PD ISO/TR 80001-2-6:2014

This standard PD ISO/TR 80001-2-6:2014 Application of risk management for IT-networks incorporating medical device is classified in these ICS categories:

• 11.040.01 Medical equipment in general
• 35.240.80 IT applications in health care technology

1.1 Purpose

This Technical Report provides guidance on implementing responsibility agreements, which are described in IEC 80001-1 as used to establish the roles and responsibilities among the stakeholders engaged in the incorporation of a medical device into an IT-network in order to support compliance to IEC 80001-1. Stakeholders may include responsible organizations, IT suppliers, medical device manufacturers and others. The goal of the responsibility agreement is that these roles and responsibilities should cover the complete lifecycle of the resulting medical IT-network.

1.2 Prerequisites

The responsible organization’s (ROs) top management has accepted responsibility for the successful implementation of IEC 80001-1. As required by IEC 80001-1, the RO has created and approved policies for the risk management process and risk acceptability criteria while balancing the three key properties with the mission of the RO. The RO has identified and provisioned adequate resources and assigned qualified personnel to perform tasks related to the standard. The RO has appointed a medical IT-network risk manager and is prepared to establish the responsibility agreement.