Software in Medical Devices, by MD101 Consulting

To content | To menu | To search


IEC 81001-5-2: AAMI SW96 cousin and IEC 80001-5-1 sister

A new standard is being drafted by the IEC. Its ID will be IEC 81001-5-2 and title: Health software and health IT systems safety, effectiveness and security – Part 5-2: Security Risk Management for Manufacturers.

AAMI SW96 cousin.

This new standard is AAMI SW96 verbatim. Except in the informative annex, where some explanation is given on the history of definition of harm. Thus, not a gap compared to AAMI SW96.

You will find an analysis of AAMI SW96 in this blog post here. Everything said in this article remains relevant for the future IEC 81001-5-2.

IEC 80001-5-1 sister

This standard, when it is harmonized (in 2040 :-) ) and recognized by the FDA, will have to be applied in conjunction with IEC 81001-5-1. These two standards require to update the software lifecycle to a secure software lifecycle. The first cannot be done without the second. IEC 81001-5-1 defines in clause 7 a security risk management process. But it is way too laconic. You need AAMI SW96, currently, and/or IEC 81001-5-2, in the near future, to implement a fully-fledged security risk management process.


Even though it is not published yet, you can already put IEC 81001-5-2 in your applicable list of standards!



Add a comment

Comments can be formatted using a simple wiki syntax.

This post's comments feed