What is PD ISO/TR 11633-2 about?
PD ISO/TR 11633-2 is part two of the multi-series standard that gives a guideline for implementation of an ISMS by showing practical examples of risk analysis on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices or health information systems in order to protect both sides’ information assets (primarily the information system itself and personal health data) in a safe and efficient (i.e., economical) manner.
PD ISO/TR 11633-2 consists of:
- Application of ISMS to RMS
- Security management measures for RM
- An example of the evaluation and effectiveness based on the “controls” defined in the ISMS
Who is PD ISO/TR 11633-2 for?
PD ISO/TR 11633-2 on Information security management for remote maintenance of medical devices and medical information systems is useful for:
- Healthcare facilities
- Remote maintenance service providers
- Personal health data collection and storage
- Healthcare facilities information systems providers and developers
Why should you use PD ISO/TR 11633-2?
The advancement and spread of technology in the information and communication technology field, and the infrastructure based on them, have brought many changes in how technology and networks are used in modern society. Whilst there are benefits to remote maintenance, such remote connections with external organizations also expose HCFs and vendors to risks regarding confidentiality, integrity and availability of information and systems; risks which previously received scant consideration.
PD ISO/TR 11633-2 stipulates the risk assessment to protect remote maintenance activities, taking into consideration the special characteristics of the healthcare field such as patient safety, and applicable requirements and privacy protections. The risk assessment examples provided in PD ISO/TR 11633-2 support for HCFs and RMS providers to implement risk assessment for medical information systems effectively.
By implementing the risk assessment process and employing controls referenced in PD ISO/TR 11633-2, HCFs owners and RMS providers will be able to obtain the following benefits:
- Risk assessment can result in improved efficiency. If the risk assessment document, created using PD ISO/TR 11633-2, does not fully conform, it may be used in part in a risk assessment of an incompatible area, thus reducing the risk assessment effort required
- Documented validity of the RMS security countermeasures in place will be available to third parties
- If providing RMS to two or more sites, the provider can apply countermeasures consistently and effectively
What’s changed since the last update?
PD ISO/TR 11633-2:2021 is the second edition that cancels and replaces the first edition (ISO/TR 11633-2:2009), which has been technically revised.
The main changes compared to the previous edition are as follows:
- Complete revision of the bibliography
- Update of figure 1
- Update of Annex A