The Crosswalk

    AAMI

    AAMI TIR57

    Source

    Principles for medical device security, risk management

    Last updated ·

    What it is

    The bridge between ISO 14971 (safety risk) and IEC 80001 / IEC 62443 (security risk). FDA names it as a recognised consensus standard.

    Why it matters

    If you reference TIR57 in your risk management plan, the FDA accepts the structure with little debate. Increasingly cited in SFDA and Health Canada too.

    Adopted or referenced by

    FDA Health Canada SFDA

    Key clauses

    Security risk = patient safety risk

    Threats are evaluated for impact on safety, effectiveness and data.

    Threat modelling

    STRIDE-based approach commonly applied.