ISO 81001-1 Edition 2 establishes fundamental principles and conceptual frameworks for ensuring safety, effectiveness, and security of health software and health information technology systems. Currently in Committee Draft (CD) stage under ISO/TC 210/WG1, the document is undergoing international standardization review with a voting deadline of March 27, 2026. This standard serves as a foundational framework supporting medical device software regulation globally, providing overarching principles that align with and complement harmonized standards including IEC 62304, ISO 14971, and others. The document addresses the integrated governance of safety, effectiveness, and cybersecurity across the health software lifecycle. Manufacturers should reference this standard to establish consistent quality management approaches and risk governance frameworks applicable to health software and IT systems. Edition 2 reflects evolving regulatory expectations regarding artificial intelligence, machine learning, and connected health technologies in the medical device ecosystem.

Establishes requirements and guidance on assurance case framework for healthcare delivery organizations and health software manufacturers.

Provides principles, concepts, terms and definitions for health software and health IT systems, covering safety, effectiveness and security across the full life cycle.

Provides guidance on the application of ISO 14971:2019 for risk management of medical devices, including practical examples and clarifications.

Specifies terminology, principles and a process for risk management of medical devices, including software-only medical devices.

Specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services.

Provides guidance on the application of ISO 14971 to medical device software, addressing software-specific aspects of risk management.