R-TF-013-002 Risk management record
This record is carried out following the procedure GP-013 Risk management and according to R-TF-013-001 Risk management plan, which is also carried out following GP-013. The definition of the risk control options, the risk levels, risk acceptability and everything else, can be found in GP-013 Risk management.
Editable file here: https://docs.google.com/spreadsheets/d/1nzDT0qUqjmydHZag0aN1VPkviKlZkbq2hLQuBpiK9cA/edit?usp=sharing
| ID | Hazard | Associated requirement(s) | Hazardous situation | Related to | Type | People affected (Risk analysis) | Part affected (Risk analysis) | Foreseeable sequence of events (Risk analysis) | Harm (Risk analysis) | Potential cause or mechanism of failure (Risk analysis) | Severity (Initial risk evaluation) | Likelihood (Initial risk evaluation) | Risk priority number (Initial risk evaluation) | Selected control option (Risk control) | Implanted mitigation measures (Risk control) | Responsible (Risk control) | Verification of implementation of risk control measures (Risk control) | Verification of effectiveness of risk control measures (Risk control) | Severity (After implementation of risk control measures) | Likelihood (After implementation of risk control measures) | Risk priority number (After implementation of risk control measures) | Residual risk evaluation | Benefit-risk analysis | Risks arising from risk control measures (true/false) | Completeness of risk control | Evaluation of overall residual risk acceptability | Additional risk control measure |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | The endpoints of the device are not compatible with the user's software | REQ-005 REQ-006 REQ-011 REQ-012 | The care provider's IT personnel must develop custom code, which in some cases may not be viable. | Product | Usability | Managing Organization | Integration | 1. The care provider consumes data from the device 2. The name of the keys outputed by the device are not compatible with the care provider's system 3. User needs labour to integrate the device or they cannot integrate it in their system | HCP are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | The name of the endpoints of the device do not follow a standard | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | The endpoints of the device follow HL7's FHIR interoperability standard and information in Instructions for Use. | Technical director | Process for verification is defined in GP-012 Design, redesign and development. In addition, IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information (TEST_011_We facilitate the integration of the device into the users' system). HL7's FHIR standard compliance is verified at the TEST_013_The data that users send and receive follows the FHIR healthcare interoperability standard. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 2 | Incompatibility in classification systems | REQ-004 REQ-006 REQ-012 | The name or code of the ICD class of the medical device do not match the ones used by the care provider's software | Product | Usability | Managing Organization | Integration | 1. The care provider consumes data from the device. 2. Their system gets the ICD classes detected by the medical device 3. Their system is not able to show the proper results to HCP 4. It is required to re-program the medical device or the users system. | HCP are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | The name of the endpoints of the device do not follow a standard | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | The endpoints of the device follow ICD-9, ICD-10 and ICD-11, and they are also mapped to the output. | Technical director | Process for verification is defined in GP-012 Design, redesign and development. In addition, IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. The device ICD requirement is considered and registered within the device DHF: REQ_004_The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image. Validation of REQ_004 is recorded in the TEST_004_The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image. | R-TF-012-015 Summative evaluation report_2024_001 R-TF-015-003 Clinical Evaluation Report_2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 3 | Misrepresentation of magnitude returned by the device | REQ-001 REQ-002 REQ-003 REQ-004 REQ-006 | The care provider's system represent a value as if was representing a different magnitude. | Product | Usability | Managing Organization | Integration | 1. The care provider consumes data from the device. 2. Their system gets a numerical value from an endpoint. 3. Misrepresented data could serve as an erroneous input for the doctor. | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | The name of the endpoints of the device do not follow a standard | 3 | 3 | 9 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | The endpoints of the device follow HL7's FHIR interoperability standard and we developed a integration manual within the IFU that explains the values, as well as a Swagger documentation. This is also explained in the Instructions for use | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. HL7's FHIR standard compliance is verified at the TEST_013_The data that users send and receive follows the FHIR healthcare interoperability standard. | R-TF-012-015 Summative evaluation report_2024_001 Continuous monitoring as part of the post-market surveillance activities | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 4 | Misinterpretation of data returned by the device | REQ-001 REQ-002 REQ-003 REQ-004 REQ-006 | The care provider's system represent a value as if was representing a different clinical endpoint. | Product | Usability | Managing Organization | Integration | 1. The care provider consumes data from the device. 2. Their system gets any value from an endpoint. 3. Misrepresented data could serve as an erroneous input for the doctor. | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | The name of the endpoints of the device do not follow a standard | 3 | 5 | 15 | C. Information for safety and, where appropriate, training to users | The endpoints of the device follow HL7's FHIR interoperability standard and we developed a integration manual within the IFU that explains the values, as well as a Swagger documentation. This is also explained in the Instructions for use | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. HL7's FHIR standard compliance is verified at the TEST_013_The data that users send and receive follows the FHIR healthcare interoperability standard. | R-TF-012-015 Summative evaluation report_2024_001 Continuous monitoring as part of the post-market surveillance activities | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 5 | Incorrect clinical information | REQ-001 REQ-002 REQ-003 REQ-004 | The care provider receives into their system data that is erroneous | Product | Usability | Managing Organization | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs and store wrong clinical data to aid the doctor in their diagnostic and follow up process. | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | The interpretive distribution assigns a low probability to the correct ICD class among the potential ICD classes. | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Intender users (HCP) are detailed in the IFU. The medical device returns metadata about the output that helps supervising it, such as explainability media and other metrics. | Technical director | Process for verification is defined in GP-012 Design, redesign and development. We specify in the intended purpose of the device that is a support tool, not a diagnosis one, meaning that it must always be used under the supervision of HCPs, who should confirm or validate the output of the device considering the medical history of the patient, and other possible sympthoms they could be suffering, especially those that are not visible or have not been supplied to the device. | R-TF-012-015 Summative evaluation report_2024_001 R-TF-015-003 Clinical Evaluation Report_2023_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 6 | Incorrect diagnosis or follow up | REQ-001 REQ-002 REQ-003 REQ-004 | The medical device outputs a wrong result to the HCP | Product | Usability | HCP | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs and store wrong clinical data to aid the doctor in their diagnostic and follow up process. | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | The interpretive distribution assigns a low probability to the correct ICD class among the potential ICD classes. | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Intender users (HCP) are detailed in the IFU. The medical device returns metadata about the output that helps supervising it, such as explainability media and other metrics. AI models undergo retraining using an expanded dataset of images. | Technical director | Process for design verification is defined in GP-012 Design, redesign and development, verification of implemented risk control measures documented in TEST_004_The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image, TEST_013_The data that users send and receive follows the FHIR healthcare interoperability standard. R-TF-012-006 Lifecycle plan and report_2023_001 | R-TF-012-015 Summative evaluation report_2024_001 R-TF-015-003 Clinical Evaluation Report_2023_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 7 | Incorrect results shown to patient | REQ-001 REQ-002 REQ-003 | The patient see erroneous results. | Product | Usability | Patient | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs and store wrong clinical data to aid the doctor in their diagnostic and follow up process. | The patient is affected and may suffer anxiety or delays visiting the HCP and their consequent treatment, worsening their health status. | The interpretive distribution assigns a low probability to the correct ICD class among the potential ICD classes. Patient is using the device without the HCP monitoring | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Intender users (HCP) are detailed in the IFU. The medical device returns metadata about the output that helps supervising it, such as explainability media and other metrics. AI models undergo retraining using an expanded dataset of images. | Technical director | Process for design verification is defined in GP-012 Design, redesign and development, verification of implemented risk control measures documented in TEST_004_The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image, TEST_013_The data that users send and receive follows the FHIR healthcare interoperability standard. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 R-TF-015-003 Clinical Evaluation Report_2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 8 | Unauthorized patient access to clinical data | REQ_012 | The patient somehow manages to get access to the clinical endpoints of the device. | Product | Usability | Patient | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs clinical data to aid the doctor in their diagnostic process. | The patient is affected and may suffer anxiety or delays visiting the HCP and their consequent treatment, worsening their health status. | The medical device is hacked and a patient access to inaccesible data. | 3 | 3 | 9 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | State-of-the-art security measures to avoid unauthorized access to data, malignant uses and hacking, and information to the care provider at the IFU. | Technical director | TEST_011_We facilitate the integration of the device into the users' system. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 R-TF-015-003 Clinical Evaluation Report_2023_001 Continuous monitoring of access to the device | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 9 | Image artefacts/resolution | REQ-007 REQ-008 REQ-009 | The medical device receives an input that does not have sufficient quality in a way that affects it performance | Product | Usability | Managing Organization | Accessory | 1. The user takes a picture 2. The user captures a photo that is poorly lit, lacks focus or has low resolution. 3. The medical device receives a suboptimal input that affects its performance. | Misdiagnosis, delays in treatment and worsening of the patient's health status. | The user does not know how to use image capture devices or, more specifically, is unaware of basics aspects of capturing skin structures in images. Inadequate image processing algorithms | 3 | 3 | 9 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. This allows care providers to prompt the user to re-take a photo. We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation. | Technical director | Verification is defined in TEST_009_Notify the user if the quality of the image is insufficient. | R-TF-015-003 Clinical Evaluation Report_2023_001 R-TF-012-015 Summative evaluation report_2024_001 Monitoring of customer claims as part of the post-market surveillance activities | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 10 | Inaccessible skin areas | REQ_009 REQ_012 | The patient can't capture the affected skin area inside the picture | Product | Usability | Patient | Accessory | 1. The patient has a skin structure in the back 2. The patient tries to take a picture 3. The medical device receives a suboptimal input that affects its performance. | Misdiagnosis, delays in treatment and worsening of the patient's health status. | Inability to access or take a picture of the skin structure due to its location in an unreachable body site and lack of aid in the process. | 3 | 2 | 6 | B. Protection measures in the medical device itself or manufacturing process + C. Information for safety and, where appropriate, training to users | A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. This allows care providers to prompt the user to re-take a photo. | Technical director | TEST_009_Notify the user if the quality of the image is insufficient TEST_011_We facilitate the integration of the device into the users' system. | R-TF-015-003 Clinical Evaluation Report_2023_001 R-TF-012-015 Summative evaluation report_2024_001 Monitoring of customer claims as part of the post-market surveillance activities | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 11 | Data transmission failure from care provider's system | REQ-005 REQ-006 REQ-007 | The care provider's system cannot connect to the device to send data | Infrastructure | Usability | Managing Organization | Integration | 1. The care provider contracts the medical device 2. They receive the secret API key 3. They develops a code snippet to send data 4. The medical device does not receive information. | Delays in patient diagnosis and poorer treatment follow-up. | Error in the API key or the authentication process. No internet connection. Firewall. | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | State-of-the-art techniques of security and software availability. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information required to perform the proper servers connection. API REST connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 12 | Data input failure | REQ-005 REQ-006 REQ-007 | The medical device cannot receive data from care providers | Infrastructure | Usability | Manufacturer | Device | 1. The care provider contracts the medical device 2. They receive the secret API key 3. They develops a code snippet to send data 4. The medical device does not receive information. | Delays in patient diagnosis and poorer treatment follow-up. | Error in the API key or the authentication process. No internet connection. Firewall. | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | State-of-the-art techniques of security and software availability. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information required to perform the proper servers connection. API REST connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 13 | Data accessibility failure | REQ-005 REQ-006 REQ-007 | The care provider cannot receive data from the medical device | Infrastructure | Usability | Managing Organization | Integration | 1. The care provider contracts the medical device 2. They receive the secret API key 3. They develops a code snippet to send data 4. The medical device does not receive information. | Delays in patient diagnosis and poorer treatment follow-up. | Error in the API key or the authentication process. No internet connection. Firewall. | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | State-of-the-art techniques of security and software availability. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information required to perform the proper servers connection. API REST connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 14 | Data transmission failure | REQ-005 REQ-006 REQ-007 | The medical device cannot send data to care providers | Infrastructure | Usability | Manufacturer | Device | 1. The care provider contracts the medical device 2. They receive the secret API key 3. They develops a code snippet to send data 4. The medical device does not receive information. | Delays in patient diagnosis and poorer treatment follow-up. | Error in the API key or the authentication process. No internet connection. Firewall. | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | State-of-the-art techniques of security and software availability. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information required to perform the proper servers connection. API REST connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 15 | Interruption of service | REQ-005 REQ-007 | Users suddenly can't use the device due to a downtime | Infrastructure | Usability | Managing Organization | Device | 1. The care provider contracts the medical device 2. The medical device is integrated to their system 3. They are using the medical device normally 4. They suffer of a temporary loss of whole device performance | Delays in patient diagnosis and poorer treatment follow-up. | Server overload. Critical bug. Other disruptive technical event. | 3 | 3 | 9 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | The deployment of the medical devices uses elastic demand design. The medical device makes constant backups. State-of-the-art techniques of security and software availability. Due to the inherent features of the REST protocol, when a user send a request and the device is down, the device returns a specific code informing of the state of the device, including downtime. This means that the user will be automatically aware of downtime, as well as any other states. | Technical director | Device connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 16 | An organisation that is not a licensed care provider gets access to the device | REQ-005 | Improper use of the device and improper use of the outputs of the device | Requirements | Regulatory | Manufacturer | Integration | 1. A company who is not a licensed care provider contacts us 2. The company contracts the medical device 2. The medical device is integrated to their system 3. They are using the medical device normally | The user of the medical device is not capacitated to use it causing misdiagnosis, delays in treatment and worsening of the patient's health status. | Miscommunication about the medical device-nature of the product. | 3 | 2 | 6 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | The contracting process includes a contract in which the customer declares they are a care provider. Instructions for use explain that it's a medical device for health professionals. Stringent security measures: - implementation of a robust authentication mechanisms such as OAuth or JWT to ensure that only authorized users can access the API. Role-based access control further restricts user privileges, enhancing data security; - implementation of data encryption: all data transmitted between the user and the API is encrypted using industry-standard encryption protocols, such as SSL/TLS, to protect against eavesdropping and data breaches | Technical director | TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. Reviewed and signed contract services with customers. GP-009 Sales | Continuous monitoring for cybersecurity threats, continuous monitoring for API calls | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 17 | Users outside the inteded user definition use the medical device | REQ_012 | Users can't validate the report from the medical device. | Training | Regulatory | Patient | Device | 1. Non-intended users interpret the report 2. They misinterpret the report | Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate information provided by the manufacturer | 3 | 5 | 15 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Instructions for use include information about the intended user. | Technical director | TEST_011_We facilitate the integration of the device into the users' system. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | Sales team continuous support and follow up with HCP | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 18 | The device is not used under the supervision of an HCP | REQ_012 | Improper use of the device and improper use of the outputs of the device | Training | Usability | Patient | Device | 1. Non-HCP users interpret the results 2. They misinterpret the report | Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate information provided by the manufacturer | 3 | 2 | 6 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Instructions for use include information about the intended user, and integration instructions are designed to ensure the users are HCP, and lay users cannot use it without HCP supervision. | Technical director | TEST_011_We facilitate the integration of the device into the users' system. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 19 | The device is integrated by untrained technicians | REQ-005 REQ-012 | Medical device communication with the user server is not properly established | Training | Usability | Managing Organization | Integration | 1. Untrained technicians perform the medical device integration 2. Communication between the medical device and the user server is not adequate 3. Medical device can not be used | User discomfort, dissatisfaction. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate information provided by the manufacturer | 3 | 2 | 6 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Instructions for use include information about the intended user and instructions on how to integrate the device. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 20 | Non-compliance with the General Safety & Performance Requirements (GSPR) | REQ-005 REQ-006 | Inadequate safety and performance of the whole device | Requirements | Regulatory | Manufacturer | Device | 1. Whole device does not comply with the General and Safety Performance Requirements (GSPR) of MDR 2017/745 | Decreased product performance, quality and safety. Misdiagnosis, delays in proper treatment and worsening of the patient's health status due to poor validation of the device | Misinterpretation of applicable regulation or lack of knowledge | 3 | 3 | 9 | A. Inherently safe design and manufacture | Medical device is developed and produced according to harmonized standards for medical device in compliance with the applicable GSPR according to R-TF-008-001_GSPR_2023_001 | Technical director | The compliance with the GSPR is compiled at the R-TF-008-001_GSPR_2023_001 | Internal/external audits, R-TF-015-003 Clinical Evaluation Report 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 21 | Non-compliance with GSPR 3 (absence of a risk management process) | REQ_012 | Risks are not mitigated | Requirements | Regulatory | Manufacturer | Device | 1. A risk management policy is not in place 2. User does not know the potential risks of the whole device 3. Loss of whole device proper performance | User discomfort, dissatisfaction. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate QMS | 3 | 4 | 12 | A. Inherently safe design and manufacture | To implement a risk management process according to ISO 14971 | Technical director | TEST_011_We facilitate the integration of the device into the users' system. R-TF-008-001 General Safety Performance Requirements (GSPR) 2023_001. Risk management process is described at the GP-013 Risk management. | Internal/external audits Periodic review of GP-013 (Risk management), periodic review of risk management plan, record and report, stay up-to-date with any revision of the standard | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 22 | Medical device input requirements are not defined to users to its proper operation | REQ-005 REQ-006 REQ-010 REQ-011 | Whole device is wrongly used / is not used as intended | Requirements | Regulatory | Managing Organization | Device | 1. Product input requirements are not established 2. Users do not know the proper inputs required for the device operation 3. The device outputs wrong data to users | User discomfort, dissatisfaction. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate information provided by the manufacturer | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Product specifications explain the use of the OpenAPI specification to inherently avoid improper use, and the use of the FHIR naming protocol to inherently avoid mistakes. Also, the IFU explains the correct use of the device. | Technical director | HL7's FHIR standard compliance is verified at the TEST_013_The data that users send and receive follows the FHIR healthcare interoperability standard. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 23 | Instructions for use not available or separate from the product | REQ-005 REQ-012 | Whole device cannot be used | Requirements | Regulatory | Managing Organization | Device | 1. IFU cannot be provided electronically 2. User does not have access to the IFU 3. User cannot use the whole device | Lack of observation and further analysis of physiological indicators in pictures analysis. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Error in coding design | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | IFU designed and developed according to harmonized standards for medical device. Provide the IFU in paper form upon request | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. Procedure for managing paper IFU's request (SP-001-001 - eIFU) | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 24 | Inadequate specification of the product intended purpose | REQ-005 REQ-006 REQ-010 REQ-011 | Whole device is wrongly used / is not used as intended | Requirements | Regulatory | Managing Organization | Device | 1. User reads IFU 2. User does not understand the product intended purpose 3. User unintentionally misuses the whole device | Deterioration of performance of the whole device leading to misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate information provided by the manufacturer | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | We specify the product intended purpose in the IFU and label to be available for the users, and also at the TF documents that required it | Technical director | IFU and label verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 R-TF-015-003 Clinical Evaluation Report 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 25 | Inadequate product accessories | REQ_009 REQ-010 REQ-012 | Poor image quality due to inadequate resolution, lighting, focus or camera settings | Requirements | Regulatory | Managing Organization | Accessory | 1. User captures images with inadequate lighting, improper focus, or poor resolution 2. User uploads poor-quality images 3. The device processes poor-quality images 4. The device generates inaccurate results | Deterioration of performance of the whole device leading to misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Inadequate image processing algorithms | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | A requirement of the device defines the creation of a processor whose purpose is to ensure that the image have enough quality. In other words, an algorithm, similar to the ones used to classify diseases, is used to check the validity of the image and provides an image quality score. This allows care providers to prompt the user to re-take a photo. We also offer training to the users to optimize the imaging process so that it is optimal for the device's operation. | Technical director | Verification is defined in TEST_009_Notify the user if the quality of the image is insufficient. | R-TF-015-003 Clinical Evaluation Report_2023_001 R-TF-012-015 Summative evaluation report_2024_001 Monitoring of customer claims as part of the post-market surveillance activities | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 26 | Data breach or unauthorized access | REQ-005 | Unauthorized persons have access to confidential data of the practitioners and patients | Requirements | Data privacy | Managing Organization | Device | 1. User write down the API key credentials on a post-it attached to the computer 2. Unauthorized person uses the credentials to access the software 3. Unauthorized person consults confidential data from patients or practitioner | HCP and patients confidential data are exposed | Inadequate information provided by the manufacturer | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | We include the instructions to use the API key within the API key delivery document. Stringent security measures: - implementation of a robust authentication mechanisms such as OAuth or JWT to ensure that only authorized users can access the API. Role-based access control further restricts user privileges, enhancing data security; - implementation of data encryption: all data transmitted between the user and the API is encrypted using industry-standard encryption protocols, such as SSL/TLS, to protect against eavesdropping and data breaches | Technical director | Instructions detailed at the T-011-002 Device OAuth order and IFU. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner. | R-TF-012-015 Summative evaluation report_2024_001 Continuous monitoring of cybersecutity threats | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 27 | Non-compliance with GSPR 3 (absence of a PMS & PMCF process) | REQ_012 | Unavailability of safety, performance, usability information during product usage needed to improve the device | Requirements | Regulatory | Manufacturer | Device | 1. Input from the market is not received, as a possible accident 2. Accident or incident is not investigated 3. Accident is not communicated to the NCA (National Competent Authorities) 4. Failure produced by the product is not corrected 5. Accident, incident or failure is repeated | Users discomfort and loss of confidence in the device. Patient misdiagnosis and worsening of their health status | Inadequate QMS | 3 | 3 | 9 | A. Inherently safe design and manufacture | To develop post-market surveillance and post-market clinical follow up plans according to the regulatory requirements | Technical director | TEST_011_We facilitate the integration of the device into the users' system. R-TF-008-001 General Safety Performance Requirements (GSPR) 2023_001. PMS and PMCF plans created: R-TF-007-001 Post-Market Surveillance (PMS) Plan and R-TF-007-002 Post-Market clinical follow-up (PMCF) Plan | Internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 28 | Inadequate instructions for use: product information for clinical safety is not included at the IFU | REQ_012 | Device is not used as intended for the patient safety | Requirements | Regulatory | Manufacturer | Instructions for Use | 1. User reads the IFU 2. User does not see clinical safety information 3. User does not use the device due to lack of clinical safety information | Loss of confidence in the devic | Inadequate information provided by the manufacturer | 3 | 4 | 12 | C. Information for safety and, where appropriate, training to users | We specify in the IFU the product information for clinical safety | Technical director | TEST_011_We facilitate the integration of the device into the users' system. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 29 | Inadequate instructions for use: product information for cybersecurity is not included in the IFU | REQ-012 | Device is not used as intended for the practitioner/patient safety | Requirements | Data privacy | Manufacturer | Instructions for Use | 1. User reads the IFU 2. User does not know which cybersecurity measures to implement 3. Personnel data is compromised | HCP and patients confidential data are exposed | Inadequate information provided by the manufacturer | 3 | 4 | 12 | C. Information for safety and, where appropriate, training to users | We specify in the IFU the product information for cybersecurity | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 30 | The user is unable to provide adequate lighting conditions | REQ-008 REQ-009 | The medical device receives an input that does not have sufficient quality | Product | Usability | Patient | Device | 1. The user (doctor or patient) takes a picture 2. The user captures a photo that is poorly lit, lacks focus or has low resolution. 3. The device could provide a wrong detection and classification of skin lesion | Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Wrong use of image capture device or wrong configuration of the camera. | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Created an auxiliary neural network that check the validity of the image and provides an image quality score. This allows care providers to prompt the user to re-take a photo. We offer training to the users to optimize the imaging process so that it is optimal for the device's operation. | Technical director | Verification is defined in TEST_009_Notify the user if the quality of the image is insufficient | Customer service follow up R-TF-015-003 Clinical Evaluation Report_2023_001 R-TF-012-015 Summative evaluation report_2024_001 | 3 | 2 | 6 | As far as possible | Benefits outweigh the risks | FALSE | TRUE | Acceptable | NA |
| 31 | System incompatibility | REQ-005 REQ-006 REQ-012 | Integration of our device is not compatible with the user platform | Infrastructure | Usability | Managing Organization | Integration | 1. User tries to integrate the api at their system 2. Api does not connect with the system 3. Api cannot be used | Users are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | Inadequate design of the device | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | Our device is built as an API that follows the REST protocol. This protocol totally separates the user interface from the server and the data storage. Thanks to this, REST API always adapts to the type of syntax or platforms that the user may use, which gives considerable freedom and autonomy to the user. With a REST API, the user can use either PHP, Java, Python or Node.js servers. The only thing is that it is indispensable that the responses to the requests should always take place in the language used for the information exchange: JSON. | Technical director | API REST connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 32 | Duplicated with number 9 | ||||||||||||||||||||||||||
| 33 | Data overwrite | REQ-005 | The data cannot be shown in a time-series that reflects the evolution | Product | Usability | Patient | Device | 1. The user uploads a new image and perform the analisis of it 2. The new image uploading deletes the previous image and results 3. Patient follow up is not shown | Patient discomfort related to delay on the treatment adjustment and worsening of the skin condition | Design failure on the patient follow up images and data storage | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | Product specifications explain the use of the REST protocol to inherently avoid bad practices in programming such as data re-writing. Every request is independent and cannot be edited. | Technical director | Verification is recorded in TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner | R-TF-015-003 Clinical Evaluation Report 2023_001 R-TF-012-015 Summative evaluation report_2024_001 | 3 | 0 | 0 | The risk is now impossible | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 34 | Inconsistent or unreliable output | REQ-004 | Analysis of the same image of the same version of the device generates different results | Requirements | Regulatory | Patient | Device | 1. User uploads an image that is the same to other already uploaded 2. Results are shown 3. Results are different from the previous image uploaded 4. User is concern about the device performance | User discomfort and suspicion about the device safety and performance. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | A new version of the device was released without following the design and development procedures | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | We include in our GP-012 Design, redesign and development that the inclusion of the new dataset requires a new validation of the device as it would be a new version. | Technical director | GP-012 Design, redesign and development TEST_004_The user receives an interpretative distribution representation of possible ICD categories represented in the pixels of the image Section AI/ML model re-training of R-TF-012-006 Lifecycle plan and report_2023_001explains the re-trianing of AI models. | R-TF-015-003 Clinical Evaluation Report 2023_001, continuous monitoring of the performance by collecting feedback from users | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 35 | Sensitivity to image variability | REQ-001 REQ-002 REQ-003 REQ-004 | Analysis of the same skin structure with images taken with deviations in lightning or orientation generates significantly different results | Requirements | Regulatory | Patient | Device | 1. User uploads an image of the same skin structure than a previous one, but with different orientation 2. Results are shown 3. Results are different from the previous image uploaded 4. User is concern about the device performance | User discomfort and suspicion about the device safety and performance. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Skin structures captured in different images are represented in totally different pixels, which actually make them different skin structures even if they represent the same real-world entity. | 3 | 5 | 15 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | The development of the device implements measures to improve consistency. Namely, the augmentation of images and the vast amount of images with different lightning and orientation deviations used to develop the device. | Technical director | AI training is explained in the GP-012 Design, redesign and development plus the requirements are documented in REQ_001_The user receives quantifiable data on the intensity of clinical signs, REQ_002_The user receives quantifiable data on the count of clinical signs, REQ_003_The user receives quantifiable data on the extent of clinical signs. The verification of these requirements is documented in TEST_001_The user receives quantifiable data on the intensity of clinical signs, TEST_002_The user receives quantifiable data on the count of clinical signs, TEST_003_The user receives quantifiable data on the extent of clinical signs. | R-TF-015-003 Clinical Evaluation Report 2023_001, continuous monitoring of the performance by collecting feedback from users | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 36 | Integration failure or errors | REQ-005 REQ-006 REQ-012 | The user lacks the knowledge required to integrate the product in their system | Product | Usability | Managing Organization | Integration | 1. Untrained personnel perform the medical device integration 2. Communication between the medical device and the user server is not adequate 3. Medical device can not be used | HCP are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | Inadequate information provided by the manufacturer | 3 | 4 | 12 | C. Information for safety and, where appropriate, training to users | We specify the intended user at the IFU. Additionally, we include at the IFU the instructions and information required by the technicians to perform the integration of the device within their system. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 37 | Inaccurate training data | REQ-001 REQ-002 REQ-003 REQ-004 REQ-008 REQ-009 REQ-010 | Image datasets used in the development of the device are not properly labeled | Processes | Regulatory | Manufacturer | Device | 1. Images are selected and labeled 2. Algorithm training is performed 3. Best algorithm with this images is selected for the device performance 4. Users analyze images with this algorithm 5. Medical devices gives wrong results to the users | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | Inadequate design of the device | 3 | 5 | 15 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | We carefully select the images in colaboration with Health Care Organizations and we hire HCP to perform the labeling to ensure it is properly performed | Technical director | Verification is compiled at the TEST_001_The user receives quantifiable data on the intensity of clinical signs, TEST_002_The user receives quantifiable data on the count of clinical signs, TEST_003_The user receives quantifiable data on the extent of clinical signs | R-TF-015-003 Clinical Evaluation Report 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 38 | Biased or incomplete training data | REQ-001 REQ-002 REQ-003 REQ-004 REQ-008 REQ-009 REQ-010 | Image datasets used in the development of the device are not properly selected | Processes | Regulatory | Manufacturer | Device | 1. Images are selected 2. Validation tests are performed 3. Validation fails 4. Medical device cannot be released 5. Medical device cannot be used | HCP are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | Inadequate design of the device | 3 | 5 | 15 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | We carefully select the images in colaboration with Health Care Organizations and we hire HCP to perform the labeling to ensure it is properly performed | Technical director | Verification is compiled at the TEST_001_The user receives quantifiable data on the intensity of clinical signs, TEST_002_The user receives quantifiable data on the count of clinical signs, TEST_003_The user receives quantifiable data on the extent of clinical signs | R-TF-015-003 Clinical Evaluation Report 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 39 | Lack of efficacy or clinical utility | REQ-001 REQ-002 REQ-003 | There are no demonstrated product clinical benefits when used as intended by the manufacturer | Requirements | Regulatory | Manufacturer | Device | 1. User upload an image to the device 2. User review device results 3. The results does not help the users | User discomfort and dissatisfaction. Delays in patient diagnosis and poorer treatment follow-up. | Inadequate design of the clinical evaluation | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | We performed a deep clinical study to demonstrate the clinical benefits of the medical device that included pre-clinical investigation, clinical trials and post-market activities | Technical director | Plan and compilation of results are documented at the R-TF-015-001 Clinical Evaluation Plan 2023_001and R-TF-015-003 Clinical Evaluation Report 2023_001. | R-TF-015-003 Clinical Evaluation Report 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 40 | Device failure or performance degradation | REQ-005 REQ-007 | The device is overwhelmed by its use: either not enough storage capacity or unable to handle requests | Infrastructure | Usability | Manufacturer | Device | 1. User upload an image to the device 2. User receive analysis results 3. Medical device deletes the image and results 4. User cannot review the new results obtained, neither the patients follow up. | User discomfort and dissatisfaction. Delays in patient diagnosis and poorer treatment follow-up. | Inadequate design of the medical device infrastructure | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | We use scalable server structure (also called elastic), which is the industry standard and the widely used option. | Technical director | TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner | R-TF-015-003 Clinical Evaluation Report 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 41 | Incorrect interpretation or override of device outputs | REQ_012 | The HCP validates the wrong skin condition, even if the device outputs the correct result | Training | Usability | Patient | Device | 1. The user takes a picture 2. The HCP receives correct results 3. The HCP validates the wrong condition because their opinon is contrary to the output of the device | Patient receives wrong treatment and follow up. Patient health worsening | Medical device is not used by experienced HCP or the HCP makes a mistake. | 3 | 2 | 6 | C. Information for safety and, where appropriate, training to users | We include at the IFU that the intended user of the medical device must be a HCP (the practitioner), and the importance of the validation of the correct skin condition (recommendation to the users to insert a warning alert at their interface to alert them on the importance of the proper condition validation). | Technical director | TEST_011_We facilitate the integration of the device into the users' system. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-008 Software usability report_2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 42 | Duplicated with number 41 | NA | |||||||||||||||||||||||||
| 43 | Non-compliance with GSPR 23: Inadequate labeling - labeling cannot be included within the device due to its nature | REQ_012 | User cannot confirm the medical device version | Requirements | Regulatory | Manufacturer | Device | 1. User connect the device with their system 2. Users use the wrong version of the device 3. Users don't receive the best results that the device could offer | User discomfort and dissatisfaction | Failure on labeling validation procedure design | 2 | 4 | 8 | A. Inherently safe design and manufacture | Label design has been performed according to the applicable regulations (MDR 2017/745 and ISO 15223-1). Labeling is included within the IFU and published at our website to ensure all the user can consult it when needed. | Technical director | TEST_011. Label verification is documented at R-TF-001-006. R-TF-008-001 General Safety Performance Requirements (GSPR) 2023_001. IFU and label validation 2023_001 to ensure that they include the information. | Internal/external audits | 2 | 1 | 2 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 44 | Non-compliance with GSPR 23: Inadequate Instructions for Use | REQ-012 | Integration cannot be properly performed | Requirements | Regulatory | Manufacturer | Instructions for Use | 1. Manufacturer organization receives the device 2. Technicians integrate the device on their system 3. Communication between device and user system is not correct and it cannot be used | HCP are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | Failure on IFU validation procedure design | 3 | 4 | 12 | A. Inherently safe design and manufacture | IFU has been written according to the applicable regulations (MDR 2017/745 and ISO 15223-1). | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001, Internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 45 | Complicated instructions for use: the instructions for use are too complicated and more intricate than they need to be | REQ-012 | User misinterpret the IFU | Requirements | Usability | HCP | Instructions for Use | 1. Manufacturer organization receives the device 2. Technicians integrate the device on their system 3. Communication between device and user system is not correct and it cannot be used | HCP are unable to use the device, leading to delays in patient diagnosis and poorer treatment follow-up. | Failure on IFU design | 3 | 4 | 12 | A. Inherently safe design and manufacture | IFU has been written according to the applicable regulations (MDR 2017/745 and ISO 15223-1). | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001, Internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 46 | Inadequate warning of adverse effects | REQ_012 | User is not properly advised | Requirements | Regulatory | Patient | Instructions for Use | 1. User reads the IFU 2. User does not know the usage warnings 3. Usage of the device without proper precaution | It is not known or foreseen any undesirable side-effects specifically related to the use of the software, as it is explained at the IFU | Failure on IFU design | 3 | 3 | 9 | A. Inherently safe design and manufacture | IFU has been written according to the applicable regulations (MDR 2017/745 and ISO 15223-1). | Technical director | TEST_011_We facilitate the integration of the device into the users' system. IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. | R-TF-012-015 Summative evaluation report_2024_001, Internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 47 | Duplicated with number 3 and 4 | ||||||||||||||||||||||||||
| 48 | Maintenance is inadequate to the planned functions | REQ_012 | Device performance is compromised | Processes | Regulatory | Manufacturer | Device | 1. Maintenance is not performed according to the established procedures 2. User cannot receive results or they are not correct | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | Inadequate maintenance planning | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | Device maintenance is performed yearly when its validation is performed to ensure its proper operating. No additional maintenance is required. | Technical director | TEST_011. Label verification is documented at R-TF-001-006. R-TF-008-001 General Safety Performance Requirements (GSPR) 2023_001. Maintenance performance is, then, registered as the new validation performed within the DHF. | Control of device's version used by HCP to ensure last validated version of the device is being used. Information about changes compared to previous version provided to the users | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 49 | Inadequate or absent maintenance specifications, including performance checks | REQ-012 | User does not know how to maintain the device | Processes | Regulatory | Managing Organization | Device | 1. User does not maintain the device 2. User cannot receive results or they are not correct | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | Inadequate maintenance design | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | The device does not require any performance checks activities nor maintenance by the users, as it is specified at the IFU. When a new version with changes is released, users are properly informed following the GP-012 Design, redesign and development SOP. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. Transition to the updated versions is guided by the JD-005 as specified in the GP-012 Design, redesign and development SOP | Control of device's version used by HCP to ensure last validated version of the device is being used. Information about changes compared to previous version provided to the users | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 50 | Inadequate maintenance: users do not properly maintain the device | REQ-012 | Device performance is compromised | Processes | Usability | HCP | Device | 1. Users do not perform the proper device maintenace 2. Users manage an old device version 3. Users do not receive the most updated and improved results | User discomfort and dissatisfaction | Users either do not receive the update to the new version or are not able to update the device or fail to do so. | 3 | 4 | 12 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | We have defined within our GP-012 Design, redesign and development SOP a procedure to inform our customers about the new version of the device, providing them with the proper instructions to perform the update. Additionally, we keep a record of customers that have not transitioned to the new versions that we review and update periodically. | Technical director | Customers that have not transitioned to the new versions are listed at the R-012-012 Customers product version control | Control of device's version used by HCP to ensure last validated version of the device is being used. Information about changes compared to previous version provided to the users | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 51 | Absence of limitation of product lifetime | REQ_012 | User does not know the lifetime of the device to stop using it | Requirements | Regulatory | Manufacturer | Device | 1. Device is used after its lifetime is reached 2. Device performance is wrong | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | Misinterpretation of applicable requirements or lack of knowledge | 3 | 4 | 12 | A. Inherently safe design and manufacture | Given the nature of the product (API), it has no lifetime limitation. Manufacturing date is included at the labeling. | Technical director | TEST_011. Label verification is documented at R-TF-001-006. R-TF-008-001 General Safety Performance Requirements (GSPR) 2023_001. IFU and label validation 2023_001 to ensure that they include the information. | Internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 52 | Design and development input requirements are not defined (user, technical and/or regulatory) | REQ_012 | Whole device is wrongly used / is not used as intended | Requirements | Regulatory | Manufacturer | Device | 1. Product input requirements are not established 2. Incomplete safety and performance characteristics of the whole device | User discomfort and dissatisfaction. Delays in patient diagnosis and poorer treatment follow-up. | Misinterpretation of applicable design requirements or lack of knowledge | 3 | 4 | 12 | A. Inherently safe design and manufacture | We have defined a procedure for the design and development process following the ISO 62304 standard. We document all the development using a Design History File (DHF) through Jira, including the product input requirements | Technical director | The design and development procedure is described at the GP-012 Design, redesign and development. The product input requirements (user, technical and regulatory) are established within the Legit.Health DHF. The inputs are validated to ensure they are appropriate TEST_011_We facilitate the integration of the device into the users' system. R-TF-012-008 Software usability report_2023_001 | Internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 53 | Instructions for use are not available at the time of use due to downtime | REQ_012 | User cannot consult the IFU | Requirements | Usability | Managing Organization | Instructions for Use | 1. User wants to consult the IFU 2. User cannot reach the IFU | User discomfort and dissatisfaction | IFU are only electronically available | 2 | 3 | 6 | A. Inherently safe design and manufacture | Firstly, if the issue is access to the internet, the use would also not be able to use the device, so there is no risk of using the device without access to the instructions. Furthermore, the IFU can be downloaded by PDF. Moreover, the IFU is hosted on a independent instance to improve the resiliency of the information system, this means that downtime in the device does not imply downtime in the IFU. The device sends messages to the user when there is any problem with the communication between the device and the user end, so the user always receives basic instructions when something is wrong. Furthermore, the procedure SP-001-001 - eIFU management explains the process to fulfil customer's request for paper IFU. | Technical director | The selection of independent instances is performed according to GP-012 Design, redesign and development IFU are verified as registered at the TEST_011_We facilitate the integration of the device into the users' system. Process to provide customers with IFU in paper format is explained in SP-001-001 - eIFU management | R-TF-012-015 Summative evaluation report_2024_001, continuous monitoring of the performance by collecting user's feedback | 2 | 1 | 2 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 54 | The device inputs images that do not represent skin structure | REQ-007 REQ-008 REQ-009 | Users send images to the device that do not represent skin structure, usually by error. Or the image contains skin but it is very far away and there are many more elements (such as a chair, a table, the ceiling, and so on) | Training | Usability | Managing organization | Device | 1. User takes an image of the skin. 2. User uploads the wrong image, instead of the image of the skin. 3 (or) The image is taken in such a way that the skin is a very small item of the image 4. User sends the image to the device 5. The device processes the image and outputs a result | Misdiagnosis, delays in treatment and worsening of the patient's health status. | The user makes a mistake when chosing the image, or does not know how to use image capture devices or, more specifically, is unaware of basics aspects of capturing skin structures in images. | 3 | 2 | 6 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | A requirement of the device defines the creation of a processor whose purpose is to ensure that the image belongs to the domain of dermatology. In other words, an algorithm, similar to the ones used to classify diseases, is used to check that the image contains skin. This allows care providers to prompt the user to re-take a photo. | Technical director | The requirement is documented in REQ_008_Notify the user if the image does not represent a skin structure and its verification is performed and documented in the TEST_008_Notify the user image modality and if the image does not represent a skin structure. | R-TF-015-003 Clinical Evaluation Report_2023_001, continuous monitoring of the performance by collecting user's feedback | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 55 | The electronic data and content are tampered | REQ-005 | Users have access to wrong data | Infrastructure | Data privacy | Manufacturer | Device | 1. Unintended person gains access to the data storage 2. Unintended person gains edit permissions 3. An unintended person tampers with the data 4. User receives erroneus results This can be intentionally, with nefarious purposes, or unintentionally. | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | Insuficient cybersecurity safeguards. Non-adhearance to best practices. | 3 | 2 | 6 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | The medical device is developed and produced according to "IMDRF Principles and Practices for Medical Device Cybersecurity" (IMDRF/CYBER WG/N60FINAL:2020) and "MDCG 2019-16 - Guidance on Cybersecurity for medical devices". The procedure is defined in SP-012-002 Cybersecurity Requirements of AI/ML Models. Regarding unintended tampering, the product specifications explain the use of the REST protocol to inherently avoid bad practices in programming such as data re-writing. Every request is independent and cannot be edited. | Technical director | Device connection performance verification is recorded at the TEST_012_The user can send requests and get back the output of the device as a response in a secure, efficient and versatile manner. Also in R-052-001 DPIA 2023_001 (Data Privacy Impact Assesment). REST protocol explained in Legit.Health Plus description and specifications 2023_001 | Continuous monitoring for cybersecurity threats, internal/external audits | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 56 | Electronic instructions for use are not compatible with different devices | REQ_012 | Technological stack is chosen in a way that limit the ability of displaying the electronic instructions for use with different devices which could be used to display those instructions. | Product | Usability | Managing organization | Instructions for Use | 1. User wants to consult the IFU electronically 2. User opens de IFU from a device that is not compatible 3. User cannot read the IFU | User discomfort and dissatisfaction | Electronic IFU are developed in a non-universal plafform or technology. | 2 | 3 | 6 | A. Inherently safe design and manufacture | The electronic instructions for use are accessible via a web app that is accessible via any browser with any operating system. The instructions do not contain features, graphics or materials that are not universally accessible. It is also relevant to mention that the electronic access to the IFU is actually our recomended method of interacting with them, due to the intrinsic nature of the device. | Technical director | The selection of independent instances is performed according to GP-012 Design, redesign and development IFU are verified as registered at the TEST_011_We facilitate the integration of the device into the users' system | R-TF-012-015 Summative evaluation report_2024_001 | 2 | 1 | 2 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 57 | Lack of version control or traceability | REQ_012 | The HCP cannot identify the version of the device being used | Requirements | Usability | HCP | Device | 1. HCP wants to consult the eIFU for the device version being used 2. HCP needs to check the device version 2. HCP does not find the information within the interface created | User discomfort and dissatisfaction | Interface developers do not know the importance of showing this information to the HCP | 2 | 3 | 6 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | We include within one of the requirements defined during the design stage (REQ_012) that one of the outputs of the device must be the version being used. In addition, we include within the eIFU information to the technology professionals who integrate the device to ensure the HCP users can consult the version being used. | Technical director | IFU are verified as registered at the TEST_011_We facilitate the integration of the device into the users' system | R-TF-012-015 Summative evaluation report_2024_001 | 2 | 1 | 2 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 58 | SOUP presents an anomaly that makes it incompatible with other SOUPs or with software elements of the device | All REQ | The overall functionality of the medical device could be affected giving wrong results to the users | Product | Usability | Manufacturer | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs and store wrong clinical data to aid the doctor in their diagnostic and follow up process. | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | We did not select properly the SOUPs involved in the device design and development procedure | 3 | 4 | 12 | A. Inherently safe design and manufacture | We carefully analyze all the SOUPs selected during the design and development of the device. In addition, during the requirements design and review, we evaluated that these selected SOUPs are compatible. | Technical director | The SOUP anomalies have been identified in the R-TF-012-006 Lifecycle plan and report_2023_001, and in the DHF each requirement evaluated that SOUPs are compatible. SOUPs records (part of the DHF) | Revision of the design documentation, including requirements and SOUP records (part of the DHF) where requirements and anomalies are evaluated and documented, to ensure that the selected SOUPs were carefully analyzed and evaluated for compatibility during the design and development phases. Continuous monitoring of SOUP anomalies as described in the PMS plan (R-TF-007-001 Post-Market Surveillance (PMS) Plan_2023_001), section Security vulnerabilities of SOUPs and software tools. | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 59 | SOUP is not being maintained nor regularly patched | All REQ | The overall functionality of the medical device could be affected giving wrong results to the users, patient data integrity is compromised | Product | Usability | Manufacturer | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs and store wrong clinical data to aid the doctor in their diagnostic and follow up process. 4. Personnel data is exposed | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. Users dissatisfaction and discomfort | We create an erroneus maintenance protocol for the SOUPs | 3 | 4 | 12 | B. Protective measures in the medical device itself or in the manufacturing process | During the design and development of the device we evaluate that the SOUPs involved are up to date, regularly patched and maintained. | Technical director | In the DHF each requirement evaluates that the SOUPs involved are up to date, regularly patched and maintained. SOUPs records (part of the DHF) | Revision of the design documentation, including requirements and SOUP records (part of the DHF) where requirements and anomalies are evaluated and documented, to ensure that the selected SOUPs were carefully analyzed and evaluated for compatibility during the design and development phases. Continuous monitoring of SOUP anomalies as described in the PMS plan (R-TF-007-001 Post-Market Surveillance (PMS) Plan_2023_001), section Security vulnerabilities of SOUPs and software tools. | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 60 | SOUP presents cybersecurity vulnerabilities | All REQ | The SOUP can be attacked and corrupted causing device failure as it may have known vulnerabilities that could be exploited by malicious actors. Wrong results can be shown to users and patient and users data may be compromised | Product | Data privacy | Manufacturer | Device | 1. The user takes a picture 2. The photo is given to the medical device. 3. The device outputs and store wrong clinical data to aid the doctor in their diagnostic and follow up process. 4. Personnel data is exposed | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. Users dissatisfaction and discomfort | We did not select properly the SOUPs involved in the device design and development procedure, nor maintain it properly | 3 | 4 | 12 | A. Inherently safe design and manufacture | We carefully analyze all the SOUPs selected during the design and development of the device. In addition, during the requirements design and review, we evaluated that these selected SOUPs have not had cybersecurity incidents related to them. | Technical director | The SOUP anomalies have been identified in the R-TF-012-006 Lifecycle plan and report_2023_001, and in the DHF each requirement evaluated that SOUPs have not had cybersecurity incidents related to them. | Revision of the design documentation, including requirements and SOUP records (part of the DHF) where requirements and anomalies are evaluated and documented, to ensure that the selected SOUPs were carefully analyzed and evaluated for compatibility during the design and development phases. Continuous monitoring of SOUP anomalies as described in the PMS plan (R-TF-007-001 Post-Market Surveillance (PMS) Plan_2023_001), section Security vulnerabilities of SOUPs and software tools. | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 61 | Stagnation of model performance | REQ_001 REQ_002 REQ_003 REQ_004 REQ_008 REQ_009 REQ_010 | The AI/ML models of the device do not benefit from the potential improvement in performance that comes from re-training | Product | Usability | Manufacturer | Device | 1. We develop the device 2. We don't re-train it 3. Users don't benefit for the safest and best performing model possible | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | We did not plan how we were going to re-train the device | 3 | 5 | 15 | A. Inherently safe design and manufacture | We plan for re-training during the design and development. | Technical director | The R-TF-012-006 Lifecycle plan and report_2023_001 includes a section called AI/ML model re-training that specifies re-training activities | R-TF-015-003 Clinical Evaluation Report 2023_001, continuous monitoring of performance by collecting user's feedback | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 62 | Degradation of model performance | REQ_001 REQ_002 REQ_003 REQ_004 REQ_008 REQ_009 REQ_010 | Automatic re-training of models decreases the performance of the device | Product | Usability | Manufacturer | Device | 1. We develop the device 2. We re-train it automatically (which implies that labels have not been manually verified) 3. The performance of the model decreases | This could lead to misdiagnosis, delays in treatment and worsening of the patient's health status. | We did not plan the right strategy on how we were going to re-train the device | 3 | 5 | 15 | A. Inherently safe design and manufacture | We specify that automatic re-training will not be used as a re-training strategy during the design and development process. Instead, we plan for exclusively manual retraining. | Technical director | The R-TF-012-006 Lifecycle plan and report_2023_001 includes a section called AI/ML model re-training that specifies re-training activities | R-TF-015-003 Clinical Evaluation Report 2023_001, continuous monitoring of performance by collecting user's feedback | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 63 | Insufficient knowledge to display electronic IFU | REQ_012 | The user, lacking sufficient knowledge of software and hardware, attempts to access the electronic IFU but encounters difficulties or fails to properly display the instructions | Training | Usability | Managing organization | Instructions for Use | 1. The user tries to access the electronic IFU 2. The user fails to access the electronic IFU due to poor understanding of the hardware/software requirements to display them 3. The user improperly integrates the device because he does not have access to the IFU and misinterprets the device functionality 4. Communication between the medical device and the user server is not adequate 5. Medical device can not be used | User discomfort, dissatisfaction. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | We did not inform in a proper way the user about the hardware and software requirements to display the electronic IFU | 3 | 2 | 6 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | IFU is designed in such a way that it is accessible via a dedicated and secure URL and it is also available in the website. The only requirement for accessing the eIFU is having internet connection. The users can access the IFU via any web browsers with any operations system. Upon user's request, we provide the user with IFU in paper format according to the internal procedure SP-001-001 eIFU management. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. SP-001-001 eIFU management | R-TF-012-015 Summative evaluation report_2024_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 64 | Electronic IFU are tampered | REQ_12 | Users have access to wrong instructions for use | Infrastructure | Data privacy | Manufacturer | Instructions for Use | 1. Unintended person gains access to the data storage 2. Unintended person gains edit permissions 3. An unintended person tampers the electronic IFU content 4. User access tampered IFU 5. Users use the device in the wrong way This can be intentionally, with nefarious purposes, or unintentionally | User discomfort, dissatisfaction. Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Insuficient cybersecurity safeguards. Non-adhearance to best practices. | 3 | 2 | 6 | A. Inherently safe design and manufacture + B. Protection measures in the medical device or manufacturing process | IFU content and versions managed and stored using git. The IFU content can be edited only by using signed commits with GPG Keys, implementation of branch structure with approvals for merging changes and automated verification of code correctness and lack of bugs or errors before merge, secure stage of environment variables in Git repository, implementation of redundant backups, both in Git repository and deployment server. Implementation of a robust authentication systems for administrative access and a role-based access control (RBAC) framework for delineating user permissions. | Technical director | GP-001 Documents control explains the risk control measures implemented to achieve IFU data and content protection | Continuous monitoring for cybersecurity threats, R-TF-001-006 IFU and label validation 2023_001 | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
| 65 | Electronic IFU and their paper copies are unavailable | REQ_012 | IT professionals cannot integrate the device, healthcare professionals cannot use the device | Requirements | Regulatory | Managing organization | Instructions for Use | 1. IFU cannot be provided electronically 2. Paper copies of IFU are not provided to users 2. User does not have access to the IFU 3. User cannot use the whole device | Misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Error in coding design for electronic IFU, no process for providing paper copies of the IFU to the clients | 3 | 4 | 12 | A. Inherently safe design and manufacture + C. Information for safety and, where appropriate, training to users | IFU designed and developed according to harmonized standards for medical device. Creation of a procedure for the management of paper copies of the IFU defining the process, responsibilities and timeline. The timeline is set taking into account the severity and the intended use of the device (support to diagnosis), and it is within 7 calendar days to reduce the harm of misdiagnosis, delays in proper treatment and worsening of the patient's health status. | Technical director | IFU verification is recorded at R-TF-001-006 IFU and label validation 2023_001 to ensure that they include the information. Procedure for managing paper IFU's request (SP-001-001 eIFU management) | R-TF-012-015 Summative evaluation report_2024_001, training on procedure (SP-001-001 eIFU management) for employees involved in the process | 3 | 1 | 3 | Acceptable | Not applicable (acceptable risk) | FALSE | TRUE | Acceptable | NA |
Record signature meaning
- Author: JD-004
- Reviewer: JD-003
- Approver: JD-005 Alfonso Medela