PDISO/TR80001-2-7:2015 IS0/TR80001-2-7:2015(E) TableA.60-MDP.3BP.2 MDP.3 BP2: Define the responsibilities of stakeholders within the responsibility agreement Question: Guidance: MDP.3 BP2 Q.1 Define the responsibilities of stakeholders within the responsibility agreement. A responsibility agreement may cover one or more projects or the maintenance of one Do the responsibility or more medical IT-networks, and shall identify responsibility for all aspects of the agreement(s) define medical IT-network life cycle and all activities that form part of that life cycle. the responsibilities of stakeholders? The responsibility agreements shall contain (or refer to documents which contain) at aminimum: the name of the person responsible for risk management for the activities covered by the responsibility agreement; the scope of the activities covered by the responsibility agreement, including a summary ofand/orreferencetotherequirements; a list of the medical devices and other equipment which are to be incorporated into the IT-network or changed, together with the names of medical device manufac- turers or other organizations responsiblefor the provision oftechnical information necessaryfor the completion of the project; a listofdocumentstobesuppliedbythemedicaldevicemanufacturersand other equipmentsuppliers that contain instructions for connection to or disconnection from an IT-network; technical information to be supplied by the medical device or IT manufacturers and other equipment suppliers that is necessary to perform risk analysis for the IT-network; definition of roles and responsibilities in managing potentially adverse events. The responsible organization shall provide a summary of responsibilities as appro- priate. If the co-operation of manufacturers of medical devices, suppliers of other equipment, or other organizations is necessary in addition tothelisted documents supplied by identify the nature of the co-operation required; State: Who is responsible for requesting such co-operation? Who isresponsibleforrespondingto such requests? What criteria will be used to judge the adequacy of such response? Since this information can change through the lifecycle ofa medical IT-network,it is Technical Report: Section: IEC80001-2-3 8.12 External partnering with both MEDICAL DEVICE and networking manufacturer IEC80001-2-4 5.4.5 External IT and bio-medical engineering support IEC80001-2-4 6RESPONSIBILITYAGREEMENTS @ IS0 2015 - All rights reserved 31 PD ISO/TR 80001-2-7:2015 IS0/TR80001-2-7:2015(E) TableA.61MDP.3BP.3 MDP.3BP3: Define the scope ofthe responsibilityagreement. Define the scope ofthe responsibility agreement includingwhetherthe agreementapplies to one or more project orthe maintenance ofoneormore Medical IT-Networks.ComplianceischeckedbyinspectionoftheMedicalIT-Networkriskmanagementfile. Question: Guidance: MDP.3 BP3 Q.1 Define the scope ofthe responsibility agreement including whether the agree- ment applies to one or more project or the maintenance of one or more Medical Has the scope of the IT-Networks. Compliance is checked by inspection of the Medical IT-Network risk responsibility agree- management file. ment(s) been defined and documented? Technical Report: Section: IEC80001-2-3 8.12 External partnering with both MEDICALDEVICE and networking manufac- turer IEC 80001-2-4 5.4.5 External IT and bio-medical engineering support IEC 80001-2-4 6RESPONSIBILITYAGREEMENTS A.1.14MDP.4RiskManagementPolicyProcess Table A.62 -MDP.4BP.1 MDP.4BP1:EstablishRisk Management Policy.Risk Managementpolicy outlines criteriafordetermining acceptablerisk,takingintoaccountrelevantinternationalstandardsandnationalorregionalregulations. Question: Guidance: MDP.4 BP1 Q.1 Topmanagement ensure that a risk Management policy is established and that it outlines criteria for determining acceptable risk, taking into account relevant Has a risk management international standards andnational orregional regulations. policy been established? Technical Repo