Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • CAPA Plan - BSI CE Mark Closeout
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
      • Software
        • R-TF-012-023 Software Development Plan
        • R-TF-012-033 Software Test Plan
        • R-TF-012-034 Software Test Description
        • R-TF-012-035 — Software Test Report
        • R-TF-012-038 Verified Version Release
        • R-TF-012-039 Validated Version Transfer
        • R-TF EN 62304 Checklist
        • R-TF EN 82304 Checklist
      • Artificial Intelligence
      • Cybersecurity
      • Usability and Human Factors Engineering
      • Clinical
      • Commissioning
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • BSI Non-Conformities
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Product Verification and Validation
  • Software
  • R-TF-012-035 — Software Test Report

R-TF-012-035 — Software Test Report

Document Information​

FieldValue
Product / SystemLegit.Health Plus
Release version1.1.0.0
Commit SHA5f8549e02f3f362db8930906cf6dfdedf232119a
Test management systemTestRail — Project “Medical Device”, Suite “Master”
Prepared byGerardo Fernández Moreno
Date2026-01-19
Reviewed/Approved byAlejandro Carmena
Review/Approval date2026-01-19

Executive Summary​

This report summarizes the verification activities performed for Legit.Health Plus version 1.1.0.0. The verification campaign confirmed that all software requirements have been met and the system is ready for clinical production.

  • Verification Status: 100% Passed. All test cases in the verification and commissioning suites reached "Passed" status.
  • Deviations: Zero (0) deviations identified during commissioning.
  • Standards Compliance: Verification was conducted according to ISO 62304 and ISO 82304-1.

Test Environment and Levels​

Verification was performed across the following levels as defined in the Software Test Plan (R-TF-012-033):

LevelEnvironmentFocus
Unit TestingDevelopmentLow-level logic verification of software units.
Integration TestingDevelopmentInterface verification between internal services.
System VerificationStaging/QARequirements-based functional, clinical, and security verification.
CommissioningProductionOperational readiness and "as-installed" verification.

Preproduction Verification Environment Specification​

For the AI Models Integration Verification (Run R18), the testing was conducted using a decoupled Client-Server architecture. The explicit environment specifications used to generate the test results are as follows:

  1. System Under Test (Preproduction Cloud Infrastructure)
  • Domain: md-prototype.legit.health
  • Compute Instance: AWS EC2 g6.8xlarge (NVIDIA L4 Tensor Core GPUs, 32 vCPUs, 130 GiB RAM).
  • Storage: 2500 GB EBS Volume.
  • Data Persistence: Amazon DynamoDB utilizing 4 dedicated tables (legit_health_plus_api_gateway_users, legit_health_plus_api_gateway_organizations, legit_health_plus_api_gateway_lockouts, legit_health_plus_api_gateway_calls).
  • Configuration: Environment variables matching the Production baseline.
  • Container Runtime: Docker, orchestrating the api-gateway and 58 specific expert AI models (e.g., condition-classifier:1.0.0, erythema-classifier:1.0.0).
  • Test Dataset: Immutable image dataset snapshot stored at s3://legit-health-plus/software-tests/v1.1.0.0/integration-verification-dataset/ to ensure absolute reproducibility.
  1. Test Execution Environment (Local Client)
  • Hardware: MacBook Pro (Apple Silicon M1).
  • Operating System: macOS 26.2
  • Runtime: Python 3.10 utilizing the requests library.
  • Test Software: Custom integration script (Legit-Health/medical-device-integration-verification-tester, Commit SHA: a9b3209cafa65c0ac176d8c9e141657733786c5a) executing over HTTPS.

Detailed Results — Development Verification​

Regulatory objective: Confirm that the software units and internal integrations perform as specified prior to system-level testing (ISO 62304 §5.5, §5.6).

Test artifacts are organized per component, with each test run identified by timestamp and git commit hash for full traceability. Evidence includes JUnit XML test reports, coverage reports (XML, JSON, HTML), and metadata files recording the test environment.

Software Unit Verification (Unit Testing)​

  • Result: Passed.
  • Evidence: s3://legit-health-plus/software-tests/v1.1.0.0/01_development_verification/unit_tests/
ComponentStatusTestsFailedLine CoverageDuration
api_gatewayPassed732094.5%4.7s
control_planePassed83098.0%1.8s
report_builderPassed845095.7%2.1s
orchestratorPassed255097.5%1.0s
condition_classifierPassed818090.6%11.6s
essentialsPassed216086.6%2.4s
expert_corePassed474078.7%1.3s
Total3,423024.9s

Each component directory contains:

  • test_results/junit.xml — Test case enumeration and pass/fail status
  • coverage/ — Line and branch coverage reports (XML, JSON, HTML)
  • metadata.json — Version, commit SHA, timestamp, and environment details

Software Integration Verification (Integration Testing)​

  • Result: Passed.
  • Evidence: s3://legit-health-plus/software-tests/v1.1.0.0/01_development_verification/integration_tests/
ComponentStatusTestsFailedDuration
api_gatewayPassed358027.4s
control_planePassed8303.5s
report_builderPassed13801.7s
orchestratorPassed10601.4s
condition_classifierPassed21107.1s
expert_corePassed22604.1s
Total1,122045.2s

Each component directory contains:

  • test_results/junit.xml — Test case enumeration and pass/fail status
  • metadata.json — Version, commit SHA, timestamp, and environment details

Detailed Results — System Verification​

This section contains the results of the requirements verification performed in the controlled Staging environment.

Test Case IdTest Case TitleTest IdTest URLStatus
C50Verify the API service accepts incoming HTTP requests on the designated network portT105View✅
C62Verify API returns 200 HTTP status codes for successful requestsT106View✅
C68Verify API processes JSON requests and returns JSON responses with correct Content-Type headersT107View✅
C77Verify successful user authentication and token generation via the POST /auth/login endpointT109View✅
C73Verify retrieval and filtering of clinical signs data via /clinical/severity-experts endpointT108View✅
C106Verify API endpoints are accessible via URL paths prefixed with the major and minor version identifierT110View✅
C110Verify the API returns HTTP 413 when the request body exceeds the configured maximum sizeT111View✅
C124Verify POST /clinical/severity-assessment returns quantified results for valid image and sign listT112View✅
C128Verify the diagnosis-support endpoint accepts valid images and returns diagnostic analysisT113View✅
C162Verify simultaneous availability and processing of requests across distinct API versionsT114View✅
C330Verify API rejects malformed inputs with standardized 422 Unprocessable Entity responsesT115View✅
C331Verify API returns sanitized error responses with appropriate HTTP status codes and no internal detailsT116View✅
C454Verify API returns 401 HTTP status codes for wrong login requestsT272View✅
C455Verify API returns 422 HTTP status code when invalid data is submittedT273View✅
C456Verification of controlled 503 response and graceful degradation during downstream service failure.T300View✅
C169Verify health check endpoint returns unhealthy when some service is unavailableT121View✅
C46Verify the public health endpoint returns HTTP 200 and status OK when operationalT118View✅
C66Verify retrieval of mandatory legal information, UDI, and regulatory metadata via APIT119View✅
C543Verify that the eIFU is reachable, accessible and navigable via the link provided on the electronic labelT384View✅
C159Verify availability of OpenAPI specification and interactive documentation endpointsT120View✅
C255Verify API returns aggregated ICD probability distribution with structured code details in studyAggregate arrayT122View✅
C256Verify response includes per-image ICD probabilities and heat maps for the top five categoriesT123View✅
C258Verify response includes normalized entropy score between 0 and 1 in findingsT125View✅
C260Verify report response includes highPriorityReferral score within riskMetrics objectT127View✅
C261Verify report response includes malignantConditionProbability score within riskMetrics objectT128View✅
C262Verify report response includes pigmentedLesion score within riskMetrics objectT129View✅
C263Verify report response includes anyConditionProbability score within riskMetrics objectT130View✅
C264Verify report response includes urgentReferral score within riskMetrics objectT131View✅
C265Verify diagnosis workflow returns ranked ICD-11 codes, binary indicators, and explainability maps for valid imagesT132View✅
C266Verify epithelial tissue classification returns right presence prediction and confidence scoreT133View✅
C267Verify API returns Hurley stage and inflammatory status with associated probabilities for valid image inputT134View✅
C268Verify tissue wound bed necrotic classification returns right presence prediction and confidence scoreT135View✅
C269Verify pustule classification returns right intensity and confidenceT136View✅
C270Verify inflammatory nodular lesion detector return correct counts and bounding boxes for drainning tunnelsT137View✅
C271Verify wound borders delimited classification returns right presence prediction and confidence scoreT138View✅
C272Verify wound exudation serous classification returns right presence prediction and confidence scoreT139View✅
C274Verify wound exudation purulent classification returns right presence prediction and confidence scoreT141View✅
C275Verify wound maceration segmentation analysis returns segmentation masks and the right percentage of surface affectedT142View✅
C276Verify erythema classification returns right intensity and confidenceT143View✅
C277Verify crusting classification returns right intensity and confidenceT144View✅
C278Verify thickened wound borders classification returns right presence prediction and confidence scoreT145View✅
C279Verify induration classification returns right intensity and confidenceT146View✅
C280Verify hair loss segmentation analysis returns segmentation masks and the right percentage of surface affectedT147View✅
C281Verify wound perilesional erythema classification returns right presence prediction and confidence scoreT148View✅
C282Verify wound stage classification returns right score and confidence metrics from a valid wound imageT149View✅
C283Verify erythema segmentation analysis returns segmentation masks and the right percentage of surface affectedT150View✅
C284Verify lichenification classification returns right intensity and confidenceT151View✅
C285Verify wound affected tissues intact classification returns right presence prediction and confidence scoreT152View✅
C286Verify API returns follicle count, bounding boxes, and confidence scores for a valid scalp imageT153View✅
C287Verify wound borders indistinguishable classification returns right presence prediction and confidence scoreT154View✅
C288Verify wound affected tissues subcutaneous classification returns right presence prediction and confidence scoreT155View✅
C289Verify wound orthopedic material segmentation analysis returns segmentation masks and the right percentage of surface affectedT156View✅
C290Verify wound borders damaged classification returns right presence prediction and confidence scoreT157View✅
C291Verify wound biofilm material segmentation analysis returns segmentation masks and the right percentage of surface affectedT158View✅
C292Verify xerosis classification returns right intensity and confidenceT159View✅
C293Verify wound granulation segmentation analysis returns segmentation masks and the right percentage of surface affectedT160View✅
C294Verify wound bone segmentation analysis returns segmentation masks and the right percentage of surface affectedT161View✅
C295Verify swelling classification returns right intensity and confidenceT162View✅
C296Verify wound exudation serous classification returns right presence prediction and confidence scoreT163View✅
C297Verify wound affected tissues muscle classification returns right presence prediction and confidence scoreT164View✅
C298Verify skin segmentation analysis returns segmentation masks and the right percentage of surface affectedT165View✅
C299Verify hive detector return correct counts and bounding boxes for hivesT166View✅
C300Verify wound biofilm tissue classification returns right presence prediction and confidence scoreT167View✅
C302Verify tissue wound bed slough classification returns right presence prediction and confidence scoreT169View✅
C303Verify desquamation classification returns right intensity and confidenceT170View✅
C304Verify hypopigmentation segmentation analysis returns segmentation masks and the right percentage of surface affectedT171View✅
C305Verify wound borders diffused classification returns right presence prediction and confidence scoreT172View✅
C306Verify wound bed segmentation analysis returns segmentation masks and the right percentage of surface affectedT173View✅
C307Verify oozing classification returns right intensity and confidenceT174View✅
C308Verify wound affected tissues bone classification returns right presence prediction and confidence scoreT175View✅
C309Verify acneiform detector return correct counts and bounding boxes for papules, pustules, spotsT176View✅
C310Verify AWOSI classification returns right score and confidence metrics from a valid wound imageT177View✅
C311Verify tissue wound bed closed classification returns right presence prediction and confidence scoreT178View✅
C312Verify wound perilesional maceration classification returns right presence prediction and confidence scoreT179View✅
C313Verify nail lesion segmentation analysis returns segmentation masks and the right percentage of surface affectedT180View✅
C314Verify excoriation classification returns right intensity and confidenceT181View✅
C315Verify wound necrosis segmentation analysis returns segmentation masks and the right percentage of surface affectedT182View✅
C316Verify hyperpigmentation segmentation analysis returns segmentation masks and the right percentage of surface affectedT183View✅
C317Verify wound bloody exudation classification returns right presence prediction and confidence scoreT184View✅
C318Verify wound exudation fibrinous classification returns right presence prediction and confidence scoreT185View✅
C319Verify follicular and inflammatory pattern identification returns right resultT186View✅
C320Verify wound tissue wound bed granulation classification returns right presence prediction and confidence scoreT187View✅
C321Verify generation of structured clinical assessment report with quantified results for requested signs via APIT188View✅
C325Verify body surface segmentation analysis returns segmentation masks and the right percentage of surface affectedT193View✅
C446Verify acneiform detector return correct counts and bounding boxes for nodules, pustules and scabsT264View✅
C447Verify acneiform detector return correct counts and bounding boxes for scabs, comedones, papules and pustulesT265View✅
C448Verify hive detector return correct counts and bounding boxes for hives (second image)T266View✅
C449Verify inflammatory nodular lesion detector return correct counts and bounding boxes for non drainning tunnelsT267View✅
C450Verify inflammatory nodular lesion detector return correct counts and bounding boxes for nodulesT268View✅
C323Verify head detection returns right bounding boxes and heads count inside an imageT191View✅
C327Verify API returns ""clinical"" for image modality category when a skin image is providedT195View✅
C328Verify API returns image domain category equals to ""dermatological"" and confidence score for a skin imageT196View✅
C329Verify API returns dermatological image quality score, interpretation, and acquisition feedbackT197View✅
C451Verify API returns ""dermoscopic"" for image modality category when a skin image is providedT269View✅
C452Verify API returns image domain category equals to ""non_dermatological"" and confidence score for a dog imageT270View✅
C453Verify FHIR DiagnosticReport base structure for a segmenterT271View✅
C332Verify API accepts requests over HTTPS using TLS 1.2 or 1.3T198View✅
C333Verify API rejects or redirects unencrypted HTTP requestsT199View✅
C335Verify progressive increase in enforced delay across consecutive failed authentication attemptsT201View✅
C336Verify delay resets upon successful authenticationT202View✅
C337Verify successful access to permitted endpoints for an authorized roleT203View✅
C338Verify access denial for endpoints outside the assigned role scopeT204View✅
C339Verify HTTP 403 response when request volume exceeds defined thresholdT205View✅
C340Verify request acceptance after rate limit time window expirationT206View✅
C341Verify generated authentication tokens include the expiration claimT207View✅
C342Verify access denial for requests using an expired JWTT208View✅
C343Verify generation of authentication token using valid credentialsT209View✅
C344Verify rejection of authentication requests with invalid credentialsT210View✅
C345Verify password update functionality and subsequent authenticationT211View✅
C346Verify account lockout enforcement after threshold reachedT212View✅
C347Verify failed attempt counter reset on successful loginT213View✅
C348Verify administrative manual account unlock capabilityT214View✅
C349Verify enforcement of password complexity and length constraintsT215View✅
C350Verify authentication behavior for expired passwordsT216View✅
C351Verify protected endpoints allow access with a valid OAuth 2.0 Bearer tokenT217View✅
C352Verify protected endpoints reject requests lacking a valid token with 401 UnauthorizedT218View✅
C353Verify public endpoints are accessible without an Authorization headerT219View✅
C354Verify AES-256 encryption configuration for data storageT220View✅
C355Verify authorized administrator can retrieve current user information for reviewT221View✅
C356Verify authorized administrator can revoke permissions during access reviewT222View✅
C357Verify successful execution and audit logging of system integrity checksT223View✅
C363Verify backup generationT225View✅
C364Verify automated backup generationT226View✅
C366Verify blocking of anomalous high-frequency request burstsT228View✅
C368Verify FHIR DiagnosticReport base structure for a detectorT230View✅
C369Verify analysisDuration field population in DiagnosticReportT231View✅
C370Verify isAssessable is true when domain and quality criteria are metT232View✅
C371Verify isAssessable is false when image quality is unacceptableT233View✅
C372Verify isAssessable is false when image is non-dermatologicalT234View✅
C373Verify single image analysis maps to structured object in imageAnalyses arrayT235View✅
C374Verify multiple image analyses map to distinct objects in imagingAnalysis arrayT236View✅
C375Verify response structure compliance with OpenAPI success schemaT237View✅
C376Verify response structure compliance with OpenAPI error schemaT238View✅
C377Verify Assignment of Official Identifier to DiagnosticReportT239View✅
C378Verify Uniqueness of Generated DiagnosticReport IdentifiersT240View✅
C382Verify System Timestamp Accuracy via API Response HeadersT244View✅
C383Verify System Time Synchronization and Accuracy StatusT245View✅
C388Verify Role-Based Access Control for Audit Trail InterfaceT247View✅
C389Verify Audit Trail Search and Export CapabilitiesT248View✅
C391Verify audit records cannot be modified or deleted via APIT249View✅
C395Verify audit trail generation for authentication lifecycle and security anomaliesT251View✅
C398Verify audit record completeness for successful API eventT252View✅
C399Verify audit record completeness for failed API eventT253View✅
C410Verify audit trail generation for clinical data creation eventsT255View✅
C413Audit record preservation during database unavailabilityT258View✅
C416Verify p95 API latency remains under 10 seconds during nominal loadT261View✅

Detailed Results — AI Models Integration Verification​

Regulatory objective: Confirm that each AI model integrated into the medical device produces the expected outputs when invoked in the preproduction environment, verifying correct model loading, preprocessing, inference, and post-processing (IEC 62304 §5.6, ISO 82304-1).

  • Result: Passed.
  • Evidence: TestRail Plan R17, Run R18 — AI Models Integration Plan — Preproduction. Per-model evidence stored at s3://legit-health-plus/software-tests/v1.1.0.0/integration-verification-dataset/.

All tests were executed using the Preproduction Verification Environment specified in Section 3, ensuring identical AI compute hardware (AWS g6.8xlarge) as intended for production.

MetricValue
Test Cases76
Passed76
Failed0
Pass Rate100%
Tested ByGerardo Fernández
Execution Date2026-01-15

All 76 test cases verified that the integrated AI models (classifiers, segmenters, detectors, and pattern identifiers) return the expected probability distributions, scores, segmentation masks, and detection outputs for controlled reference images. Each test case stores both the request payload and the response payload as evidence in S3.

Test case details are provided in the controlled export: ai-models-integration-tests.csv.

Detailed Results — Commissioning (Production)​

This section details the operational readiness verification performed on the deployed production instance (AWS eu-west-3).

Test Case IdTest Case TitleReviewerReview StatusTest IdStatus
C420Deployment Environment VerificationGerardo Fernández ApprovedT274✅
C421Container Image VerificationGerardo Fernández ApprovedT275✅
C422Configuration Baseline VerificationGerardo Fernández ApprovedT276✅
C423Security Configuration VerificationGerardo Fernández ApprovedT277✅
C424External Dependency AvailabilityGerardo Fernández ApprovedT278✅
C425Deployment Deviations ReviewGerardo Fernández ApprovedT279✅
C426Deployment AcceptanceGerardo Fernández ApprovedT280✅
C427Test Data ControlsGerardo Fernández ApprovedT281✅
C428Credentials and Access ControlsGerardo Fernández ApprovedT282✅
C429API Availability and RoutingGerardo Fernández ApprovedT283✅
C430Authentication and Authorization EnforcementGerardo Fernández ApprovedT284✅
C431Input Validation and Error HandlingGerardo Fernández ApprovedT285✅
C432Internal Integration Sanity ChecksGerardo Fernández ApprovedT286✅
C433Audit Logging VerificationGerardo Fernández ApprovedT287✅
C434Failure Mode Sanity ChecksGerardo Fernández ApprovedT288✅
C435Functional Deviations ReviewGerardo Fernández ApprovedT289✅
C436Functional Commissioning AcceptanceGerardo Fernández ApprovedT290✅
C439AI/ML Model Runtime AvailabilityGerardo Fernández ApprovedT293✅
C440Clinical Output Integrity and StructureGerardo Fernández ApprovedT294✅
C441Report Generation and SerializationGerardo Fernández ApprovedT295✅
C442Operational Readiness ChecksGerardo Fernández ApprovedT296✅
C443Clinical Workflow Limitations and Known ConstraintsGerardo Fernández ApprovedT297✅
C444Clinical Deviations ReviewGerardo Fernández ApprovedT298✅
C445Clinical Commissioning AcceptanceGerardo Fernández ApprovedT299✅
C457Diagnosis Support of Clinical ImagesGerardo Fernández ApprovedT301✅
C458Severity Assessment – PASI WorkflowGerardo Fernández ApprovedT302✅
C459Severity Assessment – UAS WorkflowGerardo Fernández ApprovedT303✅
C460Severity Assessment – IHS4 WorkflowGerardo Fernández ApprovedT304✅
C461Severity Assessment – SCORAD WorkflowGerardo Fernández ApprovedT305✅
C462Verification of End-to-End Clinical Workflow Presentation and Scoring Interface.Gerardo Fernández ApprovedT306✅

Anomalies and Deviations Review​

Verification Anomalies​

No anomalies were identified during the system verification phase. All requirements were verified against the specified acceptance criteria.

Commissioning Deviations​

The commissioning campaign concluded with no identified deviations.

  • Infrastructure: AWS account ID and Region match the declared production environment.
  • Security: TLS, JWT Authentication and IAM credentials are active and enforced.
  • Clinical: All 58 expert models are resident in memory and producing structured JSON outputs.

Conclusion​

The software version 1.1.0.0 is formally verified and commissioned. Based on the 100% pass rate and the absence of deviations, the device is considered safe and effective for its intended clinical use in the production environment.

Additional graphical reports and execution logs can be retrieved from the TestRail PDF Export and the S3 evidence URI identified in the commissioning records.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
  • Approver: JD-001 General Manager
Previous
R-TF-012-034 Software Test Description
Next
R-TF-012-038 Verified Version Release
  • Document Information
  • Executive Summary
  • Test Environment and Levels
    • Preproduction Verification Environment Specification
  • Detailed Results — Development Verification
    • Software Unit Verification (Unit Testing)
    • Software Integration Verification (Integration Testing)
  • Detailed Results — System Verification
  • Detailed Results — AI Models Integration Verification
  • Detailed Results — Commissioning (Production)
  • Anomalies and Deviations Review
    • Verification Anomalies
    • Commissioning Deviations
  • Conclusion
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)