Purpose of this document

This document provides standardised responses to common procurement, vendor risk, IT security, legal, and quality questionnaires.

It is intended to support efficient and consistent completion of customer-specific assessments.

The document is not contractually binding and does not replace detailed security, legal, or validation documentation.

1. Vendor and company information

Hoodin Compliance Studio is provided by Hoodin AB, a Swedish company operating as a software provider for regulatory intelligence and compliance support within life sciences.

Hoodin acts as a software vendor delivering a cloud-hosted SaaS platform.Primary contact and procurement communication are handled via https://www.resources.hoodin.com/contact.

Further detail is provided in the Procurement & vendor information document

2. Product identification and classification

Hoodin Compliance Studio is a cloud-hosted Software as a Service (SaaS) platform designed to support regulatory intelligence, structured regulatory reasoning, and regulatory scope governance.

The system functions as a decision-support and information structuring tool.It is not a system of record and does not perform or automate regulatory decision-making or compliance determinations.

This is further defined in the System overview & intended use document.

3. Intended use and limitations

The system is intended to support Regulatory Affairs and Quality Assurance professionals in identifying, structuring, and maintaining awareness of applicable regulatory frameworks across markets.

It is not intended to replace professional regulatory judgement, perform regulatory decisions, manage regulated workflows, or function as a quality management system (QMS).

This is further defined in the System overview & intended use document

4. Deployment and access model

Hoodin Compliance Studio is delivered as a cloud-hosted SaaS solution.

No local installation or customer-managed infrastructure is required.The system is accessed via standard web browsers using secure authentication mechanisms.

Further detail is provided in the Procurement & vendor information document.

5. Data categories handled

The system primarily processes user account information, organisational and product configuration data, regulatory intelligence content, and system usage metadata.

The system is not designed to process patient data, clinical trial subject data, or regulated production or batch data.

Further detail is provided in the Security & data handling overview and the Privacy Policy.

6. Data processing and storage principles

Data processing is limited to what is necessary to provide the service and support its intended use.

Customers retain control over all data entered into the system.Data minimisation, purpose limitation, and defined retention principles are applied.

Further detail is provided in the Security & data handling overview and the Privacy Policy.

7. Information security and privacy (high level)

Hoodin implements organisational and technical measures to protect system availability, integrity, and confidentiality.

Security controls are vendor-managed and include access control, encryption, monitoring, and controlled change management. Customers are responsible for managing user access within their organisation.

Further detail is provided in the Security & data handling overview.

8. Use of AI and automation

AI is used strictly as a decision-support mechanism to provide suggestions, structuring, and analytical assistance.

AI does not perform regulatory decisions or automated compliance determinations.Customer data is not used for autonomous model training, and all AI-supported outputs require human review and validation.

This is further defined in the AI Literacy Statement.

9. Quality, validation, and governance posture

Hoodin Compliance Studio is positioned as a regulatory support system and is typically assessed using a risk-based and proportionate validation approach.

The system does not function as a validated quality management system or system of record. Hoodin maintains responsibility for system development, change management, and release communication.

Further detail is provided in the Validation approach and the System overview & intended use document.

10. Regulatory and compliance positioning

The system supports regulatory activities within frameworks such as EU MDR, IVDR, FDA regulations, and similar regimes.

It does not constitute evidence of compliance and does not replace regulatory obligations of the user organisation. All regulatory decisions and compliance outcomes remain the responsibility of the customer.

This is further defined in the System overview & intended use document.

11. Support, incident handling, and escalation

Hoodin provides structured support channels for customer communication, incident handling, and escalation.

Incidents are managed through defined internal processes, with communication provided where relevant. Support and escalation requests are handled via https://www.resources.hoodin.com/contact.

Further detail is provided in the Procurement & vendor information document.

12. Commercial and contractual boundaries

Hoodin Compliance Studio is provided on a subscription basis as a SaaS service.

Commercial terms, pricing, and licensing conditions are defined in contractual agreements.Data access and handling upon termination are governed by applicable contractual and data protection terms.

Further detail is provided in the Terms and Conditions and the Privacy Policy.

13. Document use and limitations

This document provides standardised responses to support procurement and vendor risk assessments.

It does not replace contractual agreements, detailed security documentation, or customer-specific validation activities.