Risikomanagement in der Medizintechnik mit CRISAM®.

Healthcare & pharmaceuticals IT risk management & ISMS compliance software

Medical care is digitising fast. Secure connected medical device networks, meet the proactive risk-management obligations placed on medical IT networks, evidence the industry standards IEC 80001-1 and EN ISO 27799, and produce audit-ready reports at the push of a button — as standard software, with no additional programming.

See whats included

Home » Healthcare & Pharmaceuticals

Definition

What is CRISAM® for healthcare & pharmaceuticals?

CRISAM® for healthcare & pharmaceuticals is a governance, risk and compliance (GRC) platform with a built-in information security management system, designed for organisations operating medical IT networks. It supports the proactive risk management that is a legally binding obligation in the medical technology environment, helps you professionally implement the industry-relevant standards IEC 80001-1 and EN ISO 27799, calculates IT risk using the scientifically proven CRISAM® method with fault tree analysis, and generates audit-ready reports. Available as SaaS or on-premise.

Supports the proactive risk management legally required for IT networks in the medical technology environment
Helps you professionally implement IEC 80001-1 and EN ISO 27799
Scientifically proven risk method (CRISAM® method fault tree analysis) with multi-compliance mapping to support the NHS DSP Toolkit, DCB0129/0160 and MHRA GxP

More connected devices, a larger attack surface

More and more medical devices are connected to the hospital IT network for faster transmission of patient data and to monitor the devices themselves — expanding the attack surface that must be secured.

Proactive risk management is now obligatory

Proactive risk management is a legally binding obligation for IT networks in the medical technology environment. The high responsibility of the network operator makes structured, professional risk management necessary.

Operators must evidence the standards

Operators must demonstrate that they meet the industry-relevant standards IEC 80001-1 and EN ISO 27799, which underline the need for structured risk management of medical device networks.

More connected, more responsible and now legally bound

How CRISAM® solves it

One integrated management system for medical IT networks

The scientifically proven CRISAM® method

Risks are identified and assessed using the fault tree analysis included in the CRISAM® method, making causes and effects immediately recognisable. Risk is calculated, not estimated.

Deviations shown immediately, actions a click away

Deviations from standard requirements and the state of the art are immediately displayed in the software and as a report. Necessary actions are a few clicks away via the recommended actions in the CRISAM® Content Libraries.

Risk relevance and resource-saving operation

CRISAM® assesses risks both as deviations from references and in terms of their relevance to your organisation, supporting an effective, resource-saving and certified information security and risk-management process you can operate over the long term.

Implements IEC 80001-1 & EN ISO 27799

With CRISAM® you can professionally implement the industry-relevant standards IEC 80001-1 and EN ISO 27799 — supporting an effective, resource-saving and certified information security and risk-management process.

Multi-compliance mapping for UK frameworks

Record a measure once in your ISMS and evidence it across several frameworks so the same control work can support the NHS DSP Toolkit, DCB0129/0160, the CAF for health & care, UK GDPR and pharmaceutical MHRA GxP.

SaaS or on-premise – same functionality

Dedicated SaaS instance (CALPANA or your own Azure tenant) or on-premise — no shared service, no feature restrictions, with REST API integration.

What’s in the content library

Healthcare-relevant compliance content out of the box

With CRISAM® you can professionally implement the industry-relevant standards IEC 80001-1 and EN ISO 27799, backed by a content library of 40+ standards drawing on the ISO 27000 series, BSI IT-Grundschutz, ITIL and COBIT. Its multi-compliance mapping lets you evidence the same controls against UK health, care and pharmaceutical obligations. Content is updated at least once a year within your subscription.

IEC 80001-1Medical IT networks

EN ISO 27799Health infosec

ISO 27001ISMS

ISO 27002Controls

BSI IT-GrundschutzBaseline

40+ moreContent library

UK frameworks — the NHS Data Security and Protection (DSP) Toolkit, clinical risk management standards DCB0129 and DCB0160, the Cyber Assessment Framework adapted for health & care, UK GDPR, and pharmaceutical MHRA GxP (GMP/GDP) and GAMP 5 — are supported via the built-in ISMS and multi-compliance mapping, not as a separate shipped UK content pack.

In practice

CRISAM® evaluates your entire medical IT and device landscape

CRISAM® lets you assess risks both as deviations from technical, organisational and normative references and in terms of their relevance to your organisation. Risks are identified and assessed using the fault tree analysis included in CRISAM® in accordance with CRISAM® method, so causes and effects across your connected medical device networks are immediately recognisable.

Deviations from standard requirements and the state of the art are displayed immediately in the software and as a report, and necessary actions are a few clicks away via the recommended actions in the CRISAM® Content Libraries — making results transparent for information security officers, clinical and operational leads, executive management and auditors.

Request now

How CRISAM® compares

CRISAM® vs. a generic GRC tool vs. spreadsheets

Capability	CRISAM®	Generic GRC tool	Spreadsheets & docs
IEC 80001-1 / EN ISO 27799 support	✓ Included	● Partly	✕ Manual
Proactive medical-IT-network risk management	✓ Structured	✕ Generic	✕ No
Fault tree analysis — part of the CRISAM® method	✓ Built in	✕ No	✕ No
Deviations & recommended actions in software	✓ Immediate	● Effortful	✕ Days of work
Multi-compliance mapping (ISO ↔ DSP / CAF / GxP)	✓ Automatic	✕ No	✕ No
Scientific risk method — calculated, not estimated	✓ Yes	✕ No	✕ No
Return on Security Invest / simulation engine	✓ Built in	✕ No	✕ No
Standard software, no programming	✓ Yes	● Partly	—
SaaS & on-premise	✓ Both	● Usually SaaS only	—

Categories shown rather than named products. ✓ Yes · ● Partly · ✕ No.

FAQs

Public-sector GRC & ISMS compliance

No risk – let’s stay in touch

See CRISAM® for healthcare & pharmaceuticals in action

A live demo with a CRISAM® GRC specialist, tailored to your medical IT network obligations and existing tooling.