Governance Assessment Engine
Every assessment output produced by the Governance Assessment Engine traces to specific regulatory provisions. This page documents that basis — for QA evaluators, regulatory affairs professionals, and enterprise procurement teams conducting due diligence.
01 — Scope Statement
The Governance Assessment Engine is decision support infrastructure. Assessment outputs — validation plans, governance decisions, trust scores, required action lists — are intended to structure, inform, and accelerate validation activities. They are not legal compliance determinations, regulatory submissions, or qualified person sign-offs.
Organizations using this engine remain responsible for:
Reviewing and approving all validation plans before execution. Applying professional judgment to governance decisions in the context of their specific operating environment. Ensuring executed validation activities meet applicable regulatory requirements. Maintaining their own qualified validation and quality personnel. All regulatory submissions and inspection responses.
This scope is enforced throughout every output. No assessment output uses language that implies regulatory authority.
02 — Framework Coverage
The following frameworks are covered. For each, the primary provisions mapped to assessment templates are cited. Templates reference the document version current at the time of their last review.
Electronic Records; Electronic Signatures — Current edition
Primary provisions: §11.10 (Controls for closed systems), §11.30 (Controls for open systems), §11.50 (Signature manifestations), §11.70 (Signature/record linking).
Assessment scope: Systems that create, modify, maintain, archive, retrieve, or transmit electronic records subject to FDA inspection. Audit trail requirements, access controls, system validation documentation, and electronic signature implementation.
Computerised Systems, EU GMP Guide — 2011 edition (current)
Primary provisions: Paragraphs 1–17, with particular emphasis on 4.1–4.5 (Validation), 7.1–7.2 (Data), 8 (Printouts), 9 (Audit trails), 10 (Change and configuration management), 11 (Periodic evaluation), 12 (Security), 13 (Incident management).
Assessment scope: Computerised systems used in GMP environments. Risk categorisation, supplier assessment, validation documentation, and lifecycle requirements.
Pharmaceutical Quality System — Current edition
Primary provisions: Section 1.6 (Knowledge management), Section 2.4 (Change management), Section 3 (Continual improvement), Appendix 1 (Science- and risk-based approaches).
Assessment scope: Quality system documentation requirements for validation, change control, and lifecycle management across all GxP system categories.
ICH E6(R2) / ICH E6(R3) draft provisions
Primary provisions: Section 5.5 (Trial management, data handling, record keeping), Section 5.18 (Computerised systems), applicable guidance on audit trails and electronic records in clinical trial contexts.
Assessment scope: Systems used in clinical trial execution, data capture, adverse event reporting, and regulatory submission support.
FDA 21 CFR Part 58 / OECD Principles of GLP
Primary provisions: 21 CFR §58.81 (Standard operating procedures), §58.130 (Conduct of a nonclinical laboratory study), OECD Principle 10 (Records and reports).
Assessment scope: Computer systems in non-clinical safety studies, laboratory data systems, and analytical instrument qualification.
EU Guidelines on Good Distribution Practice of Medicinal Products — 2013 edition
Primary provisions: Chapter 3 (Premises and equipment), Chapter 4 (Documentation), Chapter 5 (Operations — temperature monitoring, traceability).
Assessment scope: Temperature monitoring systems, warehouse management systems, track-and-trace platforms, and logistics management systems in pharmaceutical distribution.
EU GMP Guide Parts I and II / FDA 21 CFR Parts 210 and 211
Primary provisions: EU GMP Part I Chapter 4 (Documentation), Part II Chapter 5 (Process equipment), Part II Chapter 12 (Validation); 21 CFR §211.68 (Automatic, mechanical, and electronic equipment), §211.188 (Batch production and control records).
Assessment scope: Manufacturing execution systems, LIMS, ERP platforms supporting GMP operations, equipment qualification systems, and process validation documentation systems.
03 — Template Versioning
Templates are versioned against specific regulatory document versions. A template’s regulatory basis is recorded as part of its metadata: source document, document version or date, and provision reference.
Template review is triggered by:
The commitment: templates affecting a given framework are reviewed within 60 days of a regulatory update. Updates are versioned, dated, and noted in template metadata. Assessments generated before an update will indicate the template version used, enabling traceability.
04 — Scope Limitations
These limitations are not disclaimers. They are the honest architectural boundaries of what a governance assessment tool can and should claim.
05 — Questions
If you are conducting due diligence on the Governance Assessment Engine for enterprise adoption and have specific questions about regulatory basis, template derivation methodology, or scope applicability to your operating environment — raise them directly.