Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index of Technical Documentation or Product File
    • Summary of Technical Documentation (STED)
    • Description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Cybersecurity
    • Design and development
    • Design History File
      • Requirements
        • Product Requirement Specification (PRS)
        • Deprecated Software Requirement Specification (SRS)
        • Software Requirement Specification (SRS)
        • missing-documents
      • Test plans
      • Test runs
      • Review meetings
      • đŸ„Ł SOUPs
      • REL-001 Version 1.1.0.0
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
    • Usability and Human Factors Engineering
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design History File
  • Requirements
  • Product Requirement Specification (PRS)

Product Requirement Specification (PRS)

View:
CodeNameDescriptionStakeholder
PRS-8QJGenerate an interpretative probability distribution of possible ICD categories by analysing imagesp:last-child]:mb-0>

The device shall analyse dermatological images and produce a ranked interpretative probability distribution across the relevant ICD classes , ensuring that the probabilities sum to 100%. For every class listed, the system must simultaneously generate explainability mechanisms to allow users to supervise its operation, including—but not limited to—pixel-level attention indicators such as heat maps or saliency masks that highlight the image regions most influential to each category.

User
PRS-2ZBMeasure severity by combining image analysis and user-reported values in scoring systemsp:last-child]:mb-0>

The device shall use of each dermatological visible sign detected in an image set:

  • the two-dimensional surface-area coverage of detected lesions,
  • the absolute count of discrete lesions or manifestations,
  • the quantitative grade of the intensity

and user-reported data, such as subjective symptoms and answers to qualitative questions, to compute a validated composite severity indices, such as PASI, SCORAD, IGA, and IHS4 scores. Each score shall include: input components, output range, clinical interpretation band (e.g., mild/moderate/severe). The output may also contain a clinical set of generated images for helping to interpretate the results.

User
PRS-7XKAssess image adequacy on ingestionp:last-child]:mb-0>

Upon ingestion, the device shall automatically evaluate every incoming image against a predefined and version-controlled set of adequacy criteria.

User
PRS-1V6Expose the device’s functionality through a versioned, network-accessible APIp:last-child]:mb-0>

The device shall expose its medical features through a secure, version-controlled API that can be accessed over a network. Each published API version will carry a clear semantic identifier (e.g., v1.0, v2.1) and will remain stable for its designated support window, allowing customers to upgrade on their own schedules without service interruption. The API must maintain deterministic response formats and latency suitable for point-of-care use, with graceful error handling and informative status messages to facilitate rapid troubleshooting.

Every data element accepted by the device must undergo a centralized, independent validation pipeline to detect missing, out-of-range, or malformed values before further processing. Whenever a validation failure occurs, the system shall surface an actionable error report that at least combines a human-readable message, a unique traceable code, and a concise remediation hint (e.g.,“Invalid JSON syntax—remove trailing comma and ensure keys are double-quoted,” or “Field ‘bodySite’ missing—add string value from defined enumeration.”) to enable quick correction by clinicians or integrators. Error messages presented to end users shall use non-technical language, and avoid Protected Health Information (PHI) exposure.

User
PRS-4QWComprehensive monitoring & observability of runtime operationsp:last-child]:mb-0>

The device shall embed a unified monitoring and observability layer that continuously captures key runtime signals—performance metrics, structured logs, error rates, hardware resource utilisation, data-flow timings, algorithm confidence scores, and user-initiated events—across all device’s services. Real-time thresholds shall trigger configurable alerts whenever behaviour deviates from validated baselines, enabling rapid triage of anomalies such as model drift, image-processing bottlenecks, or network outages.

User
PRS-9F2Cybersecurity & continuous threat detectionp:last-child]:mb-0>

The device shall maintain a defence-in-depth security posture that safeguards patient data, intellectual property, and clinical functionality throughout the device lifecycle by enforcing secure boot, cryptographically signed updates, authentication and role-based access controls, and end-to-end encryption for data in transit and at rest. A built-in continuous-threat-detection service shall ingest vulnerability feeds, and run host- and network-level anomaly detection to flag malware, privilege-escalation attempts, or unauthorized API calls within seconds.

Patient
PRS-5LJSupport health data interoperability using the HL7 FHIR standardp:last-child]:mb-0>

The device shall exchange healthcare information with other clinical systems through the HL7 Fast Healthcare Interoperability Resources (FHIR) standard. It mandates that key data be packaged as structured FHIR Resources that electronic health-record (EHR) platforms, hospital information systems, and research registries can consume without custom adapters. The device must expose a standards-conformant interface that lets authorised systems retrieve, store, and query those resources, using the current normative FHIR release at the time of market launch and clear version tagging to preserve backward compatibility.

Patient
PRS-0MCComprehensive secure audit trails for user interactionsp:last-child]:mb-0>

The device shall automatically create and keep an auditable record of all actions, whether initiated by a user or the system, performed via any interface. Each entry must capture the actor’s verified identity and role, event type, precise timestamp traceable to a trusted time source, system response (if applicable), and relevant contextual data, while never exposing patient information in clear text. Audit files are to be write-once, tamper-evident, and cryptographically sealed so that any attempt at alteration or deletion is immediately detectable and traceable.

User
PRS-3YHCompliance with MDRp:last-child]:mb-0>

The device shall be developed in compliance with the MDR.

Regulatory
PRS-6DPCompliance with FDAp:last-child]:mb-0>

The device shall be developed in compliance with the FDA.

Regulatory
PRS-8R4Compliance with ANVISAp:last-child]:mb-0>

The device shall be developed in compliance with ANVISA.

Regulatory
PRS-2KQCompliance with GDPRp:last-child]:mb-0>

The device shall provide optimal security for the personal data it manages in compliance with the General Data Protection Regulation (GDPR).

Regulatory and Patient
PRS-7Z8Compliance with HIPAAp:last-child]:mb-0>

The device shall provide optimal security for the Protected Health Information (PHI) it manages, in compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Regulatory and Patient
PRS-1XUCompliance with Applicable Standardsp:last-child]:mb-0>

The device shall be developed in accordance with the international standards to which it is deemed compliant–see:

  • ISO 13485:2016 (Medical devices - Quality management system)
  • IEC 62304:2006 + A1:2015 (Medical device software - Software life cycle processes [Including Amendment 1 (2015)])
  • ISO 14971:2019 (Medical devices - Risk management applications for medical devices)
  • IEC 62366:2015 (Medical devices - Application of usability engineering to medical devices [Including CORRIGENDUM 1 (2016)])
  • IEC 62443-4-2:2019 (Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components)
  • IEC 82304-1:2017 Health Software - Part 1. General requirements for product safety
Regulatory
PRS-4E7Compliance with EU Artificial Intelligence Actp:last-child]:mb-0>

This product requirement ensures compliance with the EU Artificial Intelligence Act for high-risk AI systems embedded in medical devices. It defines obligations around transparency, traceability, and human oversight throughout the AI lifecycle.

Regulatory
PRS-9J5Compliance with all applicable national laws and regulations in each of the intended target marketsp:last-child]:mb-0>

The device may be placed in Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden in compliance with national regulations.

Company
Previous
Requirements
Next
Deprecated Software Requirement Specification (SRS)
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)