IEC 81001-5-1 - secure software lifecycle for health software

IEC 81001-5-1 defines the secure development lifecycle for health software and is the foundational standard for the security risk management activities the FDA and Notified Bodies expect.

What changed

Establishes secure development lifecycle phases parallel to IEC 62304.
Defines security risk management vocabulary used by AAMI SW96 and MDCG 2019-16.

Action for manufacturers

Map your SDLC to 81001-5-1 phases; reviewers increasingly expect the standard to be cited as the basis for your security activities.

Primary sources

IEC 81001-5-1 (IEC webstore)

Related Blue Goat Cyber resources

Security risk assessment under IEC 81001-5-1

Entry metadata

Date: Dec 1, 2021
Agency: IEC
Type: Standard
Status: Active
Impact: High
Last reviewed: Jun 5, 2026

Applies to

Health software
SaMD

Ready when you are

Get FDA cleared without the cybersecurity headaches.

30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.

Book strategy session Explore services