Blog 18 - Regulatory Standards & Data Protection

Our first blog of 2022 gives a brief insight into the regulatory and quality controls employed by Shimmer to ensure we are meeting all ISO13485:2016 standards in the production of the hardware and data capture systems used in studies and trials

As most vendors will likely testify, going thought the audit process to get selected for inclusion in a clinical trial is a pretty extensive measure. This blog will give a peek into the regulatory and quality controls used by Shimmer in relation to our Verisense platform and the data it outputs. Naturally there is much we cannot share publicly, but we are happy to discuss in more details with interested parties when under NDA.

Quality Management System

Shimmer has a documented quality assurance process, with a quality system independent from operations. Shimmer is audited annually by a 3rd party regulatory body based on ISO13485:2016. In addition for compliance with ISO13485:2016 we perform six internal audits annually.

Shimmer’s Quality Management System (QMS) covers all the relevant processes such as training, internal and external auditing, system development, configuration, testing, data management, selection of third party providers and CAPA management. The Shimmer Quality Management System (QMS) comprises of 3 layers; The Quality Manual, Quality Procedures and Quality Records, forms, reports and templates. Shimmer’s QMS complies with FDA 21 CFR Part 11, HIPPA, and GDPR rules. Shimmer’s QMS includes processes that support the development and life-cycle management including change management of GxP classified systems. All major activities within the Verisense system are audit traceable.

The Quality Manager reports to the CEO and is responsible for all aspects of quality within the company. The Quality Manager has the authority to stop work or shipments as and when considered necessary. The Quality Manager is also responsible for Regulatory Affairs but has the services of a Regulatory Consultant to advise on ensuring that all medical and general regulatory requirements and standards are complied with.

Verisense IMU hardware is classified as a Class I medical device in the EU, and FDA listed as a Class II, 510(k) exempt under 21 CFR 822.5050.  Verisense is FCC approved.

Shimmer's parent company Realtime Technologies is a contract electronic manufacturing company with state of the art facilities in Dublin, Ireland and the Czech Republic. Realtime design, manufacture and integrate electronic systems for companies in industries such as aerospace and avionics, medical equipment, defence systems and transport systems. Realtime thus manufactures all Shimmer sensors and related accessories.

Realtime constantly invests in the latest robotic, inspection and test equipment to ensure the highest quality such as XD7500VR Jade FP X-ray inspection, Universal Fusion MPM Accela Printer, PCB pick and place fusion, Cyber optics flex, ERSA SMARTFLOW 2020. Realtime has the relevant quality certificates: AS9100 and ISO 13485 2016 and is audited annually.

Data Protection

All data hosting for the Verisense platform is on an AWS server with the region selected by the customer. If no client preference then AWS region 'eu-west-1' is used. All raw data is made available. Aggregated metrics for activity and sleep are also available if sensor is wrist worn. Shimmer is GDPR compliant.

Electronic records (Quality procedures) related to ISO13485:2016 are archived according to that standard. Electronic data relating to the Verisense platform is retained for a fixed period of time after Database Lock (typically 5 years) and then permanently deleted upon agreement with the customer. All data communications between users and IT systems are protected from unauthorized interception or tampering through the use of SSl/TLS, the industry acceptable standards.

Verisense uses a strong password policy requiring a minimum length of 8 characters and with requirement for numbers, special characters, uppercase and lowercase letters. No password is assigned to a user, they create the password themselves which must satisfy the password policy. All passwords are stored and managed by AWS cognito ensuring they are protected by leading encryption methods and from brute force attack. 

Blog 8 on Data Security and Encryption with Verisense, see here, outlines further measures the Verisense platform utilizes to protect the data of our users.

Shimmer provides all translations for patient facing materials to aid trial submissions. Materials are already in place for many languages. Site/Sponsor materials are in English, but other languages can be developed on request for these materials. In additional Shimmer provides comprehensive training guides and videos to aid users of the Verisense system.

We hope this blog gives a brief insight into the comprehensive quality systems we use to allow Verisense come through sponsor audits and be selected in clinical trials. Shimmer owner and CEO Paddy White’s background is in quality, and it is a commitment to quality that underpins all our activities and product development.

If you have any questions or would like more information please contact us.