Regulatory
Welcome to the ActiGraph Compliance Center
Here you’ll find comprehensive information about the quality, privacy, security, and validation of ActiGraph products and systems.
Quality
ActiGraph is committed to ensuring safety, effectiveness, and quality of its medical device products. Our Quality Management System is certified and products comply with the following regulations and standards:
- ISO 13485:2016 Medical Devices - QMS
- European Union Medical Device Regulation (EU MDR)
- Health Canada Medical Devices Regulations (CMDR)
- US FDA's Quality System Regulations (QSRs)
- Australia Therapeutic Goods (Medical Devices)
MDSAP ISO 13485:2016 Certified
ActiGraph’s Quality Management System is MDSAP ISO 13485:2016 certified.
ActiGraph has participated in the Medical Device Single Audit Program (MDSAP) since 2018 with annual surveillance audits conducted by a recognized independent Auditing Organization (AO) to assure continued compliance. The MDSAP program has many benefits, including a greater global alignment of regulatory approaches and technical requirements based on international standards and best practices.
Regulatory Registration Information
- FDA 510(k) for CPIW K181077
- FDA Operator 10023162
- DUNS 144830952
- Health Canada License 102376
Privacy Shield
ActiGraph complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework which is certified to the U.S. Department of Commerce in adherence to the Privacy Shield Principles. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov
GDPR
ActiGraph complies with the principles of the General Data Privacy Regulation (GDPR) and implements technological and organizational controls around data privacy and protection. ActiGraph will support customers in meeting their GDPR requirements by entering into joint agreements that include the standard clauses regarding data processing, control, and transfer.
Security
ActiGraph implements a security framework based on processes and controls to protect customer data and ensure compliance with applicable security regulations and standards. For data storage, processing, and application services, ActiGraph leverages qualified cloud vendors; namely Microsoft Azure and Amazon Web Services. These cloud providers meet a broad set of international and industry-specific compliance standards and regulations, such as ISO 27001, NIST, HIPAA, FedRAMP, SOC 1, and SOC 2.
ActiGraph maintains a security plan for the applications it develops in accordance with the shared responsibility for using these cloud service vendors in a regulated environment. This plan includes technical controls around data encryption, key management, vulnerability detection, and data segregation. ActiGraph IT policies also include endpoint protection, security patches, security awareness, incident management, and controls for data access.
HIPAA
ActiGraph complies with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its amendments to ensure the protection of Protected Health Information (“PHI”). Safeguards that are currently used to ensure the protection of private health information include administrative procedures, physical data safeguards, electronic data access security, and network security that complies with legal requirements.
Pioneering the Digital Transformation of Clinical Research