ISO Certifications, Health Data Security, Healthcare Data Storage

Chino.io - The first ISO 13485 certified Database as a Service (DBaaS) for Medical Data

We at Chino.io are proud to announce that we are ISO 13485:2016 certified. This makes us the only Database as a Service (DBaaS) and platform who has necessary certifications to support your development of connected medical devices and health applications.

In a nutshell, why is Chino.io ISO 13485 important to you?

If you are developing a medical grade application or connected device, the ISO 13485 provides you the de facto mechanism to demonstrate compliance to regulations such as the new EU Medical Device Regulation (MDR),that came into force in May 2017. Nevertheless, a transition phase of three years (medical devices) or four years (in-vitro diagnostics) was granted that allows companies to certify according to the old directive, the Medical Device Directive. So, the latter will be suspended in May 2020, but in any way it’s only the Medical Device Regulation 2017/745 that counts from then on.

To develop your applications or connected devices you are going to use different cloud technologies, libraries and tools. This means that you are responsible for ensuring that all your components and their suppliers have an adequate level of quality for being part of your product. So if your suppliers are not ISO 13485 certified, then you must put in place necessary procedures, tests, monitoring activities, and documentation to demonstrate their compliance, before going to the market.

Therefore, Chino.io certification saves your time and money providing you all necessary guarantees that are required for building your medical grade applications. This means that you can use our secure Database as a Service and API to ensure GDPR and HIPAA compliance, cut time to market, costs, and eliminate risks related to health sensitive data management.

In addition to the ISO 13485, Chino.io is also ISO 9001 and ISO 27001 certified, which helps us to cover all quality and security aspects not found in ISO 13485 that are good for all businesses.

MDR and eHealth: How to build MDR compliant applications

Download here

But, my cloud provider is ISO 9001 certified. Isn't that enough?

Partially. The ISO 9001 is similar in scope and purpose to the ISO 13485 standard and it defines procedures on how to implement a QMS. However, the ISO 13485 contains additional, specific requirements for medical devices and reformulates some of the requirements of ISO 9001. So in order to reach that gap, you need to do extra work and and provide your own liability to prove that your technologies meet the quality requirements for medical context.

Main differences between ISO 13485 and ISO 9001:

  • Emphasis on risk management activities during product development;
  • Focus on specific guidelines as a management responsibility. For example, the Quality System Regulation 21 CFR 820 (QSR) for medical devices sold in the United States;
  • Work environment controls to ensure product safety;
  • Requirements for documentation and validation of processes for sterile medical devices;
  • List of effectiveness indicators for Corrective and Preventive Actions;
  • Requirements for inspection and traceability for implantable devices;

Benefits are reaped from being both 9001 and 13485 certified because 9001 focuses on business aspects not found in 13485 that are good for all businesses.

What is a Quality Management System (QMS)? It is a collection of policies, processes, documented procedures, and records. It is tailored to the specific product or service, but the ISO 13485 standard defines crucial elements for a QMS to be successful. ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.

If you want to learn more about how to build and manage a QMS, you can contact our partners SoftComply.

How widely adopted is the ISO 13485 standard?

The standard, originally developed in the 1990s, includes requirements for quality management systems that meet customer needs, as well as the regulatory requirements of the EU, Canada, and other key markets.

In the EU, the requirements of EN ISO 13485 incorporate the EU Medical Devices Directive (93/42/EEC), the Directive on in vitro diagnostic medical devices (98/79/EC) and the Directive on active implantable medical devices (90/385/EEC). Certification according to EN ISO 13485 by an accredited certification body leads to a presumption of conformity. That is, it is believed that a manufacturer certified to ISO 13485 complies with the requirements.

In the US, the FDA announced this year that it will use ISO 13485 when replacing its current quality system regulation. This is an important step toward achieving global recognition of this standard.

Canadian and Australian laws require that medical device manufacturers have their quality management systems certified to ISO 13485. “March 1st, 2019, as the transition date to ISO 13485:2016. All manufacturers of class II, III, and IV medical devices holding licenses or applying for new or amended licenses must complete the transition to ISO 13485:2016 by March 1st, 2019." In the future, quality management audits for Canada will become necessary via MDSAP audits.

All businesses regardless of size and type except where explicitly stated. When requirements are specified as applying to medical devices, the requirements apply equally to any associated services supplied by the organization.

How can Chino.io help you build your connected device and medical software?

As the only cloud provider on the market with 13485:2016 accreditation we make it easy for you to meet the strict requirements for the Medical Device Directives, regulations and responsibilities. Demonstrating a commitment to the safety and quality of medical devices. At Chino.io we take your data security seriously.

MDR and eHealth: How to build MDR compliant applications

Download here

Author image

About Ruta Naujokaite

Strategic thinker developing innovative strategies for the Digital Health sector.
  • Berlin, Germany