Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
      • Deprecated
      • R-002-001 Quality objectives list_2024_001
      • R-002-001 Quality objectives list_2025
      • R-002-002 Quality objectives_2024_001
      • R-002-002 Quality objectives_2024_002
      • R-002-002 Quality objectives_2024_003
      • R-002-002 Quality objectives_2024_004
      • R-002-002 Quality objectives_2024_005
      • R-002-002 Quality objectives_2025_001
      • R-002-002 Quality objectives_2025_002
      • R-002-002 Quality objectives_2025_003
      • R-002-002 Quality objectives_2025_004
      • R-002-002 Quality objectives_2025_005
      • R-002-003 Quality indicators_2024
      • R-002-004 Annual management review report
      • R-002-005 Quality Calendar_2025
      • R-002-006 SWOT and CAME analysis
      • R-002-007
        • R-002-007 Process validation card 2023_001
        • R-002-007 Process validation card 2023_002
        • R-002-007 Process validation card 2023_003
        • R-002-007 Process validation card 2023_004
        • R-002-007 Process validation card 2023_005
        • R-002-007 Process validation card 2023_006
        • R-002-007 Process validation card 2023_007
        • R-002-007 Process validation card 2023_008
        • R-002-007 Process validation card 2023_009
        • R-002-007 Process validation card 2023_010
        • R-002-007 Process validation card 2023_011
        • R-002-007 Process validation card 2023_012
        • R-002-007 Process validation card 2023_014
        • R-002-007 Process validation card 2023_015
        • R-002-007 Process validation card 2023_016
        • R-002-007 Process validation card 2023_017
        • R-002-007 Process validation card 2023_018
        • R-002-007 Process validation card 2024_001
        • R-002-007 Process validation card 2024_002
      • R-002-008 Quality and regulatory roadmap
      • R-002-009 Regulatory requirements review report
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-200 Remote Data Acquisition in Clinical Investigations
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Records
  • GP-002 Quality planning
  • R-002-007
  • R-002-007 Process validation card 2023_018

R-002-007 Process validation card 2023_018

Process​

Design and development

Requirements​

We need a secure password management tool that allows collaboration within our team, protects our passwords from external parties, and has audit and control fuctionalities.

Selection description​

We have chosen to use Passbolt, instead of 1Password, for our password management needs from a desire for enhanced control and transparency. It has the following characteristics:

  • Enhanced Security: Passbolt's open-source nature and end-to-end encryption provide a high level of security. This is crucial when dealing with sensitive medical data and the need to ensure compliance with privacy regulations like HIPAA.
  • Full Data Control: With self-hosting capabilities, Passbolt allows us to maintain complete control over our password data. This is particularly advantageous when dealing with medical information, as it reduces reliance on external servers.
  • Transparency and Accountability: Passbolt's ability to track and log password access supports transparency and accountability within our remote team. This feature is crucial when working with a distributed team on a critical project like our medical device development.
  • Collaboration Features: Passbolt's design facilitates secure sharing of passwords and credentials among team members. In a startup environment, where efficient collaboration is vital, this is a substantial benefit.
  • Customization for Compliance: As our medical startup needs to adhere to specific regulatory requirements, Passbolt's self-hosting option allows us to customize security measures to meet those standards effectively.
  • Cost Efficiency: As an open-source tool, Passbolt can potentially save costs on licensing fees.
  • Flexibility and Scalability: Passbolt can grow with our startup. Its open-source nature means it can be adapted to our evolving needs as our company expands.
  • Integration Possibilities: Passbolt can often be integrated with other tools our startup might use, providing a more seamless workflow.
  • Community Support: Being open-source means Passbolt often has an active community of developers and users who can provide assistance and contribute to improvements.
  • Long-Term Viability: Open-source projects tend to have longer lifespans as they are not reliant on the financial health of a single company.

Validation​

The switch to Passbolt is as a strategic move towards more hands-on control, heightened security, and aligned collaboration while considering our unique requirements, such as the sensitive medical nature of our work.

Record signature meaning​

  • Author: JD-004 María Diez
  • Review and approval: JD-001 Andy Aguilar
Previous
R-002-007 Process validation card 2023_017
Next
R-002-007 Process validation card 2024_001
  • Process
  • Requirements
  • Selection description
  • Validation
  • Record signature meaning
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)