Compliance Cover Image

Compliance

We comply with the data protection and privacy laws generally applicable to our business activities.

You are, as our customer, responsible for determining whether Auditdata’s products and services comply with the specific laws and regulations applicable to your industry and use scenario. To help you comply with your own specific requirements, we focus on providing compliance in various areas.

We are committed to provide customers with detailed information about our regulatory and security compliance to help customers make their own regulatory assessments. However, it is ultimately up to our customers to evaluate Auditdata product and service compliance against their own requirements to determine whether our products and services satisfy their regulatory needs.

Noah Logo White 140X80
FDA Logo White 140X80
NHS Logo White 140X80
DNV GL Logo White 140X80
TUV Logo White 140X80
Hippa Complience (1)

ISO/IEC 27001:2022 Audit and Certification

Auditdata is committed to annual ISO/IEC 27001:2022 certification of our ISMS – Information Security Management System. Our certificate issued by DNV GL – Business Assurance. The Auditdata ISO/IEC 27001:2022 Statement of Applicability is available – upon escalation – to customers under a non-disclosure agreement. It includes 93 security controls, and it maps Auditdata security controls to control objectives contained in Annex A of ISO/IEC 27001:2022. Please contact Auditdata to obtain a copy of the document.
ISO/IEC 27001:2022 is a broad international information security standard for Information Security Management Systems. The ISO/IEC 27001:2022 certificate validates that Auditdata has implemented the internationally recognized information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.


Scope: Information security in relation to personal data processing for Audiology Solutions design, development, operation and support, in accordance with Statement of Applicability version 3.


The certificate covers the following organizations:

  • Auditdata A/S, Denmark
  • Auditdata Ltd., United Kingdom
  • Auditdata Ukraine TOV, Ukraine
  • Auditdata Inc., Canada

 

 

ISO 13485:2016 Audit and Certification

Auditdata is committed to annual ISO/IEC 13485:2016 certification of our Quality Management System for Medical Devices. The certificate issued by the TÜV Süd is publically available.

ISO 13485:2016 is a broad international Quality Management System for Medical Devices standard and represents the requirements for a comprehensive quality management system for the design and manufacture of medical devices. The ISO 13485:2016 certificate validates that Auditdata has implemented the internationally recognized standard and reassures consumers that Auditdata medical products have been tested and certified for safety and performance.

Amongst other initiatives this certification is achieved by ensuring compliance of the product development processes to the IEC 62304 international standard on Software Development Life Cycle for medical device software and IEC 82304 Health software.

Scope: Design and development, production, distribution and servicing of audiometric equipment.

 

 

FDA Approval

The Food and Drug Administration (FDA or USFDA) is an agency of the United States Department of Health and Human Services, one of the United States federal executive departments. The FDA is responsible for protecting and promoting public health through the regulation and supervision of food safety, tobacco products, dietary supplements, prescription and over-the-counter pharmaceutical drugs (medications), vaccines, biopharmaceuticals, blood transfusions, medical devices, electromagnetic radiation emitting devices (ERED), and veterinary products.

Auditdata is registered with the FDA (Registration number: 3008386587). The current Device Listings are available at the FDA Establishment Registration & Device Listing.

 

HIPAA Compliance

Auditdata complies with the HIPAA Security Rule requirements on base of our ISMS – Information Security Management System (according to the ISO/IEC 27001:2022).

The Auditdata HIPAA Security Rule requirements: Statement of Applicability for Auditdata A/S is available – upon escalation – to customers under a non-disclosure agreement.

 

 

MDSAP

Canadian medical devices regulations require certain types of medical devices to be manufactured under a quality system that meets the requirements of ISO 13485:2003 Medical devices — Quality management systems — Requirements for regulatory purposes. The Canadian Medical Devices Conformity Assessment System (MDSAP) was developed by Health Canada and the Standards Council to implement these regulations.

Manufacturers of Class II, III, and IV medical devices selling their products in Canada must submit their devices for licensing by Health Canada. Health Canada reviews the product for safety, effectiveness, and quality, relying on its Canadian Medical Device Conformity Assessment System (MDSAP) recognized registrars, such as UL, to ensure that manufacturers have an adequate quality system. MDSAP recognized registrars such as UL audit a medical device manufacturer’s quality system to ISO 13485:2016 with the implementation of requirements from the CMDR, then provide a certificate of registration. Manufacturers then use this certificate as part of the submission for a device license with Health Canada. UL, as a MDSAP recognized registrar is able to provide the necessary certification of your quality management system as required by section 32 of the Canadian Medical Devices Regulations (SOR 98/282).

Auditdata’s Quality Management System is certified for MDSAP in accordance with ISO/IEC 13485:2016 certification. The certificate issued by the TÜV Süd is publically available.

 

 

 

Medical Device Products CE – Marking

CE marking is the mandatory conformity marking for products sold in the European Economic Area (EEA). CE marking indicates a product’s compliance with EU legislation and enables the free movement of products within the European market. By affixing the CE marking on a product, a manufacturer is declaring, at its sole responsibility, conformity with all of the legal requirements to achieve CE marking and therefore ensuring validity for that product to be sold throughout the European Economic Area.

With the European Directive 2007/47/EC of 21 March 2010, it is required for the first time that certain software is to be classified as medical devices, validated and CE-marked accordingly.

Auditdata’s core product AuditBase, is classified as medical device Class I, and with the release of version 4.19.3, AuditBase has obtained CE-Marking.

HIMSA Certifications

Auditdata is committed to annual HIMSA certification of the audiology software products: Office Management Systems and Audiology Fitting Systems. The certificates are issued by the Himsa.

Auditdata is committed to provide best in class service, therefore Auditdata support staff engages in the industry specific certification program “Certified HIMSA Support”, provided by Himsa.

The certified support logo, reassures that your NOAH distributor has the necessary knowledge to support your HIMSA products.

 

 

NHS Assured Commercial Third Party

Auditdata supports its leading market position in Audiology Healthcare Solutions by maintaining the rigorous NHS IGSoC (Information Governance Statement of Compliance) process to gain the official status of being an ‘Assured Commercial Third Party’ to the NHS. Enabling Auditdata to provide superior responsive remote access customer support to NHS trusts.

Auditdata has  since 2008 committed to completing annual assessment of performance utilizing the NHS Information Governance Toolkit and provide an assurance statement indicating that all key requirements are satisfied and agreeing that this may be audited by the Authority.

 

NHS Wales Code of Connection

The Code of Connection is the acceptable use agreement between NHS Wales and organisations (Connecting Third Parties) which connect to the NHS Wales network. It sets out terms and conditions to preserve the integrity of those systems and services.

Auditdata is committed to the NHS Wales Code of Connection Assurance Statement, enabling Auditdata to provide superior responsive remote access customer support to NHS Wales trusts.

Information Commissioners Office registered

Auditdata is registered since 03 June 2008 with the United Kingdom ICO – Information Commissioners Office. Registration number: Z1349633. The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt. Failure to do so is a criminal offence. Entry details are available at the Data Protection Register.

 

ISTQB Certified Testers and Test Managers

ISTQB® (International Software Testing Qualifications Board) has defined the “ISTQB® Certified Tester” scheme that has become the world-wide leader in the certification of competences in software testing. As of December 2017, ISTQB® has issued more than 570,000 certifications in over 120 countries world-wide.

Auditdata is committed to provide best in class quality assurance and therefore Auditdata QA staff enroll in the ISTQB certification program as a mandatory element of a professional career development.

 

 

Microsoft Gold Partner

Earning the Application Development competency helps Auditdata to differentiate its business as a trusted expert, by providing access to a comprehensive set of benefits designed to help Auditdata win customer trust, grow it’s business, and improve profit margin.

The Auditdata Application Development competency is supported by the Microsoft Partner Network and helps leverage the unprecedented opportunity presented by the Windows Server and Windows operating systems, the Windows Azure platform, Microsoft Visual Studio development system, and emerging cloud-based and web business models.

Medical Device Regulation (MDR)

  • As a supplier of medical devices, Auditdata is following the world-wide regulatory landscape. Auditdata received an MDR certificate (according regulation (EU) 2017/745 (MDR)) for medical devices produced by the Auditdata’s company.
  • As Auditdata’s EC certificate is valid until February 18th, 2029, we can therefore continue to be marked and sell our existing products in EU until that date.
  • Auditdata has in accordance with the European Regulation (EU) in the framework of Regulation EU 2023/607 amending Regulations (EU) 2017/745 extended the validity date of our SaMD Auditbase until 2028-06-30.

 

Questions?

If you have any questions about how we handle information and keep our and your data safe, don’t hesitate to contact our CSO (Chief Security Officer) at securityevent@auditdata.com or fill out the form, and we will get back to you within two working days.