IEC/TS 81001-2-2:2025
IEC/TS 81001-2-2:2025 Health software and health IT systems safety, effectiveness and security — Part 2-2: Guidance for the implementation, disclosure and communication of security needs, risks and controls
CDN $422.00
This publication was last reviewed and confirmed in 2025.
Health software and health IT systems safety, effectiveness and security — Part 2-2: Guidance for the implementation, disclosure and communication of security needs, risks and controls
Description
This document presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid. While important security topics, the following are outside the scope of this document: a) the security policies of the HDO, b) the product and services security policies of the manufacturer, c) determinations of risk tolerance by the HDO or manufacturer, and d) clinical studies where there is a need to secure personal data. As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software. IEC TS 81001-2-2:2025 withdraws and replaces: – IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls – IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 This document includes the following significant changes: a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8; b) Extends the scope to health software instead to only medical device software; c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1; d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated. e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.
Edition
1
Published Date
2026-06-19
Status
PUBLISHED
Pages
96
Language
English
Format
Secure PDF
Secure – PDF details
- Save your file locally or view it via a web viewer
- Viewing permissions are restricted exclusively to the purchaser
- Device limits - 3
- Printing – Enabled only to print (1) copy
See more about our Environmental Commitment
Abstract
This document presents an informative set of common, high-level security-related capabilities and additional considerations to be used across the life cycle of health software and health IT systems, for the information exchange between the health software manufacturers (including medical device manufacturers), healthcare delivery organizations (HDOs) and other stakeholders. It is applicable to health software running on any platform and in any environment such as cloud, on premise or hybrid. While important security topics, the following are outside the scope of this document: a) the security policies of the HDO, b) the product and services security policies of the manufacturer, c) determinations of risk tolerance by the HDO or manufacturer, and d) clinical studies where there is a need to secure personal data. As security risks can be caused by any product on health IT systems and health IT Infrastructure, considerations in this document can be applied for other products that are not health software. IEC TS 81001-2-2:2025 withdraws and replaces: – IEC TR 80001-2-2, Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the communication of medical device security needs, risks and controls – IEC TR 80001-2-8, Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2 This document includes the following significant changes: a) Combines and updates the contents of IEC TR 80001-2-2 and IEC TR 80001-2-8; b) Extends the scope to health software instead to only medical device software; c) Aligns contents and definitions to ISO 81001-1:2021 and the updated IEC 80001-1; d) Removed the Configuration of Security Features (CNFS) capability, as any configurable security capability shall be clearly communicated. e) Provide security control mappings to several new standards, e.g. IEC TR 60601-4-5, IEC 62443-4-2, ISO/IEEE 11073-40102 and the recent versions of previous standards, e.g. ISO/IEC 27002 and NIST 800-53 version 5.
Previous Editions
Can’t find what you are looking for?
Please contact us at:
Related Documents
-
ISO 20537:2025 Footwear – Identification of defects during visual inspection – Vocabulary
CDN $295.00 Add to cart -
ISO 80000:2025 Quantities and units – Part 13: Information science and technology
CDN $214.00 Add to cart -
ISO 4006:1991 Measurement of fluid flow in closed conduits – Vocabulary and symbols
CDN $379.00 Add to cart -
ISO 14416:2003 Information and documentation – Requirements for binding of books, periodicals, serials and other paper documents for archive and library use – Methods and materials
CDN $295.00 Add to cart
