Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
      • Product Requirement Specification (PRS)
      • Software Requirement Specification (SRS)
      • R-TF-012-019 SOUPs
      • R-TF-012-023 Software Development Plan
      • R-TF-012-030 Software Configuration Management Plan
      • Review meetings
      • R-TF-012-033 Software Tests Plan
      • R-TF-012-037 Labeling and IFU Requirements
      • deprecated
      • T-012-029 Software Architecture Description
      • R-TF-012-029 Software Architecture Description
      • R-TF-012-040 Documentation level FDA
      • R-TF-012-041 Software Classification 62304
      • R-TF-012-043 Traceability Matrix
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Grants
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design and Manufacturing Information
  • R-TF-012-040 Documentation level FDA

R-TF-012-040 Documentation level FDA

Change history​

Product: Legit Health Plus Version: 1.1.0.0

Software maintenance​

The software maintenance activities for Legit Health Plus are managed according to the Risk Management Plan [T-013-001]and the Risk Management Record [R-TF-013-002].

After the product design is finalized, the risk management process continues as follows:

  • Risk management post-design: All design changes, new features, or modifications to existing functionality trigger a review of the risk management file to identify new risks or changes to existing risks.
  • Actions when new risks are identified: When new information could impact the existing risk assessment, the risk analysis is updated accordingly. New risks are evaluated following the ISO 14971 methodology, and appropriate risk control measures are implemented.
  • Product design updates: Any updates to the product design are evaluated for their impact on existing risks.

All maintenance activities are traced through the version control system (GitHub) and documented in design change control records [T-012-005].

Information Provided to the User​

Instructions for use​

The user documentation for Legit Health Plus includes:

  • Instructions for Use (IFU): Available in the EU IFU MDR and US IFU FDA websites
  • User Manual: Integrated within the software application and accessible through the help menu
  • Online Documentation: Available at https://docs.legit.health

All documentation is written to be understandable by the intended users (healthcare professionals, dermatologists, and clinical researchers) and includes:

  • Operational guidance
  • Intended use and indications for use
  • Contraindications and warnings
  • Technical specifications
  • Troubleshooting guidance

The current version of the IFU documents correspond to Legit Health Plus v1.1.0.0.

Labeling​

The labeling information for Legit Health Plus includes:

  • Warnings and Precautions: Documented in the IFU, including:

    • Device limitations
    • Potential risks and their mitigation
    • Conditions where the device should not be used
    • Required user qualifications

  • Regulatory Information: Including CE marking, UDI, manufacturer information, and device classification

  • Technical Specifications: Hardware and software requirements for proper operation

All labeling information complies with:

  • MDR 2017/745 Annex I, Chapter III
  • FDA 21 CFR Part 801
  • IEC 62366-1:2015 usability requirements

The complete labeling information is available in:

  • R-TF-012-037 Labeling and IFU Requirements
  • EU IFU MDR
  • US IFU FDA

Documentation Level Assessment​

StepQuestionAnswer
1Can an injury or illness resulting from a software failure be life threatening?No, go to step 2
2Is the device intended to treat or diagnose (determine status of) a life threatening disease or condition?No, go to step 3
3Does the automated software system control a life supporting or life sustaining function?No, go to step 4
4Does the automated software system control the delivery of potentially hazardous energy that could result in death or serious injury?No, go to step 5
5Does the software system control a life supporting device?No, go to step 6
6Is the software a blood establishment computer software?No, Basic documentation level

Documentation Level Rationale​

Considering:

  • The device description in [Description and Specifications]: Legit Health Plus is a SaMD that provides objective scoring of dermatological conditions using image analysis and AI algorithms.

  • The intended use and end users:` The device is intended for use by healthcare professionals to support clinical decision-making in the assessment and monitoring of dermatological conditions. It is not intended for life-threatening conditions or life-sustaining functions.

  • The environment of use: Clinical settings (hospitals, clinics, telemedicine platforms) where healthcare professionals assess dermatological conditions.

  • The answers to questions in Annex A of ISO 14971: The device is classified as Class IIa under MDR 2017/745, with the primary risk being misdiagnosis or incorrect severity assessment that could lead to inappropriate treatment decisions. However, the device is used as a support tool alongside clinical judgment.

  • The risks identified in the risk management file [R-TF-013-002]: All identified risks have been evaluated with residual risk levels in the acceptable range after implementation of risk control measures.

  • The software requirements in [R-TF-012-028 Software Requirement Specification]: Requirements focus on accurate image analysis, data security, and usability, without involvement in life-critical functions.

  • The answers to questions in IEC/TR 80002-1: The software does not directly control therapeutic interventions or critical medical functions.

  • The answers to the FDA documentation level questions above: All questions were answered "No".

The documentation level of Legit Health Plus according to FDA guidance is: BASIC (Level of Concern: Minor).

This classification is based on:

  1. The device does not control life-critical functions
  2. Software failure would not result in life-threatening injury
  3. The device is used as a decision support tool, not for direct diagnosis or treatment control
  4. Healthcare professionals maintain oversight and clinical judgment in all cases

Most critical risks​

The following table presents the most critical risks identified in [R-TF-013-002 Risk management record], evaluated according to the methodology defined in [GP-013 Risk management].

Risk evaluation methodology:

  • Severity (S): Scale 1-5 (Negligible, Minor, Major, Serious, Critical)
  • Probability (P1): Scale 1-5 (Improbable, Remote, Occasional, Probable, Frequent)
  • RPN = P1 × S × P2 (where P2 = 1 for diagnostic support software)
  • FDA Documentation Level Assessment: Focus on whether failure could result in death or serious injury
ID RiskRisk DescriptionSeverity After Mitigation MeasuresProbability After Mitigation MeasuresRPN After Mitigation MeasuresCould result in death or serious injury?
R-DAGIncorrect diagnosis or follow up due to device outputting wrong result2 (Minor)2 (Remote)4No - HCP reviews results and makes final clinical decision; potential for delayed diagnosis, not life-threatening
R-SKKIncorrect results shown to patient without HCP supervision2 (Minor)1 (Improbable)2No - Device requires HCP supervision per IFU; patient self-assessment not intended use
R-AGQImage artifacts or poor resolution affecting device performance2 (Minor)2 (Remote)4No - Quality checks reject inadequate images; HCP can request new images or use traditional examination
R-5L4Inadequate lighting conditions during image capture2 (Minor)2 (Remote)4No - Quality assessment provides feedback; clinician maintains clinical oversight
R-3YJData breach or unauthorized access1 (Negligible)1 (Improbable)1No - Privacy breach, not direct physical injury; authentication and encryption controls implemented
R-B63Inconsistent or unreliable output (same image, different results)2 (Minor)1 (Improbable)2No - Algorithm V&V ensures consistency; HCP oversight prevents reliance on single assessment
R-RAJSensitivity to image variability (lighting/orientation)2 (Minor)1 (Improbable)2No - Diverse training dataset reduces variability; quality controls and HCP review ensure appropriate use
R-T8QData transmission failure from healthcare provider's system1 (Negligible)2 (Remote)2No - Communication failure causes inconvenience, not injury; alternative assessment methods available
R-MWDInterruption of service1 (Negligible)1 (Improbable)1No - Temporary unavailability; elastic architecture and backups ensure recovery; alternative clinical methods remain available

FDA Documentation Level Justification:

All identified risks, after implementation of external risk management measures (HCP supervision, quality controls, cybersecurity, infrastructure redundancy), result in residual risks that cannot cause death or serious injury:

  • Clinical risks (R-DAG, R-SKK, R-AGQ, R-5L4, R-B63, R-RAJ): Maximum severity of Minor (2) - could lead to delayed diagnosis or suboptimal treatment, but HCP oversight prevents serious harm
  • Privacy/Security risks (R-3YJ): Negligible severity (1) - data breach is serious for privacy but not a direct physical injury
  • Availability risks (R-T8Q, R-MWD): Negligible severity (1) - temporary unavailability does not cause physical harm; alternative methods available

This supports the Basic documentation level (Minor Level of Concern) classification, as the device does not control life-critical functions and all residual risks are acceptable with external mitigation measures in place.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
R-TF-012-029 Software Architecture Description
Next
R-TF-012-041 Software Classification 62304
  • Change history
  • Software maintenance
  • Information Provided to the User
    • Instructions for use
    • Labeling
  • Documentation Level Assessment
    • Documentation Level Rationale
      • Most critical risks
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)