I've been heads down the last couple of weeks preparing for my risk workshops at the University of Waterloo. In my research I've found that the best site from which to buy standards is the ANSI (American National Standards Institute) eStandards Store. I was able to buy Security Standards ISO 17799 and ISO27001 for $30 USD each (the price on the Standards Council of Canada Website was $199.98 CDN and $131.75 CDN respectively). Other risk management standards I think are useful and will be integrated into the eHealth Risk/Opportunity Report card are:
ANSI/AAMI HE74:2001 - Human Factors Design Process for Medical Devices
IEC62198 - Project Risk Management - Application Guidelines
IEEE1490 - IEEE Guide - Adoption of PMI Standard - A Guide to the Project Management Body of Knowledge
There are also two relevant standards being developed by ISO TC215 WG4. They are at a very early stage of development. You might be able get them if you know someone on the committee ;-) They are:
Health Informatics - Application of risk management to the manufacture of health software; and
Health Informatics - Guidance on risk evaluation and management in the deployment and use of health software.