Assessing Against IEC 80001-1

Silvana Togneri MacMahon, Fergal Mc Caffery, Sherman Eagles, Frank Keenan, Marion Lepmets, Alain Renault


Medical devices are designed and produced subject to various standards. These standards are recognized by the regulatory authorities within the region in which they are going to be marketed. Traditionally medical devices were placed on a proprietary network; however emergent technology is increasingly seeing medical devices being included on to the general hospital IT network. The incorporation of a medical device into an IT network can introduce risks which can impact the safety, effectiveness & security of the medical device. 80001-1: Application of Risk Management for IT networks incorporating Medical Devices addresses the risk that healthcare can be compromised when a medical device is incorporated into an IT network. In order to address these risks, an assessment of the network against IEC 80001-1 must be performed. To perform an assessment which is compliant with ISO/IEC 15504-2 of an IT network against IEC 80001-1, a process assessment model is required. This paper examines how a process assessment model could be developed to assess against IEC 80001-1.


  1. M., Renault, A., Valdés, O. & Tudor, P. R. C. H. 2009. ITSM Process Assessment Supporting ITIL : Using TIPA to Assess and Improve your Processes with ISO 15504 and Prepare for ISO 20000 Certification, Zaltbommel, Netherlands, Van Haren.
  2. Barafort, B., Renault, A., Picard, M. & Cortina, S. 2008. A transformation process for building PRMs and PAMs based on a collection of requirements - Example with ISO/IEC 20000. SPICE Nuremberg, Germany.
  3. Cartlidge, A., Hanna, A., Rudd, C., Macfarlane, I., Windebank, J. & Rance, S. 2007. An introductory Overview of ITILv3. The UK Chapter of the itSMF.
  4. Cooper, T., David, Y. & Eagles, S. 2011. Getting Started with IEC 80001: Essential Information for Healthcare Providers Managing Medical IT-Networks, AAMI.
  5. Dugmore, J. & Taylor, S. 2008. ITILv3 and ISO/IEC 20000 - Alignment White Paper - March 2008. Best Management Practice for IT Service Management [Online]. [Accessed 02/01/2012].
  6. IEC 2010. IEC 80001-1 - Application of Risk Management for IT-Networks incorporating Medical Devices - Part 1: Roles, responsibilities and activities. Geneva, Switzerland: International Electrotechnical Commission.
  7. ISO 2007. ISO 14971:2007 - Medical Devices - Application of Risk to Medical Devices. Geneva, Switzerland: International Organisation for Standardization.
  8. ISO/IEC 2003. ISO/IEC 15504-2:2003 - Software engineering - Process assessment - Part 2: Performing an assessment. Geneva, Switzerland.
  9. ISO/IEC 2005. ISO/IEC 20000-2:2005 - Information technology -- Service management -- Part 2: Code of Practice. Geneva, Switzerland.
  10. ISO/IEC 2006. ISO/IEC 15504-5 - Information technology - Process Assessment - Part 5: An exemplar Process Assessment Model. Geneva, Switzerland.
  11. ISO/IEC 2010a. ISO/IEC TR 20000-4:2010 - Information technology - Service management - Part 4: Process reference model. Geneva, Switzerland.
  12. ISO/IEC 2010b. ISO/IEC TR 24774:2010 - Systems and software engineering - Life cycle management - Guidelines for process description. Geneva, Switzerland.
  13. ISO/IEC 2011. ISO/IEC 20000-1:2011 - Information technology -Service management Part 1: Service management system requirements. Geneva, Switzerland.

Paper Citation

in Harvard Style

Togneri MacMahon S., Mc Caffery F., Eagles S., Keenan F., Lepmets M. and Renault A. (2013). Assessing Against IEC 80001-1 . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013) ISBN 978-989-8565-37-2, pages 305-308. DOI: 10.5220/0004184103050308

in Bibtex Style

author={Silvana Togneri MacMahon and Fergal Mc Caffery and Sherman Eagles and Frank Keenan and Marion Lepmets and Alain Renault},
title={Assessing Against IEC 80001-1},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)},

in EndNote Style

JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2013)
TI - Assessing Against IEC 80001-1
SN - 978-989-8565-37-2
AU - Togneri MacMahon S.
AU - Mc Caffery F.
AU - Eagles S.
AU - Keenan F.
AU - Lepmets M.
AU - Renault A.
PY - 2013
SP - 305
EP - 308
DO - 10.5220/0004184103050308