Quality & Compliance
ProAlert includes 21 CFR Part 11 (FDA Electronic Records and Signatures) compliance features for regulated manufacturing environments: complete audit trail, login auditing, password policy enforcement, and scrap threshold controls with approval workflows. Every action that touches quality-relevant data is recorded, attributed, and retrievable. Quality audits demand proof, not promises... and every data point required to answer an auditor's question is already in the system.
The bottom line: Compliance features that are bolted onto a manufacturing platform after the fact are typically incomplete and difficult to maintain. ProAlert's audit trail, login logging, and threshold governance are built into the same SQL Server (Structured Query Language Server) schema that runs OEE (Overall Equipment Effectiveness), maintenance, and production... which means every quality-relevant action is recorded in context, with full before/after values, without a separate compliance layer to configure or maintain.
What Auditors Actually Ask For
A 21 CFR Part 11 audit for a manufacturing software system typically focuses on five areas. ProAlert addresses all five natively, without a compliance add-on package.
| Audit Focus Area | What the Auditor Asks | ProAlert Evidence |
|---|---|---|
| Electronic Records Integrity | Can you prove this record hasn't been altered since it was created? | Audit trail records store before and after values for every change, with timestamp and user ID. Original creation records are never overwritten. |
| Electronic Signatures | Who authorized this action and when? | PIN-verified call closures and work order sign-offs create a signature record tied to a real user identity, not a shared credential. GPS timestamp at each lifecycle step. |
| Access Control and Login Auditing | Who had access to this system and when did they log in? | Login audit log records every successful login, logout, and failed attempt with timestamp, user ID, and IP address. Password policy enforcement is configurable with complexity, expiration, and history rules. |
| Scrap and Quality Record Traceability | Show me every scrap event for this product over the last 90 days with operator attribution. | Every scrap record includes product, asset, die cavity, operator, quantity, timestamp, and disposition. Threshold violations include supervisor approval record with corrective action notes. |
| System Validation Documentation | What validation category does this system fall under? | ProAlert is classified as GAMP (Good Automated Manufacturing Practice) 5 Category 4 (Configured Product). Validation documentation is available to customers as part of the implementation package. |
GAMP 5 Category 4: Under GAMP (Good Automated Manufacturing Practice) 5 guidelines, ProAlert is a configured product — a commercial software system customized through configuration, not code modification. Category 4 validation requires Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) documentation. ProAlert provides IQ/OQ/PQ templates as part of the implementation process for regulated manufacturers.
21 CFR Part 11 Compliance Features
21 CFR Part 11 is the FDA (Food and Drug Administration) regulation governing electronic records and electronic signatures in regulated industries. ProAlert's compliance layer covers the three core technical controls: audit trail, access management, and signature integrity.
Scrap Threshold Governance
ProAlert's scrap governance system enforces configurable quality limits at the asset, product, and die cavity level... with supervisor approval workflows and real-time notifications when thresholds are crossed.
| Component | How It Works |
|---|---|
| Scrap Threshold Configuration | Quality managers define acceptable scrap thresholds per asset, per product, and per die cavity. Threshold values are configurable at each level independently. A high-volume production die can have a tighter threshold than a prototype run. All threshold configurations are audit-trailed with the configuring user and timestamp. |
| Instant Scrap Email Notifications | The moment a scrap entry is recorded that exceeds the configured threshold, an email notification fires to the configured quality and supervisor recipients. Notification includes: asset name, product, die cavity, scrap quantity, threshold value, operator, and timestamp. No waiting for a shift-end report. |
| Threshold Approval Queue | Scrap events above threshold are placed in a supervisor approval queue. The queue is visible on the web admin and mobile app. Each queue entry shows the violation details and awaits supervisor disposition before the run can proceed. Time-in-queue is tracked for response time analysis. |
| Approval and Corrective Action Record | Supervisor approvals require a disposition selection (Approve Continue, Pull Die, Reduce Quantity) and a corrective action note. The completed approval record includes supervisor identity, PIN verification, timestamp, disposition, and notes. This record is attached to the original scrap event and included in the audit trail. |
| Quality OEE Integration | Scrap records feed directly into the Quality component of the OEE (Overall Equipment Effectiveness) calculation. Good parts vs. total parts is calculated in real time as scrap is entered. Threshold violations are visible in the live OEE dashboard alongside the Quality score that reflects them. |
Built-In Compliance vs. Compliance Add-On
Compliance Add-On Approach (Separate QMS Layer)
- Separate QMS (Quality Management System) requires a separate integration with your OEE/CMMS platform
- Audit trail covers only the QMS... OEE and maintenance actions not captured
- Scrap records in the QMS vs. production records in OEE system must be manually reconciled
- Two sets of user accounts, two password policies to maintain
- Vendor must validate both systems and the integration between them
- Typical QMS integration cost: $25,000–$75,000 in custom development
ProAlert Quality & Compliance
- Single database: quality records and OEE/maintenance records share the same schema
- Audit trail covers every module: calls, work orders, inventory, scrap, OEE, configuration
- Scrap feeds directly into OEE Quality score with no reconciliation step
- One user account, one password policy, one login audit log
- Single system validation... GAMP 5 Category 4 documentation provided
- Compliance integration cost: $0 — same platform already running your floor
For IT, Quality, and Compliance Teams
| Component | Technology | Notes |
|---|---|---|
| Audit Trail Storage | SQL Server AuditLog table (write-once) | Audit records written in a dedicated AuditLog table. Application-level security prevents modification through the ProAlert interface. Database-level backup and retention policies govern long-term audit record preservation. |
| Login Audit | SQL Server LoginAudit table, ASP.NET Core Identity events | Login events captured via ASP.NET Core Identity event hooks. Records persist to the database immediately... not buffered or written to application logs that can roll. Accessible to administrators through the Compliance section of the admin UI. |
| Password Policy | ASP.NET Core Identity PasswordOptions, configurable via admin UI | Password policy enforced at the Identity layer... cannot be bypassed at the application level. Complexity requirements, expiration interval, and history depth are all configurable without code changes. Policy changes are audit-trailed. |
| PIN Verification | Hashed PIN stored per user record, verified at signature prompt | PINs are stored hashed (not recoverable). PIN verification at call close, work order sign-off, and scrap threshold approval creates a SignatureRecord with user ID, action, entity reference, and timestamp. Records are included in the audit trail export. |
| Compliance Export | Audit trail CSV (Comma-Separated Values) / Excel export from admin UI | Administrators can export the full audit trail or filtered subsets (by date range, user, entity type) from the Compliance section of the admin interface. Exports suitable for submission to regulatory auditors without custom report development. |
Prepare for your next quality audit before it's scheduled.
Book a 30-minute demo... we'll walk through the audit trail, login log, and scrap threshold workflow and show exactly what you'd hand an auditor.