Compliance & Governance

Compliance that lives in the architecture, not a binder.

CMS Life Sciences is governed by construction: every node maps to an ALCOA+ principle, every mutation captures a reason-for-change, and the audit trail is immutable. Your QA team reads the configuration directly — they don't have to trust us.

The difference

Governance by construction vs. by configuration.

Traditional enterprise systems prove compliance by validating a configuration, then re-validating on every change. CMS Life Sciences builds compliance into the node architecture itself, so validation still happens: it's continuous and built in, not a manual re-do.

Governance by configuration

  • Compliance lives in a validated configuration document
  • QA validates that configuration produces compliance
  • Every change triggers expensive re-validation
  • You hold a vendor license — stop paying, stop running

Governance by construction

  • Compliance lives in the node architecture
  • QA reads the EaC configuration directly
  • A node change is itself readable and auditable
  • You own portable artifacts your internal team can keep evolving
ALCOA+

Every principle, mapped to the architecture.

Each node in a CMS Life Sciences workspace satisfies at least one ALCOA+ principle. This is how compliance becomes something you can read, not something you take on faith.

PrincipleHow CMS Life Sciences implements it
AttributableEvery action traced to a person or system + timestamp
LegibleReadable, permanent records (non-editable storage)
ContemporaneousRecorded at the moment of action
OriginalFirst-recorded source preserved; copies flagged
AccurateCorrections documented; the original is never deleted
CompleteAll events captured — not just successes
ConsistentLogical chronology via platform time sync
EnduringDurable across the full retention period
AvailableAccessible for audits via surface views + export
Standards

The regulatory baseline, built in.

21 CFR Part 11

Digital records, immutable audit trails, and e-signature-ready workflows.

GxP

Structured reason-for-change captured on every data mutation.

ICH GCP

Ethics-approval tracking with expiry alerts and consent gating.

Access control

Feature-locked dashboards, controlled by access rights.

Every screen is gated by access rights, so each role sees exactly the dashboards and actions it's authorized for — completely compliant and tested. “Vaccines doesn't want to see medicines” is a configuration, not a code branch.

  • samples:view · samples:receive · samples:reconcile
  • biobank:query · biobank:manage · biobank:accession · storage:manage
  • compliance:view · compliance:export · review:approve
  • custody:approve · admin:access
Role → access rights
QA Auditor
audit trail · export
Sample Manager
receive · reconcile
Discovery Scientist
biobank:query
Custodian
custody:approve
Read-only
view
“Start with us. Keep developing with your own team.”

Your workspace configuration, ALCOA+ mapping, and runbooks are version-controlled, portable, and readable by your QA team without software expertise. Begin the build with us, then hand it to your internal team to keep evolving — you own the compliance artifacts either way.

Show your auditors compliance they can read.

We'll walk your QA and CSV teams through the ALCOA+ mapping node by node.