ISO TR 27809-2007 PDF

Full title and description

ISO/TR 27809:2007 — Health informatics — Measures for ensuring patient safety of health software. This technical report addresses control measures, life‑cycle considerations and standards-related guidance intended to reduce risks to patients arising from health software products that are not regulated as medical devices.

Abstract

ISO/TR 27809:2007 summarises recommended control measures and standards that could be applied to health software to help ensure patient safety. It focuses on health software products that are not medical devices or accessories and is intended to identify suitable standards and adaptations of existing medical-device practices (for example quality management and risk management) rather than to mandate regulation. The report was published in 2007 and later withdrawn from the ISO catalogue.

General information

• Status: Withdrawn.
• Publication date: July 2007 (Edition 1, 2007).
• Publisher: International Organization for Standardization (ISO).
• ICS / categories: 35.240.80 (Health informatics / IT applications in health care).
• Edition / version: Edition 1 (2007).
• Number of pages: 38 (ISO bibliographic record).

Scope

The technical report applies to health software products whether or not they are placed on the market or offered for sale, excluding software that is necessary for the proper application of a medical device, an accessory to a medical device, or which is itself a medical device. Its aim is to identify what standards might best be used or developed and how controls applied to medical devices could be adapted for health software to reduce patient‑safety risks.

Key topics and requirements

• Identification of hazards and risks associated with health software and recommendations for life‑cycle risk management practices.
• Guidance on adapting medical‑device quality and safety practices (for example ISO 13485 / ISO 14971 approaches) to the development and maintenance of health software.
• Recommendations on organisational controls, documentation, verification/validation and configuration management to reduce patient harm.
• Consideration of what existing standards (and potential new standards) are needed to underpin safe manufacture, deployment and use of health software.

Typical use and users

Primary users include manufacturers and developers of health software products, healthcare providers responsible for procuring and deploying such software, standards bodies and regulators considering non‑device health software governance, and risk/safety managers seeking guidance on reducing patient‑safety hazards from software use. Healthcare organisation executives and procurement teams may also use the report to inform policy and purchasing controls.

Related standards

ISO/TR 27809:2007 references and relates to numerous device‑ and software‑related standards and guidance (examples include ISO 14971 on risk management, ISO 13485 on quality management for medical devices, IEC/ISO software life‑cycle standards such as IEC 62304, and various technical specifications and guides used in medical device regulation). National and regional deliverables (for example BSI adaptations and CEN technical specifications) are commonly cited alongside the TR.

Keywords

Health informatics; health software; patient safety; risk management; software life cycle; verification and validation; quality management; medical‑device practices; standards guidance.

FAQ

Q: What is this standard?

A: ISO/TR 27809:2007 is a technical report from ISO (Technical Committee ISO/TC 215) titled "Health informatics — Measures for ensuring patient safety of health software", offering guidance on control measures and standards to protect patients from harms associated with health software.

Q: What does it cover?

A: It covers recommended control measures, life‑cycle considerations and standards‑related guidance for health software products that are not classified as medical devices, including hazard identification, risk management approaches and recommendations for adapting device‑oriented quality/safety practices to software.

Q: Who typically uses it?

A: Manufacturers and developers of health software, healthcare organisations (procurement, safety and IT teams), standards developers and regulators reviewing non‑device health software practices, and risk or quality managers seeking guidance on reducing patient‑safety risks from software.

Q: Is it current or superseded?

A: The ISO bibliographic record shows ISO/TR 27809:2007 as withdrawn. Users should consult current ISO and national publications and more recent standards (for example device‑software life‑cycle standards and guidance documents) for up‑to‑date normative requirements.

Q: Is it part of a series?

A: It is a standalone ISO technical report produced under ISO/TC 215 (Health informatics) and forms part of the wider body of ISO guidance and technical reports addressing health informatics and safety; it is commonly referenced alongside other ISO and IEC standards relevant to medical software and safety.

Q: What are the key keywords?

A: Health software, patient safety, risk management, software life cycle, verification and validation, quality management, health informatics.