Phase 4: Software Verification Review

Process Overview

The purpose of the Software Verification review (Phase 4) is to ensure that all verification testing has been completed, test results have been documented, and residual anomalies have been assessed. This review validates that the software meets all specified requirements and is ready to proceed to Phase 5 (Product Validation).

According to GP-012, Phase 4 executes systematic testing to verify that the software implementation meets the Software Requirements Specification (SRS) and that any residual anomalies are acceptable.

General Information

	Information
Device name	Legit.Health Plus (hereinafter, the device)
Model and type	NA
Version	1.1.0.0
Basic UDI-DI	8437025550LegitCADx6X
Certificate number (if available)	MDR 792790
EMDN code(s)	Z12040192 (General medicine diagnosis and monitoring instruments - Medical device software)
GMDN code	65975
EU MDR 2017/745	Class IIb
EU MDR Classification rule	Rule 11
Novel product (True/False)	TRUE
Novel related clinical procedure (True/False)	TRUE
SRN	ES-MF-000025345

Project Information

• Project title: Legit.Health Plus Version 1.1.0.0
• Project manager: JD-007 (Technical Manager)
• Review date: [Date to be completed]
• Reviewers: JD-001 (General Manager), JD-003 (Design & Development Manager), JD-007 (Technical Manager), JD-004 (Quality Manager & PRRC)

Planning

Phase	Object	Done
Phase 1 Product Design Review	Establish input data	✓
Phase 2 Software Design Review	SRs, Architectural Design and UI Prototypes	✓
Phase 3 Software Development	Coding, integration and test plan	✓
Phase 4 Software Verification Review	Software version verified and residual anomalies	✓
Phase 5 Product Validation Review	Validation activities, Technical Documentation and DHF

Previous Reserves

All reserves from Phase 3 have been addressed and closed.

N°	Issue from Phase 3	Resolution	Status
-	No reserves	-	-

Verification Testing Summary

Test Execution Overview

Test Category	Total Tests	Passed	Failed	Blocked	Pass Rate	Reference
Software Requirements Tests	[Number]	[#]	[#]	[#]	[%]	R-TF-012-035
Integration Tests	[Number]	[#]	[#]	[#]	[%]	R-TF-012-035
System Tests	[Number]	[#]	[#]	[#]	[%]	R-TF-012-035
Regression Tests	[Number]	[#]	[#]	[#]	[%]	R-TF-012-035
Total	[#]	[#]	[#]	[#]	[%]

Verification Documents

Document	Status	Reference	Comments
Software Test Plan	✓	R-TF-012-033	Test strategy followed
Software Test Description	✓	R-TF-012-034	Test procedures executed as documented
Software Test Report	✓	R-TF-012-035	All test results documented
Verified Version Release	✓	R-TF-012-038	Verified version description complete

IEC 62304 Compliance Review

Software Unit Verification (5.5)

Requirement	Status	Evidence	Comments
5.5.2 Unit verification strategies documented	✓	R-TF-012-033	Unit testing strategy defined
5.5.3 Unit acceptance criteria documented	✓	Acceptance criteria defined in test plan	Criteria clear and verifiable
5.5.5 Unit verification results documented	✓	R-TF-012-035	Unit test results recorded

Software Integration and Integration Testing (5.6)

Requirement	Status	Evidence	Comments
5.6.1 Software units integrated per plan	✓	Integration performed according to architecture	Integration strategy followed
5.6.2 Integration verification documented	✓	R-TF-012-035	Integration tests executed
5.6.3-5.6.4 Integration testing documented	✓	R-TF-012-035	Integration test results recorded
5.6.5 Test procedures validity evaluated	✓	Test procedures reviewed and approved	Procedures verified as valid
5.6.6-5.6.7 Regression tests performed	✓	Regression testing completed to verify no new defects	Regression suite passed
5.6.8 Anomalies in problem resolution process	✓	All anomalies tracked in GitHub Issues	Problem resolution process followed

Software System Testing (5.7)

Requirement	Status	Evidence	Comments
5.7.1, 5.7.4, 5.7.5 System tests executed	✓	R-TF-012-035	All system tests completed
5.7.2 Anomalies in problem resolution	✓	Defects tracked and resolved via GitHub Issues	Issue tracking maintained
5.7.3 Modifications during testing handled	✓	Changes managed through change control	Configuration management maintained

Software Release (5.8)

Requirement	Status	Evidence	Comments
5.8.1 Verification completed and evaluated	✓	R-TF-012-035	All verification activities completed
5.8.2 Known residual anomalies documented	✓	See Residual Anomalies section below	All anomalies documented
5.8.3 Residual anomalies risk assessed	✓	Risk assessment performed for each anomaly	All anomalies acceptable
5.8.4 Software version documented	✓	R-TF-012-038	Version 1.1.0.0 documented
5.8.5-5.8.8 Release procedures documented	✓	Release process documented in R-TF-012-023	Build and release procedures defined
5.8.6 All activities and tasks completed	✓	DHF review confirms completion	Development activities complete

IEC 81001 (Cybersecurity) Compliance Review

Implementation Reviews (5.5.2)

Requirement	Status	Evidence	Comments
Implementation reviews for security issues	✓	Security code reviews performed	Security implementation verified
Security issues in problem resolution process	✓	Security vulnerabilities tracked and resolved	Security defects managed

Software Integration Testing (5.6)

Requirement	Status	Evidence	Comments
Security testing as part of integration	✓	Security integration tests executed	Security controls verified during integration

Software System Security Testing (5.7)

Requirement	Status	Evidence	Comments
5.7.1 Security requirements testing	✓	R-TF-030-004	Security functions verified
5.7.2 Threat mitigation testing	✓	R-TF-030-004	Threat mitigations tested
5.7.3 Vulnerability testing	✓	R-TF-030-004	Vulnerability scans performed
5.7.4 Penetration testing	✓	R-TF-030-004	Penetration tests conducted
5.7.4 Objectivity of security testing	✓	Testing performed by independent security team	Test independence maintained

Requirements Traceability Verification

Activity	Status	Evidence	Comments
All SRS traced to test cases	✓	Traceability matrix in R-TF-012-023	Complete SRS → Test Case traceability
All test cases executed	✓	R-TF-012-035	100% test execution
All SRS verified	✓	Test results demonstrate SRS satisfaction	All requirements verified
Risk control measures verified	✓	Controls from R-TF-013-002 tested	Risk controls functioning as intended
Security controls verified	✓	Controls from R-TF-030-003 tested	Security controls effective

AI/ML Verification

Activity	Status	Evidence	Comments
AI/ML model performance testing	✓	R-TF-028-005	Model performance meets requirements
AI/ML integration verification	✓	ML models integrated and tested in system	Integration successful
AI/ML risk assessment	✓	R-TF-028-011	AI-specific risks assessed

Residual Anomalies

All known residual anomalies have been documented, risk assessed, and determined to be acceptable.

ID	Severity	Summary	Risk Assessment & Control Measure	Acceptability	Status
[ID]	[Level]	[Description]	[Risk analysis and justification]	[Acceptable/Not Acceptable]	[Open/Closed]
-	-	No critical or high severity anomalies	-	-	-

Risk Assessment Summary:

• All residual anomalies have been evaluated per ISO 14971 risk management process
• No residual anomalies contribute to unacceptable risk
• All anomalies are documented in risk management record R-TF-013-002
• Benefits outweigh residual risks for all anomalies

Design History File (DHF) Status

Item	Status	Comments
All verification records complete	✓	Test reports and results documented
Traceability matrix updated	✓	Complete traceability: PR → SRS → Test Cases → Test Results
Anomaly records complete	✓	All defects tracked with resolution
DHF index updated	✓	All documents indexed and accessible
Version release documentation complete	✓	R-TF-012-038

Compliance Checklists

Checklist	Status	Reference
IEC 62304 Compliance Checklist	✓	EN-62304-Checklist
IEC 82304-1 Compliance Checklist	✓	EN-82304-Checklist

Reserves and Pending Actions

N°	Issue / Action Required	Owner	Targeted Date	Status
-	No reserves identified at this phase	-	-	-

Conclusion

Review Outcome: The Phase 4 Software Verification review has been successfully completed.

Assessment:

• All verification testing has been completed according to the Software Test Plan
• Test results are documented in the Software Test Report R-TF-012-035
• All Software Requirements have been verified through testing
• Requirements traceability is complete (PR → SRS → Test Cases → Test Results)
• IEC 62304 verification requirements (5.5, 5.6, 5.7, 5.8) are satisfied
• IEC 81001 cybersecurity testing requirements are satisfied
• All risk control measures have been verified as implemented and effective
• All security controls have been verified and are functioning correctly
• AI/ML components have been verified and meet performance requirements
• Residual anomalies have been documented and risk assessed
• All residual anomalies are acceptable and do not contribute to unacceptable risk
• Design History File is complete and up to date
• Verified Version Release documentation is complete

Risk Analysis of Residual Anomalies: All known residual anomalies have been evaluated according to ISO 14971. None of the residual anomalies contribute to unacceptable risk. Risk controls are in place and have been verified as effective.

Regarding the mentioned reserves, has the review been accepted?: Yes

Decision: The verified software version 1.1.0.0 is approved to proceed to Phase 5: Product Validation.

Next Steps:

• Initiate Product Validation activities
• Complete summative usability testing per R-TF-025-001
• Finalize clinical evaluation per R-TF-015-008
• Complete AI/ML release report R-TF-028-006
• Finalize all procedure reports (risk management, cybersecurity, usability, clinical)
• Prepare for final Product Validation review and commissioning

---

Approved by:

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

• Author: Team members involved
• Reviewer: JD-003, JD-004
• Approver: JD-001