Foundation Apps

Medical apps built to standards,
in unprecedented timescales

Foundation Apps bring the full compliance infrastructure of Foundation physical devices to Android and iOS SaMD and accessory applications. The mobile framework provides regulatory compliance scaffolding aligned to MDR, UKCA, and DCB0129; Keycloak authentication and access control built to NHS and ISO 27001:2022 standards; data synchronisation and audit-safe logging; security-compliant communications with end-to-end encryption; cybersecurity controls; infrastructure management and device provisioning; asset recording and lifecycle tracking; and full audit trail capture for clinical and regulatory inspection.

Discuss your app requirements SaMD and Accessory App
Custom UI and Workflow
COMPLIANCE
PASS
DEVICE LINK
CONNECTED
CLOUD SYNC
CURRENT
CERTIFICATES
VALID
Sync
History
Download on the App Store
Get it on Google Play
Foundation Platform
Overview Platform home Core Regulation on Chip Cloud Compliant hosting Manager Asset management Reporting Regulatory reports Provisioner HSM provisioning API REST, FHIR
Apps Secure companions
Training Skills transfer
Two modes of operation

Standalone medical device or hardware companion

Foundation Apps operate in two modes. In both cases, the app is fully integrated into the Foundation Platform, provisioned, secured, asset-tracked, and managed to the same standards as a physical device.

SaMD AppSoftware as a Medical Device

A Foundation SaMD App is a regulated medical device in its own right. The Foundation Platform provisions the app in exactly the same way as a physical device, using the same HSM-backed keys and certificates, essential for compliance with strict data security standards (e.g., FIPS 140-2).

  • Provisioned via Foundation Provisioner with unique keys and certificates
  • Full compliance logging to Foundation Cloud
  • Asset tracked and managed identically to physical devices
  • Data signed and encrypted to medical device standards
  • Connects directly to Foundation Cloud as a standalone instrument

Accessory AppCompanion to a physical device

When the mobile app is an accessory to a hardware device, it acts as a connectivity bridge to Foundation Cloud. Foundation Core exposes a BLE GATT profile that handles compliant communications between the physical device and the app.

  • Profile managed by Foundation Core for compliant communications
  • Data can be used locally within the app
  • Optionally bridges data through to Foundation Cloud
  • Regulatory data always routed through the cloud for automated reporting
  • Device data can also be sent to the customer's own cloud for specialist processing
Benefits

Why Foundation Apps

Building a standards-compliant mobile medical application from scratch is a major undertaking. Foundation Apps reduce the development time, cost, and risk by providing a pre-built, pre-validated compliance layer that your application builds upon.

Unprecedented development speed

The regulatory part of the mobile application, including secure storage, compliance logging, encrypted communications, certificate management, and platform integration, is already written and compliant. Your team focuses on the clinical functionality, not the regulatory infrastructure.

Same security as physical devices

Foundation Apps use the same HSM-backed private key and the same provisioning process as physical devices. The app securely stores unique keys and certificates that ensure full compliance with the standards. This enforces strict mobile security.

Compliance logging built in

The app passes compliance logs to the Foundation Platform in the same way as a physical device. Logs can be tailored to the end user's connectivity (metered or unmetered) and can be pulled on demand for compliance review or technical support.

Asset tracked

Every Foundation App instance is registered, tracked, and managed through Foundation Manager in exactly the same way as a physical device. Firmware versions, certificate status, compliance scores, and deployment locations are all recorded and reportable.

Your brand, our engineering

Apps are easily customisable to your brand. The end-user sees your identity; the compliance infrastructure remains Camgenium's responsibility. Foundation manages all aspects of publishing to the App Store and Google Play on your behalf and tracks all assets.

End-to-end compliant transport

Data flowing through a Foundation App to Foundation Cloud and onwards to the Foundation API is compliant end-to-end, out of the box. There is no gap in the compliance chain between the device, the phone, and the cloud.

Data routing

Flexible, compliant data paths

Foundation Apps provide two data routes: one for app data and one for regulatory compliance data. Regulatory data always flows through Foundation Cloud to generate automated reports. App data can either be sent to the customer's own cloud for specialist processing such as AI, or routed through Foundation Cloud's regulatory-compliant transport and consumed at the Foundation API.

When data flows through Foundation Cloud to the Foundation API, the entire path from physical device through mobile app through cloud to API consumer is compliant end-to-end, with no additional engineering effort required.

Physical Device (Foundation Core)
BLE GATT
Sensors
Edge processing
Signed data
BLE · Compliant GATT · Encrypted
Foundation App
Local data use
Compliance logging
HSM certificates
Adaptive sync
TLS · mTLS · Metered-aware  ·  Optional customer cloud
Foundation Cloud
Compliant transport, regulatory logging, and audit trail
Routed · Metered · Audit-logged
Consumers
Foundation Reporting
Automated regulatory reports
Foundation API
Compliant end-to-end for external consumers
The hidden cost of mobile

Google and Apple update their platforms regularly

The most significant cost of a mobile medical application is maintaining it. Google and Apple introduce operating system changes, deprecate APIs, update security requirements, and change store policies on their own schedules. For a regulated medical device, each of these changes can trigger a revalidation cycle. Following a short development period, to keep your product on the market requires ongoing and available engineering resources.

Foundation will handle this for you.

Without Foundation Apps

The customer must maintain skilled mobile engineering resources at all times for the entire life of the product to continuously revalidate and fix in response to platform changes.

  • Dedicated iOS and Android engineers retained permanently
  • Every OS update assessed for impact on validated software
  • Each change requires IEC 62304 compliant change control
  • Store policy changes may require architectural changes
  • API deprecations require code changes and revalidation
  • Security requirement updates must be implemented promptly
  • Revalidation cycles consume regulatory affairs resource
  • Cost and risk persist for the full product lifecycle

With Foundation Apps

Camgenium provides post-market surveillance and maintains dedicated engineering resources to proactively accommodate asynchronous changes introduced by Google and Apple.

  • Camgenium's engineering team monitors both platforms continuously
  • OS and API changes assessed and addressed proactively
  • Updates developed, validated, and published by Camgenium
  • Store policy compliance maintained on your behalf
  • IEC 62304 change control managed by Camgenium's QMS
  • You receive validated updates
  • No need to retain permanent mobile engineering headcount
  • Predictable cost for the full product lifecycle

“The real cost of a medical mobile app is not the initial build. It is the years of continuous revalidation as Google and Apple change the ground beneath your feet. Foundation Apps convert that unpredictable, permanent engineering obligation into a managed service with predictable costs.”

Dr Philip Gaffney OBE Chief Executive Officer, Camgenium

Medical apps. Compliance included

Speak with our team about how Foundation Apps can accelerate your SaMD or Accessory App development.

Contact our team Foundation Platform