Medical care is digitising fast. Secure connected medical device networks, meet the proactive risk-management obligations placed on medical IT networks, evidence the industry standards IEC 80001-1 and EN ISO 27799, and produce audit-ready reports at the push of a button — as standard software, with no additional programming.
See whats includedDefinition
CRISAM® for healthcare & pharmaceuticals is a governance, risk and compliance (GRC) platform with a built-in information security management system, designed for organisations operating medical IT networks. It supports the proactive risk management that is a legally binding obligation in the medical technology environment, helps you professionally implement the industry-relevant standards IEC 80001-1 and EN ISO 27799, calculates IT risk using the scientifically proven CRISAM® method with fault tree analysis, and generates audit-ready reports. Available as SaaS or on-premise.
What’s in the content library
With CRISAM® you can professionally implement the industry-relevant standards IEC 80001-1 and EN ISO 27799, backed by a content library of 40+ standards drawing on the ISO 27000 series, BSI IT-Grundschutz, ITIL and COBIT. Its multi-compliance mapping lets you evidence the same controls against UK health, care and pharmaceutical obligations. Content is updated at least once a year within your subscription.
In practice
CRISAM® lets you assess risks both as deviations from technical, organisational and normative references and in terms of their relevance to your organisation. Risks are identified and assessed using the fault tree analysis included in CRISAM® in accordance with CRISAM® method, so causes and effects across your connected medical device networks are immediately recognisable.
Deviations from standard requirements and the state of the art are displayed immediately in the software and as a report, and necessary actions are a few clicks away via the recommended actions in the CRISAM® Content Libraries — making results transparent for information security officers, clinical and operational leads, executive management and auditors.
How CRISAM® compares
FAQs
Yes. As more and more computer-assisted medical devices are connected to the hospital IT network, the security and reliability of medical device networks becomes central. Proactive risk management is a legally binding obligation for IT networks in the medical technology environment, and CRISAM® supports implementing these requirements with a structured, professional risk-management process — exactly the need underlined by the standards IEC 80001-1 and EN ISO 27799.
With CRISAM® you can professionally implement the industry-relevant standards IEC 80001-1 (risk management for IT networks incorporating medical devices) and EN ISO 27799 (information security management in health using ISO/IEC 27002). CRISAM® lets you assess risks both as deviations from technical, organisational and normative references and in terms of their relevance to your organisation, supporting an effective, resource-saving and certified information security and risk-management process.
UK health and care organisations work to the NHS Data Security and Protection (DSP) Toolkit, the clinical risk management standards DCB0129 and DCB0160, the Cyber Assessment Framework adapted for health and care, and UK GDPR for patient data. CRISAM®’s built-in ISMS and multi-compliance mapping let you record a security measure once and evidence it against several frameworks, so the same control work can support both your IEC 80001-1 / EN ISO 27799 management system and these UK reporting obligations.
Both. CRISAM® can run as a dedicated SaaS instance (in the CALPANA Azure tenant or your own Azure tenant) or be installed on-premise in your own data centre. The SaaS option offers the same functionality as the on-premise version, with no feature restrictions, as a dedicated rather than shared service.
You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou need to load content from reCAPTCHA to submit the form. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Hubspot Embedded Content. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Hubspot Meetings. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from Instagram. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationYou are currently viewing a placeholder content from X. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More Information