Compliance and regulatory support to bring your devices safely to maket.

Pragmatic support and resources to make sure your medical devices are safe for use and compliant.

We don’t believe that regulation and compliance should be a barrier to innovation so we share our resources  to help you solve your own regulatory and compliance challenges where you can, and we’re here when you need a little extra support.

Sometimes with resource pressures,  its just faster and easier to engage with a trusted partner who knows what needs to be done.to figure out your regulatory challenges.

Or you might just want a sanity check and expert view on your compliance and regulatory  progress and a little more oophm behind you. 

Deviceology is passionate about doing the right things, the right way to bring devices safely to market.

Our services

Artificial Intelligence

The landscape of Artificial Intelligence is continuously evolving, marked by a rising number of regulations, standards, guidance documents, technical reports, as well as emerging frameworks. 

Below, we outline just a few of the existing and upcoming resources in this dynamic field that we can help you expertly navigate and where appropriate comply with.

The EU Artificial Intelligence Act (EU AIA)

The EU Artificial Intelligence Act (EU AIA) aims to create a single set of rules that apply across all EU member states, thereby establishing a common European approach to AI. The act categorise AI systems based on their risk levels, imposing stricter regulations on high-risk AI systems; those used in critical areas like healthcare, transportation, and public services, for example.

These high-risk AI systems are subject to rigorous assessments for safety, data governance, and transparency before entering the market. Lower-risk or minimal-risk AI technologies, such as chatbots or AI-enhanced video games, face fewer restrictions.

The ultimate goal of the act is to ensure that AI technologies are developed and used in a manner that is safe and respects EU laws on fundamental rights and values, while also fostering innovation and growth in the European AI sector.

Deviceology specialises in helping businesses navigate the complex landscape of AI regulations, including the EU Artificial Intelligence Act. We offer a suite of compliance services specifically designed to assess and ensure that your AI systems meet the standards outlined in the act, particularly in the areas of safety, data governance, and transparency. For high-risk AI systems, we conduct thorough assessments to make sure they comply with the stringent requirements before they can be deployed in sectors like healthcare, transportation, and public services.

Even for lower-risk AI technologies, we offer consultation and auditing services to ensure that you are still in line with EU laws and guidelines. Our aim is to simplify compliance, providing you with a clear path to operate within the European market, thereby allowing you to focus on innovation and growth. With our expertise, your business can confidently demonstrate compliance with the EU AIA, mitigating risks and building trust with stakeholders.

British Standard 30440 Validation Framework for the Use of AI in Healthcare

BS 30440:2023 Validation framework for the use of artificial intelligence (AI) within healthcare. 

AI systems are increasingly used in the healthcare sector to support healthcare professionals and create efficiencies in the wider healthcare system.

For AI to succeed in this context, there is a need for systems to undergo rigorous evaluation to demonstrate their clinical benefits, safe and secure integration into existing clinical pathways, sufficient levels of performance, and that their use is ethical and socially equitable. BS 30440 is a standard that has been developed to serve as a guide

Information Security, Cybersecurity and Privacy Protection

There are multiple crucial regulations, standards, and frameworks in the fields of Information Security, Cyber Security, and Data Privacy that companies, especially those whose products and services are powered by AI, must adhere to. 

Below, we detail some of the key guidelines and standards we can assist you with, to ensure compliance, certification, and robust security measures.

ISO 27001:2022

ISO 27001 is a globally recognised standard for Information Security, Cybersecurity and Privacy Protection. It provides a systematic approach to managing sensitive company information by encompassing people, processes, and IT systems. Achieving ISO 27001 certification demonstrates a commitment to information security and the protection of data, instilling confidence in clients, stakeholders, and regulators.

The standard offers a robust framework for the establishment and maintenance of an Information Security Management System (ISMS), ensuring ongoing compliance and a resilient posture against evolving security threats.

Deviceology offers a comprehensive suite of services designed to guide clients through the process of achieving certification. Leveraging our deep expertise in information security and compliance, we provide end-to-end support that includes initial gap assessments, tailored policy and procedure development, and hands-on assistance in implementing the necessary security controls.

Our team of certified professionals collaborates closely with clients to build a robust Information Security Management System (ISMS) that not only meets but exceeds the rigorous requirements of ISO 27001. We also offer training sessions to ensure staff are well-equipped to maintain high security standards. Beyond that, our ongoing audit and monitoring services help to sustain compliance, thereby making the path to certification streamlined, effective, and sustainable.

Cyber Essentials

The UK’s Cyber Essentials scheme is a government-backed, industry-supported certification designed to help organisations protect themselves against common online threats. The scheme focuses on five key controls: secure configuration, boundary firewalls, access control, patch management, and malware protection.

Achieving Cyber Essentials certification demonstrates that an organisation has implemented essential cybersecurity measures. It is often a requirement for companies wishing to bid for government contracts and is increasingly being recognised as a standard in various sectors.

The scheme offers two levels of certification: Cyber Essentials and Cyber Essentials Plus, the latter being a more rigorous assessment involving hands-on testing of an organisation’s network sand devices.

Deviceology assists clients in navigating the complexities of achieving Cyber Essentials and Cyber Essentials Plus certification. Leveraging expertise in cybersecurity and compliance, Deviceology conducts a comprehensive assessment of the client’s existing cybersecurity infrastructure and practices, providing tailored recommendations to meet the scheme’s requirements, including implementing the necessary controls and configurations. 

By doing so, Deviceology not only helps clients enhance their cybersecurity posture but also positions them favourably for business opportunities that require such certifications, in compliance with UK regulations and moving towards ISO/IEC 27001 standards.

NHS DSP Toolkit

The Data Security and Protection (DSP) Toolkit is an online tool that allows organizations to measure their performance against the National Health Service’s (NHS) data security and protection requirements in the United Kingdom. Organisations that access NHS patient data and systems must use this toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly.

At Deviceology we will review your data security and compliance arrangements to find areas for improvement. Update necessary documents and controls, and evaluate current risk assessments. Conduct a staff survey on data safety awareness, Compare your controls to DSP Toolkit requirements and add new ones if needed. Set up emergency plans and reporting systems, and assist in completing the DSP Toolkit submission.

The Framework for AI Cybersecurity Practices

The Framework for AI Cybersecurity Practices represents a comprehensive approach to addressing the evolving challenges and risks associated with artificial intelligence (AI) systems in the context of cybersecurity.

Developed as a collaborative effort among cybersecurity experts, AI researchers, and policymakers, this framework aims to provide organisations with guidelines and best practices to secure their AI implementations effectively.

It recognises the unique threats that AI technologies can introduce, such as adversarial attacks, data poisoning, and model vulnerabilities, and offers recommendations to mitigate these risks while fostering the benefits of AI innovation.

Implementing the framework involves integrating advanced security measures, such as encryption, access controls, and secure development practices, into the AI system’s architecture. Deviceology will help you to establish clear guidelines and protocols for handling sensitive data, as well as mechanisms to detect and mitigate adversarial attacks and vulnerabilities.

Regular testing and validation ensure that the AI models remain resilient and adaptive in the face of emerging threats. we will support you in providing comprehensive training for your personnel, fostering a culture of cybersecurity awareness and accountability.

Maintaining compliance with The Framework for AI Cybersecurity Practices is an ongoing endeavour. Deviceology helps clients stay vigilant, continuously updating their security measures to address evolving threats and adopting emerging best practices.

Regular audits and assessments help assess the effectiveness of the cybersecurity strategy and ensure that any deviations from compliance are promptly addressed. By adopting this holistic approach to compliance, clients can instill trust in their AI systems, safeguard sensitive data, and contribute to the responsible and secure advancement of AI technology. 

Other Regulations, Standards and Frameworks

There exists a myriad of regulations, international standards, and frameworks that necessitate specialised support for the implementation of appropriate controls and, where applicable, the demonstration of compliance. Should you find that the specific guidelines you require assistance with are not listed above, please do not hesitate to reach out to us. We are sure we can provide you with the expert guidance you need.

Medical Devices

There are numerous critical regulations and standards with which medical device companies, including those specialising in AI-powered devices, must comply.

Below, we outline some of the key regulations and standards that we can help you expertly navigate.

EU Medical Devices Regulation

The European Union Medical Device Regulation (EU MDR) is a comprehensive set of rules that govern the design, manufacture, and distribution of medical devices within the EU.

The regulation emphasizes a lifecycle approach to safety, promoting constant monitoring and periodic updates to ensure the ongoing safety and efficacy of medical devices. Importantly for the AI field, EU MDR is applicable to medical devices that are AI-powered, requiring them to meet specific criteria related to safety, performance, and data governance.

This includes conducting clinical evaluations, post-market surveillance, and ensuring that the devices have appropriate risk management and quality management systems in place.

Deviceology specialises in aiding businesses to align their AI-powered medical devices with the stringent requirements of the EU MDR. 

Our team of experts offer an end-to-end service that encompasses initial assessments, gap analysis, and actionable roadmaps for compliance. 

We guide you through the nuances of clinical evaluations, risk management, and data governance specific to AI technologies. We offer assistance in setting up robust quality management systems and protocols for post-market surveillance, ensuring ongoing compliance and adaptability to regulatory changes.

ISO 13485 Quality Management System

ISO 13485 is the international standard that outlines the requirements for a quality management system specifically for organisations involved in the medical device industry, including manufacturers and service providers. 

It emphasises various areas crucial for medical devices, such as risk management, quality assurance, and post-market surveillance/

Deviceology offers a comprehensive suite of services designed to help organisations implement a compliant QMS under ISO 13485, get it certified, and maintain it over the lifetime of the certification. 

Our team guides you through the intricate requirements of the standard, offering assistance in documentation, training, and internal auditing. 

We help you establish risk management processes, quality assurance protocols, and post-market surveillance mechanisms tailored to the unique challenges posed by AI technologies. Post-certification, we offer ongoing support to manage you system and operate effective Post Market Surveillance, as well performing periodic audits to ensure that your QMS stays up-to-date with any amendments to ISO 13485 or related regulations, allowing you to focus on innovation while we ensure that your product meets the highest quality and safety standards.

ISO 14971 Risk Management

UK Medical Devices Regulation

ISO 14971 is the international standard that defines the framework for risk management processes specific to medical devices, including those powered by AI technologies. Recognised globally, this standard is pivotal for organisations in the medical device sector, from manufacturers to developers.

ISO 14971 offers a systematic approach to identify potential hazards, assess associated risks, implement controls, and monitor their ongoing effectiveness throughout the medical device’s lifecycle. Adherence to ISO 14971 not only signifies a device’s safety and efficacy but also complements other standards like ISO 13485, especially in areas of risk assessment and mitigation.

Compliance with ISO 14971 is increasingly viewed as an essential component in meeting international regulatory requirements, including those set by the European Union Medical Device Regulation (EU MDR). Emphasising comprehensive risk management strategies, this standard is instrumental for gaining market access in the EU, the United States, and beyond.

At Deviceology, we provide an extensive range of services geared towards helping organisations seamlessly integrate ISO 14971’s risk management processes. Our team of experts assists in hazard identification, risk evaluation, control implementation, and post-production feedback.

With Deviceology by your side, you can pioneer in the medical device sector, confident in the knowledge that your products align with the most stringent safety and quality benchmarks.

The UK Medical Device Regulation (UK MDR) governs the design, manufacturing, and distribution of medical devices within the United Kingdom. Similar to its EU counterpart, the UK MDR also adopts a lifecycle approach to medical device safety, encompassing aspects from design to post-market surveillance.

For medical devices manufacturers, this means complying with stringent regulations focused on clinical evaluations, data governance, safety assessments, and quality management. The regulation aims to ensure that medical devices, including those leveraging AI technologies, meet the necessary standards to ensure patient safety and product efficacy.

Deviceology is ideally positioned to help businesses navigate the complexities of UK MDR compliance for medical devices. 

Our team of experts offer a comprehensive suite of services, starting from initial compliance assessments to roadmap development for aligning your product features and operational protocols with the UK MDR requirements. We assist in the design and implementation of rigorous clinical evaluations and safety assessments in preparation for you Notified Body certification audits.

Additionally, we help establish and maintain robust quality management systems to ensure ongoing compliance and adaptability to potential changes in regulations. With our specialised services, you can be confident that your medical devices not only fulfill the regulatory requisites of the UK MDR but also offer a competitive edge through guaranteed safety and quality.

United States Food and Drug Administration

The United States Food and Drug Administration (FDA) has specific regulations governing the development, production, and marketing of medical devices.

Depending on the risk classification and the similarity to existing devices, manufacturers may choose different pathways for FDA approval, such as the 510(k) premarket notification process for devices that are similar to those already on the market, or the De Novo pathway for low to moderate risk devices that are novel and unlike any existing classified devices..

Deviceology provides a range of services to help companies with medical devices navigate the complex FDA regulatory landscape. Whether your device is better suited for the 510(k) pathway or the De Novo process, our team of experts can guide you through each step, from pre-submission consultations to post-market surveillance.

We help you compile the necessary documentation and evidence, focusing on areas like clinical validation, risk management, and data governance, tailored to the unique attributes of AI technologies. Our services also include mock FDA audits to prepare you for the real thing and a comprehensive quality management system that aligns with FDA requirements.

Our objective is to simplify the FDA compliance process for you, ensuring that your medical devices meet the most stringent safety and efficacy criteria, thereby facilitating a smoother, more predictable path to market.