Compliance

Secure, ethical and patient centred

Data Security, Regulatory Compliance and Quality Assurance are the cornerstones of our approach. Abtrace is committed to transparency and external validation.

Timeline

2018
Aug

Abtrace Incorporated

Nov

Funding secured

€2 million investment from EIT-Health.

2019
Apr

ICO Registration

The Information Commissioner’s Office (ICO) is the UK’s independent body that has been set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Under the Data Protection Act 2018, organisations processing personal data must register on the Data Protection Register. Abtrace is registered under the reference number ZA517064.

May

GDPR Compliant

The General Data Protection Regulation alongside the Data Protection Act 2018 require organisations to store and process data in accordance with the rights, obligations and principles of autonomy, transparency and confidentiality. Scheduled data protection impact assessments (DPIAs) conducted regularly identify risks, mitigations and responsibilities to minimise data held and use it for clearly defined purposes.

Jul

NHS Data Security and Protection Toolkit

All organisations that access NHS patient data must use this tool to provide assurance that they are practicing good data security and that personal information is handled correctly.

This allows organisations to measure their performance against National Data Guardian’s data security standards.

Jul

Cyber Essentials Certification

Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.

Abtrace has been certified by IASME as meeting the required standards for software and systems to protect against cyber threats.

Aug

ISO27001:2013 Certification

This international standards certification requires a two stage on site initial audit with ongoing surveillance assessments by Lloyd’s Register to assess the Information Security Management System (ISMS) for the management and delivery of software solutions and supporting data infrastructure.

Sep

Data Infrastructure penetration tested

Conducted by a CREST approved provider, this test asked an independent group of experts to attempt to breach our data infrastructure in an attempt to discover unknown high-risk vulnerabilities. No such issues were identified.

2020
Jan

ISO13485:2016 Certification

This international standards certification requires a quality management system (QMS) where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

This required a two stage on-site audit with ongoing surveillance covering the life-cycle, including design and development, production, distribution, installation, and servicing of an AI based medical device and and provision of associated activities.

Oct

CE Mark – Medical Device Certification

A CE Mark will confirm our Software as a Medical Device (SaMD) conforms with the required health, safety and environmental standards required for products to be sold within the European Economic Area. This includes clinical validation and an ongoing process for post marketing surveillance and quality assurance. Abtrace’s SaMD is expected to achieve CE Mark by the end of Q1 2020.

Compliance

Secure, ethical and patient centred

Data Security, Regulatory Compliance and Quality Assurance are the cornerstones of our approach. Abtrace is committed to transparency and external validation.

Timeline

2018
Aug

Abtrace Incorporated

Nov

Funding secured

€2 million investment from EIT-Health.

2019
Apr

ICO Registration

The Information Commissioner’s Office (ICO) is the UK’s independent body that has been set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Under the Data Protection Act 2018, organisations processing personal data must register on the Data Protection Register. Abtrace is registered under the reference number ZA517064.

May

GDPR Compliant

The General Data Protection Regulation alongside the Data Protection Act 2018 require organisations to store and process data in accordance with the rights, obligations and principles of autonomy, transparency and confidentiality. Scheduled data protection impact assessments (DPIAs) conducted regularly identify risks, mitigations and responsibilities to minimise data held and use it for clearly defined purposes.

Jul

NHS Data Security and Protection Toolkit

All organisations that access NHS patient data must use this tool to provide assurance that they are practicing good data security and that personal information is handled correctly.

This allows organisations to measure their performance against National Data Guardian’s data security standards.

Jul

Cyber Essentials Certification

Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.

Abtrace has been certified by IASME as meeting the required standards for software and systems to protect against cyber threats.

Aug

ISO27001:2013 Certification

This international standards certification requires a two stage on site initial audit with ongoing surveillance assessments by Lloyd’s Register to assess the Information Security Management System (ISMS) for the management and delivery of software solutions and supporting data infrastructure.

Sep

Data Infrastructure penetration tested

Conducted by a CREST approved provider, this test asked an independent group of experts to attempt to breach our data infrastructure in an attempt to discover unknown high-risk vulnerabilities. No such issues were identified.

2020
Jan

ISO13485:2016 Certification

This international standards certification requires a quality management system (QMS) where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

This required a two stage on-site audit with ongoing surveillance covering the life-cycle, including design and development, production, distribution, installation, and servicing of an AI based medical device and and provision of associated activities.

Oct

CE Mark – Medical Device Certification

A CE Mark will confirm our Software as a Medical Device (SaMD) conforms with the required health, safety and environmental standards required for products to be sold within the European Economic Area. This includes clinical validation and an ongoing process for post marketing surveillance and quality assurance. Abtrace’s SaMD is expected to achieve CE Mark by the end of Q1 2020.

Top News Section - Abtrace.co