KS X IEC 80001-1-2012 Application of risk management for IT-networks incorporating medical devices－Part 1：Roles responsibilities and activities《并入IT网络的医疗设备用风险管理的应用 第1部分 任务、职责和活动》.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X IEC 80001 1 IT 1： , KS X IEC 80001 1:2012 2012 1 2 http:/www.kats.go.krKS X IEC 80001 1:2012 : ( ) ( ) () ( ) : (http:/www.standard.go.kr) ： ：2012 1 2 2012-0002 ： ： ( 02-509-7294) (http:/www.kats.go.kr). 10 5 , . KS X IEC 80001 1:2012 i iii 1 1 2 .2 3 .

2、6 3.1 .6 3.2 6 3.3 .7 3.4 IT 8 3.5 .9 3.6 10 4 IT .11 4.1 .11 4.2 12 4.3 IT 13 4.4 IT .16 4.5 .19 4.6 .21 5 .22 5.1 .22 5.2 IT 22 A( ) .24 A.1 .24 A.2 3. 24 A.3 4. IT .25 B( ) .28 C( ) 29 C.1 .29 C.2 .29 D( ) KS X ISO/IEC 20000 2： 2007, 2： (Information technology Service management Part 2： Code of p

3、ractice) 31 D.1 .31 D.2 31 35 A.1 ISO 14971 IEC 80001 1 26 C.1 IT .29 D.1 KS X IEC 80001-1 KS X ISO/IEC 20000 1： 2007 KS X ISO/IEC 20000 2： 2007 KS X IEC 80001 1:2012 ii 32 1 8 2 IT 12 B.1 28 D.1 .32 KS X IEC 80001 1:2012 iii 2010 1 IEC 80001 1, Application of risk management for IT-networks incorpo

4、rating medical devices Part 1： Roles, responsibilities and activities , . KS X IEC 80001 1:2012 IT 1： , Application of risk management for IT-networks incorporating medical devices Part 1： Roles, responsibilities and activities 1 (： ) IT , , , ( ) IT , . . 1 ISO 149714 . ISO 14971 A . IT . 2 . IT .

5、3 KS X ISO/IEC 20000 210 . KS X ISO/IEC 20000 2 D . IT . 4 , . 5 , . , , IT . KS X IEC 80001 1:2012 2 , , . 6 . . . 2 . 2.1 (ACCOMPANYING DOCUMENT) , 2.2 - (CHANGE-RELEASE MANAGEMENT) IT , , , , 2.3 (CHANGE PERMIT) 2.4 (CONFIGURATION MANAGEMENT) IT IT , 2.5 (DATA AND SYSTEMS SECURITY) ( ) , IT 1 . 2

6、 , , , , . 2.6 (EFFECTIVENESS) 2.7 (EVENT MANAGEMENT) KS X IEC 80001 1:2012 3 IT , 2.8 (HARM) , , 2.9 (HAZARD) 2.10 (INTENDED USE) , , 2.11 (INTEROPERABILITY) 2.12 IT ( ) 1 IEC 61907:2009 3.1.1 2 IT IT . IT , . 4.3.3 . 2.13 (KEY PROPERTIES) IT ( , , ) 2.14 (MEDICAL DEVICE) , , , , , , , , . a) . , ,

7、 , , , , , , KS X IEC 80001 1:2012 4 b) , . 1 , , , . , . . 2 . / ( 3 ) 3 GHTF . . . 4 . . 2.15 (MEDICAL DEVICE SOFTWARE) 2.16 IT (MEDICAL IT-NETWORK) IT 2.17 IT (MEDICAL IT-NERWORK RISK MANAGER) IT 2.18 (OPERATOR) 2.19 (PROCESS) “ ” . 2.20 (RESIDUAL RISK) KS X IEC 80001 1:2012 5 2.21 (RESPONSIBILIT

8、Y AGREEMENT) (： ). 2.22 (RESPONSIBLE ORGANIZATION) IT 1 , ( ) . 2 KS C IEC 60601 1： 2011 3.101 2.23 (RISK) 2.24 (RISK ANALYSIS) 2.25 (RISK ASSESSMENT) 2.26 (RISK CONTROL) 2.27 (RISK EVALUATION) 2.28 (RISK MANAGEMENT) , , , 2.29 (RISK MANAGEMENT FILE) 2.30 (SAFETY) ISO 14971:2007 2.24 KS X IEC 80001

9、1:2012 6 2.31 (TOP MANAGEMENT) IT KS Q ISO 9000： 2007 3.2.7 2.32 (VERIFICATION) 1 “ ” . 2 . 3 . 3 3.1 IT . , 3.23.6 , . IT , IT . IT . IT . IT . IT . 3.2 IT . , , , , , / , , IT . . KS X IEC 80001 1:2012 7 3.3 IT . a) b) c) d) , e) , (4.6.2 ) IT . IT , IT (3.4 ). IT . f) , , g) IT h) i) IT j) IT . k

10、) IT l) IT m) IT , n) o) . p) IT , , IT . q) IT , , , , KS X IEC 80001 1:2012 8 . 1 . 1 IT . 3.4 IT IT . IT IT . IT IT y y y y y y IT y y y y KS X IEC 80001 1:2012 9 . a) b) c) . . 1) 2) IT , 3) IT 4) 5) (： ) IT . , . d) e) f) IT g) IT h) IT i) IT j) IT IT IT , IT . . 3.5 , . IT , . a) IT b) IT c) I

11、T KS X IEC 80001 1:2012 10 d) e) , IT , IT ( ) IT f) IT IT . 1 . IT . IT . IT IT . IT . 2 . IT . 3.6 ( ) . a) b) c) d) e) f) ( / ) . g) h) IT i) j) k) l) m) ( ) . KS X IEC 80001 1:2012 11 1 . IT . IT . IT . IT . . 2 . IT . 4 IT 4.1 IT . IT 2 . IT . KS X IEC 80001 1:2012 12 IT . . 2 IT 4.2 IT - ? “ ” KS X IEC 80001 1:2012 13 4.2.1 IT IT . . a) b) c) IT 1) 2) - 3) 4) ( , KS X ISO/IEC 20000 ) IT IT . . IT . 4.2.2 IT IT , , , . IT . IT . 4.3 IT 4.3.1 IT . a)