Subclause 6.7 – ALARM
SYSTEM security
ü
The need for and complexity of security for ALARM PRESETS depend on the complexity of the ALARM SYSTEM and the importance of the ALARM SYSTEM to PATIENT or OPERATOR safety.
?
The effectiveness of any
security system depends critically on its implementation by the RESPONSIBLE
ORGANIZATION. Only
the RESPONSIBLE ORGANIZATION can adequately control the security system so that OPERATORS cannot compromise it.
אלא אם
כן היצרן מספק
ציוד שאינו
מחייב
התערבות מוסדית.
יש כזה?
ü
In some legacy equipment, access to configuration of an ALARM PRESET (including DEFAULT ALARM PRESET) has not been restricted. In such
instances, OPERATORS have,
intentionally or unintentionally, changed an ALARM PRESET (including the DEFAULT ALARM
PRESET). PATIENT safety can be compromised when an OPERATOR expects certain ALARM PRESETS on equipment, but the equipment actually
has different ALARM PRESETS.
?
To prevent
this problem, MANUFACTURERS
need to use care in designing the means to store
ALARM PRESETS.
כשאין מה
לומר, אומרים
שצריך להיות
זהירים.
ü
Access to
configuration of an ALARM
PRESET is restricted to authorized persons.
עוד דוגמא
של
טאוטולוגיה
ü
There can
be more than one level of restriction. For example, OPERATORS should be able to store OPERATOR-configured ALARM
PRESETS, but should not be able to store RESPONSIBLE ORGANIZATION-configured ALARM PRESETS. RESPONSIBLE
ORGANIZATIONS should be able to store RESPONSIBLE ORGANIZATION-configured ALARM PRESETS. Only MANUFACTURERS
should be able to store MANUFACTURER DEFAULT ALARM PRESETS.
ü
In some
instances, the password for RESPONSIBLE
ORGANIZATION-configured ALARM
PRESETS has been printed in the technical description
(service manual). These manuals have then been placed where they are accessible
to an OPERATOR, and the OPERATOR has learned the password.
M
Such
passwords should be made available only to the RESPONSIBLE ORGANIZATION.
זוהי גזירה
שאי אפשר
לעמוד בה
M
Both the MANUFACTURER and RESPONSIBLE
ORGANIZATION should avoid disclosure of such passwords to an OPERATOR. Therefore, the MANUFACTURER should emphasize the need to maintain password
privacy in the technical description (instructions to RESPONSIBLE ORGANIZATIONS).
מה עושים במשמרת לילה כאשר יש צורך לשנות ערכים ברמת הארגון?
במקום להרים ידיים, עדיף להנחות את היצרן ו-או הארגון לקחת בחשבון מצבים בהם אין בארגון מי שיבצע שינויים. לאפשר למשתמש לשנות פרמטרים לזמן מוגבל-לחולה ספציפי.
?
Similarly,
an OPERATOR should not be permitted to
change the OPERATOR-configured ALARM PRESETS of other OPERATORS. One
solution would be password-protection for each OPERATOR to store his or her own OPERATOR-configured ALARM PRESETS.
לא ברורים הצורך והתועלת בכך שלכל משתמש יש הגדרת תצורה משלו.