Skip to main content

Compliance Readiness Matrix

Status: STUB — This document will be fully developed during Sprints 4-6 (D.2-D.4).

Purpose

Track readiness status across all three regulatory compliance frameworks, providing a single view of:

  • Which controls are implemented, tested, and validated
  • Which controls are in progress or planned
  • Which controls have gaps requiring remediation

Readiness Status Legend

StatusSymbolDefinition
Not Started-Control not yet implemented
In Progress~Implementation underway
Implemented+Code complete, not validated
ValidatedVTested and validation evidence collected
CompliantCValidated and approved by compliance officer

FDA 21 CFR Part 11 Readiness

To be populated during D.2 (Sprint 4-5).

RequirementControlStatusEvidenceSprint
11.10(a) ValidationSystem validation--S4
11.10(b) Record generationAccurate copies--S4
11.10(c) Record protectionAccess controls--S4
11.10(d) Record accessAuthorized access--S4
11.10(e) Audit trailAudit logging--S4
11.50 Signature manifestationsSignature display--S4
11.70 Signature linkingRecord-signature binding--S4

HIPAA Security Rule Readiness

To be populated during D.3 (Sprint 5).

SOC 2 Trust Service Criteria Readiness

To be populated during D.4 (Sprint 5-6).

Cross-Framework Control Mapping

Maps shared controls across frameworks to avoid duplicate implementation.

  • docs/compliance/58-gap-analysis-framework.md — Gap analysis methodology
  • docs/compliance/20-regulatory-compliance-matrix.md — Full regulatory requirements
  • docs/operations/64-security-architecture.md — Security controls
  • docs/operations/70-validation-protocol-templates.md — Validation templates