The Quality Management System is based on customer requirements and applicable International Standard of ISO 13485:2016.

“The Quality Management System is based on customer requirements and applicable regulatory requirements.

Cystotech develops and distributes software as medical devices (SaMD) that are safe and provide outstanding customer satisfaction while meeting all applicable regulations. At Cystotech, we are committed to providing AI-based support for treatment decisions in bladder cancer and to fulfilling customer requirements and user needs to enhance patient outcomes by ensuring the effectiveness of our Quality Management System through the application of a risk-based approach, competent and committed employees and the establishment of ambitious Quality Objectives focusing on meeting regulatory requirements and customer expectations, efficient processes, operational excellence, and continuous improvements of Cystotech employees, products and processes through continual monitoring and regular Management Reviews to ensure continued suitability”.

This policy has been established and applied for the evaluation of risks and residual risks associated with the medical devices manufactured by Cystotech to ensure that the medical devices have a high level of safety consistent with stakeholder expectations.

This policy applies to all persons and activities involved in establishing, reviewing, updating, and approving the criteria for risk acceptability in risk management plans for medical devices designed, developed and manufactured by Cystotech for commercial distribution.

To ensure continual applicability and continued consideration of the generally acknowledged state-of-the-art, international standards relevant for the particular type of medical device, including standards for testing of specific properties with approval/rejection limits are regularly assessed for inclusion or modification of the acceptability criteria as well as knowledge acquired through post-market surveillance including best practices in technology, results of accepted scientific research, publications from authorities, validated concerns from stakeholders of the medical device or similar medical devices regarding safety and security are included.

Specific to AI systems, the organization addresses potential risks such as bias in AI-aided decision-making and data characteristics during the development of machine learning models. Any suspected bias is investigated, documented, and mitigated as necessary to ensure fairness and accuracy in outcomes.

To protect and safeguard customer, client, patient, and company data against cyber attacks, comprehensive cybersecurity measures are implemented and continuously updated.

Through the application of risk management risks are reduced as far as possible without adversely affecting the overall safety and effectiveness of the medical device. Consideration is given to whether identified risk control measures are technically practicable measures and if such measures would reduce the risk without impacting the intended use or the benefit of the medical device.

This risk management policy is reviewed for contentious sustainability at Management Review Meetings.

At Cystotech, we are dedicated to ensuring the security and integrity of our software as a medical device (SaMD) products. We believe that collaboration with the security community is essential to achieving this goal and are committed to working transparently and responsibly with all stakeholders.

Scope: This policy applies to all Cystotech SaMD products and services. We welcome reports on any potential vulnerabilities, including but not limited to, issues related to data security, unauthorized access, or software malfunctions.

Safe Harbor: We are committed to protecting those who report vulnerabilities in good faith. Reporters will not face legal action or penalties for their disclosure, provided they adhere to the guidelines of this policy.

Reporting Process: If you identify a potential security vulnerability, please report it through our Support portal. Include detailed information to help us understand and address the issue effectively.

Preferences: This policy is a living document and will be updated as needed to reflect our evolving priorities and preferences. We prioritize vulnerabilities based on their potential impact, severity, and likelihood of exploitation. Communication with reporters will be handled respectfully and transparently, ensuring they are informed about the status of their reports.

Thank you for helping us protect our products and the patients who rely on them.

At Cystotech, we take your privacy seriously and are committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR). When you use our support site, we collect certain personal information, including your name and email address, and affiliated institution solely for the purpose of providing the support services you have requested. This information helps us to identify you and respond effectively to your inquiries.

How We Use Your Information
We collect and store your name and email address exclusively for responding to your support requests. Your personal data is only accessible to authorized personnel involved in handling support inquiries. We do not share, sell, or otherwise distribute your information to third parties unless required by law or necessary to fulfill your support request.

Your Rights
Under GDPR, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information.
• Right to Erasure: You can request the deletion of your personal data, provided it is no longer necessary for the purpose of the support request or if you withdraw your consent.
• Right to Restrict Processing: You have the right to restrict the processing of your personal data under certain conditions.
• Right to Data Portability: Where feasible, you can request a copy of your personal data in a commonly used format.
• Right to Withdraw Consent: You may withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.
If you have any questions regarding how we handle your data or wish to exercise any of your rights, please contact us at contact@cystotech.com.