The Approach to the Development of an Assessment Method for IEC 80001-1

  • Silvana Togneri MacMahon
  • Fergal McCaffery
  • Frank Keenan
Part of the Communications in Computer and Information Science book series (CCIS, volume 349)


IEC 80001-1 is a risk management standard that addresses the risks associated with the incorporation of a medical device into an IT network. Our research in the area of IEC 80001-1 has to date been focused on the development of a Process Reference Model (PRM) and Process Assessment Model (PAM) for assessment against IEC 80001-1. In this paper we present the approach to the next phase of our research which focuses on the development of an assessment method which will be used to perform an assessment using the IEC 80001-1 PAM. The assessment method will ensure a standardized approach to performing an assessment while identifying key success and will contain a list of questions which will allow assessors to determine the capability level of processes within the PAM. The results of the assessment can be used as a basis for process improvement.


IEC 80001-1 ISO/IEC 15504 - Process Assessment Risk Management Medical IT Networks Assessment Method 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Guidance for Industry - Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software, Food and Drug Administration (2005)Google Scholar
  2. 2.
    IEC, IEC 80001-1 - Application of Risk Management for IT-Networks incorporating Medical Devices - Part 1: Roles, responsibilities and activities. International Electrotechnical Commission, Geneva (2010)Google Scholar
  3. 3.
    Cooper, T., et al.: Getting Started with IEC 80001: Essential Information for Healthcare Providers Managing Medical IT-Networks. AAMI (2011)Google Scholar
  4. 4.
    ISO/IEC, ISO/IEC 15504-2:2003 - Software engineering — Process assessment — Part 2: Performing an assessment, Geneva, Switzerland (2003)Google Scholar
  5. 5.
    ISO/IEC, ISO/IEC 15504-5:2012 Information technology – Process assessment – Part 5: An exemplar software life cycle process assessment model, Geneva, Switzerland (2012)Google Scholar
  6. 6.
    ISO/IEC, ISO/IEC 12207:2008 - System and Software Engineering - Software Life Cycle Processes, Geneva, Switzerland (2008) Google Scholar
  7. 7.
    ISO/IEC, ISO/IEC 20000-1:2011 - Information technology —Service management Part 1: Service management system requirements, Geneva, Switzerland (2011)Google Scholar
  8. 8.
    ISO/IEC, ISO/IEC 20000-2:2005 - Information technology – Service management – Part 2: Code of Practice, Geneva, Switzerland (2005) Google Scholar
  9. 9.
    Barafort, B., et al.: ITSM Process Assessment Supporting ITIL: Using TIPA to Assess and Improve your Processes with ISO 15504 and Prepare for ISO 20000 Certification, vol. 217. Van Haren, Zaltbommel (2009)Google Scholar
  10. 10.
    Cartlidge, A., et al.: An introductory Overview of ITILv3 (2007)Google Scholar
  11. 11.
    The Cabinet Office, ITIL 2011 - Summary of Updates. Crown Copyright, Norfolk (2011)Google Scholar
  12. 12.
    ISO/IEC, ISO/IEC TS 15504-8 - Information technology – Process assessment – Part 8: An exemplar process assessment model for IT service management, Geneva, Switzerland (2012) Google Scholar
  13. 13.
    Picard, M., Renault, A., Cortina, S.: How to improve process models for better ISO/IEC 15504 process assessment. In: Riel, A., O’Connor, R., Tichkiewitch, S., Messnarz, R. (eds.) EuroSPI 2010. CCIS, vol. 99, pp. 130–141. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Barafort, B., et al.: A transformation process for building PRMs and PAMs based on a collection of requirements – Example with ISO/IEC 20000. Presented at the SPICE, Nuremberg, Germany (2008)Google Scholar
  15. 15.
    ISO/IEC, ISO/IEC TR 24774:2010 - Systems and software engineering — Life cycle management — Guidelines for process description, Geneva, Switzerland (2010)Google Scholar
  16. 16.
    ISO/IEC, ISO/IEC TR 20000-4:2010 - Information technology — Service management - Part 4: Process reference model, Geneva, Switzerland (2010)Google Scholar
  17. 17.
    ISO/IEC, ISO/IEC 15504-3:2004 Information technology – Process assessment – Part 3: Guidance on performing an assessment, Geneva, Switzerland (2004)Google Scholar
  18. 18.
    Busby, M., et al.: Appraisal Requirements for CMMI (Registered Trademark) Version 1.3 (ARC, V1. 3), DTIC Document 2011 (2011)Google Scholar
  19. 19.
    SCAMPI Upgrade Team, Standard CMMI Appraisal Method for Process Improvement (SCAMPI) A, Version 1.3: Method Definition Document (2011)Google Scholar
  20. 20.
    Hayes, W., et al.: Handbook for Conducting Standard CMMI Appraisal Method for Process Improvement (SCAMPI) B and C Appraisals, Version 1.1 (2005)Google Scholar
  21. 21.
    Rout, T.P., et al.: The rapid assessment of software process capability. In: First International Conference on Software Process Improvement and Capability Determination, pp. 47–56 (2000)Google Scholar
  22. 22.
    Wilkie, F., et al.: The Express Process Appraisal Method (2005)Google Scholar
  23. 23.
    McCaffery, F., Casey, V.: Med-Adept: A Lightweight Assessment Method for the Irish Medical Device Software Industry. Presented at the EuroSPI, Grenoble, France (2010)Google Scholar
  24. 24.
    McCaffery, F., et al.: Adept: A unified assessment method for small software companies. IEEE Software 24, 24–31 (2007)CrossRefGoogle Scholar
  25. 25.
    IEC, IEC 62304:2006 Medical device software – Software life cycle processes, Geneva, Switzerland (2006)Google Scholar
  26. 26.
    ISO, ISO 14971:2007 - Medical Devices - Application of Risk to Medical Devices. International Organisation for Standardization, Geneva (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Silvana Togneri MacMahon
    • 1
  • Fergal McCaffery
    • 1
  • Frank Keenan
    • 1
  1. 1.Regulated Software Research Group, Department of Computing & MathematicsDundalk Institute of Technology & LeroCo. LouthIreland

Personalised recommendations