1、BSI Standards PublicationPD ISO/TR 80001-2-6:2014Application of riskmanagement for IT-networksincorporating medical devicesPart 2-6: Application guidance Guidancefor responsibility agreementsPD ISO/TR 80001-2-6:2014 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation
2、of ISO/TR80001-2-6:2014.The UK participation in its preparation was entrusted to TechnicalCommittee CH/62/1, Common aspects of Electrical Equipment used inMedical Practice.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purpo
3、rt to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 82507 1ICS 11.040.01; 35.240.80Compliance with a British Standard cannot confer immunity fromlegal o
4、bligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 30 November 2014.Amendments issued since publicationDate Text affectedPD ISO/TR 80001-2-6:2014Reference numberISO/TR 80001-2-6:2014(E)ISO 2014TECHNICAL REPORT ISO/TR80001-2-6First ed
5、ition2014-12-01Application of risk management for IT-networks incorporating medical device Part 2-6: Application guidance Guidance for responsibility agreements Application de la gestion des risques pour les rseaux intgrant appareils mdicaux Partie 2-6: Application guidage Orientation des accords de
6、 responsabilit PD ISO/TR 80001-2-6:2014ISO/TR 80001-2-6:2014(E) COPYRIGHT PROTECTED DOCUMENT ISO 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or
7、 posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail
8、copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2014 All rights reservedPD ISO/TR 80001-2-6:2014ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved iiiContents PageForeword iv Introduction . v 1 Scope 1 1.1 Purpose 1 1.2 Prerequisites 1 2 Normative references 1 3 Terms and definit
9、ions . 1 4 Key aspects for RESPONSIBILITY AGREEMENTS 5 4.1 Reasons and rationale 5 4.2 Participants 5 4.3 Proposed types of RESPONSIBILITY AGREEMENTS . 5 4.4 Communication control 5 4.4.1 Bilateral versus multilateral RESPONSIBILITY AGREEMENTS 5 4.4.2 Non-disclosure agreements . 5 4.4.3 Update of in
10、formation and documentation . 6 4.5 Responsibility for establishing 6 4.6 Methods for determination and of responsibilities 6 4.7 Life cycle considerations 6 5 Elements of a RESPONSIBILITY AGREEMENT 7 Annex A (informative) RACI chart 11 Annex B (informative) Typical documents 12 PD ISO/TR 80001-2-6:
11、2014ISO TR 80001-2-6:2014(E) iv ISO 2014 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical commit
12、tees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the In
13、ternational Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International
14、 Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different k
15、ind from that which is normally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until th
16、e data it provides are considered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO TR 80001-2-6 was prepared by T
17、echnical Committee ISO/TC 215, Health informatics, jointly with IEC Subcommittee IEC/SC 62A. ISO/IEC TR 80001 consists of the following parts, under the general title Application of risk management for IT-networks incorporating medical devices. Part 1: Roles, responsibilities and activities Part 2-1
18、: Step-by-step risk management of medical IT-networks Practical applications and examples Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls Part 2-3: Guidance for wireless networks Part 2-4: Application guidance General implementation guidan
19、ce for Healthcare Delivery Organizations Part 2-5: Application guidance Guidance on distributed alarm systems (in development) Part 2-6: Application guidance Guidance for responsibility agreements Part 2-7: IT-networks incorporating medical devices - Part 2-7: Application Guidance - Guidance for Hea
20、lthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1 (in development) Part 2-8: Application of risk management for IT-networks incorporating medical devices Part 2-8: Application guidance - Guidance on standards for establishing the security capabilities ide
21、ntified in IEC 80001-2-2 (in development) PD ISO/TR 80001-2-6:2014ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved vIntroduction 0.1 Background IEC 80001-1 was developed to meet the need to managing RISKS associated with the increasing prevalence of MEDICAL DEVICES being connected to general pu
22、rpose IT-NETWORKS. The standard introduces the notion of a RESPONSIBILITY AGREEMENT covering roles and responsibilities of the stakeholders. This Technical Report provides practical guidance to RESPONSIBLE ORGANIZATIONS on establishing a RESPONSIBILITY AGREEMENT among all stakeholders involved, name
23、ly the RESPONSIBLE ORGANIZATION, the MEDICAL DEVICE manufacturer(s) and the IT supplier(s). Examples of situations where a RESPONSIBILITY AGREEMENT could prove useful when an IT-NETWORK incorporates MEDICAL DEVICES. The benefits of the RESPONSIBILITY AGREEMENT include: a) The roles and responsibilit
24、ies of the stakeholders are identified and communicated in written form. It is essential to have a clear understanding of the clinical dependencies on the network and to identify the roles and responsibilities of the stakeholders, including clinical staff and the MEDICAL DEVICE manufacturers. The or
25、ganization or department responsible for configurations control and maintenance of the IT-NETWORK should have, or establish if necessary, change control procedures to manage the RISKS to services supported by the network arising from the implementation of changes to network (e.g. software upgrade to
26、 network components). EXAMPLE 1 Common examples include software upgrades for antivirus software or bug fixes in networking switches and routers. Before upgrading hard/soft/firmware on infrastructure supporting MEDICAL DEVICES and medical systems, it is important that MEDICAL DEVICES that can be imp
27、acted are identified through an impact assessment. To undertake such an assessment requires either detailed engineering knowledge of each component and its dependencies or for example, the co-operation of the respective manufacturer. Whichever party takes responsibility for this should then review a
28、nd validate their systems on the new hard/soft/firmware. It is also important to ensure that whenever practicable, there is a back-out/regression plan which has also been tested. In this scenario, the RESPONSIBILITY AGREEMENT would set out the responsibilities of each party, e.g., How such activitie
29、s would be initiated, who would notify whom, when, with what information and how would they be expected to respond. There have already been documented instances where MEDICAL DEVICES have been adversely affected from such changes and this was one reason for US FDAs “Guidance for Industry - Cybersecu
30、rity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software.“ See: http:/www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077812.htm b) A clinical user of a MEDICAL DEVICE can desire to connect the MEDICAL DEVICE to a general purpose IT-NETWORK. Having a PRO
31、CESS in place to inform and involve relevant stakeholders early in the planning stage (i.e., prior to go live) could help avert uninformed decision making and implementation that could adversely impact other clinical systems that rely on the IT-NETWORK. EXAMPLE 2 Demand already exists for this capab
32、ility, e.g., delivery of MEDICAL DEVICE alarms via wireless communications devices carried by PATIENT care staff, automated/remote programming of infusion therapy pumps and Admit/Discharge/Transfer data feeds to medical monitoring systems. When doing so requires multiple otherwise independent stakeh
33、olders to be responsible for aspects of the systems development, implementation and operation, and maintenance, it is imperative that all stakeholders are explicitly aware and accepting of their responsibilities. A RESPONSIBILITY AGREEMENT serves as a vehicle to accomplish this. PD ISO/TR 80001-2-6:
34、2014ISO TR 80001-2-6:2014(E) vi ISO 2014 All rights reserved0.2 Normative requirements from IEC 80001-1 In addition to the languages of subclause 4.3.4 describing the RESPONSIBILITY AGREEMENT, subclauses 3.5 and 3.6 require information to be made available to the RESPONSIBLE ORGANIZATION by MEDICAL
35、DEVICE manufacturers and IT supplier, respectively. Both subclauses acknowledge the possibility that the information identified may be insufficient to address the RESPONSIBLE ORGANIZATIONS RISK MANAGEMENT needs by including the following notes: NOTE 1 Where the content made available does not meet t
36、he RESPONSIBLE ORGANIZATIONS RISK MANAGEMENT need, additional content can be made available under a RESPONSIBILITY AGREEMENT. NOTE 2 A RESPONSIBILITY AGREEMENT between the RESPONSIBLE ORGANIZATION and a MEDICAL DEVICE manufacturer can be used to identify and share the documentation needed. PD ISO/TR
37、 80001-2-6:2014TECHNICAL REPORT ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved 1Application of risk management for IT-networks incorporating medical devices Part 2-6: Application guidance Part 2-6: Guidance for responsiblity agreements 1 Scope 1.1 Purpose This Technical Report provides guidan
38、ce on implementing RESPONSIBILITY AGREEMENTS, which are described in IEC 80001-1 as used to establish the roles and responsibilities among the stakeholders engaged in the incorporation of a MEDICAL DEVICE into an IT-NETWORK in order to support compliance to IEC 80001-1. Stakeholders may include RESP
39、ONSIBLE ORGANIZATIONS, IT suppliers, MEDICAL DEVICE manufacturers and others. The goal of the RESPONSIBILITY AGREEMENT is that these roles and responsibilities should cover the complete lifecycle of the resulting MEDICAL IT-NETWORK. 1.2 Prerequisites The RESPONSIBLE ORGANIZATIONS (ROs) TOP MANAGEMEN
40、T has accepted responsibility for the successful implementation of IEC 80001-1. As required by IEC 80001-1, the RO has created and approved policies for the RISK MANAGEMENT PROCESS and RISK acceptability criteria while balancing the three KEY PROPERTIES with the mission of the RO. The RO has identif
41、ied and provisioned adequate resources and assigned qualified personnel to perform tasks related to the standard. The RO has appointed a MEDICAL IT-NETWORK RISK MANAGER and is prepared to establish the RESPONSIBILITY AGREEMENT. 2 Normative references The following document, in whole or in part, is n
42、ormatively referenced in this document and is indispensable for its application. As a dated reference, only the edition cited applies. IEC 80001-1:2010, Application of risk management for IT -networks incorporating medical devices Part 1: Roles, responsibilities and activities 3 Terms and definition
43、s 3.1 CHANGE PERMIT outcome of the RISK MANAGEMENT PROCESS consisting of a document that allows a specified change or type of change without further RISK MANAGEMENT activities subject to specified constraints SOURCE: IEC 80001-1:2010, 2.3 3.2 DATA AND SYSTEM SECURITY operational state of a MEDICAL I
44、T-NETWORK in which information assets (data and systems) are reasonably protected from degradation of confidentiality, integrity, and availability PD ISO/TR 80001-2-6:2014ISO TR 80001-2-6:2014(E) 2 ISO 2014 All rights reservedSOURCE: IEC 80001-1:2010, 2.5 3.3 EFFECTIVENESS ability to produce the int
45、ended result for the subject of care and the RESPONSIBLE ORGANIZATION SOURCE: IEC 80001-1:2010, 2.6 3.4 EVENT MANAGEMENT PROCESS that ensures that all events that can or might negatively impact the operation of the IT-NETWORK are captured, assessed, and managed in a controlled manner SOURCE: IEC 800
46、01-1:2010, 2.7 3.5 HARM physical injury or damage to the health of people, or damage to property or the environment, or reduction in EFFECTIVENESS, or breach of DATA AND SYSTEM SECURITY SOURCE: IEC 80001-1:2010, 2.8 3.6 HAZARD potential source of HARM SOURCE: IEC 80001-1:2010, 2.9 3.7 INFORMATION TE
47、CHNOLOGY branch of engineering that deals with the use of computers and telecommunications to retrieve, store, and transmit information 3.8 IT-NETWORK electronic data transmission facility which can comprise of just a point-to-point wire link between two devices, or a complex arrangement of transmis
48、sion lines. SOURCE: IEC 80001-1:2010, 2.12 3.9 KEY PROPERTIES three RISK managed characteristics (SAFETY, EFFECTIVENESS, and DATA AND SYSTEMS SECURITY) of MEDICAL IT-NETWORKS SOURCE: IEC 80001-1:2010, 2.13 3.10 MEDICAL DEVICE Means any instrument, apparatus, implement, machine, appliance, implant, i
49、n vitro reagent or calibrator, software, material or other similar or related article a) intended by the manufacturer to be used, alone or in combination, for human beings for one or more of the specific purpose(s) of: diagnosis, prevention, monitoring, treatment or alleviation of disease, diagnosis, monitoring, treatment, alleviation of or compensation for an injury, PD ISO/TR 80001-2-6:2014ISO TR 80001-2-6:2014(E) ISO 2014 All rights reserved investigation, replacement, modificat
