BS EN 82304-1:2017 pdf free

BS EN 82304-1:2017 pdf free.Health Software Part 1: General requirements for product safety.
4 * HEALTH SOFTWARE PRODUCT requirements
4.1 General requirements and initial RISK ASSESSMENT The MANUFACTURER shall determine and document:
a) the INTENDED USE for the HEALTH SOFTWARE PRODUCT, including the intended USER profile and the intended operational environment;
b) the characteristics related to the SAFETY and/or SECURITY of the HEALTH SOFTWARE PRODUCT, identification of HAZARDS and estimation of the associated RISK(S). As applicable, this includes situations where the HEALTH SOFTWARE PRODUCT can be configured and/or supports interfaces to other products:
C) the need for RISK CONTROL measures for estimated RISKS that are considered unacceptable.
NOTE I Subclause 4.1 does not require a formal and full RISK MANAGEMENT as, for example, per ISO 14971. However, performing the initial steps of that process is considered good practice.
NOTE 2 RIsK CONTROL measures can be hardware, an independent software system, health care procedures, or other means.
NOTE 3 Sources of information on SECURITY vulnerabilities include publicly available reports from authorities, as well as publications by suppliers of. for instance, operating systems and third party software.
4.2 HEALTH SOFTWARE PRODUCT use requirements
The MANUFACTURER shall determine and document:
a) requirements that address the INTENDED USE;
b) interface requirements, including USER interface requirements where applicable;
NOTE I In contrast to the USER interface specification as part of the HEALTH SOFTWARE PRODUCT system requirements, USER interface requirements do not describe technical (realization) requirements. They describe the purpose of the technical requirements.
EXAMPLE wThe displayed information shall be readable from a distance of 3 m in an emergency unit. NOTE 2 IEC 62366-1:2015 provides a process to establish USER interface requirements.
c) requirements for immunity from or susceptibility to unintended influence by other software using the same hardware resources:
d) privacy and SECURITY requirements addressing areas such as authorised use, person authentication, health data integrity and authenticity, and protection against malicious intent;
NOTE 3 See 7.2.3.1 and IEC TR 80001-2-2 (list of SECURITY capabilities) for further information on SECURITY
aspects.
e) requirements for ACCOMPANYING DOCUMENTS such as instructions for use (see 7.2.2);
f) requirements to support:
1) upgrades from previous versions, including maintaining data integrity, and compatibility with prior versions,
2) rollback to the previous version after upgrade,
3) timely SECURITY patches and updates,
4) software distribution mechanism that ensures integrity of installation,
5) decommissioning, irreversible deletion, transfer and/or retention of data;
g) requirements derived from applicable regulation, including rules for protected information.
NOTE 4 In some jurisdictions, data protection regulations (e.g. European data protection directive 95/46/EC, revised in 2016) mandate citizens to maintain control over their personal data such as to delete or export data. European directive 95/46/EC will be replaced by the European General Data Protection Regulation (2016/679) on 25 May 2018.
4.3 VERIFICATION of HEALTH SOFTWARE PRODUCT use requirements
The MANUFACTURER shall verify that the HEALTH SOFTWARE PRODUCT use requirements are:
a) defined and documented as input for system requirements;
b) such that the MANUFACTURER is able to meet the defined use requirements.
The results of the VERIFICATION shall be recorded.BS EN 82304-1 pdf download.