AAMI TIR57-2016 (2019) PDF

Full title and description

AAMI TIR57:2016 (Principles for medical device security — Risk management) — a Technical Information Report from the Association for the Advancement of Medical Instrumentation (AAMI) that provides guidance to medical device manufacturers and other stakeholders on performing information-security risk management for medical devices, integrated with safety risk management processes such as ISO 14971.

Abstract

This TIR explains methods for identifying assets, threats, and vulnerabilities; estimating and evaluating security risks to devices and their data; selecting and implementing risk controls; and documenting security risk management across the device lifecycle. It expands ISO 14971 safety-oriented risk management to explicitly address security impacts on safety, effectiveness, and information systems, and includes informative annexes with process examples and engineering guidance.

General information

• Status: Active; Technical Information Report (with later reaffirmations).
• Publication date: 5 June 2016 (original publication); recognized by FDA 27 June 2016.
• Publisher: Association for the Advancement of Medical Instrumentation (AAMI).
• ICS / categories: Health care technology / medical equipment and medical-device informatics (commonly cataloged under ICS 11.040 and IT/Software & informatics subject classifications).
• Edition / version: TIR57:2016 (with documented reaffirmation entries such as R2019 and later confirmation entries).
• Number of pages: 84 pages.

Scope

The report provides guidance for performing information-security risk management for medical devices within the safety-risk framework required by ISO 14971. It addresses the identification of security-related assets, threats, and vulnerabilities; methods for security risk analysis and evaluation; risk-control selection and implementation; and lifecycle documentation and monitoring. The guidance is intended for premarket design and development as well as for considerations that affect device safety and performance.

Key topics and requirements

• Integration of security risk management with ISO 14971 safety-risk processes (aligning security, safety and effectiveness).
• Identification of assets, threat sources, attack vectors, and vulnerabilities specific to medical devices.
• Security risk analysis and estimation methods (likelihood and impact considerations oriented to safety/effectiveness).
• Selection and validation of security risk controls and verification of residual risk acceptability.
• Informative annexes with engineering principles, worked examples, questions for requirements generation, and security-risk examples applied to devices.

Typical use and users

Primary users are medical device manufacturers (product security teams, design engineers, regulatory and quality personnel), clinical engineers, cybersecurity engineers, and regulatory reviewers. The TIR is used to inform device design controls, hazard analyses, premarket submissions, and internal security risk frameworks that must demonstrate how security influences device safety and effectiveness.

Related standards

Key related documents include ISO 14971 (risk management for medical devices), IEC 80001-1 (risk management for IT networks incorporating medical devices), AAMI TIR97 (postmarket security risk management), IEC 62304 (medical device software lifecycle), and relevant NIST guidance (e.g., NIST SP 800-30) referenced in the TIR. These are commonly used together when developing device cybersecurity and safety cases.

Keywords

medical device security, cybersecurity, risk management, ISO 14971, security risk analysis, threat modeling, vulnerability assessment, security controls, postmarket security, AAMI TIR57.

FAQ

Q: What is this standard?

A: AAMI TIR57:2016 is a Technical Information Report offering guidance on principles and processes for medical-device information-security risk management, intended to be used alongside established device safety-risk processes.

Q: What does it cover?

A: It covers threat and vulnerability identification, security risk analysis and evaluation, selection and verification of risk controls, lifecycle documentation, and provides informative annexes with examples and engineering guidance to help manufacturers translate security risk into safety-relevant mitigations.

Q: Who typically uses it?

A: Device manufacturers (security, engineering, regulatory, and quality teams), clinical/biomedical engineers, product-security consultants, and regulatory reviewers use the TIR to justify security risk-management approaches and to align cybersecurity with device safety and regulatory expectations.

Q: Is it current or superseded?

A: The original publication date is 2016 (TIR57:2016); the report has later confirmation/reaffirmation entries (for example R2019 and R2023 confirmations are documented by AAMI). It remains a foundational TIR for device security but should be used alongside more recent consensus standards and regulatory guidance where applicable.

Q: Is it part of a series?

A: Yes—TIR57 is part of AAMI’s cybersecurity-related suite of technical information reports and is commonly paired with AAMI TIR97 (postmarket security risk management) and other standards like IEC/ISO risk and software lifecycle standards. Later AAMI/ANSI documents and newer consensus standards build on or complement TIR57.

Q: What are the key keywords?

A: medical device cybersecurity; security risk management; ISO 14971; threat modeling; security controls; device safety and effectiveness; risk acceptability; postmarket vulnerability management.