WHAT ISO Standards do SAMD Products need?
ISO13485 is an equivalent Quality Management Standard to ISO9001 but it is specifically for medical devices.
ISO14971 is a risk management standard that is specifically applied to medical devices.
Software products that influence or take clinical decisions are considered medical devices (SaMD) with a minimum classification of Class IIa and must be certified accordingly.
For more advanced SaMD that are incorporating elements of AI they will likely be classified as 'High Risk AI Systems' (HRAIS) and ISO42001 would a supporting additional standard.
THE SaMD Process
Like several other ISO standards, taken together ISO13485 and ISO14971 aim to ensure quality, consistency and safety when it comes to the medical devices being manufactured and implemented in safety critical healthcare environments.
SaMD Compliance Focuses on Patient Safety
SaMD products are complex solutions which can impact the lives of vulnerable patient populations. These ISO standards look to minimise risks whilst enhancing the benefits for end-users.
SaMD Considers Cybersecurity
The software based nature of SaMD products means they are particular prone to cybersecurity threats. By implementing these ISO standards a product can start laying the foundations for cyber-risk management which can be even further enhanced with standards like ISO27001.
SaMD Requires Supply Chain Risk Considerations
SaMD products are increasingly dependent on digitally connected capabilities such as through the cloud so quality and risk management have to address these unique elements of the SaMD supply chain.
SaMD Requires Audit and Certification
SaMD products at the Class IIa and above level require regular internal standards audits and external audits for certification to go-to-market in the UK and EU.
Do I need ISO for SaMD?
If your product is classified as a SaMD then ISO13485 and ISO14971 are recognised harmonised standards that form an essential part of your documentation for certification in the UK & Europe.
For any AI elements, the EU AI Act makes it clear that medical devices operating at Class IIa and above will be considered HRAIS and so implementing ISO42001 will be a strong demonstration of AI risk management for your products.
Why choose The AbedGraham Group for ISO for SaMD Compliance?
At The AbedGraham Group, we have an extensive track record working with companies, government agencies and regulators to advise about and implement safety critical standards across the world. The benefits of using The AbedGraham Group as your trusted compliance provider and auditor include:
Track Record
We have managed safety standards, security requirements and audits for hundreds of products and taken organisations through all aspects of national and regional frameworks often supporting compliance as a part of direct bids for business. Our experience in this area and the granularity of our documents are unsurpassed in the marketplace.
Diverse Experience
Having covered over a hundred products in safety critical sectors such as healthcare with a team that has decades of frontline experience across all areas, we are well-placed to manage risk for any product coming to market.
Peace of Mind
Navigating safety in product development and deployment requires reliability, evidence-based information, and trustworthiness. With our extensive experience, we've encountered various requests and challenges. Many companies pay mere lip service to risk management, leading to complications with regulators and prospective customers. Our experts will ensure you avoid these issues expediting procurement and deployment of your software systems.
All Encompassing Expertise
Managing risk and compliance requirements can be complex requiring expertise across multiple standards, regulations and jurisdictions. Unlike most companies which focus on a single standard such as ISO27001, we are experts in all the necessary standards that underpin the most important regulations such as NIS2 and the EU AI Act.
Interested in Other ISO Standards?
As leading ISO Standards compliance experts we can support your organisation to navigate a range of technology and cybersecurity requirements.