Reading time: ~ 3 min.

Medical devices and health software: data protection and security and the main related ISO standards
Medical devices and health software: IEC 81001-5-1:2021 standard
The IEC 81001-5-1:2021 on «Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle» defines the life cycle requirements in health software development and maintenance.
This standard provides a common framework for secure health software life cycle processes, thanks to its set of processes, activities and tasks. These are the main sections of the documentation:
✅ 1 Scope
✅ 2 Normative references
✅ 3 Terms and definitions
✅ 4 General requirements
✅ 5 Software development process
✅ 6 Software maintenance process
✅ 7 Security risk management process
✅ 9 Software problem resolution process
✅Annex A (informative) Rationale
✅Annex B (informative) Guidance on implementation of security life cycle activities
✅Annex C (informative) Threat modelling
✅Annex D (informative) Relation to practices in IEC 62443-4-1:2018
✅ Annex E (informative) Documents specified in IEC 62443-4-1
✅Annex F (normative) Transitional health software
✅ Annex G (normative) Object identifiers
The purpose of IEC 81001-5-1:2021 standard is to increase the health software cybersecurity through activities and tasks in the health software life cycle processes as well as improving security in software life cycle processes themselves.
IEC 81001-5-1 standard and the relationship with European regulation and ISO standards
If we take a closer look at the IEC 81001-5-1 standard we can detect some natural correlations with the European regulation on Medical devices, the MDR 2017/745. The correlations are detectable both on software embedded into medical devices as well as for SaMD (Software as a Medical Device).
We can find also relevant correlations with ISO/IEC 20000-1:2018 standard on «Information technology — Service management Part 1: Service management system requirements», in this case regarding the common requirements in the software developement cycle.
If we take a glimpse in the future, we can imagine that there will be stronger correlations between the management of the software cycle and the security requirements in the development of AI solutions in medical device industry.
In this case, the correlation is between IEC 81001-5-1 and the ISO/IEC 42001:2023 standard on «Information technology — Artificial intelligence — Management system».
To better figure out the «big picture», take a look at our infographic:

Our sponsors
A special thanks to our Advanced Sponsors:



