Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

YY/T 1843-2022 PDF English

US$380.00 · In stock · Download in 9 seconds
YY/T 1843-2022: Basic requirements of cybersecurity for medical electrical equipment
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
YY/T 1843-2022380 Add to Cart Auto, 9 seconds. Basic requirements of cybersecurity for medical electrical equipment Valid

Similar standards

YY/T 1837   YY/T 1833.3   YY/T 1833.2   YY/T 1833.5   

YY/T 1843-2022: Basic requirements of cybersecurity for medical electrical equipment

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/YYT1843-2022
YY PHARMACEUTICAL INDUSTRY STANDARD ICS 11.040.01 CCS C 30 Basic requirements of cybersecurity for medical electrical equipment Issued on. MAY 18, 2022 Implemented on. JUNE 01, 2023 Issued by. National Medical Products Administration

Table of Contents

Foreword... 3 Introduction... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions... 5 4 General requirements... 10 5 Test methods... 22 Appendix A (Normative) Requirements for the security capability testing process... 23 Appendix B (Informative) Relevance between this document and other documents. 27 Appendix C (Informative) Guidance and rationale for specific clauses... 28 Appendix D (Informative) Considerations regarding personal sensitive data in this document... 36 References... 38

Foreword

This document was drafted in accordance with the rules given in GB/T 1.1-2020, Directives for standardization - Part 1.Rules for the structure and drafting of standardizing documents. Please note that some of the contents of this document may involve patents. The issuing organization of this document is not responsible for identifying patents. This document was proposed by National Medical Products Administration. This document shall be under the jurisdiction of National Technical Committee 10 on Medical Electrical Equipment of Standardization Administration of China (SAC/TC 10). Drafting organizations of this document. Shanghai Medical Device Testing Institute, National Drug Administration Medical Device Technology Evaluation Center, National Computer Network Emergency Response Technical Team/Coordination Center of China, China Institute of Food and Drug test, Jiangsu Medical Device Testing Institute, UL-CCIC Co., Ltd., Shenzhen Mindray Bio-Medical Electronics Co., Ltd., Neusoft Medical Systems Co., Ltd., Edan Instruments, Inc., BMC Medical Co., Ltd., Philips (China) Investment Co., Ltd., Siemens Shanghai Medical Equipment Ltd., GE Medical Systems Trade & Development (Shanghai) Co., Ltd., Medtronic (Shanghai) Management Co., Ltd. Chief drafting staffs of this document. Liu Chongsheng, Peng Liang, Xing Xiao, Wang Chenxi, Liu Ru, Zhang Bo, Tao Hua, Ma Ruibing, Chen Yongqiang, Chen Bei, Chen Dayu, Cao Jingtai, Qin Chuan, Xia Weijie.

1 Scope

This document specifies the basic requirements for cyber security of medical electrical equipment, medical electrical system and medical device software. This document applies to medical electrical equipment, medical electrical system and medical device software with functions of user access, electronic data exchange or remote control.

2 Normative references

There are no normative references in this document.

3 Terms and definitions

The following terms and definitions are applicable to this document. 3.1 Safety Do not pose an unacceptable risk to persons, property or the environment. [Source. ISO/IEC GUIDE 51.2014, 3.14, modified] 3.2 Confidentiality The characteristic that information is not available or disclosed to unauthorized persons, entities or processes. [Source. GB/T 29246-2017, 2.12] 3.3 Malware Software designed to maliciously disrupt normal functionality, collect sensitive data, and/or access other connected systems. 3.4 Firewall A network security product that analyzes the passing data stream and realizes access control and security protection functions. 3.5 Risk The combination of the probability of occurrence of an injury and the severity of that injury. [Source. YY/T 0316-2016, 2.16] 3.6 Risk analysis The process of systematically using available information to identify hazard (sources) and estimate risks. [Source. YY/T 0316-2016, 2.17]

4 General requirements

4.1 *Security capability description 4.1.1 Identification and content 4.1.1.1 The security capability description shall reflect its document identification. 4.1.2 *Classification 4.1.2.1 According to the type of expected access network, it can be divided into products expected to access private network and public network. 4.1.3 Product feature description 4.1.3.1 The security capability description shall classify products according to 4.1.2. 4.1.3.2 The security capability description shall specify the intended use of the product. 4.1.3.3 The security capability description shall provide a list of all electronic interfaces of the product in its intended configuration, including. 4.1.3.5 The security capability description shall indicate the different configurations used in the product or the supported configurations. 4.1.4 Storage confidentiality The security capability description shall include a statement about the confidentiality of storage of sensitive data. 4.1.7 User access control The security capability description shall contain a statement of product user access control, including the user access control measures adopted and the details of such control measures. 4.1.18 Accountability The security capability description shall include a statement about the product’s accountability content and its means. 4.1.20 Maintainability 4.1.20.1 The security capability description shall include the maintenance content related to cyber security in the product maintenance plan, and specify the responsible organization for cyber security maintenance. 4.2 Requirements for user documentation set 4.2.1 Identification and content 4.2.1.1 The user documentation set shall reflect its unique document identification. 4.2.1.2 The user documentation set shall be able to identify the identification of the corresponding product. 4.2.2 Management functions If the product is deployed in an HDO, the user documentation set shall clarify the user’s administrative functions, especially the responsibilities of IT administrators. 4.2.3 Identity information in health data The user documentation set shall provide the necessary guidance on how to de-identify health data as stated in the security capability description. 4.2.4 User access control The user documentation set shall contain guidance on the functions of user access control. 4.2.5 User authorization The user documentation set shall state all existing roles and their access rights. 4.2.6 Automatic logoff The user documentation set shall provide reference information on automatic logoff as stated in the security capability description. 4.2.7 Emergency access The user documentation set shall state the directions for accessing necessary product functions or health data under the state of emergency. 4.2.10 Accountability The user documentation set shall provide guidance on how to view internet security incident records as stated in the security capability statement. 4.2.11 Data backup and disaster recovery The user documentation set shall provide necessary guidance for product data backup and disaster recovery according to the statements of the security capability description. 4.2.12 Maintainability 4.3 Security capability requirements 4.3.1 Confidentiality 4.3.1.1 The product shall be implemented in accordance with the confidentiality features stated in the security capability description. 4.3.1.2 The product shall be provided with confidential means for all sensitive data generated, stored, used or transmitted by the product. 4.3.4 User authorization Products shall be implemented in accordance with the statements about user authorization in the security capability description. 4.3.6 Emergency access Products shall comply with the statement about emergency access in the security capability description. Where applicable, means shall be provided to allow access to health data in emergency situations. Emergency access shall be recorded and available for verification. 4.3.13 Integrity and authenticity of health data Products shall be implemented in accordance with the statement in the security capability description regarding the integrity and authenticity of health data. 4.3.15 Data backup and disaster recovery The product shall be implemented in accordance with the statement about data backup and disaster recovery in the security capability description. 4.3.16 Maintainability The product shall be implemented in accordance with the statement about maintainability in the security capability description and the user documentation set.

5 Test methods

5.1 Verify compliance with the requirements of 4.1 by checking the product security capability description. 5.2 Verify compliance with the requirements of 4.2 by examining the user documentation set. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of YY/T 1843-2022 be delivered?Answer: The full copy PDF of English version of YY/T 1843-2022 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of YY/T 1843-2022_English with my colleagues?Answer: Yes. The purchased PDF of YY/T 1843-2022_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- YY/T 1843-2022 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of YY/T 1843-2022?

A step-by-step guide to download PDF of YY/T 1843-2022_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "YY/T 1843-2022".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9