Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
    • GP-001 Documents and records control
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 HR and training
    • GP-007 Post-market surveillance
    • GP-009 Sales
    • GP-010 Suppliers
    • GP-012 Design, Redesign and Development
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation
      • Deprecated
      • R-019-001 Software validation report_Atlassian_2023
      • R-019-001 Software validation report_HubSpot_2024
      • R-019-001 Software validation report_GitHub_GPG key signature_2024
      • R-019-001 Software validation report_Atlassian_2024
      • R-019-001 Software validation report_CVAT_2024
      • R-019-001 Software validation report_Docker_2024
      • R-019-002 External software list
    • GP-023 Change control management
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-011 Provision of service
    • GP-110 Esquema Nacional de Seguridad
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Records
  • GP-019 Software validation
  • R-019-002 External software list

R-019-002 External software list

External software list​

Software typeNameRisk ClassRisk JustificationPerformanceValidation activities
Operative systemMACosNon-riskedInfrastructure software; no direct impact on product quality or patient safetyNot modifiable. Previous experience endorsed.This software has been tested by the state of the art and global users. Extra validation activities are not required. It is automatically validated.
Operative systemUbuntuNon-riskedInfrastructure software; no direct impact on product quality or patient safetyNot modifiable. Previous experience endorsed.This software has been tested by the state of the art and global users. Extra validation activities are not required. It is automatically validated.
Commercial applicationGoogle WorkspaceNon-riskedGeneral business operations (email, documents); no impact on medical device quality per FDA CSA DraftAccording to the Draft of Computer software assurance CFR- FDA, software intended for management of general business processes or operations, such as email o accounting applications are not considered to be used as part of production or the quality system.Not required
Commercial applicationAtlassianNon-high-riskQMS tool for project/issue tracking; indirect quality impact through process managementNot modifiable but it is configurable.It requires a functional test with specific operations related to the affected processes and their applicable requirements, according to the specific test plan documented in the R-019-001 Software validation report_Atlassian.
Commercial applicationFactorialNon-riskedHR management tool; no impact on product quality or patient safetyNot modifiable but it is configurable. Included within the application its own electronic signature system (Signaturit) compliant to 21 CFR part 11.This software has been tested by the state of the art and global users. Extra validation activities are not required. It is automatically validated.
Commercial applicationeSIGNNon-high-riskElectronic signature for QMS documents; supports document control integrityNot modifiableThis software has been tested by the state of the art and global users. Extra validation activities are not required. It is automatically validated.
Commercial applicationHubspotNon-high-riskCRM and customer communication; supports post-market surveillance and complaint handling processesNot modifiable but it is configurableThis software has been tested by state-of-the-art and global users, but it requires a simple validation process according to the specific test plan documented at the R-019-001 Software validation report_Hubspot.
Commercial applicationVisual Studio CodeNon-riskedCode editor tool; no direct impact on product quality (code itself is validated separately)Not modifiable but it is configurableThis software has been tested by the state of the art and global users. Extra validation activities are not required. It is automatically validated.
Commercial applicationGitHub (Microsoft)Non-high-riskVersion control and code repository; critical for design history and traceabilityNot modifiable but it is configurable. We have configured the electronic signature system GPG (GNU Privacy Guard) to comply with 21 CFR part 11.This software has been tested by the state of the art and global users but it requires a simple validation process according to the specific test plan documented at the R-019-001 Software validation report__GitHub_GPG key signature.
Commercial applicationCVATNon-high-riskAnnotation tool for AI training data; affects training data quality for medical device AINot modifiable but it is configurableThis software has been tested by the state of the art and global users but it requires a simple validation process according to the specific test plan documented at the R-019-001 Software validation report__CVAT.
Commercial applicationDockerNon-high-riskContainer platform for development and deployment; affects build reproducibilityNot modifiable but it is configurableThis software has been tested by the state of the art and global users but it requires a simple validation process according to the specific test plan documented at the R-019-001 Software validation report__Docker.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
R-019-001 Software validation report_Docker_2024
Next
GP-023 Change control management
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)