Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index of Technical Documentation or Product File
    • Summary of Technical Documentation (STED)
    • Description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Cybersecurity
    • Design and development
    • Design History File
      • Requirements
        • PRS
        • Deprecated Software Requirement Specification (SRS)
        • Software Requirement Specification (SRS)
          • SRS-001: Generate Automatic PASI (APASI) severity analysis report for single zone
          • SRS-002: Generate Automatic SCORAD (ASCORAD) severity analysis report for single zone
          • SRS-003: Generate Automatic Urticaria Activity Score (AUAS) report for single zone
          • SRS-004: Generate Automatic GPPGA (AGPPGA) report for single zone
          • SRS-005: Generate Automatic IHS4 (AIHS4) report for single zone
          • SRS-006: Generate ALADIN Score report for single zone
          • SRS-007: Generate Automatic VASI (AVASI) report for single zone
          • SRS-008: Generate Automatic AWOSI report for single zone
          • SRS-009: Generate Automatic NSIL report for single zone
          • SRS-010: Generate Automatic SALT (ASALT) report for single zone
          • SRS-011: Generate Automatic EASI (AEASI) report for single zone
          • SRS-012: Orchestrate severity analysis workflow
          • SRS-013 Generate an aggregated ICD probability distribution from an image
          • SRS-014 Generate per-image ICD analysis with explainability heat map
          • SRS-015 Generate an unified report of ICD class distributions
          • SRS-016: Include model sensitivity in report
          • SRS-017: Include model specificity in report
          • SRS-018: Include entropy score in report
          • SRS-019: Include the indicator of the presence of a condition in the report
          • SRS-020: Include the indicator of the image presenting a pigmented lesion in the report
          • SRS-021: Include the indicator of malignancy in the report
          • SRS-022: Include the indicator of needing an urgent referral in the report
          • SRS-023: Include the indicator of needing a high priority referral in the report
          • SRS-024 The product checks the image quality with the Dermatological Image Quality Assessment (DIQA) algorithm
          • SRS-025 The product checks the image's clinical domain
          • SRS-026 The product classifies the image's modality
          • SRS-027 The product provides a final image validity summary
          • SRS-028: Orchestrate diagnosis support workflow
          • SRS-029: Compute 7-Point Checklist (7PC) Score
          • SRS-030: Compute Dermatology Life Quality Index (DLQI) Score
          • SRS-031: Compute PURE-4 Score
          • SRS-032: Compute Urticaria Control Test (UCT) Score
          • SRS-033: Calculate Global Acne Grading System (GAGS) Score
          • SRS-034: Calculate RESVECH Score
          • SRS-035: Calculate SCOVID Score
          • SRS-036: Calculate Physician's Global Assessment (PGA) Score
          • SRS-037: Generate Global Automatic VASI (AVASI) Score for Full Body
          • SRS-038: Secure Communication Protocol Enforcement
          • SRS-039: Network Service Exposure
          • SRS-040: URL-Based API Versioning
          • SRS-041: Concurrent API Version Support
          • SRS-042: JSON Data Interchange Format
          • SRS-044: Deterministic Response Schemas
          • SRS-045: Performance and Latency
          • SRS-046: Standard HTTP Status Code Usage
          • SRS-047: Endpoint Access Control
          • SRS-048: API Documentation Endpoint
          • SRS-049: High Availability and Load Balancing Support
          • SRS-051: API Rate Limiting
          • SRS-052: Request Body Size Limitation
          • SRS-053: Provision of Clinical Parameter Endpoints
          • SRS-054: API Health Check Endpoint
          • SRS-055: User Action Auditing
          • SRS-056: Authentication Event Auditing
          • SRS-057: Security Event Auditing
          • SRS-058: Consolidated Audit Record Content
          • SRS-059: Write-Once Audit Storage
          • SRS-060: Tamper-Evident Audit Records
          • SRS-061: Audit Tampering Detection and Logging
          • SRS-062: Secure Audit Trail Access Interface
          • SRS-063: Accurate Time Synchronization
          • SRS-064: Audit Trail Data Retention Policy
          • SRS-065: Audit System Failure Handling
          • SRS-066: System Information Endpoint Implementation
          • SRS-067: User Authentication Endpoint Implementation
          • SRS-068: Diagnostic Support Endpoint Implementation
          • SRS-069: Manual Severity Assessment Endpoint Implementation
          • SRS-070: Single-Zone Automatic Severity Assessment Endpoint Implementation
          • SRS-071: Full-Body Automatic Severity Assessment Endpoint Implementation
          • SRS-072: Device Information Endpoint Implementation
          • SRS-073: Generate FHIR DiagnosticReport Base Structure
          • SRS-074: Assign FHIR DiagnosticReport Identifier
          • SRS-075: Record Analysis Duration in FHIR Report
          • SRS-076: Encapsulate Proprietary Data
          • SRS-077: Map Aggregated Diagnostic Conclusions to FHIR
          • SRS-078: Embed Performance and Clinical Indicators in FHIR Report
          • SRS-079: Map Per-Image Analysis to FHIR
          • SRS-080: Embed Explainability Mechanisms in FHIR Report
          • SRS-081: Map Severity Assessment Scores to FHIR
          • SRS-082: Embed Detected Lesion Data in FHIR Report
          • SRS-083 Display the legal information about this medical device
          • SRS-084 Role-Based Access Control (RBAC) with Least Privilege Principle to restrict users to essential functions.
          • SRS-085 Conduct periodic access reviews to verify permissions align with job functions.
          • SRS-086 Enforce strong password policies (min. 12 characters, complexity rules, expiration policies).
          • SRS-087 Use hashed and salted passwords
          • SRS-088 Lock accounts after five failed attempts
          • SRS-089 Implement progressive delays between failed login attempts.
          • SRS-090 Generated JWTs must have an expiration date.
          • SRS-091 AES-256 encryption for data at rest
        • missing-documents
      • Test plans
      • Test runs
      • Review meetings
      • 🥣 SOUPs
      • REL-001 Version 1.1.0.0
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
    • Usability and Human Factors Engineering
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design History File
  • Requirements
  • Software Requirement Specification (SRS)
  • SRS-065: Audit System Failure Handling

SRS-065: Audit System Failure Handling

Identifier​

SRS-065

Software System​

  • Audit Service
  • Monitoring & Alerting Service
  • All services that generate audit events

Category​

  • Security
  • System Resilience
  • Functional

Description​

In the event of an audit system failure, the primary device functionality shall enter a fail-safe state to prevent any unaudited activity.

  1. Failure detection: The system must be able to detect a failure in the audit logging mechanism in real-time. A failure is defined as the inability of the Audit Service to receive, process, or securely store an audit record.
  2. Fail-Safe state: Upon detection of an audit system failure, the system shall immediately enter a pre-defined fail-safe state. This state must, at a minimum, consist of:
    • Halting all operations that require auditing until the audit service is restored.
    • Alternatively, providing a clear, unambiguous, and persistent warning to any active user that their actions are not being recorded.
  3. Resumption of normal operations: The system shall only exit the fail-safe state and resume normal operations once the audit service is fully restored and its operational integrity is verified. The transition out of the fail-safe state must itself be a logged event.

Derived from PRS​

  • PRS-0MC: Comprehensive secure audit trails for user interactions

Risks related to the SRS​

Risks that are caused by the requirement​

Risks to which the requirement is the solution (mitigation or control)​

Previous
SRS-064: Audit Trail Data Retention Policy
Next
SRS-066: System Information Endpoint Implementation
  • Identifier
  • Software System
  • Category
  • Description
  • Derived from PRS
  • Risks related to the SRS
    • Risks that are caused by the requirement
    • Risks to which the requirement is the solution (mitigation or control)
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)