Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
      • Deprecated
      • R-002-001 Quality objectives list_2024_001
      • R-002-001 Quality objectives list_2025
      • R-002-002 Quality objectives_2024_001
      • R-002-002 Quality objectives_2024_002
      • R-002-002 Quality objectives_2024_003
      • R-002-002 Quality objectives_2024_004
      • R-002-002 Quality objectives_2024_005
      • R-002-002 Quality objectives_2025_001
      • R-002-002 Quality objectives_2025_002
      • R-002-002 Quality objectives_2025_003
      • R-002-002 Quality objectives_2025_004
      • R-002-002 Quality objectives_2025_005
      • R-002-003 Quality indicators_2024
      • R-002-004 Annual management review report
      • R-002-005 Quality Calendar_2025
      • R-002-006 SWOT and CAME analysis
      • R-002-007
      • R-002-008 Quality and regulatory roadmap
      • R-002-009 Regulatory requirements review report
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Records
  • GP-002 Quality planning
  • R-002-002 Quality objectives_2025_003

R-002-002 Quality objectives_2025_003

Objective details​

Objective number​

3

Description​

Enhance cybersecurity

Establishment date​

January 2025

This is a new quality objective identified for 2025 which aims to enhance the cybersecurity of our medical device as part of continuous product and compliance improvement.

Planning​

Responsible​

JD-005, JD-003, JD-004

Departments involved​

The main departments involved in the implementation of this quality objective are the product development and quality & regulatory departments.

Planned actions for 2025 period​

During 2024, we selected a provider (Dmed software) to support us with the implementation of this objective, especially in view of the FDA submission.

The actions foreseen for 2025 are:

  1. Perform the kick-off meeting with Dmed software to start the cybersecurity project
  2. Review the procedure for cybersecurity requirements
  3. Collaborate with Dmed software in creating and reviewing cybersecurity records, such as threat modelling, security risk assessment, security requirements
  4. Execute the penetration test
  5. Address any vulnerabilities found during the penetration test
  6. Implement a robust cybersecurity monitoring during the post-market phase.

Resources needed​

Personnel from the product development team to support Dmed software with the creation/revision of cybersecurity records; personnel from the regulatory & quality department to review the cybersecurity procedure and to overview the cybersecurity records.

Monitoring and follow up​

Period% CompletionFollow upShort-term actions
Q1 2025
Q2 2025
Q3 2025
Q4 2025

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: JD-004
  • Reviewer: JD-001
  • Approver: JD-001
Previous
R-002-002 Quality objectives_2025_002
Next
R-002-002 Quality objectives_2025_004
  • Objective details
    • Objective number
    • Description
    • Establishment date
  • Planning
    • Responsible
    • Departments involved
    • Planned actions for 2025 period
    • Resources needed
  • Monitoring and follow up
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)