R-023-001_005 Change control
Description
- Change name: QMS restructuring for MDR transition and Technical File version 1.1.0.0
- Change description: Major restructuring of the Quality Management System to comply with MDR 2017/745 requirements and to support the Technical File for Legit.Health Plus version 1.1.0.0. This restructuring includes creation of new procedures, reassignment of procedure codes, substantial rewriting of existing procedures, and simplification of others as part of continuous improvement.
- Source of change: Regulatory change (MDR 2017/745 transition) and Technical File requirements for Legit.Health Plus v1.1.0.0.
Summary of changes
The document responsibility matrix was reorganised from 9 groups to 14 groups, and all documents were re-signed accordingly.
Additionally, nine general procedures have undergone major (substantive) changes. The substantive changes fall into four categories:
- New procedures created to cover areas required by the expanded technical file (GP-028, GP-029, GP-030).
- Reassigned procedures: GP codes whose topic was replaced to better organise the QMS (GP-024, GP-025).
- Major restructuring of three existing procedures to reflect expanded scope and improve separation of concerns (GP-012, GP-013, GP-023).
- Simplification of existing procedures as continuous improvement (GP-002, GP-005).
Impact analysis
- Regulatory impact: is the change classified as significant?
- Yes (it requires notification to Regulatory Authorities): BSI (Notified Body) notified as part of MDR certification process.
- No (it does not require notification to Regulatory Authorities)
- Risk analysis impact: Risk management documentation updated to comply with ISO 14971:2019, IEC 62304, and IEC 62366-1 under a unified framework. Risk-benefit analysis enhanced according to MDR requirements. Cybersecurity risk management absorbed into GP-013.
- Quality documentation impact: See detailed changes below.
Detailed changes
New procedures
| Document | Change | Period | Description |
|---|---|---|---|
| GP-028 | New procedure | Aug 2025 – Feb 2026 | AI/ML Development lifecycle |
| GP-029 | New procedure | Jul 2025 – Feb 2026 | Software Delivery and Commissioning |
| GP-030 | New procedure | Oct 2025 – Nov 2025 | Cyber Security Management (consolidated from GP-024 and SP-012-002) |
Reassigned procedures
| Document | Change | Period | Description |
|---|---|---|---|
| GP-024 | Reassigned | Jul – Aug 2025 | Was "Cybersecurity" (moved to GP-030); now "Predetermined Change Control Plan" |
| GP-025 | Reassigned | Jun 2025 | Was "Corporate Governance" (moved to GP-027); now "Usability and Human Factors Engineering" |
Substantially rewritten/expanded procedures
| Document | Change | Period | Description |
|---|---|---|---|
| GP-012 | Rewritten | Jul 2025 – Feb 2026 | Design, Redesign and Development: substantially rewritten; cybersecurity extracted |
| GP-013 | Expanded | Aug – Oct 2025 | Risk Management: unified framework across 3 standards; absorbed cybersecurity scope |
| GP-023 | Expanded | Aug 2025 – Feb 2026 | Change Control Management: expanded to cover reorganised QMS structure |
Simplified procedures
| Document | Change | Period | Description |
|---|---|---|---|
| GP-002 | Simplified | Feb 2026 | Quality Planning: process risk management simplified to annual review |
| GP-005 | Simplified | Feb 2026 | Human Resources and Training: simplified; training updated for new procedures |
Minor content changes
| Document | Description |
|---|---|
| GP-004, GP-007, GP-010, GP-018, GP-019, GP-027 | Content updates that do not alter the fundamental process |
Approval
The change is approved.
Plan
- Create GP-028 AI Development procedure covering AI/ML model development lifecycle.
- Create GP-029 Software Delivery and Commissioning procedure covering software deployment and verification.
- Create GP-030 Cyber Security Management procedure consolidating cybersecurity content.
- Reassign GP-024 to Predetermined Change Control Plan (PCCP) for FDA and AI Act requirements.
- Reassign GP-025 to Usability and Human Factors Engineering for IEC 62366-1 compliance.
- Rewrite GP-012 Design, Redesign and Development with improved separation of concerns.
- Expand GP-013 Risk Management with unified framework (ISO 14971, IEC 62304, IEC 62366-1).
- Expand GP-023 Change Control Management for reorganised QMS structure.
- Simplify GP-002 Quality Planning and GP-005 Human Resources and Training.
- Update document responsibility matrix from 9 to 14 groups and re-sign all documents.
Implementation
Implementation date: 2026-02-23
Status
QMS changes implemented. All procedures updated and signed. Technical File for Legit.Health Plus v1.1.0.0 submitted to BSI.
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
- Approver: JD-001 General Manager