top of page

Regulatorisk Efterlevnad

​At Mindmore, we are committed to maintaining the highest standards of information security, quality, and regulatory compliance.

 

We actively ensure that our processes and products align with international standards and regulations.

Mindmore hjärna 4

Information security

ISO 27001 – Information Security
We are aligned with ISO 27001 and have implemented an Information Security Management System (ISMS) to protect sensitive data and ensure robust security measures. Our systems and processes comply with ISO 27001 requirements, including:

  • Risk Management – Identifying, assessing, and mitigating security risks.

  • Encryption and Data Protection – Secure storage and transfer of data following industry standards.

  • Access Control and Authentication – Two-factor authentication (2FA) and strict access management.

  • Logging and Monitoring – Continuous monitoring of system activities to ensure security and traceability.

ISO 13485 – Quality Management for Medical Devices
We are in the process of obtaining ISO 13485 certification, implementing a quality management system that ensures our medical devices meet regulatory requirements and industry standards. This includes:

  • Documentation Management – Structured and traceable documentation of product development and manufacturing.

  • Risk Management – Systematic processes to identify and mitigate risks throughout the product lifecycle.

  • Product Development and Validation – Strict requirements for testing and validation of our products.

Integrity and GDPR 

At Mindmore, we are constantly working to improve processes and increase security when handling personal data. We do not store more information about you than we need, regardless of whether you visit our public website or use our digital cognitive testing service.

All employees at Mindmore have signed confidentiality agreements and employment contracts that require compliance with GDPR when handling data. Consultants working within Mindmore enter into the same type of agreement.

We always sign personal data processing agreements with our customers for the handling of test takers' data. If you as a user or test taker are looking for complete information about your rights, please see the General Data Protection Regulation Chapter 3.

Security and data storage when using Mindmore's digital cognitive testing service.

Mindmore offers server operation that guarantees that all data and personal data when using the cognitive testing service remain within the EU and are only handled by sub-processors whose owners are based in the EU/EEA. We do this to comply with GDPR and also follow the practice that comes from the so-called Schrems II ruling. Read more about it and why it is so important here.

 All data belonging to test takers is pseudonymized. This means that no identifying information (name, email, IP address, social security number, telephone number, postal address, age, gender) is stored in Mindmore's system or is accessible by Mindmore or its subcontractors. Instead of name or social security number, an ID number is used in the system. Only a few people at the clinic have access to the code key that connects a person with an ID number.

Mindmore provides a so-called multitenant solution. This means that each organization's data is separated via access control and is only accessible to authenticated users with the correct organizational affiliation and authorization. Mindmore also offers multi-factor authentication when logging in for extra security.

  

All data traffic in and out of the system is encrypted. and a centralized authorization structure makes it easy to determine which user is allowed to do what in the system.

MDR

MDR – Medical Device Regulation


We are actively working with the EU's Medical Device Regulation (MDR 2017/745) and are in the process of certification according to this regulation. According to the original regulation, all medical devices were to be certified under the MDR by May 2024. However, the regulation has been updated, and for Class IIa products, certification must now be in place by December 2028.


We comply with the MDR by working systematically with:

  • Technical documentation – Documentation according to the formal requirements of the MDR.

  • Risk management and clinical evaluation – Assessment of the safety and performance of our products.

  • Post-market surveillance (PMS) – Continuous monitoring and improvement based on user data and regulatory requirements.

We have been applying the regulation since the fall of 2023, and our certification process is ongoing. We expect to be certified in 2025.

CE-Märkt

Mindmore's tool is also a CE-marked product and we are approved by the Swedish Medical Products Agency.

Address
Mindmore AB

Drottninggatan 32

111 51 Stockholm

Sweden

Contact

Contact us

Press/Media

Support

Tillväxtverket
GDPR-kompatibel
  • Instagram
  • Black Facebook Ikon
  • LinkedIn

Log in

M4H Innovation Award CMYK

WINNER OF 2024

All data transfer is encrypted via HTTPS and processed in accordance with GDPR and PDL.

Mindmore is an approved medical device

bottom of page