Welcome to the ActiGraph Compliance Center
Here you’ll find comprehensive information about the quality, privacy, security, and validation of ActiGraph products and systems
ActiGraph’s registrations, certifications, and compliance with industry standardsLearn more
Commitment to privacy and our policies and processes to protect your personal dataLearn more
How we safeguard your personal data across our internal and external systemsLearn more
The procedures and methods we use to validate our products and ensure complianceLearn more
ActiGraph is committed to ensuring the safety, effectiveness, and quality of its medical device products. Our Quality Management System complies with the following regulations and standards:
- ISO 13485:2016 Medical Devices - Quality Management Systems
- European Union Medical Device Directive (EU MDD) 93/42/EEC
- Health Canada Medical Devices Regulations (CMDR)
- US FDA's Quality System Regulations (QSRs)
ActiGraph’s Quality Management System is certified to the ISO 13485:2016 standard for medical device related quality management systems.
ActiGraph participates in the Medical Device Single Audit Program (MDSAP) with annual surveillance audits conducted by a recognized independent Auditing Organization (AO) to assure continued compliance. The MDSAP program has many benefits, including a greater global alignment of regulatory approaches and technical requirements based on international standards and best practices.
Your privacy is important to us, and we are committed to protecting it. ActiGraph has established policies and procedures to ensure your personal information is handled responsibly and in accordance with applicable data protection and privacy laws.
ActiGraph complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov
ActiGraph complies with the principles of General Data Privacy Regulation (GDPR) and implements technological and organizational controls around data privacy and protection. We will support customers in meeting their GDPR requirements by entering into joint agreements that include the standard clauses regarding data processing, control, and transfer.
ActiGraph implements a security framework based on processes and controls to protect customer data and ensure compliance with applicable security regulations and standards. For data storage, processing, and application services, we leverage qualified cloud vendors; namely Microsoft Azure and Amazon Web Services. These cloud providers meet a broad set of international and industry-specific compliance standards and regulations, such as ISO 27001, NIST, HIPAA, FedRAMP, SOC 1 and SOC 2.
ActiGraph maintains a security plan for the applications it develops in accordance with the shared responsibility for using these cloud service vendors in a regulated environment. This plan includes technical controls around data encryption, key management, vulnerability detection, data segregation. ActiGraph IT policies also include endpoint protection, security patches, security awareness, incident management, and controls for data access.
ActiGraph complies with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its amendments to ensure the protection of Protected Health Information (“PHI”). Safeguards that are currently used to ensure the protection of private health information include administrative procedures, physical data safeguards, electronic data access security, and network security that complies with legal requirements.
ActiGraph validates its regulated products to ensure they are compliant and fit for their intended use. We also work with researchers, scientists, data analysts, physicians, and clinical trial sponsors to assist them with leveraging our product documentation in their own validation objectives.
Our procedures and methods for computerized system validation, including hardware and software, are based on regulatory requirements and industry standards and guidance such as GAMP 5.
Validation of actigraphy monitoring and data outcomes derived by applying algorithms to actigraphy data extends beyond ActiGraph and into the domain of third parties.