Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index of Technical Documentation or Product File
    • Summary of Technical Documentation (STED)
    • Description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Design and development
    • Design History File
    • IFU and label
    • Post-Market Surveillance
      • R-TF-007-001 Post-Market Surveillance (PMS) Plan
      • R-TF-007-002 Post-Market Clinical Follow-up (PMCF) Plan
      • R-TF-007-003 Periodic Safety Update Report (PSUR)
      • R-TF-007-004 Post-Market Surveillance (PMS) Report
      • R-TF-007-005 Post-Market Clinical Follow-up (PMCF) report
      • deprecated
        • R-TF-007-001 Post-Market Surveillance (PMS) Plan_2023_001
    • Quality control
    • Risk Management
    • Usability and Human Factors Engineering
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • External documentation
  • Legit.Health Plus Version 1.1.0.0
  • Post-Market Surveillance
  • deprecated
  • R-TF-007-001 Post-Market Surveillance (PMS) Plan_2023_001

R-TF-007-001 Post-Market Surveillance (PMS) Plan_2023_001

Purpose​

To establish a systematic procedure to proactively collect and review experience obtained from our device Legit.Health Plus (hereinafter, the device) for the purpose of identifying any need to apply corrective or preventive actions.

Scope​

The performance of this procedure is applicable to our medical device.

Responsibilities​

JD-005​

Responsible for performing or delegating the activities detailed in this plan and documenting them.

JD-004​

Responsible for ensuring that the JD-005 perform the planned activities according to this plan, and together with the JD-005 document and archive them.

Data collection activities​

Once every 12 months, the JD-005 and JD-004 will check the following information to find relevant new data which could require the revision of:

  • Risk management.
  • User experience.
  • Design of the device.

When new data is detected regarding the product safety and/or performance, this will be checked without delay by the JD-005 and JD-004 to design the required actions in each case.

Serious incidents and FSCA​

According to GP-004 Vigilance system, the JD-005 and JD-004 will actively analyze the new data collected from the vigilance system.

Each adverse incident must be analyzed in relation to its potential need for technical documentation revision or design revision.

With the mentioned frequency, the data related to FSN and/or FSCA will be compiled and analyzed.

Non-serious incidents and side effects​

According to GP-004 Vigilance system and GP-006 Non-conformity. Corrective and preventive actions, the non-conformities detected and registered at the T-006-001 Non-conformity report are checked and analyzed every 3 months, and every 12 months in relation to the technical documentation (Technical File and its annexes).

The JD-005 will search for non-serious incidents and side effects non-previously foreseen or confirmed, actively updating the product side effects or the improvement opportunities and redesign requirements (technical features).

Trend analysis​

According to GP-002 Quality planning, every 12 months during the annual management review meeting, the indicators, non-conformities, audits results, customer feedback and other inputs are reviewed to find trends and deviations that may require actions in relation to the product safety and performance.

Trend analysis is performed with the focus on undesirable side-effects and non-serious incidents. These will be monitored if they impact the benefit-risk ratio in a negative way. If post-market surveillance leads to the finding that the event happened led to more serious harm a T-006-001 Non-conformity reportis registered and managed according to GP-006 Non-conformity. Corrective and preventive actions procedure.

Feedback and complaints​

According to GP-002 Quality planning and GP-014 Feedback and complaints, the JD-001, JD-004 and JD-005 will check every 12 months the feedback and complaints received during the period analyzed and the results of the surveys (T-014-001 Customer satisfaction survey) performed during this period, to search for complaints or comments based on user experience that may require a product redesign. During the PMS analysis, the feedback and complaints related to non clinical features of the product will be analyzed.

One additional item we will actively follow up it is the customer access to the latest version of the Medical Device (and it is also included at the R-002-002 Quality indicators, Indicator 18).

Medical device versioning

As specified at the SOP GP-012 Design, redesign and development, Software new versions can come from changes made as a consequence of various types of requirements.

Major requirements that affect the core medical features of the device will entail, not only the software validation required for all the requirements, but also clinical validation, technical documentation review and update, and communication to the Notified Body and National Competent Authorities.

Regulatory requirements​

Every 12 months the JD-004 and JD-005 will revise the following webs, or other equivalents, to extract new information that may require a revision of the clinical evaluation and/or the risk management.

  • The Spanish Agency for Medicines and Medical Devices (AEMPS)
  • The International Medical Device Regulators Forum (IMDRF)
  • MedTech Europe
  • Harmonized Standards for Medical devices (European Commission)
  • Public Health Policies (European Commission)
  • The US Food and Drug Administration (FDA)
  • The Notified Body Operations Group (NBOG)

Clinical literature​

According to GP-015 Clinical evaluation and the Clinical Evaluation Plan (CEP) (TF_T-015-001 Clinical evaluation plan), the state of the art will be checked yearly by the JD-005 or designee and will be recorded in the Preclinical and clinical evaluation record (R-TF-015-002_Preclinical and clinical evaluation record). This activity will be included at the R-TF-007-002 PMCF plan and summarized at the R-TF-007-005 PMCF evaluation report.

Data related to equivalent or similar devices​

According to GP-015 Clinical evaluation and the Clinical Evaluation Plan (CEP) (R-TF-015-001 Clinical evaluation plan), similar devices will be analyzed yearly by the JD-005, taking into consideration three fundamental features (technical, biological and clinical characteristics). Adverse events databases will be consulted to obtain information regarding this similar devices. At least 6 of the databases listed at the R-TF-007-006 Sanitary alerts databases will be consulted per period analyzed, with the following keywords: artificial intelligence, dermatology, deep learning, medical imaging, computer vision.

This activity will be included at the R-TF-007-002 PMCF plan.

All the important obtained data must be representative to the developed product. For each equivalent device, the table found in Annex I of the Guideline MDCG 2020-5 must be completed and the results must be registered in the Clinical Evaluation Report (R-TF-015-003 Clinical evaluation report (CER)) and summarized at the R-TF-007-005 PMCF evaluation report.

Cybersecurity and state of the art​

According to the Guideline MDCG 2019-16, the cybersecurity and the capability to comply with the General and Safety Requirements (GSPR) shall be evidenced during the product lifetime.

Activities performed during the post-market phase related to cybersecurity monitoring are described in the SP-012-002 Cybersecurity and Transparency Requirements and they are also listed below:

  • Active monitoring system: to evaluate cybersecurity effectiveness
  • Regular reporting and vigilance: to review cybersecurity incidents or potential threats
  • Regular security updates: to keep the device up-to-date with the latest security patches and updates
  • Response to emerging threats: to quickly address new emerging cybersecurity threats.

In order to perform the activities listed above, we will revise the European Union Agency for Cybersecurity (ENISA) and the Cybersecurity and Infrastructure Security Agency (CISA) websites to gather data about:

  • new vulnerabilities discovered
  • cybersecurity incidents report
  • emerging cybersecurity threats
  • significant risks and most common risk reduction activities
  • tools and resources to defend against cybersecurity threats
  • software's security controls based on evolving threats and technological advancements
  • good practices to implement preventive measures.

These activities are performed on a yearly basis by JD-004 and JD-005.

The data collected by performing these activities will be analysed to understand which are relevant for us (for our device and infrastructure), to evaluate whether the risk management record shall be updated and to plan necessary activities to maintain cybersecurity effectiveness.

This is also carried out in conjunction with GP-004 Vigilance system, GP-002 Quality planning and GP-014 Feedback and complaints paying attention to feedback, complaints and incidents.

The data collected and their analysis will be documented in the Periodic Safety Updated Report (R-TF-007-003 PSUR).

Security vulnerabilities of SOUPs and software tools​

Each of the SOUPs and software tools used during the development and deployment of the medical device is monitored in the post-market surveillance stage. For this, we gather and evaluate information on security vulnerabilities related to SOUPs and software tools.

Our primary activity for SOUPs involves periodically evaluating their lists of anomalies, which are compiled in the Lists of published anomalies section of each DHF SOUP page/file, while the findings of the evaluation are documented under the section History of evaluation of SOUP anomalies also in the same pages.

For software tools, we are subscribed to security advisory services. This provide us with timely updates on vulnerabilities pertinent to our development tools, so we can take swift action to mitigate risks.

Every 6 months, we monitor and evaluate lists of SOUP anomalies for vulnerabilities and obsolescence notifications. Security advisory services for software tools, however, are reviewed on a 12-monthly basis.

Outputs​

When the found data requires actions to prevent the occurrence, the recurrence or to correct its consequences, GP-006 Non-conformity. Corrective and preventive actions procedure will be used for determining, designing, and documenting the actions.

An evaluation of the activities described in this procedure will be performed and compiled, unless specified, at the R-TF-007-004 PMS evaluation report.

The Periodic Safety Updated Report (R-TF-007-003 PSUR) will be updated every other year or when required to document and analyze the findings and the related actions. It will include all the data related to PMS and other vigilance and follow-up requirements. The report must conclude, confirm and/or identify:

  • The product benefit/risk ratio confirmation.
  • New emergent risks or trends.
  • Any clinical evaluation change.
  • The required and related actions.

This report will be used as main input of the management review, using the data analysis methodology developed in GP-020 Data analysis.

PMCF plan​

The PMCF plan is documented in R-TF-007-002 PMCF plan.

Record signature meaning​

  • Author: JD-004
  • Review: JD-003
  • Approver: JD-005
Previous
R-TF-007-005 Post-Market Clinical Follow-up (PMCF) report
Next
Quality control
  • Purpose
  • Scope
  • Responsibilities
    • JD-005
    • JD-004
  • Data collection activities
    • Serious incidents and FSCA
    • Non-serious incidents and side effects
    • Trend analysis
    • Feedback and complaints
    • Regulatory requirements
    • Clinical literature
    • Data related to equivalent or similar devices
    • Cybersecurity and state of the art
    • Security vulnerabilities of SOUPs and software tools
  • Outputs
  • PMCF plan
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)