Trust
Last updated: February 7, 2026
This page shows how Assyro maps controls to FDA 21 CFR Part 11 requirements for electronic records and electronic signatures.
Requirement: System validation for accuracy, reliability, and consistent intended performance.
Assyro control: Validation lifecycle support with requirements traceability and test evidence aligned to intended use.
Evidence examples: Validation plans, execution results, traceability matrix, and validation summary reports.
Requirement: Accurate and complete copies of records in human-readable and electronic form.
Assyro control: Controlled record export and rendering pathways for inspection-ready outputs.
Evidence examples: Export SOPs, sample electronic outputs, and human-readable record print views.
Requirement: Protection and retrieval of records through retention periods.
Assyro control: Retention-aware storage model, backup controls, and recovery procedures for required records.
Evidence examples: Retention policy, backup logs, and restore test reports.
Requirement: Limit system access to authorized individuals.
Assyro control: Role-based access controls, least-privilege authorization, and account lifecycle controls.
Evidence examples: RBAC matrix, provisioning/deprovisioning logs, and access review records.
Requirement: Secure, computer-generated, time-stamped audit trails for record create/modify/delete actions.
Assyro control: Auditability model with time-stamped action history and change visibility for regulated records.
Evidence examples: Audit trail extracts, review SOP, and retention alignment evidence.
Requirement: Operational checks, authority checks, and appropriate device/source checks.
Assyro control: Workflow sequencing, permission gates, and source validity controls for system operations.
Evidence examples: Workflow specifications, authorization tests, and control configuration records.
Requirement: Qualified personnel, accountability policies, and controlled system documentation.
Assyro control: Training governance, electronic signature accountability policy, and controlled documentation lifecycle.
Evidence examples: Training records, policy acknowledgments, revision history, and change-control documentation.
Requirement: Open-system controls with additional authenticity/integrity/confidentiality measures.
Assyro control: Transport and integration security controls, with additional safeguards for external exchange contexts.
Evidence examples: Security architecture records, encryption standards, and interface control evidence.
Requirement: Signature manifestations and secure signature-to-record linkage.
Assyro control: Signed records include signer identity, timestamp, and meaning, bound to the underlying record context.
Evidence examples: Signed record examples and linkage control test evidence.
Requirement: Unique e-signatures, identity verification, multi-component signing controls, and credential safeguards.
Assyro control: Unique user identity model with controlled credential practices and signature workflow safeguards.
Evidence examples: Identity and credential policy records, auth controls, and signature process artifacts.
Assyro is designed to support GxP-regulated workflows (including GMP, GLP, and GCP contexts) through validation support, auditability, access controls, controlled change processes, and record lifecycle controls.
Assyro provides platform controls mapped to FDA Part 11 requirements. Final compliance outcomes depend on customer configuration, SOPs, validation execution, and quality system governance in production use.