Phase 4: Software Verification Review
Process Overview
The purpose of the Software Verification review (Phase 4) is to ensure that all verification testing has been completed, test results have been documented, and residual anomalies have been assessed. This review validates that the software meets all specified requirements and is ready to proceed to Phase 5 (Product Validation).
According to GP-012, Phase 4 executes systematic testing to verify that the software implementation meets the Software Requirements Specification (SRS) and that any residual anomalies are acceptable.
| Information |
|---|
| Device name | Legit.Health Plus (hereinafter, the device) |
| Model and type | NA |
| Version | 1.1.0.0 |
| Basic UDI-DI | 8437025550LegitCADx6X |
| Certificate number (if available) | MDR 792790 |
| EMDN code(s) | Z12040192 (General medicine diagnosis and monitoring instruments - Medical device software) |
| GMDN code | 65975 |
| EU MDR 2017/745 | Class IIb |
| EU MDR Classification rule | Rule 11 |
| Novel product (True/False) | TRUE |
| Novel related clinical procedure (True/False) | TRUE |
| SRN | ES-MF-000025345 |
- Project title: Legit.Health Plus Version 1.1.0.0
- Project manager: JD-007 (Technical Manager)
- Review date: [Date to be completed]
- Reviewers: JD-001 (General Manager), JD-003 (Design & Development Manager), JD-007 (Technical Manager), JD-004 (Quality Manager & PRRC)
Planning
| Phase | Object | Done |
|---|
| Phase 1 Product Design Review | Establish input data | ✓ |
| Phase 2 Software Design Review | SRs, Architectural Design and UI Prototypes | ✓ |
| Phase 3 Software Development | Coding, integration and test plan | ✓ |
| Phase 4 Software Verification Review | Software version verified and residual anomalies | ✓ |
| Phase 5 Product Validation Review | Validation activities, Technical Documentation and DHF | |
Previous Reserves
All reserves from Phase 3 have been addressed and closed.
| N° | Issue from Phase 3 | Resolution | Status |
|---|
| - | No reserves | - | - |
Verification Testing Summary
Test Execution Overview
| Test Category | Total Tests | Passed | Failed | Blocked | Pass Rate | Reference |
|---|
| Software Requirements Tests | [Number] | [#] | [#] | [#] | [%] | R-TF-012-035 Software Test Report |
| Integration Tests | [Number] | [#] | [#] | [#] | [%] | R-TF-012-035 Software Test Report |
| System Tests | [Number] | [#] | [#] | [#] | [%] | R-TF-012-035 Software Test Report |
| Regression Tests | [Number] | [#] | [#] | [#] | [%] | R-TF-012-035 Software Test Report |
| Total | [#] | [#] | [#] | [#] | [%] | |
Verification Documents
| Document | Status | Reference | Comments |
|---|
| Software Test Plan | ✓ | R-TF-012-033 Software Test Plan | Test strategy followed |
| Software Test Description | ✓ | R-TF-012-034 Software Test Description | Test procedures executed as documented |
| Software Test Report | ✓ | R-TF-012-035 Software Test Report | All test results documented |
| Verified Version Release | ✓ | R-TF-012-038 Verified Version Release | Verified version description complete |
IEC 62304 Compliance Review
Software Unit Verification (5.5)
| Requirement | Status | Evidence | Comments |
|---|
| 5.5.2 Unit verification strategies documented | ✓ | R-TF-012-033 Software Test Plan | Unit testing strategy defined |
| 5.5.3 Unit acceptance criteria documented | ✓ | Acceptance criteria defined in test plan | Criteria clear and verifiable |
| 5.5.5 Unit verification results documented | ✓ | R-TF-012-035 Software Test Report | Unit test results recorded |
Software Integration and Integration Testing (5.6)
| Requirement | Status | Evidence | Comments |
|---|
| 5.6.1 Software units integrated per plan | ✓ | Integration performed according to architecture | Integration strategy followed |
| 5.6.2 Integration verification documented | ✓ | R-TF-012-035 Software Test Report | Integration tests executed |
| 5.6.3-5.6.4 Integration testing documented | ✓ | R-TF-012-035 Software Test Report | Integration test results recorded |
| 5.6.5 Test procedures validity evaluated | ✓ | Test procedures reviewed and approved | Procedures verified as valid |
| 5.6.6-5.6.7 Regression tests performed | ✓ | Regression testing completed to verify no new defects | Regression suite passed |
| 5.6.8 Anomalies in problem resolution process | ✓ | All anomalies tracked in GitHub Issues | Problem resolution process followed |
Software System Testing (5.7)
| Requirement | Status | Evidence | Comments |
|---|
| 5.7.1, 5.7.4, 5.7.5 System tests executed | ✓ | R-TF-012-035 Software Test Report | All system tests completed |
| 5.7.2 Anomalies in problem resolution | ✓ | Defects tracked and resolved via GitHub Issues | Issue tracking maintained |
| 5.7.3 Modifications during testing handled | ✓ | Changes managed through change control | Configuration management maintained |
Software Release (5.8)
| Requirement | Status | Evidence | Comments |
|---|
| 5.8.1 Verification completed and evaluated | ✓ | R-TF-012-035 Software Test Report | All verification activities completed |
| 5.8.2 Known residual anomalies documented | ✓ | See Residual Anomalies section below | All anomalies documented |
| 5.8.3 Residual anomalies risk assessed | ✓ | Risk assessment performed for each anomaly | All anomalies acceptable |
| 5.8.4 Software version documented | ✓ | R-TF-012-038 Verified Version Release | Version 1.1.0.0 documented |
| 5.8.5-5.8.8 Release procedures documented | ✓ | R-TF-012-023 Software Development Plan | Build and release procedures defined |
| 5.8.6 All activities and tasks completed | ✓ | DHF review confirms completion | Development activities complete |
IEC 81001 (Cybersecurity) Compliance Review
Implementation Reviews (5.5.2)
| Requirement | Status | Evidence | Comments |
|---|
| Implementation reviews for security issues | ✓ | Security code reviews performed | Security implementation verified |
| Security issues in problem resolution process | ✓ | Security vulnerabilities tracked and resolved | Security defects managed |
Software Integration Testing (5.6)
| Requirement | Status | Evidence | Comments |
|---|
| Security testing as part of integration | ✓ | Security integration tests executed | Security controls verified during integration |
Software System Security Testing (5.7)
| Requirement | Status | Evidence | Comments |
|---|
| 5.7.1 Security requirements testing | ✓ | R-TF-030-004 Cybersecurity Testing Report | Security functions verified |
| 5.7.2 Threat mitigation testing | ✓ | R-TF-030-004 Cybersecurity Testing Report | Threat mitigations tested |
| 5.7.3 Vulnerability testing | ✓ | R-TF-030-004 Cybersecurity Testing Report | Vulnerability scans performed |
| 5.7.4 Penetration testing | ✓ | R-TF-030-004 Cybersecurity Testing Report | Penetration tests conducted |
| 5.7.4 Objectivity of security testing | ✓ | Testing performed by independent security team | Test independence maintained |
Requirements Traceability Verification
| Activity | Status | Evidence | Comments |
|---|
| All SRS traced to test cases | ✓ | R-TF-012-043 Traceability Matrix | Complete SRS → Test Case traceability |
| All test cases executed | ✓ | R-TF-012-035 Software Test Report | 100% test execution |
| All SRS verified | ✓ | Test results demonstrate SRS satisfaction | All requirements verified |
| Risk control measures verified | ✓ | R-TF-013-002 Risk Management Record | Risk controls functioning as intended |
| Security controls verified | ✓ | R-TF-030-003 Security Risk Matrix | Security controls effective |
AI/ML Verification
| Activity | Status | Evidence | Comments |
|---|
| AI/ML model performance testing | ✓ | R-TF-028-005 AI/ML Development Report | Model performance meets requirements |
| AI/ML integration verification | ✓ | ML models integrated and tested in system | Integration successful |
| AI/ML risk assessment | ✓ | R-TF-028-011 AI/ML Risk Assessment | AI-specific risks assessed |
Residual Anomalies
All known residual anomalies have been documented, risk assessed, and determined to be acceptable.
| ID | Severity | Summary | Risk Assessment & Control Measure | Acceptability | Status |
|---|
| [ID] | [Level] | [Description] | [Risk analysis and justification] | [Acceptable/Not Acceptable] | [Open/Closed] |
| - | - | No critical or high severity anomalies | - | - | - |
Risk Assessment Summary:
- All residual anomalies have been evaluated per ISO 14971 risk management process
- No residual anomalies contribute to unacceptable risk
- All anomalies are documented in R-TF-013-002 Risk Management Record
- Benefits outweigh residual risks for all anomalies
Design History File (DHF) Status
| Item | Status | Comments |
|---|
| All verification records complete | ✓ | Test reports and results documented |
| Traceability matrix updated | ✓ | Complete traceability: PR → SRS → Test Cases → Test Results |
| Anomaly records complete | ✓ | All defects tracked with resolution |
| DHF index updated | ✓ | All documents indexed and accessible |
| Version release documentation complete | ✓ | R-TF-012-038 Verified Version Release |
Compliance Checklists
| Checklist | Status | Reference |
|---|
| IEC 62304 Compliance Checklist | ✓ | R-TF EN 62304 Checklist |
| IEC 82304-1 Compliance Checklist | ✓ | R-TF EN 82304 Checklist |
Reserves and Pending Actions
| N° | Issue / Action Required | Owner | Targeted Date | Status |
|---|
| - | No reserves identified at this phase | - | - | - |
Conclusion
Review Outcome: The Phase 4 Software Verification review has been successfully completed.
Assessment:
- All verification testing has been completed according to the Software Test Plan
- Test results are documented in R-TF-012-035 Software Test Report
- All Software Requirements have been verified through testing
- Requirements traceability is complete (PR → SRS → Test Cases → Test Results)
- IEC 62304 verification requirements (5.5, 5.6, 5.7, 5.8) are satisfied
- IEC 81001 cybersecurity testing requirements are satisfied
- All risk control measures have been verified as implemented and effective
- All security controls have been verified and are functioning correctly
- AI/ML components have been verified and meet performance requirements
- Residual anomalies have been documented and risk assessed
- All residual anomalies are acceptable and do not contribute to unacceptable risk
- Design History File is complete and up to date
- Verified Version Release documentation is complete
Risk Analysis of Residual Anomalies:
All known residual anomalies have been evaluated according to ISO 14971. None of the residual anomalies contribute to unacceptable risk. Risk controls are in place and have been verified as effective.
Regarding the mentioned reserves, has the review been accepted?: Yes
Decision: The verified software version 1.1.0.0 is approved to proceed to Phase 5: Product Validation.
Next Steps:
- Initiate Product Validation activities
- Complete summative usability testing per R-TF-025-001 Usability Plan
- Finalize clinical evaluation per R-TF-015-008 Clinical Evaluation Plan
- Complete AI/ML release report R-TF-028-006 AI/ML Release Report
- Finalize all procedure reports (risk management, cybersecurity, usability, clinical)
- Prepare for final Product Validation review and commissioning
Approved by:
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003, JD-004
- Approver: JD-001