PD ISO/TR 11633-2 is part two of the multi-series standard that gives a guideline for implementation of an ISMS by showing practical examples of risk analysis on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices or health information systems in order to protect both sides’ information assets (primarily the information system itself and personal health data) in a safe and efficient (i.e., economical) manner.
PD ISO/TR 11633-2 consists of:
PD ISO/TR 11633-2 on Information security management for remote maintenance of medical devices and medical information systems is useful for:
The advancement and spread of technology in the information and communication technology field, and the infrastructure based on them, have brought many changes in how technology and networks are used in modern society. Whilst there are benefits to remote maintenance, such remote connections with external organizations also expose HCFs and vendors to risks regarding confidentiality, integrity and availability of information and systems; risks which previously received scant consideration.
PD ISO/TR 11633-2 stipulates the risk assessment to protect remote maintenance activities, taking into consideration the special characteristics of the healthcare field such as patient safety, and applicable requirements and privacy protections. The risk assessment examples provided in PD ISO/TR 11633-2 support for HCFs and RMS providers to implement risk assessment for medical information systems effectively.
By implementing the risk assessment process and employing controls referenced in PD ISO/TR 11633-2, HCFs owners and RMS providers will be able to obtain the following benefits:
PD ISO/TR 11633-2:2021 is the second edition that cancels and replaces the first edition (ISO/TR 11633-2:2009), which has been technically revised.
The main changes compared to the previous edition are as follows:
ISO/TR 11633-2