GSO IEC TR 80001-2-9:2021

Gulf Standard   Current Edition

Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC TR 80001-2-2 security capabilities

Adoption by Endorsement

Adoption by endorsement for the latest version of this international/national standard and the previous adopted edition remains effective for 2 years starting from the date of last international update

Scope
IEC TR 80001-2-9:2017(E) establishes a security case framework and provides guidance to health care delivery organizations (HDO) and medical device manufacturers (MDM) for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices. Use of this part of 80001 is intended to be one of the possible means to bridge the gap between MDMs and HDOs in providing adequate information to support the HDOs risk management of IT-networks. This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy, rather, the intention is to complement risk management and in turn provide a greater level of assurance for a medical device by:
- mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern;
- providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls);
- providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities.
The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.
Endorsement
IEC TR 80001-2-9:2017
01 July 2021
IT applications in health care technology
Including computer tomography

Files

 
 

Best Sellers From Information Sector

BH GSO ISO 16175-2:2016
ISO 16175-2:2011 
Bahraini Standard
Information and documentation -- Principles and functional requirements for records in electronic office environments -- Part 2: Guidelines and functional requirements for digital records management systems
GSO ISO/TR 13028:2013
ISO/TR 13028:2010 
Gulf Standard
Information and documentation - Implementation guidelines for digitization of records
GSO ISO 16175-2:2013
ISO 16175-2:2011 
Gulf Standard
Information and documentation -- Principles and functional requirements for records in electronic office environments -- Part 2: Guidelines and functional requirements for digital records management systems
GSO ISO 18513:2016
ISO 18513:2003 
Gulf Standard
Tourism services -- Hotels and other types of tourism accommodation -- Terminology

Recently Published from Information Sector

GSO ISO/IEC 15026-3:2022
ISO/IEC 15026-3:2015 
Gulf Standard
Systems and software engineering — Systems and software assurance — Part 3: System integrity levels
GSO ISO/IEC 15961-2:2022
ISO/IEC 15961-2:2019 
Gulf Standard
Information technology — Data protocol for radio frequency identification (RFID) for item management — Part 2: Registration of RFID data constructs
GSO ISO/IEC 18520:2022
ISO/IEC 18520:2019 
Gulf Standard
Information technology — Computer graphics, image processing and environmental data representation — Benchmarking of vision-based spatial registration and tracking methods for mixed and augmented reality (MAR)
GSO ISO/IEC 19479:2022
ISO/IEC 19479:2019 
Gulf Standard
Information technology for learning, education, and training — Learner mobility achievement information (LMAI)