Public statement - ISMS-policy

Lifeness develops and operates clinically validated digital therapeutics, including Wellapy, our CE‑marked digital therapeutic for obesity, to support people living with obesity and lifestyle‑related diseases. Our solutions make it easier to provide closer follow‑up and long‑term behaviour change support for patients across healthcare settings.

We are committed to meeting customer and regulatory expectations by developing and delivering secure and effective medical software. Through vigilant implementation and maintenance of our integrated quality and information security management system, we uphold high standards for customers, healthcare professionals, partners, and the patients we serve.

We will achieve this by:

• Meeting customer, legal, and regulatory requirements, including Directive 93/42/CEE, REGULATION (EU) 2017/745 on Medical Devices, ISO 13485:2016, and ISO 27001:2022.
• Focusing on the needs of patients and end users of Wellapy and other Lifeness services through innovation and flexibility.
• Complying with applicable quality, information security, and data protection requirements.
• Ensuring that all personnel have appropriate competence and training in information security, privacy, and medical device responsibilities.
• Managing suppliers and development partners so that they meet our security, quality, and regulatory requirements.
• Using risk assessments, internal audits, and defined objectives to monitor and continually improve information security and quality.
• Collecting and acting on external threat intelligence to strengthen risk assessments, security monitoring, and incident response.

This policy shall be available for all employees and to relevant interested parties, as appropriate.

‍

Solvor Øverlien Magi
CEO

‍

Updated: 4. December 2025

‍