top of page

ISO for Software as a Medical Device (SaMD)

SaMD manufacturers must follow a range of ISO standards to receive UKCA/CE certification but especially ISO13485 and ISO14971

Screenshot 2024-08-14 at 10.09.02-02.png
Screenshot 2024-08-14 at 14.13.20-2.png

WHAT ISO Standards do SAMD Products need?

ISO13485 is an equivalent Quality Management Standard to ISO9001 but it is specifically for medical devices.

ISO14971 is a risk management standard that is specifically applied to medical devices.

Software products that influence or take clinical decisions are considered medical devices (SaMD) with a minimum classification of Class IIa and must be certified accordingly.

For more advanced SaMD that are incorporating elements of AI they will likely be classified as 'High Risk AI Systems' (HRAIS) and ISO42001 would a supporting additional standard.

THE SaMD Process

Like several other ISO standards, taken together ISO13485 and ISO14971 aim to ensure quality, consistency and safety when it comes to the medical devices being manufactured and implemented in safety critical healthcare environments.

SaMD Compliance Focuses on Patient Safety

SaMD products are complex solutions which can impact the lives of vulnerable patient populations. These ISO standards look to minimise risks whilst enhancing the benefits for end-users.

SaMD Considers Cybersecurity

The software based nature of SaMD products means they are particular prone to cybersecurity threats. By implementing these ISO standards a product can start laying the foundations for cyber-risk management which can be even further enhanced with standards like ISO27001.

SaMD Requires Supply Chain Risk Considerations

SaMD products are increasingly dependent on digitally connected capabilities such as through the cloud so quality and risk management have to address these unique elements of the SaMD supply chain.

SaMD Requires Audit and Certification

SaMD products at the Class IIa and above level require regular internal standards audits and external audits for certification to go-to-market in the UK and EU.

Do I need ISO for SaMD?

If your product is classified as a SaMD then ISO13485 and ISO14971 are recognised harmonised standards  that form an essential part of your documentation for certification in the UK & Europe.

For any AI elements, the EU AI Act makes it clear that medical devices operating at Class IIa and above will be considered HRAIS and so implementing ISO42001 will be a strong demonstration of AI risk management for your products.

Why choose The AbedGraham Group for ISO for SaMD Compliance?

At The AbedGraham Group, we have an extensive track record working with companies, government agencies and regulators to  advise about and implement safety critical standards across the world. The benefits of using The AbedGraham Group as your trusted compliance provider and auditor include:

Track Record

We have managed safety standards, security requirements and audits for hundreds of products and taken organisations through all aspects of national and regional frameworks often supporting compliance as a part of direct bids for business. Our experience in this area and the granularity of our documents are unsurpassed in the marketplace.

Diverse Experience

Having covered over a hundred products in safety critical sectors such as healthcare with a team that has decades of frontline experience across all areas, we are well-placed to manage risk for any product coming to market. 

Peace of Mind

Navigating safety in product development and deployment requires reliability, evidence-based information, and trustworthiness. With our extensive experience, we've encountered various requests and challenges. Many companies pay mere lip service to risk management, leading to complications with regulators and prospective customers. Our experts will ensure you avoid these issues expediting procurement and deployment of your software systems.

All Encompassing Expertise

Managing risk and compliance requirements can be complex requiring expertise across multiple standards, regulations and jurisdictions.  Unlike most companies which focus on a single standard such as ISO27001, we are experts in all the necessary standards that underpin the most important regulations such as NIS2 and the EU AI Act.

Interested in Other ISO Standards?

As leading ISO Standards compliance experts we can support your organisation to navigate a range of technology and cybersecurity requirements.

ISO for Cybersecurity

The best way for organisations to meet the UK and EU's cybersecurity regulations is to implement a suite of ISO standards with our expert guidance

ISO for Privacy and Ethics

The best way for organisations to meet the UK and EU's privacy and ethics regulations is to implement a suite of ISO standards with our expert guidance

ISO for AI

The best way for organisations to meet the UK and EU's Artificial Intelligence (AI) regulations is to implement a suite of ISO standards with our expert guidance

Supply Chain Audit

All regulated companies operating in the UK and EU must regularly audit their supply chain for cybersecurity risks.

bottom of page