R-TF-013-002 Risk management record

This record is carried out following the procedure GP-013 Risk management and according to R-TF-013-001 Risk management plan, which is also carried out following GP-013. The definition of the risk control options, the risk levels, risk acceptability and everything else, can be found in GP-013 Risk management.

See full page

Filter by type:AllUsabilityCybersecurityProductRegulatoryArtificial Intelligence(62)

ID? Stable unique identifier in the format "R-XXX" (letter R, dash, three alphanumeric characters). Persist this across revisions to preserve traceability and version history.	Hazard or Use Error? Hazard or Use Error. A hazard is a potential source of harm (ISO 14971). A use error is an act or an omission by the user that causes a device response different from the one intended by the manufacturer or expected by the user (IEC 62366-1). Use the term that fits the risk's context.	Type? One or more lenses that apply to this risk: Usability (human factors), Cybersecurity, Product (device safety), Regulatory, Artificial Intelligence. Select multiple when the risk cuts across lenses.	Hazardous Situation or Vulnerability? If Type includes Cybersecurity, record the specific vulnerability that an attacker can exploit. Otherwise, record the hazardous situation, which is the circumstance that exposes people, property, or the environment to one or more hazards (ISO 14971).	Foreseeable sequence of events? Foreseeable sequence of events. List the ordered, realistic steps—including reasonably foreseeable misuse—that can lead from the initiator to a hazardous situation and then to harm (ISO 14971).	Harm? Potential injury or damage to health, or damage to property or the environment (ISO 14971). For AI‑related risks, also consider impacts on fundamental rights such as discrimination or undue bias when applicable (EU AI Act).	Risk or Threat? Concise statement of the risk or the threat scenario. For risks in the ISO 14971 sense, think "combination of the probability of occurrence of harm and the severity of that harm." For cybersecurity, frame as "adversary capability exploiting a vulnerability leads to impact."	Security (CIAA)? Security properties affected: Confidentiality, Integrity, Availability, and Authenticity (CIAA). Required when Type includes Cybersecurity.	User group? Intended user group for usability risks. Examples: Healthcare Professional (HCP) or Information Technology Professional (ITP). Optional for other risk types.	User task? Specific task from the validated use scenarios that the user is performing when the risk can occur. Required for usability risks.	Cause Requirement(s)? Requirement codes (PRS-*) whose absence, defect, or violation could plausibly cause or contribute to the sequence of events.	Affected Asset, Part or People? Assets, components, users, patients, or organizations that are impacted by the risk. Examples: patient, device, integration, managing organization, data set.	Likelihood (Initial)? Initial likelihood rating from 1 to 5. Interpret as the estimated probability that the hazardous situation will lead to harm before any controls. For cybersecurity, interpret as exploitability given exposure and attack preconditions.	Severity (Initial)? Initial severity rating from 1 to 5. Interpret as the magnitude of the foreseeable harm outcome before any controls.	RPN (Initial)? Initial Risk Priority Number from 1 to 25, calculated as Severity (Initial) multiplied by Likelihood (Initial). Use for prioritization; it does not replace ISO 14971 risk‑acceptability criteria.	Control Opt (ABC)? Chosen risk control option or options in the ISO 14971 priority order: A. Inherently safe design and construction; B. Protective measures in the device or in the manufacturing process; C. Information for safety and, when appropriate, training to users.	Implemented mitigation measures? Implemented risk control measures and safeguards: design features, protective mechanisms, procedures, information for safety, training, and technical security controls.	Mitigation or Control Requirement(s)? Requirement codes (PRS-*) that implement the selected risk control measures to maintain full traceability.	Responsible? Role accountable for planning, implementing, and verifying the risk control measures.	Verification of implementation of risk control measures? Objective evidence that risk control measures have been implemented as specified. Examples: test protocols and reports, design reviews, configuration and release records.	Severity (Controlled)? Controlled severity rating from 1 to 5 after controls. Severity often remains unchanged unless the control reduces the potential magnitude of harm.	Likelihood (Controlled)? Controlled likelihood rating from 1 to 5 after controls. For cybersecurity, reflect the residual exploitability after mitigations.	RPN (Controlled)? Controlled Risk Priority Number from 1 to 25, calculated as Severity (Controlled) multiplied by Likelihood (Controlled).	Residual risk evaluation? Residual risk band derived from the controlled RPN. 1 to 5: Acceptable. 6 to 12: As far as possible. 13 to 25: Not acceptable.	Verification of effectiveness of risk control measures? Objective evidence that risk control measures are effective in reducing risk in the intended context. Examples: usability validation per IEC 62366‑1, clinical evaluation where applicable, cybersecurity verification and validation, penetration testing.	Benefit-risk analysis? Benefit–risk analysis rationale. Required when the residual risk band is As far as possible or Not acceptable. Summarize the clinical or organizational benefits that outweigh the residual risk and explain why further risk reduction is not reasonably practicable.	Risks arise from risk control measures?? Indicate whether the implemented controls introduce new hazards, hazardous situations, vulnerabilities, or use errors. If yes, create linked risk rows and evaluate them.	Is risk control complete?? Confirm that all planned risk control measures have been implemented, verified, and shown effective, and that any secondary risks have been addressed.	Overall residual risk acceptability? Overall residual risk acceptability. Record the management decision per the risk management plan's criteria, including any aggregated considerations and disclosure of residual risk. This is not derived solely from row completion.	Threat Model Ref(s)? References to the relevant threat‑model elements for cybersecurity risks. Examples: STRIDE items, attack trees, misuse cases, architecture nodes.	Post-Market Plan Ref(s)? References to production and post‑production monitoring activities that will detect, trend, or respond to this risk after release. Examples: human‑factors postmarket follow‑up, field security monitoring, incident response, complaint trending.
R-2TP	The endpoints of the device are not compatible with the user's software	⚙️ Product	The care provider's IT personnel must develop custom code, which in some cases may not be viable.	ITPs start the integration of the device into the healthcare organisation's system Communication between the healthcare system and the device's API fails, leading to the inability to send or receive data correctly The ITP spends significant time troubleshooting and trying to resolve the compatibility issue Due to the compatibility problem, the integration process takes longer than expected, delaying the device's deployment HCPs do not receive the device's outputs in their expected format or within the system workflow, affecting their ability to access the device outputs in a timely manner	Delays in patient diagnosis and/or treatment follow up.; User frustration	The name of the endpoints of the device do not follow a standard	IntegrityAvailability			SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	The endpoints of the device follow HL7's FHIR interoperability standard and information in Instructions for Use	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-API-002T-024-006-API-004	T-024-007-DEP-002T-024-007-INT-002
R-A96	Incompatibility in classification systems	⚙️ Product	Mismatch between the name or code of the ICD class of the medical device and the ones used by the healthcare provider's software	The ITP integrates the device, but the system uses a different or incompatible classification system The outputs from the device do not correctly map to the healthcare organisation's classification system HCPs receive diagnostic outputs that are misclassified, incomplete, or inconsistent with their healthcare system's terminology or standards	Misdiagnosis; User frustration	The name of the endpoints of the device do not follow a standard				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Managing Organisation	4	3	12⚠️	AC	The endpoints of the device follow ICD-9, ICD-10 and ICD-11, and they are also mapped to the output	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report R-TF-015-003 Clinical Evaluation Report (section: Valid clinical association of the International Classification of Diseases (ICD) classes)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-HBD	Misrepresentation of magnitude returned by the device	🤳 Usability⚙️ Product	The care provider's system represent a value as if was representing a different magnitude.	The device analyses an image of the skin structure and provides the outputs to HCPs Due to a software bug, data formatting issue, or improper interpretation by the healthcare system, the magnitude is incorrectly represented in the output	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	The name of the endpoints of the device do not follow a standard		👨‍💻ITP	Use a stable internet connection	SRS-BYJSRS-H3JSRS-AQMSRS-F05SRS-FMGSRS-K6N	Managing Organisation	3	3	9⚠️	AC	The endpoints of the device follow HL7's FHIR interoperability standard and we developed a integration manual within the IFU that explains the values, as well as a Swagger documentation	SRS-BYJSRS-H3JSRS-AQMSRS-F05SRS-FMGSRS-K6N	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C368, C369, C373, C374, C375, C376, C453, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-BDR	Misinterpretation of data returned by the device	⚙️ Product	The care provider's system represent a value as if was representing a different clinical endpoint.	ITP implements the device into the system The device processes an image of the skin structure and provides ooutputs The representation of the device outputs made by the ITP is not easily understandable or lacks clear interpretation guidance for HCPs	This could lead to misdiagnosis; delays in treatment and worsening of the patient's health status.	The name of the endpoints of the device do not follow a standard				SRS-BYJSRS-H3JSRS-AQMSRS-F05SRS-FMGSRS-K6N	Managing Organisation	5	3	15⛔️	C	The endpoints of the device follow HL7's FHIR interoperability standard and we developed a integration manual within the IFU that explains the values, as well as a Swagger documentation We define the minimum user interface requirements to show the medical device outputs to HCPs Minimum user interface requirements are provided in the IFU	SRS-BYJSRS-H3JSRS-AQMSRS-F05SRS-FMGSRS-K6N	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C368, C369, C373, C374, C375, C376, C453, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-75H	Incorrect clinical information	⚙️ Product	The care provider receives into their system data that is erroneous	The device processes an image of the skin structure Due to a software malfunction, algorithmic error, data corruption, or integration issue, the device outputs incorrect clinical information The HCP, unaware of the malfunction, relies on the device output	This could lead to misdiagnosis; delays in treatment and worsening of the patient's health status.	The interpretive distribution assigns a low probability to the correct ICD class among the potential ICD classes.				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	Information about device outputs are detailed in the IFU. The medical device returns metadata about the output that helps supervising it, such as explainability media and other metrics. AI models undergo retraining using expanded dataset of images.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	T-TF-025-007 Summative Evaluation Report R-TF-015-003 Clinical Evaluation Report (sections: Instructions for Use, Associated Design Product Requirement, Clinical performance)	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-DAG	Incorrect diagnosis or follow up	🤳 Usability🏛️ Regulatory	The medical device outputs a wrong result	The device processes an image of the skin structure Due to a software malfunction, algorithmic error, data corruption, or integration issue, the device outputs incorrect clinical information The HCP, unaware of the malfunction, relies on the device output	This could lead to misdiagnosis; delays in treatment and worsening of the patient's health status.	The interpretive distribution assigns a low probability to the correct ICD class among the potential ICD classes.		👩‍⚕️HCP	User logs into the system.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	4	3	12⚠️	AC	Information about device outputs are detailed in the IFU. The medical device returns metadata about the output that helps supervising it, such as explainability media and other metrics. The device returns an interpretative distribution representation of possible ICD categories, not just one single condition. AI models undergo retraining using expanded dataset of images.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	T-TF-025-007 Summative Evaluation Report R-TF-015-003 Clinical Evaluation Report (sections: Instructions for Use, Associated Design Product Requirement, Valid clinical association of the International Classification of Diseases (ICD) classes, Clinical performance)	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-SKK	Incorrect results shown to patient	🤳 Usability🔐 Cybersecurity🏛️ Regulatory🧠 Artificial Intelligence	The patient see erroneous results.	The device processes an image of the skin structure Due to a software malfunction, algorithmic error, data corruption, or integration issue, the device outputs incorrect clinical information The HCP, unaware of the malfunction, relies on the device output	The patient is affected and may suffer anxiety or delays visiting the HCP and their consequent treatment; worsening their health status.	The interpretive distribution assigns a low probability to the correct ICD class among the potential ICD classes.,Patient is using the device without the HCP monitoring	IntegrityAvailability	👩‍⚕️HCP	User takes a photo of the patient's lesion.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	4	3	12⚠️	AC	Information about device outputs are detailed in the IFU. The medical device returns metadata about the output that helps supervising it, such as explainability media and other metrics. The device returns an interpretative distribution representation of possible ICD categories, not just one single condition. AI models undergo retarining using expanded dataset of images.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report R-TF-015-003 Clinical Evaluation Report (sections: Instructions for Use, Associated Design Product Requirement, Valid clinical association of the International Classification of Diseases (ICD) classes, Clinical performance)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-AML-001T-024-006-DAT-002	T-024-007-AUD-001T-024-007-CVE-002
R-D1I	Unauthorized patient access to clinical data	⚙️ Product🔐 Cybersecurity	The patient somehow manages to get access to the clinical endpoints of the device.	The user takes a picture The photo is given to the medical device. The device outputs clinical data to aid the doctor in their diagnostic process.	The patient is affected and may suffer anxiety or delays visiting the HCP and their consequent treatment; worsening their health status.	The medical device is hacked and a patient access to inaccesible data.	ConfidentialityAuthenticity			SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	3	3	9⚠️	AB	State-of-the-art security measures to avoid unauthorized access to data, malignant uses and hacking, and information about authentication process for users are available in IFU	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report R-TF-015-003 Clinical Evaluation Report (sections: Associated Design Verification Test, Requirement on devices that incorporate software or for software that are devices in themselves (GSPR 17.2), Instructions for Use)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-AUT-001T-024-006-AUT-003	T-024-007-VUL-001T-024-007-VUL-003
R-AGQ	Image artefacts or poor resolution	⚙️ Product	The medical device receives an input that does not have sufficient quality in a way that affects its performance	An image of the skin structure is captured and submitted to the device for analysis Due to issues such as poor lighting, camera quality, motion blur, or external factors (e.g., dirt, reflections), the image contains artefacts or is of low resolution, compromising the clarity of the skin structure The device processes the flawed image, but the artefacts or low resolution negatively impact the accuracy of its analysis.	Misdiagnosis; delays in treatment and worsening of the patient's health status.	Improper image acquisition, poor image capture conditions,Inadequate image processing algorithms				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. The device returns meaningful messages to the users about the quality score of the images. This allows care providers to re-take a photo. The IFU contain the `How to take pictures` section with recommendation on how to take pictures with high quality. We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	R-TF-015-003 Clinical Evaluation Report (sections: Associated Design Product Requirement, Associated Design Verification Test, Clinical performance) T-TF-025-007 Summative Evaluation Report	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-E7Z	Inaccessible skin areas	🤳 Usability	The device cannot analyse certain skin areas	The HCP or the patient attempts to capture an image of the patient's skin to analyze potential conditions Certain areas of the skin (e.g., underarm, groin, scalp, or other folds) are difficult to access or visualize due to their location or the patient's body position The device analyses images with poor quality or not containing enough details of the skin abnormality intended to be captured The HCP relies on the available analysis results from accessible areas	Misdiagnosis; delays in treatment and worsening of the patient's health status.	Inability to access or take a picture of the skin structure due to its location in an unreachable body site and lack of aid in the process		👩‍⚕️HCP	User takes a photo of the patient's lesion.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	3	3	9⚠️	AC	A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. The device returns meaningful messages to the users about the quality score of the images. This allows care providers to re-take a photo. The IFU contain the `How to take pictures` section with recommendation on how to take pictures with high quality plus in the Contraindications section of the IFU we state the following: We advise the user not to use the device if skin structures are not accessible by a camera, such as being located in a skin fold or is otherwise covered. We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (sections: Associated Design Product Requirement, Associated Design Verification Test, Clinical performance) T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-T8Q	Data transmission failure from healthcare provider's system	⚙️ Product	The healthcare provider's system cannot connect to the medical device	The healthcare provider contracts the medical device An API token is delivered to the ITP ITP develops a code snippet to send data The medical device does not receive information	Delays in patient diagnosis and poorer treatment follow-up.	Error in the API token or the authentication process, connectivity problems, firewall, incompatibility between systems				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AB	State-of-the-art techniques of security and software availability. The device returns meaningful messages about the error	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	T-TF-025-007 Summative Evaluation Report	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-3N5	Data input failure	⚙️ Product	The medical device cannot receive data from healthcare providers' system	The healthcare provider contracts the medical device An API token is delivered to the ITP ITP develops a code snippet to send data The medical device does not receive information	Delays in patient diagnosis and poorer treatment follow-up.	Error in the API token or the authentication process, connectivity problems, firewall, incompatibility between systems, interface issues				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	4	3	12⚠️	AB	State-of-the-art techniques of security and software availability. The device returns meaningful messages about the error	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	T-TF-025-007 Summative Evaluation Report	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-YF4	Data accessibility failure	⚙️ Product	The healthcare provider cannot receive data from the medical device	The healthcare provider contracts the medical device An API token is delivered to the ITP ITP integrates the device into the system The device processes images and generates analysis The system fails to provide access to the data due to issues such as network outages, software malfunctions, or user permission errors	Delays in patient diagnosis and poorer treatment follow-up.	Error in the API token or the authentication process, connectivity problems, firewall				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AB	State-of-the-art techniques of security and software availability. The device returns meaningful messages about the error	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	T-TF-025-007 Summative Evaluation Report	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-LRP	Data transmission failure	⚙️ Product	The medical device cannot send data to healthcare providers	The device processes images and generates analysis results that need to be transmitted to the healthcare provider's system Due to various issues (e.g., network instability, system malfunctions, or incorrect configurations), the data fails to transmit successfully The system may not provide adequate feedback or notifications regarding the failure of the data transmission HCP may proceed with clinical decisions based on outdated or insufficient information	Delays in patient diagnosis; inaccurate clinical decision; poorer treatment follow-up.	Poor connectivity, firewall restriction, server issues, incompatibility between systems, improper configuration, improperly formatted data				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	4	3	12⚠️	AB	State-of-the-art techniques of security and software availability The device returns meaningful messages about the error The endpoints of the device follow HL7's FHIR interoperability standard	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	T-TF-025-007 Summative Evaluation Report	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-MWD	Interruption of service	⚙️ Product	The device or the healthcare system experiences an unexpected interruption in service leading to inability to use the device	The healthcare provider contracts the medical device The medical device is integrated to the system The device and healthcare system operate as intended An unexpected event occurs, such as a system outage, server failure, or software crash, leading to a complete or partial interruption of service ITP is unable to access the device's outputs HCP cannot obtain the data they need	Delays in patient diagnosis and poorer treatment follow-up.	Server overload, connectivity problems, software bugs, incorrect system configurations				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AB	The deployment of the medical devices uses elastic demand design. The medical device makes constant backups. State-of-the-art techniques of security and software availability. Due to the inherent features of the REST protocol, when a user send a request and the device is down, the device returns a specific code informing of the state of the device, including downtime. This means that the user will be automatically aware of downtime, as well as any other states.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-TLM	An organisation that is not a licensed healthcare provider gets access to the device	🏛️ Regulatory	Improper use of the device and improper use of the outputs of the device	A company who is not a licensed healthcare provider (or a non-licensed care provider) contacts us The company contracts the medical device The medical device is integrated to their system They are using the medical device under its normal condition of use	Misdiagnosis; delays in treatment and worsening of the patient's health status; data privacy breaches	Miscommunication about the medical device-nature of the product, inconsistent licensing checks, weak authentication measures, cybersecurity breaches				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	3	3	9⚠️	AC	The contracting process includes a contract in which the customer declares they are a healthcare provider Instructions for use explain the intended users of the medical device and security requirements and recommendations Stringent security measures: - implementation of a robust authentication mechanisms such as OAuth or JWT to ensure that only authorized users can access the API. Role-based access control further restricts user privileges, enhancing data security; - implementation of data encryption: all data transmitted between the user and the API is encrypted using industry-standard encryption protocols, such as SSL/TLS, to protect against eavesdropping and data breaches	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-4GG	Users outside the intended user definition use the medical device	🏛️ Regulatory	Other personnel (other than HCP and ITP) directly interact with the medical device	Non-IT users may misconfigure the device, input incorrect data, or fail to set parameters correctly, leading to potential errors in the device's outputs HCP may misinterpret the device's output	Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate information provided by the manufacturer, poor access restriction policies				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	3	3	9⚠️	AC	Instructions for use include information about the intended user and their qualification, plus IFU contain the section `Security requirements and recommendations` to ensure best security practices are followed by ITPs Implementation of authentication process and security controls to avoid unintended use of the device	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-ZFR	The device is not used under the supervision of an HCP	🏛️ Regulatory	Improper use of the device and improper interpretation of the outputs of the device	The device is correctly integrated into the healthcare organisation's system by an ITP The output generated by the device is received by individuals who are not HCPs or the output is used without any review by a qualified medical professional Personnel other than HCP may misinterpret the device's outputs	Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate information provided by the manufacturer about roles and responsibilities, inadequate implementation of workflows				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	3	3	9⚠️	AC	Instructions for use include information about the intended user and their qualification, plus IFU contain the section `Security requirements and recommendations` to ensure best security practices are followed by ITPs Implementation of authentication process and security controls to avoid unintended use of the device	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-CYO	The device is integrated by unqualified ITPs	🏛️ Regulatory	Medical device communication with the user server is not properly established	Unqualified ITPs perform the medical device integration Communication between the medical device and the user server is not adequate Medical device cannot be used or it is integrated improperly	User discomfort; dissatisfaction. Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate information provided by the manufacturer				SRS-BYJSRS-H3JSRS-AQMSRS-F05SRS-FMGSRS-K6N	Managing Organisation	3	3	9⚠️	AC	Instructions for use include information about the intended user and their qualification, and instructions on how to integrate the device	SRS-BYJSRS-H3JSRS-AQMSRS-F05SRS-FMGSRS-K6N	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C368, C369, C373, C374, C375, C376, C453, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-QLF	Non-compliance with the General Safety & Performance Requirements (GSPR)	🏛️ Regulatory	Inadequate safety and performance of the whole device	General and Safety Performance Requirements (GSPR) of MDR 2017/745 are not taken into account in the design of the device Device with poor safety and performance controls in place	Decreased product performance; quality and safety. Misdiagnosis; delays in proper treatment and worsening of the patient's health status due to poor validation of the device	Misinterpretation of applicable regulation or lack of knowledge				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	3	3	9⚠️	A	Medical device is developed and produced according to harmonized standards for medical device in compliance with the applicable GSPR	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Internal/external audits R-TF-015-003 Clinical Evaluation Report (section: Compliance with applicable regulatory requirements)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-ES8	Non-compliance with GSPR 3 (absence of a risk management process)	🏛️ Regulatory	Risks are not mitigated as far as possible	A risk management policy is not in place User does not know the potential risks of the whole device Loss of whole device proper performance	User discomfort; dissatisfaction. Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate QMS				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	3	12⚠️	A	Implement a risk management process according to ISO 14971	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Internal/external audits Periodic review of GP-013 (Risk management), periodic review of risk management plan, record and report, stay up-to-date with any revision of the standard	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-EZZ	Instructions for use not available or separate from the product	🏛️ Regulatory	Whole device cannot be used	ITPs responsible for integrating the device into the healthcare organisation's systems do not have access to the IFU, leading to incorrect setup or misunderstanding of device requirements The device is either improperly installed, misconfigured, or key steps in the integration are skipped due to lack of guidance HCPs may misinterpret the device's outputs, as the incorrect setup affects the results presented to them	Misdiagnosis; inaccurate clinical decision; delays in proper treatment and worsening of the patient's health status.	Accessibility problems, incorrect document format, miscommunication from manufacturer, network issues				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	IFU designed and developed according to harmonized standards for medical device If the issue is access to the internet, the user would also not be able to use the device, so there is no risk of using the device without access to the instructions. Provide the IFU in paper form upon request	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-CGQ	Inadequate specification of the product intended purpose	🏛️ Regulatory	Whole device is wrongly used or is not used as intended	User reads IFU User does not understand the product intended purpose User unintentionally misuses the whole device	Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate information provided by the manufacturer				SRS-BYJSRS-H3JSRS-AQMSRS-BA6	Managing Organisation	4	3	12⚠️	AC	We specify the product intended purpose in the IFU and label to ensure this information is always available for the users	SRS-BYJSRS-H3JSRS-AQMSRS-BA6	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C375, C376, C454, C455, C62, C66, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-TA9	Inadequate camera usage or settings	⚙️ Product🤳 Usability	Poor image quality due to inadequate resolution, lighting, focus or camera settings	A camera is used to capture images of the skin structures Due to improper settings (such as inadequate lighting, incorrect resolution, or focus issues) or the use of a low-quality camera, the captured images are unclear or fail to capture sufficient detail These suboptimal images are input into the medical device for analysis The device's algorithm processes the poor-quality images, leading to decreased accuracy The medical device outputs potentially misleading or incomplete results	Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate image processing algorithms		👨‍💻ITP	Authenticate in the API	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. The device returns meaningful messages about the quality score of the images. This allows care providers to re-take a photo. The IFU contain a dedicated section on how to take pictures (section name: `How to take pictures`) and technical specifications of the camera (section: `Technical specifications`) We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (sections: Validation and testing of machine learning models, Post-market Clinical investigations (with focus on clinical studies whose primary endpoint is improving diagnostic accuracy)) T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-3YJ	Data breach or unauthorized access	🔐 Cybersecurity	Unauthorized persons have access to confidential data	A vulnerability in the healthcare organisation's IT infrastructure (e.g., weak passwords, outdated security protocols, lack of encryption) allows unauthorized individuals or malicious entities to gain access to the network or systems where the medical device and patient data are stored or transmitted The unauthorized individual or entity gains access to patient records, diagnostic results, or sensitive healthcare information processed by the device During or after the breach, the healthcare system may experience downtime or operational disruption as IT teams attempt to address the issue, potentially delaying patient diagnosis and treatment	Misuse of sensitive patient data; unauthorized alterations to diagnostic results; or delays in treatment due to disrupted clinical workflows; loss of trust in the medical device	Inadequate information provided by the manufacturer, inadequate security measures implemented in the device	ConfidentialityIntegrityAvailability			SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	Stringent security measures: - implementation of a robust authentication mechanisms such as OAuth or JWT to ensure that only authorized users can access the API. Role-based access control further restricts user privileges, enhancing data security; - implementation of data encryption: all data transmitted between the user and the API is encrypted using industry-standard encryption protocols, such as SSL/TLS, to protect against eavesdropping and data breaches. In the IFU we explain the access to the device by means of an API token that has expiration plus there is a specific section (`Security requirements and recommendations`) in which we explain security measures that ITP shall follow	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-AUT-002T-024-006-DAT-001T-024-006-NET-001	T-024-007-VUL-002T-024-007-CVE-001T-024-007-INC-001
R-C6Q	Non-compliance with GSPR 3 (absence of a PMS & PMCF process)	🏛️ Regulatory	Unavailability of safety, performance, usability information during product usage needed to improve the device	Failure to systematically collect and monitor data on the performance, safety, and real-world usage of the medical device after it has been placed on the market Potential safety or performance issues, adverse events, or device malfunctions occurring during real-world use go undetected due to the absence of post-market data collection and analysis Without ongoing clinical follow-up, new or increased risks (e.g., changes in device efficacy or unforeseen side effects) are not identified or assessed in time to take corrective action We are unaware of safety or performance concerns, meaning that corrective or preventive actions (e.g., design changes, software updates, additional user training) are not implemented to address the emerging issues As issues go unresolved, the device may experience more frequent failures or adverse events, negatively impacting patient care and increasing the likelihood of harm, such as incorrect diagnoses or delayed treatments	Users discomfort and loss of confidence in the device. Patient misdiagnosis and worsening of their health status	Inadequate QMS				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	3	3	9⚠️	A	Develop post-market surveillance and post-market clinical follow up plans according to the regulatory requirements	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-8KS	Inadequate instructions for use: product information for clinical safety is not included at the IFU	🏛️ Regulatory	Use of the device without the necessary safety-related information	The instructions for use (IFU) provided with the device do not include critical safety information, such as warnings, contraindications, or precautions related to clinical safety ITPs, unaware of potential safety risks, proceed with integrating the device without the necessary precautions or configurations HCPs use the device without knowing warnings, precautions, contra-indications Inappropriate use or misinterpretation of the device's output	Inaccurate diagnoses; inappropriate follow-up actions; loss of confidence in the device; regulatory non-compliance	Inadequate information provided by the manufacturer				SRS-BYJSRS-H3JSRS-AQMSRS-BA6	Manufacturer	4	3	12⚠️	C	We specify in the IFU the clinical safety information related to the product	SRS-BYJSRS-H3JSRS-AQMSRS-BA6	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C375, C376, C454, C455, C62, C66, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-UI5	Inadequate instructions for use: product information for cybersecurity is not included in the IFU	🤳 Usability🔐 Cybersecurity🏛️ Regulatory	Presence of vulnerabilities that may compromise the integrity of the system and patient data	The instructions for use (IFU) do not provide necessary cybersecurity guidelines, such as how to secure device communication, implement encryption, or manage authentication protocols ITPs, unaware of the specific cybersecurity requirements for the medical device, may integrate the device without implementing appropriate security measures The device is integrated into the healthcare system with weak or default security settings, leading to vulnerabilities in data transmission and system access Due to the inadequate cybersecurity setup, malicious actors may exploit the system, gaining unauthorized access to patient data or the medical device's functionalities Patient data, such as medical images or diagnostic outputs, could be intercepted or altered during transmission, leading to compromised or inaccurate results	Unauthorized access to sensitive patient information; incorrect diagnosis; loss of trust	Inadequate information provided by the manufacturer	ConfidentialityIntegrityAvailabilityAuthenticity	👨‍💻ITP	Authenticate in the API	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	4	3	12⚠️	C	We specify in the IFU the product information for cybersecurity in the section `Security requirements and recommendations`	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-DOC-001T-024-006-AUT-004	T-024-007-EDU-001T-024-007-VUL-004
R-5L4	Inadequate lighting conditions during image capture	🤳 Usability⚙️ Product	The medical device receives an input that does not have sufficient quality	Images of skin structures are taken in an environment with poor lighting Due to the inadequate lighting, the image lacks sufficient contrast, clarity, or detail, making it difficult for the medical device to properly analyze the image The low-quality image is submitted to the medical device for processing The medical device, unable to accurately process the poorly lit image, generates an incorrect or low-confidence output The HCP receives a list of potential skin diseases with incorrect or misleading probabilities due to the low-quality image	Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Inadequate image processing algorithms		👩‍⚕️HCP	User takes a photo of the patient's lesion.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	4	3	12⚠️	AC	A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. The device returns meaningful messages about the quality score of the images. This allows care providers to re-take a photo. The IFU contain a dedicated section on how to take pictures (section name: `How to take pictures`) and technical specifications of the camera (section: `Technical specifications`) We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	2	6⚠️	⚠️As far as possible	R-TF-015-003 Clinical Evaluation Report (sections: Validation and testing of machine learning models, Post-market Clinical investigations (with focus on clinical studies whose primary endpoint is improving diagnostic accuracy)) T-TF-025-007 Summative Evaluation Report	Benefits outweigh the risks	FALSE	TRUE	✅Acceptable
R-U6M	System incompatibility	⚙️ Product🔐 Cybersecurity	Integration of our device is not compatible with the user platform	The ITP attempts to integrate the medical device's API with the healthcare organisation's existing systems During or after the integration, it is discovered that the medical device's software is incompatible with the healthcare organisation's existing infrastructure, such as differences in data formats The incompatibility prevents proper communication or functionality between the medical device and other systems, leading to failures in data transmission or processing HCPs may be unable to access the device's output, or the results may be incorrectly displayed or formatted, leading to difficulties in interpretation	Delays in patient diagnosis; inaccurate diagnisis due to outputs interpretation; poorer treatment follow-up	Inadequate design of the device	AvailabilityIntegrity			SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AC	Our device is built as an API that follows the REST protocol. This protocol totally separates the user interface from the server and the data storage. Thanks to this, REST API always adapts to the type of syntax or platforms that the user may use, which gives considerable freedom and autonomy to the user. With a REST API, the user can use either PHP, Java, Python or Node.js servers. The only thing is that it is indispensable that the responses to the requests should always take place in the language used for the information exchange: JSON. he data that users send and receive follows the FHIR healthcare interoperability standard	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-API-001T-024-006-API-003	T-024-007-DEP-001T-024-007-INT-001
R-OM1	Data overwrite	⚙️ Product	Critical patient data, such as medical images or diagnostic results, is unintentionally replaced or corrupted	A new image is uploaded to the medical device The system lacks adequate data management protocols or safeguards to confirm the overwrite action, such as warnings or confirmation prompts before replacing existing data Critical patient data (e.g., previous diagnostic results or images) is replaced with new data, erasing the original information The HCPs may make decisions based on incomplete or incorrect data	Incorrect diagnoses; missed treatments	Design failure on the patient follow up images and data storage				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	4	3	12⚠️	AB	Product specifications explain the use of the REST protocol to inherently avoid bad practices in programming such as data re-writing. Every request is independent and cannot be edited.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-B63	Inconsistent or unreliable output	⚙️ Product	Analysis of the same image generates different results when using the same version of the device	An image is uploaded and analysed by the medical device The same image is uploaded to the medical device The medical device generates different outputs The ITP responsible for integrating the device may not detect or be aware of these inconsistencies during the integration phase The HCPs receive inconsistent outputs for the same image	User discomfort and suspicion about the device safety and performance. Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	A new version of the device was released without following the design and development procedures, algorithms errors, incomplete/insufficient training data				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Patient	4	3	12⚠️	AB	Perform algorithm verification and validation with representative datasets, according to the procedure GP-012 Design, redesign and development. In case of new dataset, new verification and validation activities will be carried out, according to the procedure GP-012 Design, redesign and development. Conduct clinical testing using a wide range of representative data (from diverse demographics and conditions) to verify that the software produces consistent and reliable outputs across all use cases	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Post-market clinical investigations)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-RAJ	Sensitivity to image variability	⚙️ Product	Analysis of the same skin structure with images taken with deviations in lightning or orientation generates significantly different results	An image is uploaded and analysed by the medical device The same image with different orientation is uploaded to the medical device The medical device generates different outputs HCPs may receive varying or contradictory outputs from the device when analyzing same images with different orientation	User discomfort and suspicion about the device safety and performance. Misdiagnosis; delays in proper treatment and worsening of the patient's health status.	Skin structures captured in different images are represented in totally different pixels, which make them different skin structures even if they represent the same real-world entity. Improper algorithm design				SRS-BYJSRS-H3JSRS-AQMSRS-Q9MSRS-B8NSRS-E4R	Patient	5	3	15⛔️	AC	The development of the device implements measures to improve consistency. Namely, the augmentation of images and the vast amount of images with different lightning and orientation deviations used to develop the device. Perform algorithm verification and validation with representative datasets	SRS-BYJSRS-H3JSRS-AQMSRS-Q9MSRS-B8NSRS-E4R	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C124, C269, C276, C375, C376, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Post-market clinical investigations) T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-2S3	Integration failure or errors	🤳 Usability⚙️ Product	Failure to communicate with other systems	The ITP begins the process of integrating the medical device's API into the healthcare organisation's existing systems Due to system incompatibilities, incorrect configuration, or software bugs, the integration process encounters errors. These could include issues like incorrect API calls, data format mismatches, or failure of the device to communicate properly with the existing infrastructure The errors cause the integration to be either incomplete or improperly implemented, meaning the device may not fully communicate with other systems or may only function intermittently Due to the faulty integration, device's outputs may not be transferred correctly between the device and other healthcare systems, leading to missing, corrupted, or delayed data The HCPs may receive incorrect, incomplete, or delayed results, or in some cases, no results at all	Misdiagnosis; delayed treatment; loss of trust in the device	Inadequate information provided by the manufacturer		👨‍💻ITP	Authenticate in the API	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	C	We specify the intended user and the required qualification in the IFU Additionally, we include at the IFU the instructions and information required by the ITPs to perform the integration of the device within their system	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-GY6	Inaccurate training data	⚙️ Product🧠 Artificial Intelligence	Image datasets used in the development of the device are not properly labeled	During the creation of the dataset used for training the medical device's algorithms, images are incorrectly labeled The medical device's machine learning model is trained on this incorrectly labeled dataset, leading to the development of a flawed or biased algorithm The trained model produces inaccurate outputs HCPs receive incorrect diagnostic outputs	Misdiagnosis; delayed treatment; loss of trust in the device	Lack of domain expertise, inconsistent labeling criteria				SRS-Q9MSRS-B8NSRS-E4RSRS-Y6FSRS-T3KSRS-H9X	Manufacturer	5	3	15⛔️	AB	We carefully select the images in collaboration with Health Care Organisations and we hire HCP to perform the labeling to ensure it is properly performed (	SRS-Q9MSRS-B8NSRS-E4RSRS-Y6FSRS-T3KSRS-H9X	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C124, C269, C276, C277, C279, C284. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Post-market clinical investigations)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-7US	Biased or incomplete training data	⚙️ Product🧠 Artificial Intelligence	Image datasets used in the development of the device are not properly selected	During the data collection process, the dataset used to train the medical device's model is either not representative of the entire population (e.g., biased toward certain skin tones or demographics) or lacks sufficient data for certain conditions or patient groups The medical device's model is trained using this biased or incomplete dataset When the device is deployed in clinical settings, it fails to perform accurately for cases that are underrepresented or missing in the training data The device provides inaccurate probability distributions for certain patient groups or misclassifies certain skin diseases due to the bias or gaps in its training data HCPs receive skewed or incorrect results from the device for certain patient subgroups or conditions	Misdiagnosis; delayed treatment; loss of trust in the device	Inadequate design of the device				SRS-Q9MSRS-B8NSRS-E4RSRS-Y6FSRS-T3KSRS-H9X	Manufacturer	5	3	15⛔️	AB	We carefully select the images in collaboration with Health Care Organisations and we hire HCP to perform the labeling to ensure it is properly performed (, )	SRS-Q9MSRS-B8NSRS-E4RSRS-Y6FSRS-T3KSRS-H9X	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C124, C269, C276, C277, C279, C284. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Post-market clinical investigations)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-1OC	Lack of efficacy or clinical utility	⚙️ Product🏛️ Regulatory	There are no demonstrated product clinical benefits when used as intended by the manufacturer	The medical device is developed without adequate clinical studies or real-world evidence to demonstrate its efficacy or usefulness in supporting clinical decisions for diagnosing skin diseases The algorithm, due to insufficient or non-representative clinical data, is unable to consistently provide reliable or clinically meaningful outputs for HCPs In clinical settings, the device frequently provides results that are either inaccurate, not specific enough, or do not add meaningful insights to the diagnosis process HCPs, receiving unreliable or clinically irrelevant results, face challenges in incorporating the device's output into their decision-making processes HCPs and healthcare organisations lose confidence in the device's ability to provide clinically useful information, leading to decreased adoption or abandonment of the device within the clinical workflow	User discomfort and dissatisfaction. Inaccurate results; delayed treatment	Inadequate design of the clinical evaluation				SRS-BYJSRS-H3JSRS-AQMSRS-Q9MSRS-B8NSRS-E4R	Manufacturer	4	3	12⚠️	AB	We performed clinical studies to demonstrate the clinical benefits of the medical device and we plan how to gather clinical data in the post-market phase. Information about clinical benefits are provided in the IFU.	SRS-BYJSRS-H3JSRS-AQMSRS-Q9MSRS-B8NSRS-E4R	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C124, C269, C276, C375, C376, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Clinical performance, with focus on post-market clinical investigations in which we measured the clinical utility)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-VL1	Device failure or performance degradation	⚙️ Product🧠 Artificial Intelligence	The device is overwhelmed by its use: either not enough storage capacity or unable to handle requests	The medical device experiences technical issues or gradual performance degradation over time As the performance degrades, the device may begin to produce inaccurate or delayed results The device's ability to transmit results becomes compromised, resulting in missing, incomplete, or incorrect data being shared HCPs receive either no output, delayed results, or incorrect information	User discomfort and dissatisfaction. Inaccurate results; delayed treatment	Inadequate design of the medical device infrastructure				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	4	3	12⚠️	AB	We use scalable server structure (also called elastic), which is the industry standard and the widely used option. In case of errors, the device returns meaningful messages about the error	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report (for the part of error messages and to monitor response time, accuracy of device's outputs)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-HAX	Incorrect interpretation of device outputs	🤳 Usability🏛️ Regulatory	The HCP validates the wrong skin condition, even if the device outputs the correct result	The ITP integrates the device into the healthcare organisation's system The ITP implements the interface for the HCP The medical device analyses images and provides outputs The HCP misinterprets the device's outputs due to lack of clarity in the presentation of data or due to misunderstanding of device's outputs The HCP decides to ignore the device's results	Incorrect or delayed diagnosis; inappropriate treatment or follow-up; loss of confidence in the device	Inadequate information provided by the manufacturer		👩‍⚕️HCP	User takes a photo of the patient's lesion.	SRS-BYJSRS-H3JSRS-AQM	Patient	3	3	9⚠️	C	The IFU explains the medical device's intended purpose The IFU explain the device's outputs The IFU contain a specific section (`User interface`) in which we explain the minimum requirements for the user interface that the ITP will implement	SRS-BYJSRS-H3JSRS-AQM	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C375, C376, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-TBN	Non-compliance with GSPR 23: Inadequate label	🏛️ Regulatory	Insufficient label information to understand the device intended use, version	The medical device is launched with inadequate labeling information that does not fully inform users of its operation, limitations, intended use, software version The inadequate label leads to confusion about how to use the device correctly The device is misused	User discomfort and dissatisfaction; misdiagnosis; delay in diagnosis/patient's follow up/treatment	Lack of clear regulatory guidance or failure to meet labeling standards				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	2	8⚠️	C	Label design has been performed according to the applicable regulations (MDR 2017/745 and ISO 15223-1). Labeling is included within the IFU and published at our website to ensure all the user can consult it when needed	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	2	1	2✅	✅Acceptable	Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-L38	Non-compliance with GSPR 23: Inadequate Instructions for Use	🏛️ Regulatory	Integration cannot be properly performed	ITP starts the integration of the medical device into the healthcare organisation's system ITP consults IFU to follow the proper integration steps ITP cannot find proper instructions on how to integrate the device ITP may incorrectly integrate the device The device produces inaccurate or unreliable outputs due to improper integration	User discomfort and dissatisfaction; misdiagnosis; delay in diagnosis/patient's follow up/treatment	Inadequate information provided by the manufacturer, lack of clear regulatory guidance or failure to meet labeling standards				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	3	12⚠️	C	IFU has been written according to the applicable regulations: MDR 2017/745 and ISO 15223-1	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-O5Y	Complicated instructions for use: the instructions for use are too complicated and more intricate than they need to be	🤳 Usability🏛️ Regulatory	Misinterpretation of IFU	ITP starts the integration of the medical device into the healthcare organisation's system ITP consults IFU to follow the proper integration steps ITP does not fully understand the integration process due to complex instructions ITP may incorrectly integrate the device The device produces inaccurate or unreliable outputs due to improper integration	User discomfort and dissatisfaction; misdiagnosis; delay in diagnosis/patient's follow up/treatment	Inadequate information provided by the manufacturer, lack of clear regulatory guidance or failure to meet labeling standards		👩‍⚕️HCP	User takes a photo of the patient's lesion.	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	HCP	4	3	12⚠️	C	IFU has been written according to the applicable regulations: MDR 2017/745 and ISO 15223-1	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-UK2	Inadequate warnings in the IFU	🤳 Usability🏛️ Regulatory	Lack of critical safety information required for the correct use of the device	Users rely on the labeling and warnings provided, which are incomplete or unclear HCPs may use the device in situations where it is not indicated The device may produce unreliable or misleading outputs due to inappropriate usage	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	Inadequate information provided by the manufacturer, lack of clear regulatory guidance or failure to meet labeling standards		👩‍⚕️HCP	User takes a photo of the patient's lesion.	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Patient	3	3	9⚠️	C	IFU has been written according to the applicable regulations: MDR 2017/745 and ISO 15223-1	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-27M	Inadequate maintenance performed by the manufacturer	⚙️ Product🏛️ Regulatory	Device performance is compromised	Maintenance of the device is not performed according to the established procedures Clients report degradation in the performance of the device (e.g. unreliable results, slow response time) HCPs receive these incorrect outputs and make clinical decisions based on unreliable data	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	Inadequate maintenance planning				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	3	12⚠️	AB	Create a maintenance plan in which specifying the activities required to ensure reliable performance of the device (e.g. software and SOUPs update)	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Control of device's version used by HCP to ensure last validated version of the device is being used. Information about changes compared to previous version provided to the users. Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-046	Inadequate or absent maintenance specifications, including performance checks	🏛️ Regulatory	Device performance is compromised	The manufacturer does not provide clear instructions or protocols for regular maintenance, updates, or checks necessary to ensure optimal device performance As a result of inadequate guidance, ITPs may not know when or how to perform essential maintenance Without proper maintenance, the device may begin to exhibit degradation of the performance The device produces unreliable or erroneous outputs due to inadequate maintenance	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	Inadequate information provided by the manufacturer				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	4	3	12⚠️	AB	The device does not require any performance checks activities nor maintenance by the users, as it is specified at the IFU When a new software version with changes is released, users are properly informed following the GP-012 Design, redesign and development.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Control of device's version used by HCP to ensure last validated version of the device is being used. Information about changes compared to previous version provided to the users	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-7GC	Inadequate maintenance: users do not properly maintain the device	🏛️ Regulatory	Device performance is compromised	ITPs do not perform the proper device maintenance when required (including update of software version) Without proper maintenance, the device may begin to exhibit degradation of the performance The device produces unreliable or erroneous outputs due to inadequate maintenance	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	Users either do not receive the update to the new version or are not able to update the device or fail to do so.				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	HCP	4	3	12⚠️	AB	The device does not require any performance checks activities nor maintenance by the users, as it is specified at the IFU. When a new version with changes is released, users are properly informed following the GP-012 Design, redesign and development. Additionally, we keep a record of customers that have not transitioned to the new versions that we review and update periodically.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Control of device's version used by HCP to ensure last validated version of the device is being used. Information about changes compared to previous version provided to the users	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-3OG	Absence of limitation of product lifetime	🏛️ Regulatory	User does not know the lifetime of the device to stop using it	Device is used after its lifetime is reached Degradation in the performance of the device HCPs receive unreliable outputs	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	Inadequate information provided by the manufacturer				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	3	12⚠️	AC	The IFU includes the information about the device lifetime (5 years) established in the technical documentation	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-G3V	Product requirements are not defined (user, technical and regulatory)	🏛️ Regulatory	Whole device is wrongly used / is not used as intended	The product development process begins without clearly defined requirements Key stakeholders, such as HCPs, ITPs, and regulatory bodies, may not be adequately consulted to gather necessary insights and requirements for the device Development teams proceed with ambiguous or incomplete specifications, leading to varied interpretations of what the product should achieve and how it should operate Without clear requirements, testing procedures may be inconsistent, making it difficult to evaluate whether the product meets its intended purpose and safety standards The product is launched into the market without adequate validation of its requirements, leading to potential performance issues or failures in real-world use	This could lead to misdiagnosis; delays in treatment and worsening of the patient's health status.	Misinterpretation of applicable design requirements or lack of knowledge				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	3	12⚠️	A	We have defined a procedure for the design and development process following the ISO 62304 and 13485 standards, and MDR Annex I (requirements related to design). We document all the development in the Design History File (DHF), including the product's requirements. Product specifications (e.g. inputs, outputs, intended purpose, intended user, mode of action, technical specifications) provided in the IFU.	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Internal and external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-GTY	Instructions for use are not available at the time of use due to downtime	🤳 Usability🏛️ Regulatory	User cannot consult the IFU	User wants to consult the IFU User cannot reach the IFU Improper use of the device	User discomfort and dissatisfaction; delays in diagnosis; treatment and follow up	IFU are only electronically available, connectivity issue, server issues		👨‍💻ITP	Authenticate in the API	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing Organisation	3	2	6⚠️	A	If the issue is access to the internet, the use would also not be able to use the device, so there is no risk of using the device without access to the instructions. Furthermore, the IFU can be downloaded by PDF. Moreover, the IFU is hosted on a independent instance to improve the resiliency of the information system, this means that downtime in the device does not imply downtime in the IFU. The device sends messages to the user when there is any problem with the communication between the device and the user end, so the user always receives basic instructions when something is wrong. Furthermore, the procedure SP-001-001 - eIFU management explains the process to fulfil customer's request for paper IFU	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	2	1	2✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-X93	The device receives images that do not represent skin structure	⚙️ Product	The device provides an incorrect diagnosis based on irrelevant or non-clinical input	The device receives images that do not represent skin structures The device processes the inadequate images without detecting their unsuitability for accurate analysis The device generates outputs based on the processed images HCPs make clinical decisions based on the inaccurate outputs	Misdiagnosis; delays in treatment and worsening of the patient's health status.	Insufficient validation of the device's algorithms for processing images				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Managing organisation	4	3	12⚠️	AC	A requirement of the device defines the creation of a processor whose purpose is to ensure that the image belongs to the domain of dermatology. In other words, an algorithm, similar to the ones used to classify diseases, is used to check that the image contains skin. The device returns meaningful message about the image. This allows care providers to prompt the user to re-take a photo. The IFU contain a specific section on how to take pictures of skin structures to be analysed by the software (section name: `How to take pictures`) plus the section `Intended purpose or use/Device description` explains which are the inputs for the device (images of the epidermis, the dermis and its appendages, among other skin structures)	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report (for the part of error messages, one of the use cases can be the upload of non-skin images)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-HH0	The electronic data and content are tampered	🔐 Cybersecurity	Medical device's outputs are tampered	An attacker identifies a vulnerability in the device's software, network security, or data storage protocols that allows unauthorized access The attacker manipulates the electronic data and content, which could include altering patient records, diagnostic outputs, or configuration settings within the device The device continues to operate, processing and utilizing the tampered data without detecting the unauthorized changes, leading to further propagation of the altered information The device generates outputs based on the tampered data, which may include inaccurate diagnosis	Misdiagnosis; delay in diagnosis/patient's follow up/treatment	Insuficient cybersecurity safeguards. Non-adhearance to best practices.	IntegrityAuthenticity			SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	3	3	9⚠️	AB	The medical device is developed and produced according to "IMDRF Principles and Practices for Medical Device Cybersecurity" (IMDRF/CYBER WG/N60FINAL:2020) and "MDCG 2019-16 - Guidance on Cybersecurity for medical devices". The procedure is defined in SP-012-002 Cybersecurity Requirements of AI/ML Models. Stringent security measures: - implementation of a robust authentication mechanisms such as OAuth or JWT to ensure that only authorized users can access the API. Role-based access control further restricts user privileges, enhancing data security; - implementation of data encryption: all data transmitted between the user and the API is encrypted using industry-standard encryption protocols, such as SSL/TLS, to protect against eavesdropping and data breaches	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Internal/external audits	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-DAT-003T-024-006-CRY-001T-024-006-NET-002	T-024-007-CVE-003T-024-007-MON-001T-024-007-INC-002
R-109	Electronic instructions for use are not compatible with different devices	🤳 Usability🏛️ Regulatory	Intended user cannot consult IFU	The manufacturer creates electronic instructions for use that are intended to guide users in operating the medical device The manufacturer fails to conduct thorough compatibility assessments of the eIFU across various devices and platforms, such as different operating systems, software versions, or hardware configurations Users attempt to access the eIFU on their devices and fails Users are unable to access the critical information needed to operate the device safely and effectively	User discomfort and dissatisfaction; delays in diagnosis; treatment and follow up	Electronic IFU are developed in a non-universal platform or technology.		👨‍💻ITP	Authenticate in the API	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Managing organisation	3	2	6⚠️	A	The electronic instructions for use are accessible via a web app that is accessible via any browser with any operating system. The instructions do not contain features, graphics or materials that are not universally accessible. It is also relevant to mention that the electronic access to the IFU is actually our recommended method of interacting with them, due to the intrinsic nature of the device Users can request IFU in paper format	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	2	1	2✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-4Z5	Lack of version control or traceability	🤳 Usability🏛️ Regulatory	The ITP cannot identify the version of the device being used	The manufacturer develops a new version of the software that includes updates, bug fixes, and improved functionality for the medical device The manufacturer neglects to include the software version update in the labeling The device is distributed to healthcare facilities without the crucial software version information clearly stated in the labeling Users may experience compatibility issues if the device's software version is not aligned with the systems or applications it is meant to integrate with, but they are unaware of the specific version in use Users might fail to update or maintain the software properly because they do not have clear information about the software version, which may lead to security vulnerabilities or degraded performance	User discomfort and dissatisfaction; delays in diagnosis; treatment and follow up	Inadequate information provided by the manufacturer		👨‍💻ITP	Authenticate in the API	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing organisation	3	2	6⚠️	AC	We include within one of the requirements defined during the design stage that one of the outputs of the device must be the version being used and this information is included in the IFU	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	2	1	2✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-72D	SOUP presents an anomaly that makes it incompatible with other SOUPs or with software elements of the device	⚙️ Product	The overall performance of the device is compromised	The manufacturer integrates SOUP into the medical device During integration of the SOUP into the medical device, an anomaly or bug within the SOUP goes undetected, which may affect its performance or compatibility with other software components The device, containing the potentially incompatible SOUP, is deployed to healthcare facilities ITP integrates the medical device into the healthcare organisation's system The SOUP anomaly may lead to performance degradation of the device, causing slow response times, errors in output, or unintended behavior during operation	Misdiagnosis; delay in diagnosis/patient's follow up/treatment; user dissatisfaction	Improper selection of SOUP and software testing				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	4	3	12⚠️	A	We carefully analyze all the SOUPs selected during the design and development of the device. We ensure compatibility by performing software tests	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Revision of the design documentation, including requirements and SOUP records (part of the DHF) where requirements and anomalies are evaluated and documented, to ensure that the selected SOUPs were carefully analyzed and evaluated for compatibility during the design and development phases.	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-MQ1	SOUP is not being maintained nor regularly patched	🔐 Cybersecurity	Overall degradation of device's performance	The manufacturer integrates a third-party SOUP into the medical device's software architecture to perform specific functionalities The manufacturer does not establish a process for regularly monitoring, maintaining, or updating the SOUP The device, containing the outdated SOUP, is deployed to healthcare facilities ITP integrates the medical device into the healthcare organisation's system The outdated SOUP may lead to performance degradation of the device, causing slow response times, errors in output, or unintended behavior during operation	Misdiagnosis, delays in treatment and worsening of the patient's health status.; Users dissatisfaction and discomfort	Lack of process for regularly monitoring, maintaining or updating SOUP	AvailabilityIntegrity			SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Manufacturer	4	3	12⚠️	B	During the design and development of the device we evaluate that the SOUPs involved are up to date regularly patched and maintained according to the process described in the software lifecyce plan and report (R-TF-012-006)	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Revision of the design documentation, including requirements and SOUP records (part of the DHF) where requirements and anomalies are evaluated and documented, to ensure that the selected SOUPs were carefully analyzed and evaluated for compatibility during the design and development phases.	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-SOP-001T-024-006-SOP-003	T-024-007-SBOM-001T-024-007-PAT-001
R-9SS	SOUP presents cybersecurity vulnerabilities	🔐 Cybersecurity	The SOUP can be attacked and corrupted causing device failure as it may have known vulnerabilities that could be exploited by malicious actors.	The manufacturer integrates a third-party SOUP into the medical device's software architecture to perform specific functionalities The manufacturer does not establish a process for regularly monitoring, maintaining, or updating the SOUP The medical device containing the vulnerable SOUP is deployed to healthcare settings A malicious actor identifies and exploits the cybersecurity vulnerability in the SOUP, gaining unauthorized access to the medical device or its data. This could involve hacking into the device, injecting malware, or taking control of the system remotely The attacker may alter the device's behavior, such as tampering with diagnosis outputs, modifying data, or causing operational disruptions	Misdiagnosis, delays in treatment and worsening of the patient's health status.; Users dissatisfaction and discomfort	Improper selection of SOUP, lack of process for regularly monitoring, maintaining or updating SOUP	ConfidentialityIntegrityAvailability			SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	4	3	12⚠️	A	We carefully analyze all the SOUPs selected during the design and development of the device according to the process described in the software lifecyce plan and report (R-TF-012-006). During the design review, we evaluated that these selected SOUPs have not had cybersecurity incidents related to them	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	Revision of the design documentation, including requirements and SOUP records (part of the DHF) where requirements and anomalies are evaluated and documented to ensure that the selected SOUPs were carefully analyzed and evaluated for compatibility during the design and development phases.	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable	T-024-006-SOP-002T-024-006-SOP-004T-024-006-SUP-001	T-024-007-SBOM-002T-024-007-CVE-004T-024-007-VUL-005
R-75L	Stagnation of model performance	⚙️ Product🧠 Artificial Intelligence	The AI/ML models of the device becomes outdated or stagnates due to lack of continuous updates, retraining, or adaptation to new clinical data	The medical device is deployed to healthcare settings with an AI/ML model trained on a specific dataset The AI/ML model is not continuously updated or retrained with new clinical data The AI/ML model becomes less representative of the real-world clinical environment as it is no longer aligned with the latest data or clinical standards The medical device's diagnostic accuracy or predictive performance starts to degrade	This could lead to misdiagnosis; delays in treatment and worsening of the patient's health status; users dissatisfaction	Lack of design process for re-training of models				SRS-BYJSRS-H3JSRS-AQMSRS-Q9MSRS-B8NSRS-E4R	Manufacturer	5	3	15⛔️	A	We plan for re-training during the design and development process, data augmentation, post-market data collection	SRS-BYJSRS-H3JSRS-AQMSRS-Q9MSRS-B8NSRS-E4R	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C124, C269, C276, C375, C376, C454, C455, C62, C68. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Post-market clinical investigations)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-PWK	Degradation of model performance	⚙️ Product	Automatic re-training of models decreases the performance of the device	The medical device is launched with an AI/ML model that has been thoroughly validated and meets performance criteria Re-training of the model is done automatically (which implies that labels have not been manually verified) The performance of the model decreases	This could lead to misdiagnosis; delays in treatment and worsening of the patient's health status.	Lack of proper strategy for model retraining				SRS-Q9MSRS-B8NSRS-E4RSRS-Y6FSRS-T3KSRS-H9X	Manufacturer	5	3	15⛔️	A	We specify that automatic re-training will not be used as a re-training strategy during the design and development process. Instead we plan for exclusively manual retraining, data augmentation, post-market data collection	SRS-Q9MSRS-B8NSRS-E4RSRS-Y6FSRS-T3KSRS-H9X	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C124, C269, C276, C277, C279, C284. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (section: Post-market clinical investigations)	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-BXD	Insufficient knowledge to display electronic IFU	🤳 Usability🏛️ Regulatory	Fail to properly display the instructions for use	The ITPs or HCPs responsible for the device fail to understand how to access or display the eIFU Despite not having access to the eIFU, they proceed with integration or use, assuming they can work around the issue The medical device is improperly integrated into the system or outputs are misinterpreted	User discomfort; dissatisfaction. Misdiagnosis; delays in diagnosis/proper treatment and worsening of the patient's health status.	Lack of information/requirement on how to access eIFU		👨‍💻ITP	Authenticate in the API	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing organisation	3	3	9⚠️	AC	IFU is designed in such a way that it is accessible via a dedicated and secure URL and it is also available in the website. The only requirement for accessing the eIFU is having internet connection. The users can access the IFU via any web browsers with any operations system. Upon user's request, we provide the user with IFU in paper format according to the internal procedure SP-001-001 eIFU management	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-33B	Electronic IFU are tampered	⚙️ Product	Incomplete or incorrect information being provided to the users	The manufacturer provides the IFU in an electronic format Due to inadequate cybersecurity measures or an accidental modification, the eIFU are accessed by unauthorized individuals Critical content could be changed, removed, or replaced with incorrect information The tampered eIFU are made available to ITPs or HCPs who rely on them ITPs may integrate the device incorrectly, or HCPs may rely on incorrect information about clinical safety, performance, or interpretation of device outputs	User discomfort; dissatisfaction. Misdiagnosis; delays in diagnosis/proper treatment and worsening of the patient's health status.	Insuficient cybersecurity safeguards. Non-adhearance to best practices.				SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Manufacturer	3	3	9⚠️	AB	IFU content and versions managed and stored using git. The IFU content can be edited only by using signed commits with GPG Keys, implementation of branch structure with approvals for merging changes and automated verification of code correctness and lack of bugs or errors before merge, secure stage of environment variables in Git repository, implementation of redundant backups, both in Git repository and deployment server. Implementation of a robust authentication systems for administrative access and a role-based access control (RBAC) framework for delineating user permissions	SRS-HUGSRS-D6WSRS-PU2SRS-SI2SRS-T5PSRS-T95	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C382, C383, C388, C389, C391, C395, C410, C413. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable		Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-ZNA	Electronic IFU and their paper copies are unavailable	🏛️ Regulatory	Fail to follow instructions for use to integrate the medical device	Neither the electronic instructions for use (eIFU) nor the paper copies are accessible to the ITPs responsible for device integration The ITPs, responsible for integrating the device into the healthcare system, are unable to access the IFU. Without proper guidance, they proceed with the integration, making assumptions about the setup Without the IFU, the device may be improperly configured or key settings may be missed, leading to incomplete or incorrect integration	User discomfort; dissatisfaction. Misdiagnosis; delays in diagnosis/proper treatment and worsening of the patient's health status.	Error in coding design for electronic IFU, no process for providing paper copies of the IFU to the clients				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing organisation	4	3	12⚠️	AC	IFU designed and developed according to harmonized standards for medical device; IFU is designed in such a way that it is accessible via a dedicated and secure URL and it is also available in the website. The only requirement for accessing the eIFU is having internet connection. The users can access the IFU via any web browsers with any operations system Creation of a procedure for the management of paper copies of the IFU defining the process, responsibilities and timeline. The timeline is set taking into account the severity and the intended use of the device (support to diagnosis), and it is within 7 calendar days to reduce the harm of misdiagnosis, delays in proper treatment and worsening of the patient's health status.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	T-TF-025-007 Summative Evaluation Report, training on procedure (SP-001-001 eIFU management) for employees involved in the process	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable
R-K6L	Non-compliance with MDCG 2023-4 (software does not operate correctly with all intended hardware configurations - cameras)	🏛️ Regulatory	Poor image quality due to inadequate resolution, lighting, focus or camera settings	An image of the skin structure is captured and submitted to the device for analysis Due to issues such as poor lighting, camera quality, motion blur, or external factors (e.g., dirt, reflections), the image contains artefacts or is of low resolution, compromising the clarity of the skin structure The device processes the flawed image, but the artefacts or low resolution negatively impact the accuracy of its analysis.	Misdiagnosis; delays in treatment and worsening of the patient's health status.	Improper image acquisition, poor image capture conditions,Inadequate image processing algorithms				SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Managing organisation	4	3	12⚠️	AC	A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. The device returns meaningful messages about the quality score of the images. This allows care providers to re-take a photo. The IFU contain a dedicated section on how to take pictures (section name: `How to take pictures`) and technical specifications of the camera (section: `Technical specifications`) We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation.	SRS-7PJSRS-AQMSRS-BYJSRS-DW0SRS-D3NSRS-LBS	Technical director	Implementation verified through test cases documented in R-TF-012-034 Software Test Description: C106, C454, C455, C50, C62, C68, C73, C77. Test execution results recorded in R-TF-012-033 Software Tests Plan with all tests passed.	3	1	3✅	✅Acceptable	R-TF-015-003 Clinical Evaluation Report (sections: Validation and testing of machine learning models, Post-market Clinical investigations (with focus on clinical studies whose primary endpoint is improving diagnostic accuracy)) T-TF-025-007 Summative Evaluation Report	Not applicable (acceptable risk)	FALSE	TRUE	✅Acceptable

---

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

• Author: Team members involved
• Reviewer: JD-003, JD-004
• Approver: JD-001