IEC TS 81001-2-2:2025
Collections
Normes internationales IEC
Date de publication
octobre 2025
Nombre de pages
103 p.
Référence
IEC TS 81001-2-2:2025
IEC TS 81001-2-2:2025
octobre 2025
Spécification technique
En vigueur
Health software and health IT systems safety, effectiveness and security - Part 2-2: Coordination - Guidance for the implementation, disclosure and communication of security needs, risks and controls
IEC TS 81001-2-2:2025 presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid.While important security topics, the following are outside the scope of this document:a) the security policies of the HDO,b) the product and services security policies of the manufacturer,c) determinations of risk tolerance by the HDO or manufacturer, andd) clinical studies where there is a need to secure personal data.As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software.IEC TS 81001-2-2:2025 withdraws and replaces:– IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls– IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2This document includes the following significant changes:a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8;b) Extends the scope to health software instead to only medical device software;c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1;d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated.e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.
Informations générales
Voir plus
Voir moins
Résumé
Health software and health IT systems safety, effectiveness and security - Part 2-2: Coordination - Guidance for the implementation, disclosure and communication of security needs, risks and controls
IEC TS 81001-2-2:2025 presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid.
While important security topics, the following are outside the scope of this document:
a) the security policies of the HDO,
b) the product and services security policies of the manufacturer,
c) determinations of risk tolerance by the HDO or manufacturer, and
d) clinical studies where there is a need to secure personal data.
As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software.
IEC TS 81001-2-2:2025 withdraws and replaces:
– IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls
– IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2
This document includes the following significant changes:
a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8;
b) Extends the scope to health software instead to only medical device software;
c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1;
d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated.
e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.
IEC TS 81001-2-2:2025 presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid.
While important security topics, the following are outside the scope of this document:
a) the security policies of the HDO,
b) the product and services security policies of the manufacturer,
c) determinations of risk tolerance by the HDO or manufacturer, and
d) clinical studies where there is a need to secure personal data.
As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software.
IEC TS 81001-2-2:2025 withdraws and replaces:
– IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls
– IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2
This document includes the following significant changes:
a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8;
b) Extends the scope to health software instead to only medical device software;
c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1;
d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated.
e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.
Voir plus
Voir moins
Normes remplacées
(2)
IEC TR 80001-2-8:2016
mai 2016
Rapport technique
Annulée
Application of risk management for IT-networks incorporating medical devices - Part 2-8: Application guidance - Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2
IEC TR 80001-2-8:2016, which is a Technical Report, provides guidance to Health Delivery Organizations (HDOs) and Medical Device Manufacturers (MDMs) for the application of the framework outlined in IEC TR 80001-2-2.
IEC TR 80001-2-2:2012
juillet 2012
Rapport technique
Annulée
Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls
IEC/TR 80001-2-2:2012(E), which is a technical report, creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. Intended use and local factors determine which exact capabilities will be useful in the dialog about risk. The capability descriptions in this report are intended to supply health delivery organizations (HDOs), medical device manufacturers (MDMs), and IT vendors with a basis for discussing risk and their respective roles and responsibilities toward its management. This discussion among the risk partners serves as the basis for one or more responsibility agreements as specified in IEC 80001-1.
Besoin d’identifier, de veiller et de décrypter les normes ?
COBAZ est la solution simple et efficace pour répondre aux besoins normatifs liés à votre activité, en France comme à l’étranger.
Disponible sur abonnement, CObaz est LA solution modulaire à composer selon vos besoins d’aujourd’hui et de demain. Découvrez vite CObaz !
Demandez votre démo live gratuite, sans engagement
Je découvre COBAZ