This page provides an overview of the regulations and standards that apply to our company and products. We further explain how we implement these to ensure that we provide you with a solution that is compliant, safe, secure, and performs according to its specifications.
Within the European Union, software used for diagnostic and therapeutic purposes is considered a medical device and needs to comply with the European Medical Device Regulation (2017/745). Our products, which are intended to support physicians in diagnosing severe conditions, are generally classified as class IIb, meaning they require review by a Notified Body to verify they conform to EU legislation (Conformité Européenne or ‘CE’). Our company is audited yearly by DEKRA Certification B.V. to ensure that our devices and operations continue to comply with the regulatory requirements.
Contact [email protected] for obtaining the most recent copy of our CE certification under MDR 2017/745.
Our clinical devices make use of our Veye Engine software. Veye Engine is positioned between the clinical device and the customer system to ensure smooth data transfers and pseudonymisation of patient data. Veye Engine is considered a medical device accessory and is cleared through notification at the Dutch Healthcare Inspectorate (IGJ).
Under the European Medical Device Regulation, Aidence has appointed a Person Responsible for Regulatory Compliance (PRRC). The role is currently executed by our Head of Regulatory Compliance, Leon Doorn.
The regulatory system within the UK broadly aligns with the European system applicable to medical devices. We will be appointing our UK registered office to fulfil the UK responsible person role as required per September 2021 and register our products with MHRA before that date.
We are pursuing UKCA certification as soon as possible (pending accreditation of the certification body) with our current (CE) certification body. The UKCA mark will be mandatory for our products per 2023.
Our products are currently not certified for use in the US market.
Regulators often accept ISO (worldwide), EN (European) or NEN (Dutch) standards to demonstrate compliance against regulations. By implementing the standard and demonstrating compliance against it, vendors automatically comply with specific law sections. If standards are harmonised/recognised by legislators, they confirm in writing that these standards meet compliance with legislative requirements.
The ISO 13485 documents the Quality System requirements for manufacturers of medical devices. It includes requirements for design and development, documentation control, resource management, management and measurement, analysis and improvement.
You can download a copy of our ISO 13485 certificate here.
The ISO 27001 documents the Information Security System requirements for organisations. It includes requirements around confidentiality, integrity, and availability of information. Amongst others, Annex A supports organisations to implement technical and organisational measures to protect information that is important to those organisations.
You can download a copy of our ISO 27001 certificate here.
The Medical Device Single Audit Program (MDSAP) certificate aims to fast-track the regulatory process in five countries – the US, Canada, Japan, Australia, and Brazil – by managing a single quality system audit in place of multiple audits. The programme extends the ISO 13485 requirements to local legislation for the participating countries.
You can download a copy of our MDSAP certificate here.
The CE marking for medical devices requires the implementation of many more standards. Our company and products thus comply with:
IEC 62304 – Regarding Software Lifecycle Processes
IEC 82304 – Product Safety Requirements for Health Software
ISO 14971 – Regarding Risk Management
ISO 15223 – Use of symbols on medical devices
IEC 62366 – Regarding usability engineering
Our specific field further lays down product standards such as:
NEMA PS3 / ISO 12052 – Digital Imaging and Communications in Medicine (DICOM)
DCB 0129 – Regarding Clinical Risk Management (UK specific standard)
In line with DCB 0129, Aidence has appointed a Clinical Safety Officer, which is our Chief Medical Officer (CMO), Joris Wakkie. When necessary, external registered clinicians are supporting us in the conduct of clinical risk assessments.
Compliance documentation is available upon request.
ISO standards (under development)
Aidence is an active member of the SC 42 standards committee for ISO. SC 42 aims to develop ISO standards and reports with regards to Artificial Intelligence. Time permitting, we actively contribute to the developments of standards.
For further details on SC42, refer to https://www.iso.org/committee/6794475.html.
GDPR EU and UK
As our company processes (Data Processor) Personal (health) Data belonging to EU and UK citizens, we must comply with the relevant privacy legislation (e.g. EU and UK versions of the GDPR). Our company is bound to strict Data Processing Agreements with each customer. The customers clarify how Aidence can process data on their behalf as a Data Controller.
Aidence has appointed a Data Protection Officer (DPO) to help ensure that personal data is processed in line with the requirements set out by the privacy legislation. Our DPO is the Head of Regulatory Compliance, Leon Doorn.
Currently not applicable as we are not conducting any commercial activity within the U.S.