ISO 13485:2016 at GLI – Summary of 2024 

At Graylight Imaging, we pay a lot of attention to the quality and safety of the medical devices we work on. This means that issues related to regulations and standards like ISO in medical software development are a priority for us. For example, the processes and procedures implemented at GLI meet the requirements of the ISO 13485:2016 standard, as confirmed by another external audit. More about the process of obtaining the GLI certificate can be found here: Graylight Imaging is ISO 13485 certified. However, in 2024 we managed to achieve much more than just successfully passing the ISO 13485:2016 surveillance audit.

Throughout 2024, we worked on several projects aimed at medical software development in accordance with the requirements for medical devices. For us, this means that we not only worked in accordance with the requirements of ISO 13485:2016 but also EN 62304:2006/A1:2015 and ISO 14791:2019. These standards form the basis of our QMS and our procedures used during medical software development are based on them. This allows us to assure our clients of the high quality of our services. This is possible because, firstly, the software we create is developed using best practices. Secondly, it is meticulously and repeatedly tested at various levels. Finally, and most importantly, during medical software development, we conduct continuous risk analysis and implement countermeasures to prevent or minimize its occurrence. This ensures that our clients can be confident that the software we prepare will be both effective and safe.

How these issues are handled in practice has been verified through audits, the details of which we describe below.

In 2024, we conducted 8 internal audits to assess QMS compliance within individual teams. These audits focused on ISO 13485:2016, EN 62304:2006/A1:2015, and ISO 14791:2019 standards, with results demonstrating effective implementation and process adherence at GLI. Of course, certain deviations were also discovered in selected teams that need to be corrected. There were also suggestions and proposals for improvements. This demonstrates the value of external perspectives in everyday work. Specifically, insights from individuals not directly involved in a team or project can be highly beneficial.

Our declarations regarding ISO compliance in medical software development require independent verification. Otherwise, they could be dismissed as mere boasts. With this in mind, we undergo an annual audit conducted by the notified body TÜV NORD, whose task is to assess whether processes implemented at GLI comply with the requirements of ISO 13485:2016. However, the 2024 audit was special.

For the first time, we had the opportunity to host an external observer from the Polish Center for Accreditation, whose task was to assess the work of the auditors. It was a valuable experience for us to see what such an “audit during an audit” looks like. Returning to “our” audit, it showed a positive image of GLI as a supplier of software for medical devices. We have minor elements that we still need to work on and areas where there is potential for improvement. However, they do not disrupt the positive overall audit result and the good assessment of individual processes.

Thanks to those audits, we will enter 2025 with ideas for improvements in our processes of ISO in medical software development. Their implementation will ensure that the work on software for our clients will result in effective and safe medical devices.