This part of IEC 80001 creates a framework for the disclosure of security-related capabilities and risks necessary for managing the risk in connecting medical devices to IT-networks and for the security dialog that surrounds the IEC 80001-1 risk management of IT-network connection. This security report presents an informative set of common, high-level security-related capabilities useful in understanding the user needs, the type of security controls to be considered and the risks that lead to the controls. Intended use and local factors determine which exact capabilities will be useful in the dialog about risk.
The capability descriptions in this report are intended to supply:
a) health delivery organizations (HDOs),
b) medical device manufacturers (MDMs), and
c) IT vendors