AAMI規格 SW96, 2023: Standard for Medical Device Security-Security Risk Management for Device Manufacturers, AAMI規格 SW96, 2023:医療機器セキュリティの標準化-機器製造業者のためのセキュリティリスク管理

AAMI規格 SW96, 2023

産業規格・仕様書  >  AAMI  > 




AAMI規格 SW96, 2023

68,750(税込)

数量

書名

AAMI SW96, 2023: Standard for Medical Device Security-Security Risk Management
for Device Manufacturers
AAMI規格 SW96, 2023:医療機器セキュリティの標準化-機器製造業者のためのセキュリティリスク管理
発行元 Association for the Advancement of Medical Instrumentation (AAMI)
発行年/月 2023年1月
装丁 ペーパー
ページ数 61 ページ
発送予定 海外倉庫よりお取り寄せ 1-2週間以内に発送します
※PDF版をご希望のお客様は別途お問合せ下さいませ。
※当ウェブ・ショップに未掲載のAAMI規格につきましては、別途お問合せ下さいませ。
※掲載の規格は、当ウェブ・ショップに掲載時点で確認できた最新版でございます。
最新の発行状況につきましては受注時に改めて確認をさせて頂きますので予めご了承下さい。

 

Description

This document provides requirements and guidance when addressing design, production and post-production security risk management for medical devices within the risk management framework defined by ISO 14971.

This document is intended to assist manufacturers and other users of the standard with the following:
- identifying threats, vulnerabilities, and assets associated with medical devices and their components and supply chain vendors;
- estimating and evaluating associated security risks;
- determining appropriate security risk controls to reduce security risks;
- verifying and monitoring the effectiveness of the security risk controls;
- establishing an enterprise-wide process to manage security post-production interactions with users and other stakeholders that ensures security of medical devices and systems used to provide medical care;
- creating design features that enable production and post-production management of security risk and effective integration with healthcare delivery organization (HDO) network security policies and technologies, or other operational contexts;
- coordinating communications with HDOs for security risks;
- understanding and communicating the security expectations from manufacturers to those who deploy their medical devices in a user environment;
- implementing processes to manage and monitor fielded medical devices containing either (1) traditional software (including firmware), (2) programmable logic, and (3) hardware for security vulnerabilities;
- implementing security risk management processes to 1) assess security risk in order to decide when action is required and 2) coordinate with safety risk management processes;
- coordinating with HDOs on security risk management activities;
- developing, implementing, and operationalizing a coordinated vulnerability disclosure process;
- implementing processes to manage medical device security patching; and
- planning for medical device retirement.

This document is applicable to the entire life cycle of a medical device including design, production, and post-production phases. End of Support (EOS) and End of Guaranteed Support (EOGS) are milestones in the post-production phase of the medical device and may vary according to differing market and jurisdictional factors.

This document expands on the information provided in Clause 10 “Production and post-production activities” of ISO/TR 24971 [23] by highlighting the need for proactive monitoring to assess threats and detect vulnerabilities. It references the coordinated safety/security risk assessment approach that was presented in Clause 9 of AAMI TIR57 [3], “Production and post-production information.”