We acknowledge that BSI correctly identified a traceability gap in R-TF-013-002 for risk R-DAG ("The medical device outputs a wrong result"), per ISO 14971:2019 clause 7.2 (verification of implementation of risk control measures). The mitigationRequirements field contained infrastructure SRS codes identical to causeRequirements, and the verificationOfImplementation test cases verified only the transport layer (API port, HTTP status codes, JSON format), not the clinical output mitigations BSI flagged.
The implementations exist and have been verified — the gap was in the traceability documentation, not in the actual risk controls. We have corrected R-TF-013-002 to establish complete traceability from mitigation → requirement → test case → result for each implemented mitigation.
Mitigation-by-mitigation traceability (R-DAG)
| Element | Reference |
|---|
| Mitigation requirement | LR-4XK (Read IFU before use), LR-9WR (Device outputs interpretation guidance), LR-4RZ (Warnings and precautions), LR-8YN (Device supervision requirement) |
| IFU location | apps/eu-ifu-mdr/versioned_docs/version-1.1.0.0/installation-manual/user-interface.mdx — Full JSON output structure including probability distributions, entropy scores, explainability media, clinical indicators, severity scores |
| IFU location | apps/eu-ifu-mdr/versioned_docs/version-1.1.0.0/troubleshooting/clinical.mdx — Interpretation of distributions, entropy as uncertainty measure, top-5 accuracy approach |
| Verification | Labeling requirements verification documented in R-TF-012-037; complete evidence provided in M2 Q2 response |
| Element | Reference |
|---|
| Mitigation requirement | SRS-0AB (Generate per-image ICD analysis with explainability heat map), SRS-K7M (Orchestrate diagnosis support workflow with pixel-level attention indicators) |
| Test case | C256 (T123): Verify response includes per-image ICD probabilities and heat maps for top five categories — validates explanation.attentionMap objects, colour model data, Base64-encoded image data |
| Test case | C265 (T132): Verify diagnosis workflow returns ranked ICD-11 codes, binary indicators, and explainability maps — validates entropy, pixel-level attention indicators (heat maps/saliency masks) |
| Test execution | R-TF-012-033 Software Tests Plan — all tests passed |
| Model-level verification | AI Models Integration Tests (T307-T379, C466-C539) verify each AI model produces correct explainability outputs |
Mitigation 3: "The device returns an interpretative distribution representation of possible ICD categories, not just one single condition"
| Element | Reference |
|---|
| Mitigation requirement | SRS-Q3Q (Generate aggregated ICD probability distribution from a set of images), SRS-K7M (Compute normalized probability vector across all supported ICD-11 categories) |
| Test case | C255 (T122): Verify API returns aggregated ICD probability distribution with structured code details — validates hypotheses array with numeric probability fields, valid ICD-11 code structures |
| Test case | C265 (T132): Verify diagnosis workflow returns ranked ICD-11 codes — validates top-5 ranked ICD-11 categories, probability sum = 100% across full distribution, entropy, five binary indicators |
| Test execution | R-TF-012-033 Software Tests Plan — all tests passed |
| Model-level verification | AI Models Integration Tests (T307-T379, C466-C539) verify each AI model produces correct probability_distribution and icd_distribution data |
Mitigation 4: "AI models are subject to retraining under expanded datasets"
This is a prospective lifecycle control, not a runtime software feature. It has no software-level test cases because it is verified through QMS process adherence, not through runtime tests.
| Element | Reference |
|---|
| Process definition | GP-028 AI Development, § AI Updates → Retraining: "Retraining is performed when an algorithm's core logic or data foundation is modified" |
| Change governance | GP-023 Change Control: classifies retraining as minor or major AI model version change |
| Verification mechanism | R-TF-028-010 AI V&V Checks: mandatory verification before any retrained model is released |
| Documentation | R-TF-028-007 AI Retraining Report: mandatory output of any retraining activity |
Note: No retraining has been performed for v1.1.0.0 (no completed R-TF-028-007 record exists). Retraining is a prospective control triggered by PCCP criteria (e.g., post-market data indicating performance drift, new training data available). The mitigation statement in R-TF-013-002 has been reworded to accurately reflect this prospective nature, per ISO 14971:2019 clause 7.2 note on risk control measures that may include "inherent safety by design, protective measures, or information for safety."
Systematic audit of all risks
BSI noted: "It is unclear if other risks are similarly impacted." A systematic audit of all 62 risks in R-TF-013-002 was performed. 29 risks were identified with traceability gaps analogous to R-DAG. They fall into three categories:
Category A: Infrastructure/API risks with process-level mitigations (21 risks)
These risks had mitigationRequirements identical to causeRequirements with infrastructure-only verification. The mitigations are process-level controls (security best practices, SOUP analysis, QMS procedures) that require process-level verification references, not just software test cases.
| Risk ID | Risk name | Process-level verification added |
|---|
| R-T8Q | Data transmission failure from HCP system | Security and availability techniques per R-TF-012-006; error handling in API documentation |
| R-3N5 | Data input failure | Security and availability techniques per R-TF-012-006; error handling in API documentation |
| R-YF4 | Data accessibility failure | Security and availability techniques per R-TF-012-006; error handling in API documentation |
| R-LRP | Data transmission failure | FHIR interoperability per IFU; added LR-5TG, LR-7XP to mitigationRequirements |
| R-MWD | Interruption of service | Elastic scaling and backup infrastructure per R-TF-012-006; REST protocol error handling |
| R-OM1 | Data overwrite | REST protocol architecture per R-TF-012-006; request immutability is inherent design feature |
| R-B63 | Inconsistent or unreliable output | Algorithm V&V per GP-012; representative dataset validation per R-TF-028-010 |
| R-VL1 | Device failure or performance degradation | Elastic scaling infrastructure per R-TF-012-006; error handling in API documentation |
| R-72D | SOUP anomaly/incompatibility | SOUP analysis per R-TF-012-023; compatibility evaluation per GP-012; design review records in DHF |
| R-MQ1 | SOUP not maintained nor patched | SOUP monitoring and patching process per R-TF-012-006; SOUP records in R-TF-012-023 |
| R-QLF | Non-compliance with GSPR | GSPR compliance per R-TF-001-006 GSPR Checklist; design per harmonized standards per R-TF-012-006 |
| R-ES8 | Absence of risk management process | ISO 14971 implementation per GP-013; risk management records in R-TF-013-001 and R-TF-013-002 |
| R-C6Q | Absence of PMS & PMCF process | PMS plan per R-TF-018-001; PMCF plan per R-TF-015-002 |
| R-27M | Inadequate maintenance | Maintenance activities per GP-012; SOUP maintenance per R-TF-012-006 |
| R-9SS | SOUP cybersecurity vulnerabilities | SOUP analysis per R-TF-012-023; cybersecurity evaluation per SP-012-002; design review records in DHF |
| R-33B | Electronic IFU tampered | Git workflow with GPG-signed commits per GP-012; RBAC and branch protections in repository configuration |
| R-GY6 | Inaccurate training data | Image selection and HCP labeling process per GP-028; dataset quality records in R-TF-028-001 |
| R-7US | Biased or incomplete training data | Image selection and HCP labeling process per GP-028; dataset diversity records in R-TF-028-001 |
Category B: Security risk with missing SRS codes (1 risk)
| Risk ID | Risk name | SRS codes added | Test cases added |
|---|
| R-HH0 | Electronic data and content tampered | SRS-1KW, SRS-SDZ, SRS-WER, SRS-WGF | C332, C333, C343, C344, C345, C351, C352, C353, C354 |
Category C: Retraining mitigation with no traceability (5 risks)
These risks include AI model retraining as an implemented mitigation but had no process-level verification reference:
| Risk ID | Risk name | Corrective action |
|---|
| R-DAG | Wrong result (ICD distribution) | The original BSI finding — added SRS-Q3Q, SRS-0AB, SRS-K7M; C255, C256, C265; retraining process refs (GP-028, GP-023, R-TF-028-010) |
| R-75H | Incorrect clinical information | Added SRS-0AB, SRS-K7M; C256, C265; retraining process refs; reworded mitigation to prospective form |
| R-SKK | Incorrect results shown to patient | Fixed typo "retarining" → "retraining"; added SRS-Q3Q, SRS-0AB, SRS-K7M; C255, C256, C265; retraining process refs |
| R-75L | Stagnation of model performance | Reworded mitigation to prospective form; added retraining process refs (GP-028, GP-023, R-TF-028-010) |
| R-PWK | Degradation of model performance | Reworded mitigation to prospective form; added manual retraining process refs (GP-028, GP-023, R-TF-028-010) |
All affected risks have been corrected in the updated R-TF-013-002.
Summary of changes to R-TF-013-002
R-DAG (Risk: "The medical device outputs a wrong result")
| Field | Change |
|---|
implementedMitigations[3] | Reworded from "AI models undergo retraining using expanded dataset of images" to "AI models are subject to retraining under expanded datasets as governed by GP-028 (§ AI Updates → Retraining) and GP-023 (Change Control), with verification through R-TF-028-010 (AI V&V Checks) before any retrained model is released." |
mitigationRequirements | Added SRS-Q3Q, SRS-0AB, SRS-K7M (kept existing infrastructure codes alongside) |
verificationOfImplementation | Added test cases C255 (T122), C256 (T123), C265 (T132); added reference to AI Models Integration Tests (T307-T379, C466-C539); added process-level references for retraining (GP-028, GP-023, R-TF-028-010) |
| Field | Change |
|---|
implementedMitigations[2] | Reworded retraining statement to prospective form |
mitigationRequirements | Added SRS-0AB, SRS-K7M |
verificationOfImplementation | Added test cases C256 (T123), C265 (T132); added AI Models Integration Tests reference; added process-level retraining references |
R-SKK (Risk: "Incorrect results shown to patient")
| Field | Change |
|---|
implementedMitigations[3] | Corrected typo "retarining" → "retraining"; reworded to prospective form |
mitigationRequirements | Added SRS-Q3Q, SRS-0AB, SRS-K7M |
verificationOfImplementation | Added test cases C255 (T122), C256 (T123), C265 (T132); added AI Models Integration Tests reference; added process-level retraining references |
R-HH0 (Risk: "Electronic data and content are tampered")
| Field | Change |
|---|
mitigationRequirements | Added SRS-1KW (TLS), SRS-SDZ (hashed passwords), SRS-WER (OAuth), SRS-WGF (AES-256 encryption) |
verificationOfImplementation | Added test cases C332, C333 (TLS), C343, C344, C345 (auth), C351, C352, C353 (OAuth), C354 (encryption) |
| Field | Change |
|---|
implementedMitigations | Reworded to prospective form with explicit governance references (GP-028, GP-023, R-TF-028-010) |
verificationOfImplementation | Added process-level retraining references |
| Field | Change |
|---|
implementedMitigations | Reworded to clarify manual-only retraining with explicit governance references (GP-028, GP-023, R-TF-028-010) |
verificationOfImplementation | Added process-level retraining references |
Category A risks (21 risks with process-level mitigations)
For all Category A risks (R-T8Q, R-3N5, R-YF4, R-LRP, R-MWD, R-OM1, R-B63, R-VL1, R-72D, R-MQ1, R-QLF, R-ES8, R-C6Q, R-27M, R-9SS, R-33B, R-GY6, R-7US):
| Field | Change |
|---|
verificationOfImplementation | Added process-level verification references to QMS procedures and records where mitigations are documented |
mitigationRequirements | For R-LRP: Added LR-5TG, LR-7XP (FHIR IFU documentation) |
Regulatory compliance
The corrective actions address:
- ISO 14971:2019 clause 7.2: Verification of implementation of risk control measures — complete traceability chain now documented
- ISO 14971:2019 clause 7.6: Completeness of risk control — systematic audit confirmed all analogous risks have been corrected
- ISO 14971:2019 clause 7.4: Benefit-risk analysis — conclusions unchanged by traceability corrections
- GSPR 1: Intended performance — mitigations (explainability, distributions, IFU) ensure device output supports HCP decision-making as intended
- GSPR 4: Risk management system per Annex I §3 — traceability chain is now complete
- GSPR 17.2: Diagnostic accuracy — ICD probability distribution and explainability media are the mechanisms by which accuracy/precision are communicated to HCP
- Annex II 5(b): Description and justification of residual risks — R-TF-013-002 demonstrates residual risks acceptable after verified controls
- Annex II 6.1(a)/(b): Evidence of GSPR compliance — verification test cases now clearly map to mitigations
- Annex II 6.2(f): Risk analysis including risk control measures — complete traceability chain fulfils this requirement
Note on traceability matrix (R-TF-012-001)
The Software Requirements Specification (SRS) codes and test cases added to R-TF-013-002 already existed in the traceability matrix R-TF-012-001 (apps/qms/docs/legit-health-plus-version-1-1-0-0/design-and-development/R-TF-012-001.json). Specifically:
- SRS-Q3Q, SRS-0AB, SRS-K7M (clinical output mitigations) → already mapped to test cases C255, C256, C265
- SRS-1KW, SRS-WER, SRS-SDZ, SRS-WGF (security mitigations) → already mapped to test cases C332, C333, C343, C344, C345, C351, C352, C353, C354
The gap identified by BSI was a referencing error in the Risk Management Record (R-TF-013-002), not a missing implementation or verification gap. The requirements were implemented, the tests were executed, and the traceability was documented in R-TF-012-001 — the Risk Record simply failed to reference the correct codes.
R-TF-012-001 has not been modified as part of this corrective action because no changes to the requirement-to-test traceability were necessary.
Documents modified
| Document | Path | Changes |
|---|
| R-TF-013-002 Risk Management Record | apps/qms/docs/legit-health-plus-version-1-1-0-0/risk-management/R-TF-013-002.json | Corrected traceability for 29 risks: (1) R-DAG, R-75H, R-SKK — added clinical mitigation SRS codes and test cases; (2) R-HH0 — added security SRS codes and test cases; (3) R-75L, R-PWK — reworded retraining mitigations to prospective form; (4) 21 Category A risks — added process-level verification references; (5) R-LRP — added LR codes for FHIR documentation; (6) R-GY6, R-7US — fixed incomplete mitigation text; (7) Fixed R-SKK typo "retarining" → "retraining" |
Documents not impacted
| Document | Path | Reason |
|---|
| R-TF-012-001 Traceability Matrix | apps/qms/docs/legit-health-plus-version-1-1-0-0/design-and-development/R-TF-012-001.json | SRS codes and test cases already existed; corrective action was referencing, not implementation |