Back to Compliance

Medical Standards Compliance

Apolo's adherence to international medical AI standards and best practices

International Standards

Apolo is designed and developed in accordance with key international standards for medical devices and software in healthcare:

ISO 13485:2016

Quality Management System for Medical Devices. Apolo's development follows a structured quality management system that ensures consistent design, development, and maintenance processes.

ISO 14971:2019

Application of Risk Management to Medical Devices. Apolo implements a comprehensive risk management process that identifies, analyzes, evaluates, and mitigates risks throughout the product lifecycle.

IEC 62304:2006

Medical Device Software - Software Life Cycle Processes. Apolo's software development follows a structured lifecycle approach with defined processes for development, maintenance, risk management, configuration management, and problem resolution.

IEC 62366-1:2015

Medical Devices - Application of Usability Engineering. Apolo's user interface and interaction design incorporate usability engineering principles to minimize user errors and enhance safety.

Regulatory Frameworks

European Union

Apolo is designed to comply with the European Medical Device Regulation (MDR) 2017/745, which classifies it as a Class IIa medical device based on Rule 11 (software intended to provide information used for diagnostic or therapeutic decisions).

United States

For the US market, Apolo is classified as a Class II medical device, planning to seek FDA clearance through the 510(k) pathway. The development process incorporates FDA guidance on Software as a Medical Device (SaMD) and Clinical Decision Support (CDS) systems.

International Medical Device Regulators Forum (IMDRF)

Apolo follows the IMDRF framework for Software as a Medical Device (SaMD), falling into Category II: "Software as a Medical Device intended to drive clinical management of a disease or condition."

AI/ML-Specific Standards

Good Machine Learning Practice (GMLP)

Apolo adheres to emerging Good Machine Learning Practice principles, including:

  • Dataset quality management throughout the product lifecycle
  • Robust and traceable data handling processes
  • Transparent model architecture documentation
  • Well-defined performance evaluation metrics
  • Monitoring for performance drift and model degradation
  • Rigorous validation across different clinical scenarios

Clinical Evaluation

Apolo's clinical performance has been evaluated according to standardized methodologies:

Evaluation Aspect Methodology Standards/Guidelines
Analytical Performance Statistical validation on benchmark datasets, confusion matrix analysis, ROC curve analysis FDA Guidance on Statistical Guidance on Reporting Results from Studies Evaluating Diagnostic Tests
Clinical Performance Prospective clinical trials, comparative studies with expert clinicians STARD Guidelines for diagnostic accuracy studies
Usability & Human Factors Formative and summative usability testing, cognitive walkthrough evaluations IEC 62366-1, FDA Human Factors Guidance

Explainability & Transparency Standards

Apolo's dual-level explainability approach aligns with emerging standards for AI transparency in healthcare:

Design Principles for Explainability

  • Stage 1 (Descriptive): Provides objective, standardized descriptions of visual findings following structured reporting guidelines from medical societies.
  • Stage 2 (Reasoning): Implements explicit reasoning traces influenced by principles from:
    • IEEE P7001 (Transparency of Autonomous Systems)
    • ISO/IEC TR 24028:2020 (Trustworthiness in AI)
    • ITU/WHO FG-AI4H guidelines for transparency in health AI

Documentation Standards

Apolo is documented according to emerging AI transparency frameworks:

  • Model Cards for Model Reporting (Mitchell et al., 2019)
  • Datasheets for Datasets (Gebru et al., 2018)
  • System-level documentation following the FDA's proposed Predetermined Change Control Plan approach

Privacy & Security Standards

Apolo's privacy-by-design architecture implements principles from:

  • ISO/IEC 27001: Information security management
  • ISO/IEC 27018: Protection of personally identifiable information (PII) in public clouds
  • HIPAA Security Rule: Technical safeguards for protected health information
  • GDPR: Data protection by design and by default (Article 25)

Key security features include:

  • Architectural separation of image processing and diagnostic inference
  • On-premise deployment options for maximum data sovereignty
  • Encryption of data in transit and at rest
  • Role-based access controls and audit logging
  • Secure containerization with vulnerability scanning