In addition to the CRISAM® ISMS Knowledge Pack‘s components and control objectives, the CRISAM® ISO 80001 Knowledge Pack includes further components and control objectives needed for establishing and maintaining an ISO/IEC 80001-1 compliant risk management system.
Key features and benefits
- Takes account of ISO/IEC 80001-1 requirements.
- Enables examination of compliance to requirements of ISO/IEC 80001-1.
- Enables the medical IT network risk manager to evaluate the residual risk of the planned or implemented infrastructure.
- Provides facts and figures and therefore the basis for comparing planned with actual results.
- Provides comprehensible measures for reaching the defined risk acceptance level.
- Enables evaluation and examination of service level agreements (SLA) in relation to availability, confidentiality and integrity.
CRISAM® 80001-1 Knowledge Pack contains accumulated expert knowledge for risk management. The combined expertise shown in the form of questions, evaluation guidelines and weightings, destined for risk managers in a clinical environment, risk managers responsible for providing relevant IT infrastructures as well as internal and external auditors. The CRISAM® 80001-1 Knowledge Pack is also meant for manufacturers of medical devices, receiving a guideline on criteria which need to be integrated into an IT network according to the standard ISO/IEC 80001-1. Together the CRISAM® ISO 80001 Knowledge Pack and the CRISAM® ISMS Knowledge Pack provide the necessary objects for modelling a medical IT infrastructure.
Only by feeding the latest Knowledge Packs into CRISAM® IT risk management systems new risks can reliably be identified and the system can be updated accordingly.
The following relevant reports for your clinical IT infrastructure are already integrated into CRISAM® Explorer: business impact analysis, risk analysis, GAP analysis, catalog of measures and implementation.
The CRISAM® ISO 80001 Knowledge Pack is an industry-specific catalog, which is used as a supplement to the basic CRISAM® ISMS Knowledge Pack.
Figure 1 Example – Fault tree including ISO/IEC 80001 components
Objects of the CRISAM® ISO 80001 Knowledge Pack are modelled together with objects of the CRISAM® ISMS Knowledge Pack in the form of fault trees.
Moreover, risks are evaluated according to their business impact on the medical processes within the healthcare environment and compared with the risk acceptance value or target value. Based on deviations from the target values, the GAP analysis provides the needed measures to meet the target value and the criteria for “going live”.