For Quality & Regulatory Professionals
To support your certification process, all documents for your audit are completed and available for download.
Considered Standards and Guidelines
IEC 62304 is the international standard for the development of medical device software. It provides a process and requirements for developing, testing, and maintaining software used in medical devices. It covers the entire software life cycle, from requirements to post-market surveillance, and is intended to ensure that the software is safe and effective for its intended use.
basebox development did consider the requirements from IEC62304 as applicable to an OTS, for instance by:
- Establishing user and software requirements,
- Transforming those into an architecture,
- Apply coding rules,
- Do automated testing before any commits and for all builds.
The cybersecurity standard IEC 81001-5-1 focuses on IT security in the software life cycle and supplements IEC 62304 with cybersecurity specific requirements.
basebox applied the principles of security by design from IEC 81001-5-1 where applicable for an OTS component, for instance, by:
- Performing threat modeling,
- Implementing security controls,
- Executing penetration testing by a certified 3rd party,
- Using Rust as the secure programming language,
- And issuing a MDS2 form.
While considering IEC 81001-5-1 most of the requirements from MDCG 2019-16 Guidance on Cybersecurity for medical devices are covered. Relevant controls from NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations were considered during the development of basebox.MORE
ISO 14971 is an international standard that provides requirements for the risk management of medical devices. It outlines a process for identifying, analyzing, evaluating, controlling, and monitoring the risks associated with medical devices throughout their life cycle, with the goal of ensuring they are safe and effective for their intended use.
Since basebox is not a medical device and therefore has no Intended Use ISO 14971 does not apply to basebox. But basebox incorporates cybersecurity controls to protect from cyber threats which may lead to a health risk or privacy issues. The technical documentation comprises also the list of known anomalies which may be used by the Medical Device manufacturer as an input to the risk analysis performed for the final Medical Device.
General Quality Management
ISO 13485 is an international standard that sets out requirements for a quality management system (QMS) specific to the medical device industry. It is designed to help organizations ensure that their medical devices are safe, effective, and of high quality by establishing a framework for managing medical device design, development, production, installation, and servicing. Organizations that are certified to this standard demonstrate that they have a robust QMS in place and are committed to meeting the needs of their customers and regulatory requirements.
basebox, the company, is not a legal manufacturer of Medical Devices but is planning to establish a ISO 13485-based quality management system.MORE
Regulatory Affairs/Quality Assurance (retired)
The General Data Protection Regulation (GDPR) is a regulation of the European Union. GDPR strengthens EU data protection rules and regulates the handling and processing of the personal data of EU citizens. It applies to any company that processes the personal data of EU citizens, regardless of where the company is based. It gives EU citizens greater control over their data, sets out strict rules for companies on how they must handle and protect personal data, and gives citizens the right to access, correct, and delete their data, as well as the right to data portability.
basebox supports any database functionality needed for medical device applications and any other applications handling private information to support GDPR compliance (E.g., history of single patient records).
basebox is hosted by you
basebox is a data management system that comes with an integrated database. You can use the built-in database or connect your own. You can host your database at any location.
Regardless of the hosting location of your database, basebox takes care of data management.
A quality assurance agreement (QAA) is a contract between companies such as medical device manufacturers and their suppliers (subcontractors). In these contracts, both parties agree on which obligations the suppliers must fulfill regarding the quality of delivered products and services.
basebox is not a service provider for the production of your product but an off-the-shelf (OTS) backend framework for self-hosting.
We cover the provisions of a quality assurance agreement in the license terms.