Regaldi System · Compliance ← Ledger
COMPLIANCE ARCHITECTURE  ·  21 CFR PART 11  ·  cGMP  ·  USP <797>/<800>  ·  503B

Every control answers to a citation.

A regulated system earns trust one provision at a time. This page maps the functions of the system of record to the specific rules they are engineered to support, in the language a director of quality reads. Each line below describes what the software does, verified in the codebase. None of it stands in for the licensed operator who signs.

READ THIS FIRST The controls described here are functions of the software. They operate on the data and configuration a facility supplies, and they support, rather than replace, perform, or guarantee, that facility's regulatory, quality, sterility, and Board of Pharmacy obligations. Those remain the facility's responsibility under its licensed personnel. Computerized-system validation under GAMP 5 is software validation, not FDA approval, clearance, or inspection.

01 · The frameworks What the system is engineered against
21 CFR Part 11

Electronic Records & Signatures

Records, audit trail, and signatures built to the rule from the first commit.

10 / 10 provisions mapped
to a mechanism
21 CFR 210/211

Current Good Manufacturing Practice

Production, quality, labeling, and distribution recordkeeping across eight bounded contexts.

77 modules across
eight contexts
USP <797> / <800>

Sterile & Hazardous Compounding

Second-check verification, environmental monitoring bound to the session, beyond-use dating.

<797> second-check
verification enforced
FD&C §503B

Outsourcing Facility

Lot-level batch and distribution records sized for an outsourcing facility under Section 503B.

503B outsourcing-facility
record model
02 · The Part 11 ledger 21 CFR Part 11 · provision by provision

The rule on the left. The mechanism on the right.

Part 11 is not a badge. It is a set of requirements for electronic records and signatures, each of which a system either meets in code or does not. Here is every provision that applies, beside the function that carries it.

Provision Requirement Mechanism in the system of record
11.10(a) Validation of systems Developed as a GAMP 5 Category 5 custom application with a full validation package: design, installation, operational, and performance qualification protocols, each traced to a documented user requirement. Execution of the package precedes commercial activation.
11.10(b) Accurate, complete copies Records render to human-readable form for review and inspection throughout the retention period.
11.10(c) Protection of records Audit and signature records are write-once at the database layer and cryptographically chained, so retention and integrity do not rest on application code alone.
11.10(d) Limited system access Role-based access control across fourteen roles and sixty-nine permissions, with twelve separation-of-duties conflict pairs defined and refused at the access layer.
11.10(e) Audit trail Every create, update, and signing writes a server-timestamped entry to a SHA-256 hash-chained trail. Any alteration or removal breaks the chain and surfaces on a walk-and-verify.
11.50 Signature manifestations Each signature records the signer's printed name, the signer's role, the server-set date and time, and the declared meaning of the signature.
11.70 Signature / record linking Each signature binds a SHA-256 hash of the record's content at signing time, so a signature cannot be excised, copied, or transferred to an altered record without detection.
11.100 Unique to one individual Each electronic signature belongs to a single operator and is neither reused nor reassigned.
11.200 Signature components Access uses two distinct identification components, including multi-factor authentication. Within a continuous session, each signing is re-authenticated with a component unique to the signer, per 11.200(a)(2).
11.300 Identification-code controls Password policy enforces minimum length, periodic aging, reuse history, and lockout after failed attempts.
03 · Seen in the system Screenshots of the running system of record · Last verified June 2026

Not a mockup. The running system.

The provisions in the ledger above are not a roadmap. Below are screenshots from a working instance of the system of record, populated with representative demonstration data and captured as an operator meets them: the signature, the trail, and the batch record itself.

Exhibit A · Electronic signature · 11.50 / 11.200 The batch-release signature dialog, exactly as the system presents it. Signer, role, record, and a declared meaning, applied by re-authentication at the moment of signing.
PIC batch-release electronic-signature dialog in the pharma ERP, showing signer name, role, record number, a declared meaning, and password re-authentication under 21 CFR Part 11.
Exhibit B · Audit trail · 11.10(e) The audit trail itself: every action timestamped and cryptographically chained to the one before it, with a chain-integrity check built in.
The hash-chained audit trail screen in the pharma ERP, listing timestamped actions by user with a Verify Chain Integrity control, under 21 CFR Part 11.
Exhibit C · Electronic batch record One compounding record across its phases. Line-clearance and QC signatures captured in place, filter and reconciliation checks recorded before the batch can reach release.
An electronic batch record in the pharma ERP showing the compounding phases with in-place electronic signatures for line clearance and QC approval, filter-integrity and CCIT results, visual inspection, and label reconciliation.
04 · Enforced in the workflow Compliance gated by the system, not by reminder

The strongest control is the one a person cannot skip.

A document that says a check happened is a record. A system that will not advance until the check happens is a control. On a gated path, a skipped step is not a low-probability event; it is not an available action, and the error class is removed by construction rather than policed by training. These four are enforced at the database layer, where the interface cannot route around them.

01

The phase gate refuses to advance on an open requirement

A compounding record moves through a six-phase state machine. The system holds the record from advancing until the checks each phase prescribes are satisfied of record. Filter-integrity, container-closure integrity, quality-control approval, and release are gated at the database layer, so the sequence cannot be advanced from the interface alone.

02

The operator who performs a step cannot verify it

Where a step requires a second check, the system refuses a verification in which the verifier and the operator who performed the step are the same person. The second-check expectation of USP <797> is carried in the record, not left to a reminder.

03

A failed check opens a deviation in the same transaction

When a filter-integrity test or an in-process check is recorded as a failure, the system opens a deviation against that compounding record within the same write. A failure cannot be recorded without a deviation following it, and the record is held for disposition.

04

No record releases on one signature

Release requires quality-control approval, quality-assurance review, and Pharmacist-in-Charge authorization, each captured as a distinct electronic signature. The system refuses release if one operator holds more than one of those roles on the same record. The release authority remains with the licensed pharmacist; the software gates and records the sequence.

05 · The boundary What the software does, and does not, do
The software does
  • Records, timestamps, and chains every action to a tamper-evident audit trail.
  • Gates a batch through its phases and refuses to advance on an open requirement.
  • Captures Part 11 electronic signatures bound to the record they sign.
  • Refuses a release where one person holds two release roles.
The software does not
  • Perform sterility, testing, or release on anyone's behalf.
  • Sign for an operator, or substitute for the Pharmacist-in-Charge.
  • Confer FDA approval, clearance, or an inspection history.
  • Relieve the facility of its quality, sterility, or Board of Pharmacy obligations.

This boundary is the point. AI augments the operator and never replaces them. The system makes the right action the only available one and the wrong one hard to take, then leaves the judgment, and the signature, with the licensed professional who carries the consequence.

06 · Questions For directors of quality, RA, and compliance

Does this software make a facility 21 CFR Part 11 compliant?

No software does. Compliance is a property of how a facility validates and uses a system, of its written procedures, and of its personnel. What this system provides is the record, audit-trail, and signature controls a facility’s quality system can rely on, engineered to the rule rather than retrofitted to it.

Is the audit trail tamper-proof?

It is tamper-evident, not tamper-proof. Each entry is cryptographically chained to the one before it by SHA-256 hash, so a retroactive change breaks the chain and is detectable on a walk-and-verify. The chain makes alteration visible rather than physically preventing a write.

Can the compliance gates be switched off by an operator?

A facility configures which checks each phase requires. The hard controls, including multi-signature release and the separation-of-duties refusal, are not operator-toggleable. They are enforced in the release sequence at the database layer.

Is this an FDA-approved or inspected system?

No. Computerized-system validation under GAMP 5 is software validation performed by the vendor and the facility, not FDA approval, clearance, or inspection. The capabilities described here are functions of the software, which operates on data and configuration supplied by the facility.

Engagement By correspondence · office@regaldi.ai

Read it against your own requirements.

Quality and regulatory leaders are welcome to walk this mapping line by line against a facility's user-requirement specification. Regaldi will take the VP of Quality and the Pharmacist-in-Charge through how the system of record enforces release gates, electronic signatures, environmental-monitoring binding, and lot traceability, and where the facility's own validation begins.

Request a technical review see the assist layer → see Ledger →