IEC TR 80001-2-9:2017（E）建立了一个安全案例框架，并为医疗服务提供组织（HDO）和医疗设备制造商（MDM）提供了识别、开发、解释、更新和维护网络医疗设备安全案例的指导。80001本部分的使用旨在成为弥合MDMs和HDOs之间差距的可能手段之一，以提供足够的信息支持IT网络的HDOs风险管理。本文件利用ISO/IEC 15026-2中规定的要求来开发保证案例。本安全案例框架无意取代风险管理策略，而是旨在补充风险管理，进而通过以下方式为医疗器械提供更高水平的保证: -将特定风险管理步骤映射到每个IEC TR 80001- 2-2安全能力，识别相关威胁和漏洞，并以安全案例的形式呈现，包括可重复使用的安全模式； -为选择适当的安全控制措施以建立安全能力提供指导，并将其作为安全案例模式的一部分呈现（IEC TR 80001-2-8提供了此类安全控制措施的示例）； -提供证据以支持安全控制的实施，从而为每个安全能力的建立提供信心。 开发安全案例的目的是证明建立IEC TR 80001-2-2安全能力的信心。在安全案例开发过程中收集和记录的工件的质量是相关利益相关者之间责任协议的一部分。 本文件通过使用特定的安全模式，为此类方法提供指导，以系统的方式开发和解释安全案例。

IEC TR 80001-2-9:2017(E) establishes a security case framework and provides guidance to health care delivery organizations (HDO) and medical device manufacturers (MDM) for identifying, developing, interpreting, updating and maintaining security cases for networked medical devices. Use of this part of 80001 is intended to be one of the possible means to bridge the gap between MDMs and HDOs in providing adequate information to support the HDOs risk management of IT-networks. This document leverages the requirements set out in ISO/IEC 15026-2 for the development of assurance cases. It is not intended that this security case framework will replace a risk management strategy, rather, the intention is to complement risk management and in turn provide a greater level of assurance for a medical device by: - mapping specific risk management steps to each of the IEC TR 80001-2-2 security capabilities, identifying associated threats and vulnerabilities and presenting them in the format of a security case with the inclusion of a re-useable security pattern; - providing guidance for the selection of appropriate security controls to establish security capabilities and presenting them as part of the security case pattern (IEC TR 80001-2-8 provides examples of such security controls); - providing evidence to support the implementation of a security control, hence providing confidence in the establishment of each of the security capabilities. The purpose of developing the security case is to demonstrate confidence in the establishment of IEC TR 80001-2-2 security capabilities. The quality of artifacts gathered and documented during the development of the security case is agreed and documented as part of a responsibility agreement between the relevant stakeholders. This document provides guidance for one such methodology, through the use of a specific security pattern, to develop and interpret security cases in a systematic manner.