304:2006 NOTE Harmonized as EN 62304:2006 (not modified). 4 ISO 14971:2007 NOTE

18、 Harmonized as EN ISO 14971:2009 (not modified). 7 ISO 16484-2:2004 NOTE Harmonized as EN ISO 16484-2:2004 (not modified). 8 ISO 9000:2005 NOTE Harmonized as EN ISO 9000:2005 (not modified). _ BS EN 80001-1:2011 2 80001-1 IEC:2010 CONTENTS INTRODUCTION. 6 1 Scope.9 2 Terms and definitions 9 3 Roles

19、and responsibilities.14 3.1 General .14 3.2 RESPONSIBLE ORGANIZATION . 14 3.3 TOP MANAGEMENT responsibilities . .15 3.4 MEDICAL IT-NETWORK RISK MANAGER 16 3.5 MEDICAL DEVICE manufacturer(s). 17 3.6 Providers of other information technology. 18 4 Life cycle RISK MANAGEMENT in MEDICAL IT-NETWORKS. .19

20、 4.1 Overview .19 4.2 RESPONSIBLE ORGANIZATION RISK MANAGEMENT.20 4.2.1 POLICY FOR RISK MANAGEMENT for incorporating MEDICAL DEVICES 20 4.2.2 RISK MANAGEMENT PROCESS .21 4.3 MEDICAL IT-NETWORK RISK MANAGEMENT planning and documentation . 21 4.3.1 Overview . 21 4.3.2 RISK-relevant asset description22

21、 4.3.3 MEDICAL IT-NETWORK documentation .22 4.3.4 RESPONSIBILITY AGREEMENT .22 4.3.5 RISK MANAGEMENT plan for the MEDICAL IT-NETWORK . 24 4.4 MEDICAL IT-NETWORK RISK MANAGEMENT24 4.4.1 Overview . 24 4.4.2 RISK ANALYSIS . 24 4.4.3 RISK EVALUATION .25 4.4.4 RISK CONTROL . 25 4.4.5 RESIDUAL RISK evalua

22、tion and reporting . 26 4.5 CHANGE-RELEASE MANAGEMENT and CONFIGURATION MANAGEMENT . .27 4.5.1 CHANGE-RELEASE MANAGEMENT PROCESS. 27 4.5.2 Decision on how to apply RISK MANAGEMENT .27 4.5.3 Go-live .29 4.6 Live network RISK MANAGEMENT . 29 4.6.1 Monitoring .29 4.6.2 EVENT MANAGEMENT . 29 5 Document

23、control . .30 5.1 Document control procedure. .30 5.2 MEDICAL IT-NETWORK RISK MANAGEMENT FILE . .30 Annex A (informative) Rationale. .31 Annex B (informative) Overview of RISK MANAGEMENT relationships . .35 Annex C (informative) Guidance on field of application . . 36 Annex D (informative) Relations

24、hip with ISO/IEC 20000-2:2005 Information technology Service management Part 2: Code of practice38 Bibliography. 42 BS EN 80001-1:201180001-1 IEC:2010 3 Figure 1 Illustration of TOP MANAGEMENT responsibilities. 16 Figure 2 Overview of life cycle of MEDICAL IT-NETWORKS including RISK MANAGEMENT 20 Fi

25、gure B.1 Overview of roles and relationships . .35 Figure D.1 Service management processes 39 Table A.1 Relationship between ISO 14971 and IEC 80001-1 . 33 Table C.1 IT-NETWORK scenarios that can be encountered in a clinical environment. 36 Table D.1 Relationship between IEC 80001-1 and ISO/IEC 2000

26、0-1:2005 or ISO/IEC 20000-2:2005. 40 BS EN 80001-1:2011 6 80001-1 IEC:2010 INTRODUCTION An increasing number of MEDICAL DEVICEs are designed to exchange information electronically with other equipment in the user environment, including other MEDICAL DEVICES. Such information is frequently exchanged

27、through an information technology network (IT-NETWORK) that also transfers data of a more general nature. At the same time, IT-NETWORKS are becoming increasingly vital to the clinical environment and are now required to carry increasingly diverse traffic, ranging from life-critical patient data requ

28、iring immediate delivery and response, to general corporate operations data and to email containing potential malicious content (e.g. viruses). For many jurisdictions, design and production of MEDICAL DEVICES is subject to regulation, and to standards recognized by the regulators. Traditionally, reg

29、ulators direct their attention to MEDICAL DEVICE manufacturers, by requiring design features and by requiring a documented PROCESS for design and manufacturing. MEDICAL DEVICES cannot be placed on the market in these jurisdictions without evidence that those requirements have been met. The use of th

30、e MEDICAL DEVICES by clinical staff is also subject to regulation. Members of clinical staff have to be appropriately trained and qualified, and are increasingly subject to defined PROCESSES designed to protect patients from unacceptable RISK. In contrast, the incorporation of MEDICAL DEVICES into I

31、T-NETWORKS in the clinical environment is a less regulated area. IEC 60601-1:2005 11)requires MEDICAL DEVICE manufacturers to include some information in ACCOMPANYING DOCUMENTS if the MEDICAL DEVICE is intended to be connected to an IT-NETWORK. Standards are also in place covering common information

32、 technology activities including planning, design and maintenance of IT-NETWORKS, for instance ISO 20000-1:2005 9. However, until the publication of this standard, no standard addressed how MEDICAL DEVICES can be connected to IT-NETWORKS, including general-purpose IT-NETWORKS, to achieve INTEROPERAB

33、ILITY without compromising the organization and delivery of health care in terms of SAFETY, EFFECTIVENESS, and DATA AND SYSTEM SECURITY. There remain a number of potential problems associated with the incorporation of MEDICAL DEVICES into IT-NETWORKS, including: lack of consideration for RISK from u

34、se of IT-NETWORKS during evaluation of clinical RISK; lack of support from manufacturers of MEDICAL DEVICES for the incorporation of their products into IT-NETWORKS, (e.g. the unavailability or inadequacy of information provided by the manufacturer to the OPERATOR of the IT-NETWORK); incorrect opera

35、tion or degraded performance (e.g. incompatibility or improper configuration) resulting from combining MEDICAL DEVICES and other equipment on the same IT-NETWORK; incorrect operation resulting from combining MEDICAL DEVICE SOFTWARE and other software applications (e.g. open email systems or computer

36、 games) in the same IT-NETWORK; lack of security controls on many MEDICAL DEVICES; and the conflict between the need for strict change control of MEDICAL DEVICES and the need for rapid response to the threat of cyberattack. When these problems manifest themselves, unintended consequences frequently

37、follow. This standard is addressed to RESPONSIBLE ORGANIZATIONS, to manufacturers of MEDICAL DEVICES, and to providers of other information technology. _ 1)Numbers in square brackets refer to the Bibliography. BS EN 80001-1:201180001-1 IEC:2010 7 This standard adopts the following principles as a ba

38、sis for its normative and informative sections: The incorporation or removal of a MEDICAL DEVICE or other components in an IT-NETWORKis a task which requires design of the action; this might be out of the control of the manufacturer of the MEDICAL DEVICE. RISK MANAGEMENT should be used before the in

39、corporation of a MEDICAL DEVICE into an IT-NETWORK takes place, and for any changes during the entire life cycle of the resulting MEDICAL IT-NETWORK, to avoid unacceptable RISKS, including possible RISK to patients, resulting from the incorporation of the MEDICAL DEVICE into the IT-NETWORK. Many thi

40、ngs are part of a RISK decision, such as liability, cost, or impact on mission. These should be considered in determining acceptable RISK in addition to the requirements described in this standard. Aspects of removal, maintenance, change or modification of equipment, items or components should be ad

41、dressed adequately in addition to the incorporation of MEDICAL DEVICES. The manufacturer of the MEDICAL DEVICE is responsible for RISK MANAGEMENT of theMEDICAL DEVICE during the design, implementation, and manufacturing of the MEDICAL DEVICE. This standard does not cover the RISK MANAGEMENT PROCESS

42、for the MEDICAL DEVICE. The manufacturer of a MEDICAL DEVICE intended to be incorporated into an IT-NETWORKmight need to provide information about the MEDICAL DEVICE that is necessary to allow the RESPONSIBLE ORGANIZATION to manage RISK according to this standard. This information can include, as pa

43、rt of the ACCOMPANYING DOCUMENTS, instructions specifically addressed to the person who incorporates a MEDICAL DEVICE into an IT-NETWORK. Such ACCOMPANYING DOCUMENTS should convey instructions about how to incorporate the MEDICAL DEVICE into the IT-NETWORK, how the MEDICAL DEVICE transfers informati

44、on over the IT-NETWORK, and the minimum IT-NETWORK characteristics necessary to enable the INTENDED USE of the MEDICAL DEVICE when it is incorporated into the IT-NETWORK. The ACCOMPANYING DOCUMENTS should warn of possible hazardous situations associated with failure or disruptions of the IT-NETWORK,

45、 and the misuse of the IT-NETWORK connection or of the information that is transferred over the IT-NETWORK. RESPONSIBILITY AGREEMENTS can establish roles and responsibilities among those engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK, all aspects of the life cycle of the resulti

46、ng MEDICAL IT-NETWORK and all activities that form part of that life cycle. The RESPONSIBLE ORGANIZATION is required to appoint people to certain roles defined in this standard. This standard defines the responsibilities of those roles. The most important of those roles is the MEDICAL IT-NETWORK RIS

47、K MANAGER. This role can be assigned to someone within the RESPONSIBLE ORGANIZATION or to an external contractor. The MEDICAL IT-NETWORK RISK MANAGER is responsible for ensuring that RISK MANAGEMENTis included during the PROCESSES of: planning and design of new incorporations of MEDICAL DEVICES or c

48、hanges to such incorporations; putting the MEDICAL IT-NETWORK into use and the consequent use of the MEDICAL IT-NETWORK; and CHANGE-RELEASE MANAGEMENT and change management of the IT-NETWORK during the IT-NETWORKS entire life cycle. RISK MANAGEMENT should be applied to address the following KEY PROP

49、ERTIES appropriate for the IT-NETWORK incorporating a MEDICAL DEVICE: SAFETY (freedom from unacceptable RISK of physical injury or damage to the health of people or damage to property or the environment); EFFECTIVENESS (ability to produce the intended result for the patient and the RESPONSIBLE ORGANIZATION); and BS EN 80001-1:2011 8 80001-1 IEC:2010 DATA AND SYSTEM SECURITY (an operational state of a MEDICAL I

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
  • ASTM D3902-1990(2004)e1 Standard Test Method for Rubber Hose for Gas Diffusion of Liquefied Petroleum Gas《液化石油气气体扩散用橡胶软管的试验方法》.pdf ASTM D3902-1990(2004)e1 Standard Test Method for Rubber Hose for Gas Diffusion of Liquefied Petroleum Gas《液化石油气气体扩散用橡胶软管的试验方法》.pdf
  • ASTM D3902-1990(2012) Standard Test Method for Rubber Hose for Gas Diffusion of Liquefied Petroleum Gas 《液化石油气气体扩散用橡胶软管的标准试验方法》.pdf ASTM D3902-1990(2012) Standard Test Method for Rubber Hose for Gas Diffusion of Liquefied Petroleum Gas 《液化石油气气体扩散用橡胶软管的标准试验方法》.pdf
  • ASTM D3903-2003 Standard Specification for Rubber Seals Used in Air-Heat Transport of Solar Energy Systems《太阳能系统的热空气传递用橡胶密封件的标准规范》.pdf ASTM D3903-2003 Standard Specification for Rubber Seals Used in Air-Heat Transport of Solar Energy Systems《太阳能系统的热空气传递用橡胶密封件的标准规范》.pdf
  • ASTM D3903-2003(2007) Standard Specification for Rubber Seals Used in Air-Heat Transport of Solar Energy Systems《阳能系统的热空气传递用橡胶密封件的标准规范》.pdf ASTM D3903-2003(2007) Standard Specification for Rubber Seals Used in Air-Heat Transport of Solar Energy Systems《阳能系统的热空气传递用橡胶密封件的标准规范》.pdf
  • ASTM D3903-2015 Standard Specification for Rubber Seals Used in Air-Heat Transport of Solar Energy Systems《太阳能系统的热空气传递用橡胶密封件的标准规格》.pdf ASTM D3903-2015 Standard Specification for Rubber Seals Used in Air-Heat Transport of Solar Energy Systems《太阳能系统的热空气传递用橡胶密封件的标准规格》.pdf
  • ASTM D3906-2003 Standard Test Method for Determination of Relative X-ray Diffraction Intensities of Faujasite-Type Zeolite-Containing Materials《八面沸石型包含沸石材料的相对X射线衍射强度的测定用标准试验方法》.pdf ASTM D3906-2003 Standard Test Method for Determination of Relative X-ray Diffraction Intensities of Faujasite-Type Zeolite-Containing Materials《八面沸石型包含沸石材料的相对X射线衍射强度的测定用标准试验方法》.pdf
  • ASTM D3906-2003(2008) Standard Test Method for Determination of Relative X-ray Diffraction Intensities of Faujasite-Type Zeolite-Containing Materials《测定八面沸石型含沸石材料的相对X射线衍射强度的试验方法》.pdf ASTM D3906-2003(2008) Standard Test Method for Determination of Relative X-ray Diffraction Intensities of Faujasite-Type Zeolite-Containing Materials《测定八面沸石型含沸石材料的相对X射线衍射强度的试验方法》.pdf
  • ASTM D3906-2003(2013) Standard Test Method for Determination of Relative X-ray Diffraction Intensities of Faujasite-Type Zeolite-Containing Materials《测定八面沸石型含沸石材料的相对X射线衍射强度的标准试验方法》.pdf ASTM D3906-2003(2013) Standard Test Method for Determination of Relative X-ray Diffraction Intensities of Faujasite-Type Zeolite-Containing Materials《测定八面沸石型含沸石材料的相对X射线衍射强度的标准试验方法》.pdf
  • ASTM D3907 D3907M-2013 Standard Test Method for Testing Fluid Catalytic Cracking (FCC) Catalysts by Microactivity Test《使用微活性试验法测试流化床催化裂化(FCC)催化剂的标准试验方法》.pdf ASTM D3907 D3907M-2013 Standard Test Method for Testing Fluid Catalytic Cracking (FCC) Catalysts by Microactivity Test《使用微活性试验法测试流化床催化裂化(FCC)催化剂的标准试验方法》.pdf
  • 相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1