Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
      • Deprecated
      • R-002-007
        • R-002-007 Process validation card 2023_001
        • R-002-007 Process validation card 2023_002
        • R-002-007 Process validation card 2023_003
        • R-002-007 Process validation card 2023_004
        • R-002-007 Process validation card 2023_005
        • R-002-007 Process validation card 2023_006
        • R-002-007 Process validation card 2023_007
        • R-002-007 Process validation card 2023_008
        • R-002-007 Process validation card 2023_009
        • R-002-007 Process validation card 2023_010
        • R-002-007 Process validation card 2023_011
        • R-002-007 Process validation card 2023_012
        • R-002-007 Process validation card 2023_014
        • R-002-007 Process validation card 2023_015
        • R-002-007 Process validation card 2023_016
        • R-002-007 Process validation card 2023_017
        • R-002-007 Process validation card 2023_018
        • R-002-007 Process validation card 2024_001
        • R-002-007 Process validation card 2024_002
      • R-002-001 Quality objectives list_2024_001
      • R-002-001 Quality objectives list_2025
      • R-002-001 Quality objectives list_2026
      • R-002-002 Quality objectives_2024_001
      • R-002-002 Quality objectives_2024_002
      • R-002-002 Quality objectives_2024_003
      • R-002-002 Quality objectives_2024_004
      • R-002-002 Quality objectives_2024_005
      • R-002-002 Quality objectives_2025_001
      • R-002-002 Quality objectives_2025_002
      • R-002-002 Quality objectives_2025_003
      • R-002-002 Quality objectives_2025_004
      • R-002-002 Quality objectives_2025_005
      • R-002-002 Quality objectives_2026_001
      • R-002-002 Quality objectives_2026_002
      • R-002-002 Quality objectives_2026_003
      • R-002-002 Quality objectives_2026_004
      • R-002-002 Quality objectives_2026_005
      • R-002-003 Quality indicators
      • R-002-004 Annual management review report 2025
      • R-002-004 Annual management review report 2026
      • R-002-005 Quality Calendar_2025
      • R-002-005 Quality Calendar_2026
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Non-product software validation
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-011 Provision of service
    • GP-110 Esquema Nacional de Seguridad
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • BSI Non-Conformities
  • Pricing
  • Public tenders
  • Records
  • GP-002 Quality planning
  • R-002-007
  • R-002-007 Process validation card 2023_014

R-002-007 Process validation card 2023_014

Version control​

Reason for reviewDateVersion idChange
Initial creation202303081N/A
Management Review 2024202404152Annual revalidation
Management Review 2025202504153Annual revalidation
Update202602234Added risk analysis section

Process​

Operations

Requirements​

We need to find the best choice to comply with the General Data Protection Regulation (GPDR)

Selection description​

We have chosen to outsource our data protection responsibilities to Audens, that can offer several benefits to us, including:

  • Expertise: Audens is a specialized company that provides data protection services. They have the expertise and knowledge needed to ensure that our data is properly managed, secured, and compliant with relevant regulations.

  • Cost-Effective: Hiring a full-time data protection officer or building an in-house data protection team can be expensive. Outsourcing to a third-party vendor can be a more cost-effective option, especially for smaller companies or startups like us.

  • Reduced Risk: By outsourcing data protection responsibilities to Audens, our company can reduce the risk of data breaches and other security incidents. Audens can implement the necessary controls and procedures to ensure that our data is protected from unauthorized access, theft, or loss.

  • Flexibility: As a startup, our company may experience rapid growth or changes in its operations. Outsourcing to a third-party vendor like Audens provides us with the flexibility to adapt to these changes without having to worry about managing our data protection responsibilities in-house.

Validation​

Outsourcing data protection responsibilities to a third-party vendor like Audens help us to focus on our core business activities while ensuring that its data is properly managed, secured, and compliant with relevant regulations.

Identified risks​

RiskPotential impactControl measureStatus
Supplier dependency for GDPR complianceCompliance gaps if service quality decreasesAnnual supplier evaluation (GP-010), contract SLAsControlled

Record signature meaning​

  • Author: JD-004
  • Review and approval: JD-001

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
  • Approver: JD-001 General Manager
ㅤ ㅤ

Previous
R-002-007 Process validation card 2023_012
Next
R-002-007 Process validation card 2023_015
  • Version control
  • Process
  • Requirements
  • Selection description
  • Validation
  • Identified risks
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)