Standards Development

Scope

This document is intended to provide guidance for the application of cybersecurity in safety standards for anaesthetic and respiratory equipment. It is intended to assist each committee in identifying, assessing, and addressing cybersecurity risks, and in the preparation of corresponding requirements in an appropriate and consistent way. This document is applicable to particular device standards for anaesthetic and respiratory equipment with external (accessible) data interfaces (Signal Input/Output Part (SIP/SOP)).

Purpose

Medical devices such as anaesthetic and respiratory equipment typically include software needed for their intended use. Software can be used to control those devices effectively and safely, to interact with other devices via wired or wireless data interfaces, to store settings or data relevant for the treatment of a patient. Therefore, cybersecurity is an important part of the safety architecture of those devices and can also include privacy aspects. Regarding privacy leaks as a potential harm ("damage to property"), there is no clear distinction between the risks arising from safety-related security aspects and privacyrelated security aspects. Techniques that ensure data integrity for safety aspects commonly also provide appropriate privacy (appropriate to the intended use of anaesthetic and respiratory equipment to support patients). Hence, this document may not explicitly distinguish between security and privacy.

National and regional regulatory requirements and guidance for cybersecurity exist. For the design of medical devices, two general cybersecurity documents were considered as a basis for this document:

IEC TR 60601-4-5:2021, Medical Electrical Equipment - Part 4-5: Guidance and Interpretation - Safety- Related Technical Security Specifications IEC 81001-5-1:202x, Health software and health IT systems safety, effectiveness and security – Part 5- 1: Security - Activities in the product life cycle AAMI TIR 57:2016, Principles for Medical Device Security - Risk Management

The security specifications developed for particular standards may not be sufficient if the devices are combined with other devices and components into a larger system for clinical deployment. (For example, the addition of the new components may violate some of the security assumptions.) This document provides writers of particular standards for anaesthetic and respiratory equipment with guidance on how to derive appropriate cybersecurity specifications for those standards, based on the mentioned cybersecurity documents.