ДСТУ EN IEC 81001-5-1:2022 Безопасность, эффективность и безопасность программного обеспечения здравоохранения и IТ-систем здравоохранения. Часть 5-1. Безопасность. Деятельность в жизненном цикле продукта (EN...



ДСТУ EN IEC 81001-5-1:2022
(EN IEC 81001-5-1:2022, IDT; IEC 81001-5-1:2021, IDT)

Безпека, ефективність і безпека програмного забезпечення охорони здоров’я та
ІТ-систем охорони здоров’я. Частина 5-1. Безпека. Діяльність у життєвому циклі
продукту

 
   
 
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

CONTENTS

FOREWORD

INTRODUCTION

0.1 Structure

0.2 Field of application

0.3 Conformance

1 Scope

2 Normative references

3 Terms and definitions

4 General requirements

4.1 Quality management

4.2 Security risk management

4.3 Software item classification relating to risk transfer

5 Software development process

5.1 Software development planning

5.2 Health software requirements analysis

5.3 Software architectural design

5.4 Software design

5.5 Software unit implementation and verification

5.6 Software integration testing

5.7 Software system testing

5.8 Software release

6 Software maintenance process

6.1 Establish software maintenance plan

6.2 Problem and modification analysis

6.3 Modification implementation

7 Security risk management process

7.1 Risk management context

7.2 Identification of vulnerabilities, threats and associated adverse impacts

7.3 Estimation and evaluation of security risk

7.4 Controlling security risks

7.5 Monitoring the effectiveness of risk controls

8 Software configuration management process

9 Software problem resolution process

9.1 Overview

9.2 Receiving notifications about vulnerabilities

9.3 Reviewing vulnerabilities

9.4 Analysing vulnerabilities

9.5 Addressing security-related issues

Annex A (informative) Rationale

Annex В (informative) Guidance on implementation of security life cycle activities

Annex C (informative) Threat modelling

Annex D (informative) Relation to practices in IEC 62443-4-1:2018

Annex E (informative) Documents specified in IEC 62443-4-1

Annex F (normative) Transitional health software

Annex G (normative) Object identifiers

Bibliography