Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
      • Deprecated
      • Templates
        • T-012-001 Requirements
        • T-012-003 Test run
        • T-012-004 Software version release
        • T-012-005 Design change control
        • T-012-006 _Product name_ life cycle plan and report_YYYY_nnn
        • T-012-007 Formative evaluation plan_YYYY_nnn
        • T-012-008 Formative evaluation report_YYYY_nnn
        • T-012-009 Validation and testing of machine learning models_YYYY_nnn
        • T-012-010 Device backup verification_YYYY_nnn
        • T-012-012 Customers product version control_YYYY_nnn
        • T-012-013 Design stage review
        • T-012-014 Summative evaluation plan_YYYY_nnn
        • T-012-015 Summative evaluation report YYYY_nnn
        • T-012-016 Software usability test guide
        • T-012-017 Integration test review
        • T-012-018 Test plan
        • T-012-019 SOUP
        • T-012-020 Predetermined Change Control Plan
      • Specific procedures
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Corporate Governance
    • GP-026 Product requirements for US market
    • GP-027 Product requirements for UK market
    • GP-028 Product requirements for the Brazilian market
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • Records
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • GP-012 Design, Redesign and Development
  • Templates
  • T-012-020 Predetermined Change Control Plan

T-012-020 Predetermined Change Control Plan

Device identification​

Instructions

Clearly identify the device covered by the PCCP, including name of the device, risk class, software version and unique identifier.

Purpose​

Instructions

Define the purpose of the PCCP specifying why a predetermined change control plan is being established and what types of changes it will cover.

Roles and responsibilities​

Instructions

Identify the personnel responsible for each stage of the modification process.

Example: JD-005 leads the technical assessments, testing, and validation for each modification.

Description of modifications​

Scope of modifications​

Instructions

Define the types of modifications included in this PCCP. For each type of modification, provide a clear definition and description.

Examples of changes definition and description:

  • Software updates: includes security patches, performance improvements, bug fixes, and feature enhancements that do not alter core functionality.
  • Labeling changes: adjustments in device labeling or instructions for use to improve clarity without affecting regulatory claims.

List and description of modifications​

Instructions

For each type of modification, provide a detailed description, including the rationale, potential anticipated impact on safety, effectiveness, or device performance, and risk management considerations. Provide details on whether the modifications will be implemented automatically, manually or a combination; provide the expected update frequency.

It is important to code the modifications as it is recommended to create a traceability matrix between modifications and information available in Modification protocol of this template.

Examples:

  • Modification type: Software update (security patch)
  • Modification ID MOD-001
  • Description: Updates to the software to address identified cybersecurity vulnerabilities
  • Rationale: To enhanca cybersecurity resilience and protect patient data
  • Risk management considerations: Updated risk assessment under ISO 14971 indicates a low risk to patient safety. Testing ensures compatibility with previous software versions
  • Implementation of change: manually
  • Frequency of update: one-time implementation

Modification protocol​

Data management practices​

Instructions

Provide details on data collection, annotation, curation, storage, and use; assurance of deployment of isolated training, tuning, and test datasets to prevent overfitting and bias; use of diverse datasets representative of the device's intended use population and clinical scenarios; processes for maintaining up-to-date, unbiased, and high-quality data.

Re-training practices​

Instructions

Identify the objective of the retraining process, provide a description of the AI model, identify the device components that may be modified, outline the practices that will be followed, and identify any triggers for re-training.

Performance evaluation​

Instructions

Describe how performance evaluation will be triggered; how test data representative of the clinical population and intended use will be applied for testing; what performance metrics will be computed; what statistical analysis plans will be employed to test hypotheses relevant to performance objectives for each modification; acceptance criteria; study design.

Provide information if there is an unresolvable failure in performance evaluation for a specific modification.

Update procedures​

Instructions

Provide a description of how software updates will be implemented, a description of how legacy users will be affected by the software update (if applicable), a description of how modifications will be communicated to the users, including transparency on any differences in performance or device inputs, and/or known issues that were addressed in the update.

Traceability matrix​

Instructions

Fill in the table provided in this section to ensure traceability between each modification described in the Description of modifications section of this PCCP and the information provided in the Modification protocol section.

ModificationData management practicesRe-training practicesPerformance evaluationUpdate procedures
MOD-001
MOD-002
MOD-003

Impact assessment​

Instructions

Include the following key points:

  • Comparison of versions: evaluate the device with each modification individually against the unmodified device
  • Benefit-risk analysis: discuss benefits, risks (including harm and unintended bias), and risk mitigations for each modification
  • Verification and validation assurance: confirm that proposed verification and validation activities maintain safety and effectiveness
  • Interdependence of modifications: assess how implementing one modification affects others
  • Cumulative impact: analyse the combined effects of all modifications on the device.
  • Overall functionality: assess the impact of the planned modifications on the overall functionality of the device.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
T-012-019 SOUP
Next
Specific procedures
  • Device identification
  • Purpose
  • Roles and responsibilities
  • Description of modifications
    • Scope of modifications
    • List and description of modifications
  • Modification protocol
    • Data management practices
    • Re-training practices
    • Performance evaluation
    • Update procedures
    • Traceability matrix
  • Impact assessment
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)