Development of a process assessment model for assessing medical IT networks against IEC 80001-1

Increasingly medical devices are being designed to allow them to exchange information over an IT network. However incorporating a medical device into an IT network can introduce risks which can impact the safety, effectiveness and security of the medical device. Medical devices are stringently tested according to regulation during the design and manufacture process. However until the introduction of IEC 80001-1: Application of Risk Management for IT-Networks incorporating Medical Devices, no standard addressed the risks of incorporating a medical device into an IT network. In order to perform an assessment (which is compliant with ISO/IEC 15504-2) of an IT network against IEC 80001-1, a Process Assessment Model is required. Based on the relationship between IEC 80001-1 and ISO/IEC 20000-1, this paper examines how the TIPA transformation process developed by Public Research Centre Henri Tudor was used to develop a process assessment model (TIPA PAM) for ISO/IEC 20000-1. It also examines how a process assessment model can be developed following that transformation process to assess Medical IT networks against IEC 80001-1.