STÓR

An Evaluation of Risk Management Standards and Frameworks for assuring Data Security of Medical Device Software AI Models

Jayaneththi, Buddhika and Regan, Gilbert and Fergal, McCafery (2024) An Evaluation of Risk Management Standards and Frameworks for assuring Data Security of Medical Device Software AI Models. In: ICSOFT 2024 - Proceeding of 19th International Conference on Software Technologies, Dijon, France.

[thumbnail of An Evaluation of Risk Management Standards and Frameworks for assuring Data Security of MDS AI models.pdf] PDF - Published Version
Download (337kB)

Abstract

Data is the backbone of Artificial Intelligence (AI) applications, including Medical Device Software (MDS) AI models which rely on sensitive health data. Assuring security of this sensitive health data is a key requirement for MDS AI models and there should be a structured way to manage the risk caused by data security compromises. Implementing a security risk management standard/framework is an effective way to develop a solid baseline for managing security risks, measuring the effectiveness of security controls and meeting compliance requirements. In this paper, nine risk management standards/frameworks in data/information security, AI, Medical Devices (MDs) and AI-enabled MDs domains are evaluated to identify their gaps and implementation challenges when applying them to assure data security of MDS AI models. The results show that currently there is no specific standard/framework that specifically addresses data security risk management of MDS AI models, and that existing standards/frameworks have several gaps such as complexity of the implementation process; lack of detailed threat and vulnerability catalogues; lack of a proper method for risk calculation/estimation; and lack of risk controls and control implementation details. These gaps necessitate the need for the development of a new data security risk management framework for MDS AI models.

Item Type: Conference or Workshop Item (Paper)
Subjects: Computer Science
Computer Science > Computer Software
Research Centres: Regulated Software Research Centre
Depositing User: BuddhikaGayashani Jayaneththi
Date Deposited: 13 Nov 2025 11:31
Last Modified: 13 Nov 2025 11:31
URI: https://eprints.dkit.ie/id/eprint/955

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

EPrints Logo
STÓR is powered by EPrints 3.4 which is developed by the School of Electronics and Computer Science at the University of Southampton. About EPrints | Accessibility