UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

AAMI TIR57

Technical Information Report: Principles for medical device security—Risk management

active, Most Current
Buy Now
Organization: AAMI
Publication Date: 1 January 2016
Status: active
Page Count: 84
scope:

This TIR provides guidance for addressing information security within the risk management framework defined by ANSI/AAMI/ISO 14971.

This guidance is intended to assist manufacturers and other users of the standard in the following:

- identifying threats, vulnerabilities, and assets associated with medical devices;

- estimating and evaluating associated security risks;

- controlling security risks; and

- monitoring effectiveness of the risk controls.

This document is based on an application of ANSI/AAMI/ISO 14971 with an expanded consideration of the possible impacts that a security compromise can have on the medical device, people, the environment, the manufacturer, and the information processed and stored by the device. This report also incorporates several principles from NIST SP 800-30 Revision 1 (see Bibliography [53]), a security risk management process developed for traditional IT systems.

The guidance provided by this document is applicable to all stages of the life-cycle of a medical device.

Document History

TIR57
January 1, 2016
Principles for medical device security—Risk management
This TIR provides guidance for addressing information security within the risk management framework defined by ANSI/AAMI/ISO 14971. This guidance is intended to assist manufacturers and other users...
AAMI TIR57
January 1, 2016
Technical Information Report: Principles for medical device security—Risk management
This TIR provides guidance for addressing information security within the risk management framework defined by ANSI/AAMI/ISO 14971. This guidance is intended to assist manufacturers and other users...
TIR57
January 1, 2016
Technical Information Report: Principles for medical device security-Risk management
Provides guidance on methods to perform information security risk management for a medical device in the context of the Safety Risk Management process required by ISO 14971. The TIR incorporates the...

References

This document references:
AAMI TIR24971 - Medical devices— Guidance on the application of ISO 14971
Published by AAMI on January 1, 2020
This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019. The risk management process can be part...
This document references:
AAMI 14971 - Medical devices— Application of risk management to medical devices
Published by AAMI on January 1, 2019
This document specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The process...
This document references:
AAMI 62366-1 - Medical devices—Part 1: Application of usability engineering to medical devices
Published by AAMI on January 1, 2015
This part of IEC 62366 specifies a PROCESS for a MANUFACTURER to analyse, specify, develop and evaluate the USABILITY of a MEDICAL DEVICE as it relates to SAFETY. This USABILITY ENGINEERING (HUMAN...
This document references:
AAMI 80001-1 - Application of risk management for IT Networks incorporating medical devices — Part 1: Roles, responsibilities and activities
Published by AAMI on January 1, 2010
Recognizing that MEDICAL DEVICES are incorporated into IT-NETWORKS to achieve desirable benefits (for example, INTEROPERABILITY), this international standard defines the roles, responsibilities and...
This document references:
AAMI ES60601-1 - Medical electrical equipment-Part 1: General requirements for basic safety and essential performance
Published by AAMI on January 1, 2005
This International Standard applies to the BASIC SAFETY and ESSENTIAL PERFORMANCE of MEDICAL ELECTRICAL EQUIPMENT and MEDICAL ELECTRICAL SYSTEMS, hereafter referred to as ME EQUIPMENT and ME SYSTEMS....
This document references:
AAMI TIR24971 - Medical devices— Guidance on the application of ISO 14971
Published by AAMI on January 1, 2020
This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019. The risk management process can be part...
This document is referenced by:
BS EN 62304 - Medical device software - Software life-cycle processes
Published by BSI on November 30, 2006
A description is not available for this item.
This document is referenced by:
ISO TR 24971 - Medical devices - Guidance on the application of ISO 14971
Published by ISO on June 1, 2020
This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019. The risk management process can be part...
This document is referenced by:
AAMI TIR105 - Risk management guidance for combination products
Published by AAMI on January 1, 2020
Inclusions This TIR provides recommendations on the application of risk management principles and processes during development and marketing of combination products that include a device constituent...
This document is referenced by:
SNG CEN ISO/TR 24971 - Medical devices - Guidance on the application of ISO 14971
Published by SNV on August 1, 2020
This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019. The risk management process can be part...
View Less
View All
Advertisement