• An incident response plan detailing responsibilities and how to react and
recover from incidents, shall be in place. Staff involved in the incident
response plan shall be trained to respond appropriately and effectively.
• A formal user provisioning and de-provisioning process shall be
implemented to enable the appropriate management of access rights to
medical devices.
• Users shall be assigned unique accounts to medical devices.
• User access rights to medical devices shall be reviewed for appropriateness
and corrected as needed, at regular intervals not exceeding once a year.
48
| Drystar AXYS | Introduction
2852E EN 20210601 1655