March 2022 Standards Navigator Report

This March 2022 Standards Navigator Report content is only available to Standards Navigator subscribers. See our Subscribe page for information on subscriptions.

SoftwareCPR® Standards Navigator provides information and tools related to standards that play a significant role in health software and software intensive medical devices.  In addition to information on existing standards, our report keeps you up to date on new standards activity and gives you expert insight into future changes to existing standards.

Standards Outlook for 2022

Standards Published in 2021

The standard recently published that will likely become used by regulators to establish best practices for cybersecurity is IEC 81001-5-1.

IEC 80001-1:2021

Edition 2.0 (2021-09-21)

Application of risk management for IT-networks incorporating medical devices – Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software


ISO 81001-1:2021

Edition 1.0 (2021-03-31)

Health software and health IT systems safety, effectiveness and security – Part 1: Principles and concepts


IEC 81001-5-1:2021

Edition 1.0 (2021-12-16)

Health software and health IT systems safety, effectiveness and security – Part 5-1: Security – Activities in the product life cycle


ISO TS 82304-2:2021

Edition 1.0 (2021-07-30)

Health software – Part 2: Health and wellness apps – Quality and reliability


Standards Currently In Development

None of the documents in development or proposed for new work in IEC or ISO are expected to be completed in 2022.


IEC TR 80001-2-2 ED2

Application of risk management for IT-networks incorporating medical devices – Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls


IEC TR 80001-2-8 ED2

Application of risk management for IT-networks incorporating medical devices – Part 2-8: Application guidance – Guidance on standards for establishing the security capabilities identified in IEC TR 80001-2-2


ISO TS 81001-2-1 ED1

Health software and health IT systems safety, effectiveness, and security – Part 2-1: Coordination – Guidance for the use of assurance cases for safety and security


AAMI documents in development

These are expected to be completed in 2022. Current drafts of these documents are being balloted in AAMI.

ANSI/AAMI SW96 (new)

Standard for medical device security — Security risk management for device manufacturers

AAMI TIR45 (revised)

Guidance on the use of AGILE practices in the development of medical device software 


Items Proposed but not yet begun

 Preliminary work is underway on these and they are likely to be approved for more formal activity during 2022.


IEC TR 62366-2:2016 Edition 2

Medical devices – Part 2: Guidance on the application of usability engineering to medical devices


ISO 34971

Application of 14971 to Artificial Intelligence for Risk Management


PWI 62-3

Artificial Intelligence/Machine Learning-enabled Medical Device – Performance Evaluation Process


PNW 62-411 ED1

Testing of Artificial Intelligence / Machine Learning-enabled Medical Devices


A new Ad Hoc Group (AHG)

Safe, Effective and Secure Digital Therapeutics is being established by ISO TC 215 and IEC SC 62A.

The AHG is to:

(a) provide recommendations on how to integrate digital therapeutics into the shared scopes of TC 215 and IEC/SC 62A

(b) provide a report on Safety, Effectiveness and Security of Digital Therapeutics, including an initial list of potential new work item proposals and revisions to existing standards

SoftwareCPR Training Courses:

IEC 62304 and other emerging standards for Medical Device and HealthIT Software

Our flagship course for preparing regulatory, quality, engineering, operations, and others for the activities and documentation expected for IEC 62304 conformance and for FDA expectations. The goal is to educate on the intent and purpose so that the participants are able to make informed decisions in the future.  Focus is not simply what the standard says, but what is meant and discuss examples and approaches one might implement to comply.  Special deep discount pricing available to FDA attendees and other regulators.

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Brian Pate

Next public offering:  TBD

Email to request a special pre-registration discount.  Limited number of pre-registration coupons.

Registration Link:




Being Agile & Yet Compliant (Public or Private)

Our SoftwareCPR unique approach to incorporating agile and lean engineering to your medical device software process training course is now open for scheduling!

  • Agile principles that align well with medical
  • Backlog management
  • Agile risk management
  • Incremental and iterative software development lifecycle management
  •  Frequent release management
  • And more!

2-days onsite (4 days virtual) with group exercises, quizzes, examples, Q&A.

Instructors: Mike Russell, Ron Baerg

Next public offering: March 7 & 28, 2024

Virtual via Zoom

Registration Link:

Register Now



Medical Device Cybersecurity (Public or Private)

This course takes a deep dive into the US FDA expectations for cybersecurity activities in the product development process with central focus on the cybersecurity risk analysis process. Overall approach will be tied to relevant standards and FDA guidance documentation. The course will follow the ISO 14971:2019 framework for overall structure but utilize IEC 62304, IEC 81001-5-1, and AAMI TIR57 for specific details regarding cybersecurity planning, risk characterization, threat modeling, and control strategies.

2-days onsite with group exercises, quizzes, examples, Q&A.

Instructor: Dr Peter Rech, 2nd instructor (optional)

Next public offering:  TBD

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.