GSO IEC TR 80001-2-9:2021
IEC TR 80001-2-9:2017
Gulf Standard
Current Edition
·
Approved on
01 July 2021
Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities
GSO IEC TR 80001-2-9:2021 Files
English
35 Pages
Current Edition
Reference Language
Obtaining this standard through the store is currently unavailable. You can acquire it directly from its source.
GSO IEC TR 80001-2-9:2021 Scope
IEC TR 80001-2-9:2017(E) establishes a security case framework and provides guidance to health care delivery organizations (HDO) and medical device manufacturers (MDM) for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices. Use of this part of 80001 is intended to be one of the possible means to bridge the gap between MDMs and HDOs in providing adequate information to support the HDOs risk management of IT-networks. This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy, rather, the intention is to complement risk management and in turn provide a greater level of assurance for a medical device by:
- mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern;
- providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls);
- providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities.
The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.
- mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern;
- providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls);
- providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities.
The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.
Best Sellers From Information Sector
GSO ISO/TR 18492:2017
ISO/TR 18492:2005
Gulf Standard
Long-term preservation of electronic document-based information


GSO ISO/TS 23635:2024
ISO/TS 23635:2022
Gulf Standard
Blockchain and distributed ledger technologies — Guidelines for governance


BH GSO ISO/IEC 15773:2016
ISO/IEC 15773:1998
Bahraini Standard
Information technology -- Telecommunications and information exchange between systems -- Broadband Private Integrated Services Network -- Inter-exchange signalling protocol -- Transit counter additional network feature




GSO ISO/IEC 15773:2013
ISO/IEC 15773:1998
Gulf Standard
Information technology -- Telecommunications and information exchange between systems -- Broadband Private Integrated Services Network -- Inter-exchange signalling protocol -- Transit counter additional network feature



Recently Published from Information Sector
GSO ISO/IEC 30179:2025
ISO/IEC 30179:2023
Gulf Standard
Internet of Things (IoT) — Overview and general requirements of IoT system for ecological environment monitoring



GSO ISO/IEC 18033-7:2025
ISO/IEC 18033-7:2022
Gulf Standard
Information security — Encryption algorithms — Part 7: Tweakable block ciphers



GSO ISO/IEC TS 20000-5:2025
ISO/IEC TS 20000-5:2022
Gulf Standard
Information technology — Service management — Part 5: Implementation guidance for ISO/IEC 20000-1



GSO ISO/IEC 10373-1:2025
ISO/IEC 10373-1:2020
Gulf Standard
Cards and security devices for personal identification — Test methods — Part 1: General characteristics


