Class I Software as a Medical Device (SaMD)/General In Vitro Diagnostics (IVD) SaMD Quality Management System (QMS)

Development of a software as a medical device Quality Management System (QMS) sufficient for Class I/General IVD (software) self-certification route.

The QMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

Standards

• Relevant Class I aspects of:
  • ISO 13485: 2016 (Medical devices QMS)
  • IEC 62304: 2006 and 2015 (Medical device software — Software life cycle processes)
• Full compliance to:
  • ISO 14971: 2019 (Medical devices — Application of risk management to medical devices)
  • DCB0129: 2018 (clinical safety risk management)

DCB0129 Clinical Safety Management System (CSMS)

Development of an NHS Health IT Clinical Safety Management System (CSMS) compliant to DCB0129 (clinical safety risk management).

Note: This is not required (as already included) if opting for the Class I SaMD QMS (see above).

The QMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

It is also possible to deliver the CSMS as a series of Word documents and templates, however this is more difficult and time consuming for the appointed CSO to work with and not as methodical and traceable.

Standards

• DCB0129: 2018 (clinical safety risk management)

Information Security Management System (ISMS)

Development of an Information Security Management System (ISMS) compliant to GDPR, ISO 27001 and the NHS Data Security and Protection Toolkit.

The ISMS can be delivered as a harmonised bolt-on to any QMS or CSMS project or delivered as a standalone ISMS.

The ISMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

It is also possible to deliver the ISMS as a series of Word documents and templates.  

Standards

• General Data Protection Regulation (GDPR) and UK GDPR
• ISO 27001: 2012 (Information Security Management)
• NHS Data Security & Protection Toolkit (DSPT)

Physical Medical Device (Class I/General IVD) QMS

Development of a physical medical device Quality Management System (QMS) sufficient for Class I/General IVD self-certification route.

The QMS can be delivered as a harmonised bolt-on to a SaMD QMS or delivered as a standalone QMS.

The QMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

It is also possible to deliver the QMS as a series of Word documents and templates to be stored in the Client’s Document Management System.

Standards

• Relevant Class I aspects of ISO 13485: 2016 (Medical devices QMS)
• Full compliance to ISO 14971: 2019 (Medical devices — Application of risk management to medical devices)

Combined Class I SaMD/Physical Medical Device QMS 

Development of a combined software as a medical device and physical medical device Quality Management System (QMS) sufficient for Class I/General IVD self-certification route.

The QMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

Standards

• Relevant Class I aspects of:
  • ISO 13485: 2016 (Medical devices QMS)
  • IEC 62304: 2006 and 2015 (Medical device software — Software life cycle processes)
• Full compliance to:
  • ISO 14971: 2019 (Medical devices — Application of risk management to medical devices)
  • DCB0129: 2018 (clinical safety risk management)

Class IIa/IIb SaMD QMS

Development of a software as a medical device Quality Management System (QMS) sufficient for Class IIa/IIb or IVD (software) via a Notified Body auditor route.

The QMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

Standards

• Full compliance to software aspects of:
  • ISO 13485: 2016 (Medical devices QMS)
  • IEC 62304: 2006 and 2015 (Medical device software — Software life cycle processes)
  • ISO 14971: 2019 (Medical devices — Application of risk management to medical devices)
  • DCB0129: 2018 (clinical safety risk management)

Combined Class IIa/IIb SaMD/Physical Medical Device QMS 

Development of a combined software as a medical device and physical medical device Quality Management System (QMS) sufficient for Class IIa/IIb or IVD (software) via a Notified Body auditor route.  

The QMS should be implemented into the Client’s system used for tracking of software development (e.g. Confluence/Jira).  Add on apps for digital signatures (eg. Comala), testing (eg. TestRail or Zephyr) and risk management (eg. Risk Manager) will be required.

Standards

• Full compliance to:
  • ISO 13485: 2016 (Medical devices QMS)
  • IEC 62304: 2006 and 2015 (Medical device software — Software life cycle processes)
  • ISO 14971: 2019 (Medical devices — Application of risk management to medical devices)
  • DCB0129: 2018 (clinical safety risk management)

Class I Medical Device, General IVD or Class A IVD Self Certification CE Marking

Complete project to achieve CE/UKCA marking and registration of a Class I, General IVD or Class A IVD medical device (SaMD, physical or IVD) under either of the following legislation:

• UK Medical Devices Regulation (2002) as it exists from 1st January 2021.
• Medical Devices Directive 93/42/EEC.
• In Vitro Diagnostic Medical Devices Directive 98/79/EC.
• Active Implantable Medical Devices Directive 90/385/EEC.
• EU Medical Devices Regulation 2017/745.
• EU In Vitro Diagnostic Medical Devices Regulation 2017/746.

This project must run alongside or follow on after a QMS build project.

Class IIa/b/Non-General/Class B, Class C or Class D IVD Self Certification CE Marking

Complete project to achieve CE/UKCA marking and registration of a Class IIa, Class IIb or Non-General IVD (Class B or Class C) medical device (SaMD, physical and IVD – combined included) under the either of the following legislation:

• UK Medical Devices Regulation (2002) as it exists from 1st January 2021.
• Medical Devices Directive 93/42/EEC.
• In Vitro Diagnostic Medical Devices Directive 98/79/EC.
• Active Implantable Medical Devices Directive 90/385/EEC.
• EU Medical Devices Regulation 2017/745.
• EU In Vitro Diagnostic Medical Devices Regulation 2017/746.

This project must run alongside or follow on after a QMS build and ISO 13485 certification project.