Development of a Process Assessment Model for Assessing Medical IT Networks against IEC 80001-1

  • Silvana Togneri MacMahon
  • Fergal McCaffery
  • Sherman Eagles
  • Frank Keenan
  • Marion Lepmets
  • Alain Renault
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 290)


Increasingly medical devices are being designed to allow them to exchange information over an IT network. However incorporating a medical device into an IT network can introduce risks which can impact the safety, effectiveness and security of the medical device. Medical devices are stringently tested according to regulation during the design and manufacture process. However until the introduction of IEC 80001-1: Application of Risk Management for IT-Networks incorporating Medical Devices, no standard addressed the risks of incorporating a medical device into an IT network. In order to perform an assessment (which is compliant with ISO/IEC 15504-2) of an IT network against IEC 80001-1, a Process Assessment Model is required. Based on the relationship between IEC 80001-1 and ISO/IEC 20000-1, this paper examines how the TIPA transformation process developed by Public Research Centre Henri Tudor was used to develop a process assessment model (TIPA PAM) for ISO/IEC 20000-1. It also examines how a process assessment model can be developed following that transformation process to assess Medical IT networks against IEC 80001-1.


IEC 80001-1 ISO/IEC 15504 - Process Assessment Service Management ISO/IEC 20000-1 TIPA ITIL 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    IEC, IEC 80001-1 - Application of Risk Management for IT-Networks incorporating Medical Devices - Part 1: Roles, responsibilities and activities. International Electrotechnical Commission, Geneva (2010) Google Scholar
  2. 2.
    ISO/IEC, ISO/IEC 20000-1:2011 - Information technology —Service management Part 1: Service management system requirement, Geneva, Switzerland (2011)Google Scholar
  3. 3.
    Barafort, B., Betry, V., Cortina, S., Picard, M., St Jean, M., Renault, A., Valdés, O., Tudor, P.R.C.H.: ITSM Process Assessment Supporting ITIL: Using TIPA to Assess and Improve your Processes with ISO 15504 and Prepare for ISO 20000 Certification. In: Best Practice, vol. 217. Van Haren, Zaltbommel (2009)Google Scholar
  4. 4.
    ISO/IEC, ISO/IEC 15504-2 - Software engineering — Process assessment — Part 2: Performing an assessment, Geneva, Switzerland (2003)Google Scholar
  5. 5.
    Cooper, T., David, Y., Eagles, S.: Getting Started with IEC 80001: Essential Information for Healthcare Providers Managing Medical IT-Networks, p. 76. Association for the Advancement of Medical Instrumentation (2011)Google Scholar
  6. 6.
    ISO, ISO 14971:2007 - Medical Devices - Application of Risk to Medical Devices. International Organisation for Standardization, Geneva (2007) Google Scholar
  7. 7.
    Cartlidge, A., Hanna, A., Rudd, C., Macfarlane, I., Windebank, J., Rance, S.: An introductory Overview of ITILv3 - A high-level overview of the IT INFRASTRUCTURE LIBRARY. The UK Chapter of the itSMF (2007)Google Scholar
  8. 8.
    Barafort, B., Di Renzo, B., Merlan, O.: Benefits Resulting from the Combined Use of ISO/IEC 15504 with the Information Technology Infrastructure Library (ITIL). In: Oivo, M., Komi-Sirviö, S. (eds.) PROFES 2002. LNCS, vol. 2559, pp. 314–325. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    ISO/IEC, ISO/IEC TR 24774:2010 - Systems and software engineering — Life cycle management — Guidelines for process description, Geneva, Switzerland (2010)Google Scholar
  10. 10.
    ISO/IEC, ISO/IEC 15504-5 - Information technology — Process Assessment — Part 5: An exemplar Process Assessment Model, Geneva, Switzerland (2006)Google Scholar
  11. 11.
    ISO/IEC, ISO/IEC 20000-2:2005 - Information technology – Service management – Part 2: Code of Practice, Geneva, Switzerland (2005)Google Scholar
  12. 12.
    ISO/IEC, ISO/IEC TR 20000-4:2010 - Information technology — Service management - Part 4: Process reference model, Geneva, Switzerland (2010)Google Scholar
  13. 13.
    Dugmore, J., Taylor, S.: (2008) ITILv3 and ISO/IEC 20000 - Alignment White Paper. Best Management Practice for IT Service Management (March 2008)Google Scholar
  14. 14.
    Barafort, B., Renault, A., Picard, M., Cortina, S.: A transformation process for building PRMs and PAMs based on a collection of requirements – Example with ISO/IEC 20000. In: SPICE 2008, Nuremberg, Germany (2008)Google Scholar
  15. 15.
    ISO/IEC, ISO/IEC PDTR 15504-8 - Information technology – Process assessment – Part 8: An exemplar process assessment model for IT service management, Geneva, Switzerland (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Silvana Togneri MacMahon
    • 1
  • Fergal McCaffery
    • 1
  • Sherman Eagles
    • 2
  • Frank Keenan
    • 1
  • Marion Lepmets
    • 3
  • Alain Renault
    • 3
  1. 1.Regulated Software Research Group, Department of Computing & MathematicsDundalk Institute of Technology & LeroDundalk Co.Ireland
  2. 2.SoftwareCPRSaint PaulUSA
  3. 3.Public Research Centre Henri TudorLuxembourg

Personalised recommendations