AAMI TIR97 2019
$140.32
AAMI TIR97:2019 – Principles for medical device security-Postmarket risk management for device manufacturers
Published By | Publication Date | Number of Pages |
AAMI | 2019 | 56 |
Provides guidance on methods to perform postmarket security risk management for a medical device in the context of the Safety Risk Management process required by ISO 14971. This TIR is intended to be used in conjunction with AAMI TIR57:2016.
PDF Catalog
PDF Pages | PDF Title |
---|---|
1 | AAMI TIR97:2019; Principles for medical device security—Postmarket risk management for device manufacturers |
3 | Title page |
4 | AAMI Technical Information Report Copyright information |
5 | Contents |
6 | Committee representation |
8 | Foreword |
9 | Introduction |
11 | 1 Scope 2 Terms and definitions |
14 | 3 Postmarket considerations for security policies and security program administration 3.1 Medical device security policy 3.2 Coordinated vulnerability disclosure 3.3 Information sharing |
15 | 3.4 Communication of security capabilities 4 Design features for postmarket security risk management 5 Installation and configuration |
16 | 5.1 Device security configuration 5.2 Security utility updating 5.3 Other considerations for security maintenance in the clinical environment 6 Postmarket management of fielded devices |
17 | Figure 1—Postmarket decision-making flow diagram |
18 | Figure 2—Cybersecurity signal handling process |
19 | 6.1 Observation and transmission 6.1.1 Security monitoring 6.1.1.1 Supplier monitoring 6.1.1.2 Vulnerability monitoring |
20 | 6.1.1.3 Third-party monitoring services 6.1.1.4 Product return and servicing 6.1.1.5 Changes in operational context 6.1.1.6 Active monitoring 6.1.2 Coordinated vulnerability disclosure |
21 | 6.1.3 Bug bounty program 6.1.4 Other sources of security performance information |
22 | 6.2 Assessment 6.2.1 Preliminary cybersecurity signal risk assessment |
23 | Table 1—Prioritization of cybersecurity signals 6.2.2 Product-specific threat event risk assessment |
24 | Figure 3—Product-specific threat event risk assessment 6.2.3 Assessing related products (variant analysis) 6.3 Action |
25 | Figure 4—Field change and security risk assessment revision due to a new cybersecurity signal 6.3.1 Speed of response 6.3.2 Software maintenance |
26 | 6.3.2.1 Patch generation and distribution |
27 | 6.3.2.2 Healthcare delivery organization control variations 6.3.3 External communication Table 2—Types of external communication |
28 | 6.3.4 Interacting with healthcare delivery organizations |
29 | 6.3.5 Inventory management 7 Retirement/obsolescence Figure 5—Product life-cycle and support milestones 7.1 General considerations |
30 | 7.2 Secure disposal |
32 | Annex A (informative) Sample medical device security policy statements A.1 Medical device security (top-level) |
33 | A.2 Medical device security operations A.3 Supporting security controls and implementation (by organizational function) |
35 | Annex B (informative) Security risk management for healthcare networks B.1 Healthcare network monitoring and device identification B.1.1 Operational context B.1.2 Design techniques to assist HDOs with device identification |
36 | Table B.1—Identification techniques |
37 | B.1.3 Asset identification B.1.4 Authorization services B.1.5 Structure of healthcare delivery organization networks B.1.5.1 Small HDOs B.1.5.2 Home healthcare environments B.2 Security monitors and logging |
38 | B.2.1 Passive monitoring |
39 | B.2.1.1 Technical recommendations for passive security logging B.2.2 Active monitoring |
40 | B.2.3 Security logs |
41 | B.3 Other Design Features to Support Postmarket Security Risk Management B.4 Design pitfalls |
42 | Annex C (informative) Establishing a coordinated vulnerability disclosure process C.1 Process establishment Figure C.1—A model of the interface between ISO/IEC 29147 and ISO/IEC 30111 |
43 | C.2 Accepting vulnerability information from external sources C.3 Process for communicating to users and reporting known vulnerabilities |
44 | C.4 Importance of third-party applications, firmware, and hardware C.5 U.S. FDA recognition of consensus standards (country-specific) |
45 | Annex D (informative) Mapping of defined terms included in Guidance for Industry and Food and Drug Administration Staff, Postmarket Management of Cybersecurity in Medical Devices Table D.1—Mapping of defined terms |
50 | Annex E (informative) Security incident handling and response E.1 Medical device security incident handling and response E.2 Incident response preparation |
51 | E.3 Security incident categories E.4 Security incident assessment E.5 Security incident response execution |
52 | E.6 Internal coordination activities E.6.1 Internal stakeholders E.6.2 Deciding how to respond |
54 | E.6.3 Internal coordination of external communications E.6.4 Patch release coordination E.6.5 Incident response plan (impact and technical analysis) |
56 | Bibliography |