BIO-QMS Platform User Documentation

Version: 1.0.0 Last Updated: February 17, 2026 Classification: Customer Documentation Regulatory Compliance: FDA 21 CFR Part 11, HIPAA, SOC 2 Type II

Getting Started Guide
Document Management User Guide
CAPA Management User Guide
Deviation Management User Guide
Search and Reporting User Guide
Regulatory Compliance and Electronic Signatures
Troubleshooting and Support

1. Getting Started Guide

1.1 System Access and Authentication

The BIO-QMS platform is a regulated SaaS application requiring secure authentication compliant with FDA 21 CFR Part 11.10(g) for user identification and authentication.

Step 1: Access the Platform

Navigate to your organization's BIO-QMS URL (typically https://your-org.bio-qms.coditect.ai). You'll see the login screen with your organization's branding.

Step 2: Enter Credentials

Username: Your organizational email address
Password: Temporary password provided by your system administrator

Important: Passwords must meet complexity requirements:

Minimum 12 characters
At least one uppercase letter
At least one lowercase letter
At least one number
At least one special character (!@#$%^&*)
Cannot reuse last 5 passwords
Expires every 90 days

Step 3: Two-Factor Authentication (2FA)

Upon first login, you'll be prompted to set up 2FA:

Choose your preferred method:
- Authenticator App (recommended): Use Google Authenticator, Authy, or Microsoft Authenticator
- SMS Code: Receive codes via text message
- Hardware Token: Use a FIDO2-compatible security key
Follow the setup wizard to complete 2FA enrollment
Save your backup recovery codes in a secure location

Step 4: Change Your Password

You'll be required to change the temporary password on first login:

Enter your temporary password
Create a new password meeting complexity requirements
Confirm the new password
Click "Update Password"

Step 5: Accept Terms of Use

Review and accept your organization's Quality System terms of use. This acceptance is logged in the audit trail.

Multi-Factor Authentication (MFA)

Every login requires MFA verification. After entering your password:

Open your authenticator app
Enter the 6-digit time-based code
Click "Verify"

Tip: If you lose access to your MFA device, contact your system administrator with one of your backup recovery codes.

Password Reset

If you forget your password:

Click "Forgot Password?" on the login screen
Enter your email address
Check your email for a password reset link (expires in 1 hour)
Click the link and create a new password
Complete MFA verification

Security Note: Failed login attempts are tracked. After 5 consecutive failures, your account will be locked for 30 minutes. Contact your administrator if you need immediate access.

The BIO-QMS platform uses a role-based navigation structure. Your menu options depend on your assigned role and permissions.

Dashboard (Home icon)

System health metrics
Your assigned tasks
Recent activity
Pending approvals

Documents (Folder icon)

Document library
My Documents
Pending Reviews
Templates

CAPA (Clipboard with checkmark icon)

Active CAPAs
My CAPA Actions
CAPA Dashboard
CAPA Reports

Deviations (Exclamation triangle icon)

Open Deviations
My Investigations
Deviation Log
Deviation Reports

Work Orders (Wrench icon)

Active Work Orders
Work Order Calendar
Resource Management
Validation Protocols

Training (Graduation cap icon)

Required Training
Training History
Curriculum Management
Competency Records

Reports (Chart icon)

Standard Reports
Custom Reports
Compliance Dashboard
Audit Trail Viewer

Administration (Gear icon) — Admin role only

User Management
System Configuration
Audit Settings
Backup & Recovery

Quick Actions Bar

The Quick Actions bar provides one-click access to common tasks:

+ New Document: Create a new controlled document
+ New CAPA: Initiate a CAPA record
+ Report Deviation: Record a deviation
Search: Global search across all modules
Notifications: View system notifications (bell icon with badge)
Help: Access contextual help (question mark icon)
Profile: Access user settings (user avatar icon)

Every page displays breadcrumb navigation at the top:

Home > Documents > SOPs > Manufacturing > SOP-MFG-001

Click any breadcrumb segment to navigate to that level.

Context Menus

Right-click on any record to access context-specific actions:

Documents: View, Edit, Review, Approve, Download, Retire
CAPA: View Details, Update Status, Add Action, Export
Deviations: Investigate, Classify, Link to CAPA, Close

1.3 User Profile and Settings

Access your profile by clicking your avatar in the top-right corner.

Profile Information

Personal Details

Full Name
Employee ID
Email Address (primary contact)
Phone Number
Department
Job Title
Manager

Professional Qualifications

Certifications
Training Records
GxP Experience Level
Audit History

User Preferences

Display Settings

Language: English (US), English (UK), German, French, Spanish
Time Zone: Automatically detected or manually set
Date Format: MM/DD/YYYY, DD/MM/YYYY, YYYY-MM-DD
Theme: Light mode, Dark mode, High contrast

Notification Preferences

Configure how you receive notifications:

Notification Type	Email	In-App	SMS
Document Approval Required	✓	✓	Optional
CAPA Action Assigned	✓	✓	Optional
Deviation Investigation Assigned	✓	✓	Optional
Training Deadline Approaching	✓	✓	-
System Maintenance	✓	✓	-

Email Digest Settings

Immediate: Receive emails as events occur
Daily Digest: One email per day at 8:00 AM
Weekly Digest: One email on Monday mornings

Electronic Signature Configuration

Setting Up Your E-Signature

Your electronic signature is used to approve documents, close CAPAs, and verify critical actions. Per FDA 21 CFR Part 11.50:

Navigate to Profile > E-Signature Settings
Click "Configure E-Signature"
Enter your unique e-signature password (different from login password)
Confirm e-signature password
Review and accept e-signature policy
Click "Activate E-Signature"

E-Signature Requirements:

Minimum 16 characters
Cannot be the same as login password
Must contain uppercase, lowercase, number, and special character
Never share your e-signature password
System will prompt for re-entry every 30 minutes during active use

Meaning of Your E-Signature:

When you apply your electronic signature, you are certifying:

You have reviewed the content
The information is accurate and complete
You take responsibility for the action
The signature is legally binding

1.4 Creating Your First Document

This walkthrough demonstrates creating a Standard Operating Procedure (SOP) from scratch.

Step-by-Step: Creating an SOP

Step 1: Navigate to Documents

Click "Documents" in the main navigation
Select "My Documents" or navigate to your department's folder
Click "+ New Document" button

Step 2: Select Document Type

Choose from available templates:

Standard Operating Procedure (SOP)
Work Instruction (WI)
Test Protocol
Validation Protocol (IQ/OQ/PQ)
Training Material
Blank Controlled Document

Select "Standard Operating Procedure (SOP)"

Step 3: Fill Document Metadata

Complete the required fields:

Field	Description	Example
Document Title	Descriptive name	"Aseptic Gowning Procedure"
Document Number	Auto-generated or manual	SOP-MFG-042
Department	Owner department	Manufacturing
Category	Classification	Process/Safety/Quality
Regulatory Impact	Compliance scope	FDA, HIPAA, ISO 13485
Effective Date	When it takes effect	30 days post-approval
Review Cycle	Re-approval frequency	Annual (1 year)
Tags	Searchable keywords	aseptic, gowning, cleanroom

Step 4: Define Authors and Reviewers

Author Section:

Primary Author: You (auto-populated)
Co-Authors: Add collaborators who can edit
Subject Matter Experts: Add consultants

Review Workflow:

Click "Configure Review Workflow"
Add reviewers in order:
- Technical Reviewer: Manufacturing Supervisor
- Quality Review: QA Manager
- Final Approver: QA Director
Set review SLA: 5 business days per reviewer
Enable parallel review (optional): Multiple reviewers can review simultaneously

Step 5: Write Document Content

The document editor provides:

Rich Text Formatting:

Headers (H1, H2, H3)
Bold, Italic, Underline
Bulleted and numbered lists
Tables
Hyperlinks
Images and diagrams

Controlled Elements:

Insert document cross-references (links to other SOPs)
Add regulatory citations (automatically formatted)
Insert forms and checklists
Embed training materials

Version Control:

Auto-save every 2 minutes
Manual save: Ctrl+S (Cmd+S on Mac)
View revision history: Click "History" button

Example SOP Content Structure:

# 1. PURPOSE
Define the procedure for aseptic gowning prior to entry into classified cleanroom areas.

# 2. SCOPE
Applies to all personnel entering ISO Class 5, 6, or 7 cleanroom environments.

# 3. RESPONSIBILITIES
- Personnel: Follow gowning procedure
- QA: Audit compliance quarterly
- Training: Provide initial and annual refresher training

# 4. PROCEDURE
## 4.1 Pre-Gowning Hygiene
1. Remove all jewelry, watches, and accessories
2. Wash hands thoroughly for minimum 30 seconds
3. Dry hands with lint-free towel

## 4.2 Gowning Sequence
[Detailed steps...]

# 5. REFERENCES
- SOP-QA-015: Cleanroom Qualification and Monitoring
- FDA Guidance: Sterile Drug Products Produced by Aseptic Processing

# 6. CHANGE HISTORY
| Version | Date | Author | Change Description |
|---------|------|--------|-------------------|
| 1.0 | 2026-02-17 | J. Smith | Initial release |

Step 6: Attach Supporting Documents

Click "Attachments" tab to add:

Training videos
Flow diagrams
Forms and templates
External references (PDFs)

Maximum attachment size: 50 MB per file. Allowed formats: PDF, DOCX, XLSX, PNG, JPG, MP4.

Step 7: Save as Draft

Click "Save Draft" to preserve your work. The document status is "Draft" and is:

Not visible to general users
Editable by authors and co-authors
Not part of the controlled document system yet

Step 8: Submit for Review

When ready:

Click "Submit for Review"
Add submission comments (optional)
Confirm submission

The document status changes to "In Review" and:

Is locked from further editing by authors
Appears in reviewers' "Pending Reviews" queue
Generates email notifications to all reviewers
Starts the review SLA clock

Step 9: Track Review Progress

Monitor review status:

Click "Documents" > "My Submissions"
View document card showing review progress:
- ✓ Technical Reviewer: Approved (2 days)
- ⏳ Quality Review: Pending (3 days remaining)
- ⏸ Final Approver: Not started

Step 10: Address Review Comments

If reviewers request changes:

Document status returns to "Draft - Revisions Required"
Review comments appear in the "Comments" tab
Make requested changes
Respond to each comment: "Addressed" or "Will not change (rationale)"
Re-submit when complete

Step 11: Final Approval and Effectiveness

When all reviewers approve:

Document status: "Approved - Pending Effective Date"
QA Director applies electronic signature
System calculates effective date (e.g., 30 days post-approval)
Training notifications are sent to affected personnel
On effective date, status changes to "Active"

Step 12: Communicate Document Release

The system automatically:

Sends "New Document Available" emails to target audience
Creates training assignments for personnel
Adds document to searchable library
Publishes to controlled copy distribution lists

1.5 Understanding Roles and Permissions

BIO-QMS uses role-based access control (RBAC) compliant with SOC 2 and FDA requirements for access control (21 CFR 11.10(d)).

Standard User Roles

1. Document Author

Permissions:

Create new documents
Edit own draft documents
Submit documents for review
View published documents
Respond to review comments

Typical Users: QA Specialists, Lab Technicians, Manufacturing Engineers

2. Document Reviewer

Permissions:

All Document Author permissions, plus:
Review documents assigned to them
Add review comments
Approve or reject documents
Request revisions

Typical Users: Technical Leads, QA Managers

3. Quality Assurance Manager

Permissions:

All Document Reviewer permissions, plus:
Final approval authority for SOPs and protocols
Create and manage CAPA records
Approve root cause analyses
Close CAPA records with e-signature
View all audit trails
Generate compliance reports

Typical Users: QA Managers, Compliance Officers

4. System Owner

Permissions:

All QA Manager permissions, plus:
Approve work orders affecting validated systems
Authorize deviation resolutions
Override approval workflows (logged)
Delegate authority temporarily

Typical Users: VP Quality, VP Operations, Department Heads

5. Administrator

Permissions:

All System Owner permissions, plus:
User account management (create, modify, deactivate)
System configuration
Backup and restore operations
Audit log access (read-only)
Security settings
Integration management

Typical Users: IT Administrators, System Administrators

Important: Administrators cannot modify audit trail records. Audit trail is append-only and immutable per 21 CFR 11.10(e).

6. Auditor (Read-Only)

Permissions:

View all documents, CAPAs, deviations, work orders
Access complete audit trails
Generate compliance reports
Export data for regulatory submissions
No edit or approval permissions

Typical Users: Internal Auditors, External Auditors, Regulatory Inspectors

Permission Matrix

Action	Author	Reviewer	QA Mgr	System Owner	Admin	Auditor
Create Document	✓	✓	✓	✓	✓	-
Review Document	-	✓	✓	✓	✓	-
Approve Document	-	Partial	✓	✓	✓	-
Retire Document	-	-	✓	✓	✓	-
Create CAPA	✓	✓	✓	✓	✓	-
Approve Root Cause	-	-	✓	✓	✓	-
Close CAPA	-	-	✓	✓	✓	-
Record Deviation	✓	✓	✓	✓	✓	-
Investigate Deviation	-	✓	✓	✓	✓	-
View Audit Trail	Own	Assigned	All	All	All	All
Export Data	Own	Assigned	All	All	All	All
Manage Users	-	-	-	-	✓	-
Configure System	-	-	-	-	✓	-

Temporary Access Elevation

In emergencies, System Owners can grant temporary elevated permissions:

Navigate to User Management
Select target user
Click "Grant Temporary Access"
Choose elevated role
Set expiration (max 48 hours)
Provide justification
Apply e-signature

All temporary access grants are logged and auditable.

2. Document Management User Guide

2.1 Document Lifecycle Overview

BIO-QMS implements a compliant document control system per FDA 21 CFR Part 11 and ISO 13485:2016 Section 4.2.4 (Control of documents).

Document States

Documents progress through a defined lifecycle:

DRAFT → IN_REVIEW → APPROVED → ACTIVE → SUPERSEDED → OBSOLETE
  │         │           │         │          │            │
  │         │           │         │          │            └─► Archived
  │         │           │         │          └─► New version activated
  │         │           │         └─► Effective date reached
  │         │           └─► All approvals obtained
  │         └─► Submitted for review
  └─► Initial creation

State Descriptions:

State	Description	Editable	Visible to Users
DRAFT	Work in progress	Authors only	Authors only
IN_REVIEW	Undergoing review workflow	No	Reviewers + Authors
APPROVED	Approved but not yet effective	No	All users (watermarked)
ACTIVE	Currently in effect	No	All users
SUPERSEDED	Replaced by newer version	No	All users (read-only)
OBSOLETE	Retired, no longer valid	No	Restricted access

Regulatory Requirements Met

FDA 21 CFR Part 11.10(c): Protection of records to enable accurate and ready retrieval

All document versions retained indefinitely
Audit trail captures all changes, including who, what, when

FDA 21 CFR Part 11.10(e): Audit trail for record creation, modification, deletion

Every document action logged with timestamp, user ID, and reason
Audit trail immutable (append-only database table)

FDA 21 CFR Part 11.50: Signature manifestations

Electronic signatures display: Signed by [Name] on [Date] at [Time]
Signature meaning displayed: "I approve this document for controlled use"

ISO 13485:2016 4.2.4: Document control requirements

Documents reviewed and approved before use
Current revision status identified
Obsolete documents prevented from unintended use
Retained documents legible and identifiable

2.2 Creating and Editing Documents

Document Templates

BIO-QMS provides pre-configured templates compliant with regulatory standards:

1. Standard Operating Procedure (SOP)

Template Structure:

Purpose
Scope
Responsibilities
Definitions
Procedure (numbered steps)
References
Change History

Use Case: Process instructions requiring strict compliance (e.g., "Batch Release Procedure")

2. Work Instruction (WI)

Template Structure:

Objective
Applicable Equipment
Materials Required
Step-by-Step Instructions (with photos/diagrams)
Expected Results
Troubleshooting

Use Case: Task-level instructions for operators (e.g., "Loading Autoclave")

3. Validation Protocol (IQ/OQ/PQ)

Template Structure:

Introduction and Scope
System Description
Acceptance Criteria
Test Procedures
Data Recording Sheets
Approval Signatures
Deviation Log

Use Case: Formal validation of equipment, systems, or processes

4. Test Protocol

Template Structure:

Test Objectives
Test Environment
Test Cases (with expected results)
Pass/Fail Criteria
Traceability Matrix
Test Execution Log

Use Case: Software validation, method validation, analytical testing

5. Training Material

Template Structure:

Learning Objectives
Content Modules
Exercises and Quizzes
Evaluation Criteria
Training Record Form

Use Case: GxP training curriculum, SOP training

Advanced Editing Features

1. Collaborative Editing

Multiple authors can work simultaneously:

Real-time presence indicators show who's editing
Section-level locking prevents conflicts
Merge conflicts resolved automatically
Comments and suggestions visible to all co-authors

2. Document Linking

Create traceable links between documents:

Reference SOP: [[SOP-QA-015]]

System automatically:

Validates link target exists
Displays version number
Creates bidirectional traceability
Notifies if referenced document changes

3. Regulatory Citations

Insert citations that auto-format:

[FDA CFR 820.90(a)]

Expands to: FDA 21 CFR Part 820.90(a) — Nonconforming product

4. Controlled Terminology

Use organization-specific terminology library:

Type abbreviation (e.g., "API")
System suggests full term: "Active Pharmaceutical Ingredient"
Maintains consistency across documents

5. Spell Check and Grammar

Real-time checking with:

Medical/pharmaceutical dictionary
Regulatory terminology
Organization-specific terms
Grammar and style suggestions

6. Accessibility Compliance

Document editor enforces WCAG 2.1 AA standards:

Heading hierarchy validation
Alt text required for images
Color contrast checking
Screen reader compatibility

2.3 Review and Approval Workflow

Configuring Review Workflows

Sequential Review:

Reviewers approve in order:

Author → Tech Reviewer → QA Reviewer → QA Manager → Approved

If any reviewer rejects, document returns to author.

Parallel Review:

Multiple reviewers approve simultaneously:

              ┌→ Tech Reviewer 1 ─┐
Author → ─────┼→ Tech Reviewer 2 ─┼→ QA Manager → Approved
              └→ SME Reviewer ────┘

Document proceeds when all parallel reviewers approve.

Hybrid Workflow:

Combine sequential and parallel:

Author → ─┬→ Tech Review 1 ─┬→ QA Review → QA Director → Approved
          └→ Tech Review 2 ─┘

Review Process

For Reviewers:

Step 1: Receive Review Assignment

Notification received via email and in-app:

Subject: Document Review Required — SOP-MFG-042

You have been assigned to review:
Title: Aseptic Gowning Procedure
Type: Standard Operating Procedure
Author: Jane Smith
Due Date: February 22, 2026 (5 days)

[Review Now] [View Details]

Step 2: Access Document for Review

Click notification or navigate to "Documents" > "Pending Reviews"
Click document to open in review mode
Document displays in read-only view with review tools

Step 3: Review Document Content

Use review tools:

Commenting:

Highlight text
Right-click > "Add Comment"
Enter comment text
Set severity: Info, Suggestion, Must Fix
Click "Save Comment"

Track Changes:

Enable "Suggest Changes" mode
Edit document (changes shown in red strikethrough / green underline)
System tracks your suggestions

Review Checklist:

Document-specific checklists ensure thorough review:

☐ Purpose and scope clearly defined
☐ All steps are actionable and unambiguous
☐ Safety warnings included where applicable
☐ Referenced documents are current and correct
☐ Regulatory requirements addressed
☐ Training requirements identified
☐ Change history updated
☐ Spelling and grammar checked

Step 4: Make Review Decision

Choose one of four actions:

1. Approve

Click "Approve" button
Add approval comments (optional)
Enter e-signature password
Click "Confirm Approval"

Your electronic signature is applied:

Approved by: John Doe, QA Manager
Date: 2026-02-18 14:32:15 UTC
Meaning: I certify this document is accurate, complete, and ready for use

2. Approve with Comments

Click "Approve with Comments"
Comments are non-blocking (informational only)
Document proceeds to next reviewer

3. Request Revisions

Click "Request Revisions"
Select comments marked "Must Fix"
Add summary of required changes
Enter e-signature password
Document returns to author

4. Reject

Click "Reject" (use sparingly)
Provide detailed rejection rationale
Enter e-signature password
Document returns to draft state

Step 5: Track Review Completion

System notifies you when document is fully approved:

Subject: Document Approved — SOP-MFG-042

The document you reviewed has been fully approved:
Title: Aseptic Gowning Procedure
Effective Date: March 20, 2026

Thank you for your review.

Approval Escalation

If reviewer does not respond within SLA:

Day 1-3: No action Day 4: Reminder email sent Day 5 (due date): Overdue notification to reviewer and reviewer's manager Day 7: Escalation to QA Director with option to:

Extend deadline
Reassign to different reviewer
Override with justification

All escalations are logged in audit trail.

2.4 Version Control and Revision Management

Version Numbering

BIO-QMS uses major.minor version numbering:

Major Version (X.0):

Significant content changes
Regulatory impact changes
Process changes requiring retraining
Requires full review and approval workflow

Minor Version (X.Y):

Editorial corrections (typos, formatting)
Clarifications that don't change meaning
Updated cross-references
Expedited review process (QA Manager only)

Examples:

v1.0 → v2.0: Changed acceptance criteria for batch release (major)
v2.0 → v2.1: Fixed typo in equipment name (minor)
v2.1 → v3.0: Added new inspection step (major)

Creating a New Version

Step 1: Identify Need for Revision

Triggers for revision:

Regulatory requirement change
Process improvement identified
CAPA-driven corrective action
Scheduled periodic review (annual)
Audit finding

Step 2: Initiate Revision

Navigate to document (must be in ACTIVE state)
Click "Actions" > "Create New Version"
Select version type:
- Major Revision: Full review workflow
- Minor Revision: Expedited workflow

Provide revision reason:

Reason for Change: CAPA-2026-0042 identified risk of contamination during gowning step 4.2.3. Adding airlock verification requirement.

Click "Create Revision"

Step 3: Edit New Version

System creates draft v2.0 (current active version remains v1.0)
Edit new version in Draft state
Track changes mode automatically enabled
Previous version displayed side-by-side for comparison

Step 4: Document Changes

Update Change History table (auto-populated template):

Version	Date	Author	Change Description
1.0	2025-06-15	J. Smith	Initial release
2.0	2026-02-18	J. Smith	Added airlock verification at step 4.2.3 per CAPA-2026-0042. Updated training requirements.

Step 5: Submit for Review

Submit new version through review workflow
Reviewers see side-by-side comparison with previous version
Changes highlighted automatically

Step 6: Version Activation

When v2.0 is approved:

v1.0 status changes from ACTIVE to SUPERSEDED
v2.0 status changes to ACTIVE
Training assignments generated for affected personnel
Controlled copies updated automatically

Version History and Comparison

View Version History:

Open any document
Click "Versions" tab
See complete version history:

Version | Status      | Effective Date | Author    | Actions
--------|-------------|----------------|-----------|----------------
3.0     | ACTIVE      | 2026-02-18     | J. Smith  | [View] [Download]
2.0     | SUPERSEDED  | 2025-09-10     | J. Smith  | [View] [Compare]
1.0     | SUPERSEDED  | 2025-06-15     | J. Smith  | [View] [Compare]

Compare Versions:

Click "Compare" next to any version
Select second version to compare
View side-by-side comparison with changes highlighted:
- Red: Deletions
- Green: Additions
- Yellow: Modifications

Download Previous Versions:

All versions remain downloadable indefinitely per FDA record retention requirements.

2.5 Controlled Copies and Distribution

Controlled copies ensure users always access the current, approved version.

Controlled vs. Uncontrolled Copies

Controlled Copy	Uncontrolled Copy
Always shows current version	Fixed snapshot in time
Auto-updates when new version released	Does not update
Watermarked "CONTROLLED COPY"	Watermarked "UNCONTROLLED COPY"
Traceable (who accessed, when)	Not traceable
Use: Training, daily operations	Use: External submissions, reference only

Creating a Distribution List

Step 1: Define Document Audience

When creating/editing document, configure "Distribution" settings:

Target Audience: Select from:
- Specific users (search by name)
- Roles (e.g., "QA Specialists", "Manufacturing Technicians")
- Departments (e.g., "Quality Assurance", "Manufacturing")
- Sites (for multi-site organizations)
Access Level:
- Automatic: Document added to user's library automatically
- Request-Based: Users must request access
- Restricted: Requires approval from document owner

Step 2: Configure Notifications

Choose notification triggers:

✓ New document published
✓ Document revised (new version)
✓ Document superseded
✓ Document retired
✓ Periodic reminder (e.g., quarterly: "This document is in effect")

Step 3: Publish Distribution

Click "Save Distribution Settings"
System immediately sends "Document Available" notifications
Controlled copies appear in users' "My Documents" library

Accessing Controlled Copies

Users access controlled copies via:

1. Document Library:

Navigate to "Documents" > "My Documents"
Documents are categorized by type and department
Current version always displayed

2. Direct Link:

Document permalink: https://your-org.bio-qms.coditect.ai/docs/SOP-MFG-042
Always resolves to current active version
Bookmark-safe

3. Mobile App:

iOS and Android apps sync controlled copies for offline access
Background sync ensures latest version available
Watermark indicates if offline copy is out-of-date

Tracking Document Usage

Document owners can view access analytics:

Usage Metrics:

Total views
Unique viewers
Average time spent viewing
Download count
Print count

Compliance Metrics:

% of target audience who have viewed document
% of target audience with current training
Acknowledgment of understanding (if required)

Audit Trail:

Who accessed document (user ID + timestamp)
IP address and device type
Actions taken (view, download, print)

2.6 Document Retirement and Archival

When to Retire a Document

Retire documents when:

Process is discontinued
Superseded by new document structure (not just a new version)
No longer applicable due to regulatory changes
Equipment/system decommissioned

Do NOT retire when issuing a new version. Use version control instead.

Retirement Process

Step 1: Initiate Retirement

Navigate to document (must be ACTIVE or SUPERSEDED)
Click "Actions" > "Retire Document"

Provide retirement reason:

Retirement Reason: Equipment Model XYZ-100 decommissioned per Work Order WO-2026-0234. This cleaning SOP no longer applicable.

Select retirement effective date (minimum 30 days notice)

Step 2: Retirement Approval

Retirement requires QA Manager approval:

QA Manager reviews retirement request
Verifies no active dependencies (other documents referencing this one)
System checks for:
- Active training records referencing document
- Open CAPAs linked to document
- Work orders using document
Approve or reject retirement

Step 3: Retirement Notification

On retirement effective date:

Document status changes to OBSOLETE
"Document Retired" notifications sent to previous distribution list
Document removed from active library
Watermark changes to "OBSOLETE — DO NOT USE"

Step 4: Archival

Obsolete documents are:

Moved to "Archived Documents" section (restricted access)
Remain fully searchable with "Include Archived" filter
Retained per record retention policy (typically 10+ years)
Audit trail preserved indefinitely

Accessing Archived Documents

For Regulatory Inspections:

Auditors need to view historical documents:

Navigate to "Documents" > "Archived Documents"
Filter by date range, department, or document type
Select document to view (read-only)
Generate audit trail report for document
Export document with full metadata

For Historical Reference:

Users with appropriate permissions can:

View archived documents (read-only)
Download PDF snapshots (watermarked OBSOLETE)
Access complete version history
View related audit records

2.7 Best Practices

Writing Effective Procedures

1. Use Active Voice and Imperative Mood

❌ Poor: "The sample should be weighed." ✅ Good: "Weigh the sample."

2. Be Specific with Quantities and Tolerances

❌ Poor: "Add approximately 50 mL of buffer." ✅ Good: "Add 50 ± 5 mL of buffer using a graduated cylinder."

3. Number Steps Sequentially

1 Preparation
1.1 Verify equipment is calibrated (check sticker date)
1.2 Gather materials per Materials List (Section 3)
1.3 Record batch number in logbook

2 Execution
2.1 Set temperature to 25 ± 2°C
  ...

4. Include Warning and Caution Statements

⚠️ WARNING: Hot surface. Risk of burn injury. Allow autoclave to cool for 30 minutes before opening.

⚠️ CAUTION: Sample is light-sensitive. Perform procedure in amber-tinted glassware.

5. Define Acceptance Criteria

❌ Poor: "Verify the solution is clear." ✅ Good: "Verify the solution is clear and colorless. Acceptance Criteria: Visual inspection shows no particulate matter > 0.5 mm and no color (compared to water blank)."

Document Review Checklist

Before submitting for review, verify:

Avoiding Common Mistakes

1. Overloading a Single Document

❌ Anti-pattern: "Laboratory Operations Manual" (300 pages covering 50 procedures) ✅ Best practice: Separate SOPs for each process, with master index document

2. Using Ambiguous Language

❌ Avoid: "soon", "approximately", "adequately", "as needed" ✅ Use: Specific timeframes, quantities, and criteria

3. Forgetting Definitions

If document uses specialized terms, define them:

3. DEFINITIONS

HEPA: High-Efficiency Particulate Air (filter removing ≥99.97% of particles ≥0.3 μm)
Aseptic: Free from contamination caused by harmful bacteria, viruses, or other microorganisms

4. Ignoring Training Implications

Every document change may require retraining. Consider:

Is this change significant enough to require retraining?
Who needs to be retrained?
How will competency be verified?

3. CAPA Management User Guide

3.1 CAPA Overview and Regulatory Requirements

Corrective and Preventive Action (CAPA) is a systematic process for investigating and resolving quality issues.

What is CAPA?

Corrective Action: Action taken to eliminate the cause of a detected non-conformance or other undesirable situation, and to prevent recurrence.

Preventive Action: Action taken to eliminate the cause of a potential non-conformance or other undesirable situation, and to prevent occurrence.

Regulatory Requirements

Regulation	Requirement
FDA 21 CFR Part 820.100	Establish and maintain procedures for implementing corrective and preventive action
FDA 21 CFR Part 820.90	Procedures for nonconforming product analysis and disposition
ISO 13485:2016 8.5.2	Corrective action to eliminate causes of nonconformities
ISO 13485:2016 8.5.3	Preventive action to eliminate causes of potential nonconformities
ICH Q10 3.2	CAPA system as element of pharmaceutical quality system

When to Initiate a CAPA

CAPAs are required for:

Recurring Deviations: Same type of deviation occurs 3+ times in 90 days
Critical Non-Conformances: Single event with significant safety or compliance impact
Audit Findings: Internal or external audit identifies systemic issue
Complaints: Customer or user complaints indicating process failure
Trend Analysis: Data trending reveals potential risk
Risk Assessments: High-risk issues identified during risk analysis

CAPA vs. Deviation vs. Change Control

Aspect	Deviation	CAPA	Change Control
Trigger	Single unexpected event	Systemic issue or pattern	Planned improvement
Scope	Specific incident	Root cause + prevention	Controlled modification
Output	Investigation report	Action plan + verification	Updated procedures
Timeline	Days to weeks	Weeks to months	Varies

Relationship:

Deviation → (if recurring) → CAPA → (generates) → Change Control / Work Orders

3.2 Creating a CAPA Record

Step-by-Step: Initiating a CAPA

Step 1: Access CAPA Module

Click "CAPA" in main navigation
Click "+ New CAPA" button

Step 2: Complete CAPA Initiation Form

Basic Information:

Field	Description	Example
CAPA Number	Auto-generated unique ID	CAPA-2026-0042
Title	Brief description	"Contamination Risk in Aseptic Gowning"
Classification	Type of CAPA	Corrective / Preventive / Both
Source	What triggered this CAPA	Deviation / Audit Finding / Complaint / Trend / Agent Detected
Priority	Urgency and impact	LOW / MEDIUM / HIGH / CRITICAL

Priority Guidelines:

Priority	Definition	Response Time	Approval Level
CRITICAL	Immediate patient safety risk or regulatory violation	7 days	VP Quality + Executive
HIGH	Significant quality impact or compliance risk	30 days	QA Director
MEDIUM	Moderate impact, no immediate risk	60 days	QA Manager
LOW	Minor issue, opportunity for improvement	90 days	QA Manager

Problem Description:

Provide detailed description:

Description: During routine environmental monitoring on February 10, 2026,
increased colony counts were detected in the gowning room airlock.
Investigation revealed 3 operators were not performing the airlock
verification step per SOP-MFG-042 v1.0 step 4.2.3.

Impact Assessment:
- 3 production batches potentially affected (Batch #2026-0234, 2026-0235, 2026-0236)
- Environmental excursion (10 CFU/m³ vs. alert limit 5 CFU/m³)
- No product contamination detected (environmental only)
- Training gap identified: airlock verification added in v2.0 (2 months ago),
  but 3 operators missed retraining

Affected Systems: [Select from asset registry]
- Cleanroom Suite 2A (Asset ID: CR-2A)
- Autoclave A-101 (processes affected batches)

Affected Regulations:
- FDA 21 CFR Part 211 (cGMP)
- ISO 13485:2016 (Quality Management)

Source Linkage:

Link to triggering event:

Source Deviation IDs: DEV-2026-0087, DEV-2026-0091, DEV-2026-0093
Source Work Order IDs: WO-2026-0234 (environmental monitoring)
Source Audit Finding: (leave blank if not applicable)

Step 3: Risk Assessment

Complete risk assessment to determine CAPA necessity and priority:

Risk Matrix:

Likelihood	Impact	Risk Score	Action Required
1 (Rare)	1 (Negligible)	1	Deviation report may suffice
3 (Possible)	4 (Major)	12	CAPA required (Medium priority)
5 (Almost Certain)	5 (Catastrophic)	25	CAPA required (Critical priority)

For Our Example:

Likelihood: 4 (Likely) — Training gap affects multiple operators
Impact: 3 (Moderate) — Environmental excursion, no product contamination detected
Risk Score: 12 (Likely × Moderate = 12)
Risk Category: Compliance
Mitigation Plan: Immediate retraining of affected operators, enhance training
verification process, add competency checks

Result: CAPA required (Medium priority, 60-day timeline)

Step 4: Submit CAPA for Approval

Click "Submit CAPA"
Add submission comments
CAPA status changes to INITIATED
QA Manager receives notification for review

3.3 Root Cause Analysis

Root Cause Analysis Methods

BIO-QMS supports three structured methods:

1. Five Whys

Ask "Why?" repeatedly to drill down to root cause.

Example:

Problem: Operators not performing airlock verification

Why 1: Why didn't operators perform the verification?
Answer: They were not aware of the new step.
Evidence: Interviews with operators, no documented training

Why 2: Why were they not aware?
Answer: Training was not delivered after SOP revision.
Evidence: Training records show no completion for SOP-MFG-042 v2.0

Why 3: Why was training not delivered?
Answer: Training department was not notified of SOP change.
Evidence: No training request in system

Why 4: Why was training department not notified?
Answer: Automated training assignment did not trigger.
Evidence: System log shows workflow failed

Why 5: Why did the workflow fail?
Answer: Document distribution list did not include training department role.
Evidence: Distribution settings review

ROOT CAUSE: Document control process does not ensure automatic training
assignment when SOPs are revised. Configuration error in workflow settings.

Root Cause Category: Process Gap

2. Fishbone Diagram (Ishikawa)

Organize potential causes into categories:

                      Contamination in Gowning Room
                              (PROBLEM)
                                  │
         ┌────────────────────────┼────────────────────────┐
         │                        │                        │
     PEOPLE                   PROCESS                 TECHNOLOGY
         │                        │                        │
   - Training gap          - SOP unclear           - Workflow bug
   - Competency not        - Training process      - No validation
     verified                broken                  of settings
         │                        │                        │
         └────────────────────────┴────────────────────────┘

3. Fault Tree Analysis

For complex issues, use logic tree to identify contributing factors:

Top Event: Gowning contamination risk
       │
       ├─ AND ─┬─ Operators untrained
       │       └─ Verification step not performed
       │
       ├─ OR ──┬─ Training not assigned
               ├─ Training assigned but not completed
               └─ Training completed but not effective

Performing Root Cause Analysis in BIO-QMS

Step 1: Access CAPA Record

Navigate to "CAPA" > "Active CAPAs"
Click CAPA-2026-0042
Status shows "INITIATED" with next action: "Perform Root Cause Analysis"

Step 2: Select RCA Method

Click "Root Cause Analysis" tab
Select method: Five Whys / Fishbone / Fault Tree
System provides guided template

Step 3: Document Analysis

Complete RCA template (system provides structure):

## Root Cause Analysis — CAPA-2026-0042

Method: Five Whys
Analyst: John Doe, QA Specialist
Date: 2026-02-18

[Detailed analysis as shown above]

## Root Cause Statement
The document control system's training workflow did not automatically assign
training to affected personnel when SOP-MFG-042 was revised from v1.0 to v2.0.
This resulted in a training gap where 3 operators continued using the outdated
procedure without the new airlock verification step.

Root Cause Category: Process Gap — Training Assignment

## Evidence
- SOP-MFG-042 v2.0 approved 2025-12-10, effective 2025-01-10
- Training records query: 0 completions for v2.0 by affected operators
- Document distribution settings: Training department role not included
- System logs: Training workflow did not execute on v2.0 publication

Step 4: Submit for QA Approval

Click "Submit Root Cause Analysis"
QA Manager receives notification
CAPA transitions to "ROOT_CAUSE_ANALYSIS" state pending approval

Step 5: QA Manager Reviews RCA

QA Manager evaluates:

Is root cause adequately justified with evidence?
Are contributing factors identified?
Is root cause specific enough to drive effective actions?

Approve or Request Revisions:

If approved:

QA Manager applies electronic signature
CAPA transitions to "ACTION_PLANNING" state

If revisions needed:

QA Manager adds comments
CAPA returns to analyst for additional investigation

3.4 Action Planning and Assignment

Defining Corrective Actions

Corrective actions address the root cause to prevent recurrence.

For Our Example:

Corrective Action 1: Fix Training Workflow

Description: Update document control workflow to automatically include training
department role in distribution list when any SOP is published or revised.

Assignee: Jane Smith, IT Systems Administrator
Due Date: 2026-03-01 (10 business days)
Expected Outcome: All future SOP publications trigger training assignments
Verification Method: Test workflow with dummy document; confirm training
assignment created

Corrective Action 2: Retrain Affected Operators

Description: Deliver SOP-MFG-042 v2.0 training to all operators who missed
initial training. Include competency verification (observed performance).

Assignee: Tom Johnson, Training Coordinator
Due Date: 2026-02-25 (5 business days)
Expected Outcome: All affected operators complete training and demonstrate
competency
Verification Method: Training records updated; competency observation checklist
completed and signed by supervisor

Corrective Action 3: Audit Document Distribution Settings

Description: Review distribution settings for all active SOPs to identify any
other documents missing training department role.

Assignee: John Doe, QA Specialist
Due Date: 2026-03-05 (15 business days)
Expected Outcome: Report of SOPs with incorrect distribution settings
Verification Method: Spreadsheet report submitted with findings

Defining Preventive Actions

Preventive actions address potential future issues.

Preventive Action 1: Add Validation Check

Description: Add automated validation rule: when document status changes to
APPROVED, system must verify training department is in distribution list.
Block publication if missing.

Assignee: Jane Smith, IT Systems Administrator
Due Date: 2026-03-15 (20 business days)
Expected Outcome: System prevents publication of documents without training assignment
Verification Method: Unit test demonstrating validation rule blocks publication

Preventive Action 2: Quarterly Distribution Audit

Description: Create scheduled report that runs quarterly to verify all active
SOPs include training department in distribution. Auto-generate CAPA if
discrepancies found.

Assignee: John Doe, QA Specialist
Due Date: 2026-03-20 (25 business days)
Expected Outcome: Automated quarterly audit report
Verification Method: Report executes successfully and identifies test case
document with missing training role

Creating Actions in BIO-QMS

Step 1: Access Action Planning

Open CAPA-2026-0042
Status shows "ACTION_PLANNING"
Click "Actions" tab

Step 2: Add Corrective Actions

Click "+ Add Corrective Action"
Fill action details:
- Sequence: 1, 2, 3 (order of execution)
- Description: (detailed as above)
- Assignee: (search users)
- Due Date: (calendar picker)
Click "Save Action"
Repeat for each corrective action

Step 3: Add Preventive Actions

Same process as corrective actions, but select "Preventive Action" type.

Step 4: Generate Work Orders (Optional)

For actions requiring formal change control:

Select action
Click "Generate Work Order"

System creates WO linked to CAPA:

Work Order: WO-2026-0301
Title: CAPA-2026-0042 — Update Training Workflow
Type: Corrective
Regulatory: Yes
Linked CAPA: CAPA-2026-0042, Action 1

Step 5: Submit Action Plan

Click "Submit Action Plan"
All actions must have assignees and due dates
CAPA transitions to "IN_PROGRESS" state
Assignees receive notification with action details

3.5 CAPA Execution and Tracking

For Action Assignees

Step 1: Receive Action Assignment

Email notification:

Subject: CAPA Action Assigned — CAPA-2026-0042 Action 1

You have been assigned a corrective action:

CAPA: Contamination Risk in Aseptic Gowning
Action: Update document control workflow to automatically include training department
Due Date: March 1, 2026

[View Action] [Update Status]

Step 2: Access Action Details

Click notification or navigate to "CAPA" > "My CAPA Actions"
Click action to view full details
Review linked root cause analysis and related documents

Step 3: Execute Action

Perform assigned task:

Follow implementation steps
Document activities performed
Collect evidence of completion

Step 4: Update Action Status

As you work:

Click "Update Status" on action
Change status:
- Open → In Progress (when you start)
- In Progress → Completed (when finished)

Add progress notes:

Status Update (2026-02-22):
- Identified workflow configuration file
- Developed proposed fix (add training role to default distribution)
- Tested in development environment
- Submitted to peer review

Next: Deploy to production after peer review approval

Step 5: Attach Evidence

Click "Attachments" tab on action
Upload evidence files:
- Before/after screenshots
- Test results
- Training records
- Signed checklists
- System logs

Example evidence for Action 1:

workflow-config-before.json
workflow-config-after.json
test-results-training-assignment.xlsx
peer-review-approval.pdf

Step 6: Mark Action Complete

Set status to "Completed"

Enter completion summary:

Completion Summary:
Updated document control workflow configuration to add "Training Department"
role to default distribution list for all document types. Change deployed
to production on 2026-02-28. Tested with dummy document SOP-TEST-999;
confirmed training assignment auto-generated. Peer reviewed by Sarah Lee
(signature attached).

Enter electronic signature password
Click "Submit Completion"

For CAPA Owners (Tracking Progress)

CAPA Dashboard View:

CAPA-2026-0042: Contamination Risk in Aseptic Gowning
Status: IN_PROGRESS
Priority: MEDIUM
Due: April 18, 2026 (60 days from initiation)
Progress: 60% Complete

Corrective Actions:
✓ Action 1: Update Training Workflow [COMPLETED] — 2026-02-28
✓ Action 2: Retrain Affected Operators [COMPLETED] — 2026-02-24
⏳ Action 3: Audit Distribution Settings [IN_PROGRESS] — Due 2026-03-05

Preventive Actions:
⏸ Action 4: Add Validation Check [OPEN] — Due 2026-03-15
⏸ Action 5: Quarterly Distribution Audit [OPEN] — Due 2026-03-20

Automated Reminders:

System sends reminders:

7 days before due date: Reminder to assignee
Due date: Overdue notification to assignee and QA Manager
7 days overdue: Escalation to QA Director

3.6 Effectiveness Verification

Effectiveness verification confirms corrective and preventive actions successfully resolved the issue.

Planning Verification

Step 1: Define Verification Method

When creating action plan, specify how effectiveness will be verified:

For Our Example:

Effectiveness Verification Plan:

Method: Post-implementation monitoring + audit
Duration: 60 days post-completion
Success Criteria:
1. Zero training-related deviations for 60 days
2. 100% of SOP publications (minimum 3) successfully generate training assignments
3. Environmental monitoring in gowning room returns to normal (< 5 CFU/m³)
4. Verification audit finds no SOPs with missing training roles

Measurement:
- Query deviation database for training-related issues
- Review training assignment logs for all SOP publications
- Review environmental monitoring data for gowning room
- Run quarterly distribution audit report

Step 2: Schedule Verification

Set verification due date:

Effectiveness Due Date: 60 days after all actions completed
For our example: April 30, 2026 (60 days after Action 2 completed on Feb 28)

Performing Verification

Step 1: Collect Verification Data

On effectiveness due date:

Open CAPA-2026-0042
Status shows "EFFECTIVENESS_PENDING"
Click "Effectiveness Verification" tab
Click "Begin Verification"

Step 2: Execute Verification Activities

Perform measurements defined in verification plan:

Verification Activity 1: Query Deviations

SELECT * FROM deviations
WHERE created_date BETWEEN '2026-02-28' AND '2026-04-30'
AND category = 'Training'

Result: 0 deviations found ✓

Verification Activity 2: Review Training Assignments

SOP Publications (Feb 28 - Apr 30):
- SOP-QA-017 v3.0 (published 2026-03-15) → Training assignment auto-generated ✓
- SOP-MFG-008 v2.1 (published 2026-04-02) → Training assignment auto-generated ✓
- SOP-LAB-023 v1.0 (published 2026-04-18) → Training assignment auto-generated ✓

Success Rate: 3/3 = 100% ✓

Verification Activity 3: Environmental Monitoring

Gowning Room Environmental Monitoring (Feb 28 - Apr 30):
- Average CFU/m³: 2.1 (within specification < 5)
- Excursions: 0
- Trend: Stable ✓

Verification Activity 4: Distribution Audit

Quarterly Distribution Audit (executed 2026-04-15):
- Total Active SOPs: 247
- SOPs with Training Dept in distribution: 247
- Discrepancies found: 0 ✓

Step 3: Document Verification Results

Complete verification report:

## Effectiveness Verification Report — CAPA-2026-0042

Verification Period: February 28, 2026 — April 30, 2026
Verified By: John Doe, QA Specialist
Verification Date: 2026-04-30

### Success Criteria Assessment

| Criterion | Target | Actual | Status |
|-----------|--------|--------|--------|
| Training-related deviations | 0 in 60 days | 0 | ✓ PASS |
| Training assignment success rate | 100% | 100% (3/3 publications) | ✓ PASS |
| Environmental monitoring | < 5 CFU/m³ | Avg 2.1 CFU/m³ | ✓ PASS |
| Distribution audit | 0 discrepancies | 0 discrepancies | ✓ PASS |

### Conclusion
All success criteria met. Corrective and preventive actions have been effective
in resolving the root cause and preventing recurrence.

### Evidence
- Deviation Query Results (Attachment 1)
- Training Assignment Log (Attachment 2)
- Environmental Monitoring Report (Attachment 3)
- Distribution Audit Report (Attachment 4)

Step 4: Submit for QA Approval

Click "Submit Verification Results"
Attach all evidence files
QA Manager receives notification to review

3.7 CAPA Closure

Step 1: QA Manager Reviews Verification

QA Manager evaluates:

Are all actions completed with evidence?
Does verification data support success criteria?
Is there confidence recurrence is prevented?

Step 2: Approve Closure

If verification is satisfactory:

Click "Close CAPA"

Enter closure justification:

Closure Justification:
All corrective and preventive actions completed as planned. Effectiveness
verification demonstrates successful resolution:
- Training workflow fixed (confirmed by 100% success rate)
- Affected operators retrained (competency verified)
- Preventive controls in place (validation rule + quarterly audit)
- No recurrence in 60-day monitoring period

CAPA is approved for closure.

Enter electronic signature password
Click "Confirm Closure"

Step 3: System Closure Actions

When CAPA is closed:

Status changes to "CLOSED"
Closure timestamp recorded
Final metrics calculated:
- Days to closure: 72 days (within 90-day target)
- Actions completed: 5/5 (100%)
- Effectiveness verified: Yes
CAPA removed from "Active CAPAs" list
Appears in "Closed CAPAs" report
Full audit trail sealed

CAPA Closure Metrics

System calculates closure metrics:

CAPA-2026-0042 Closure Summary:
- Initiated: 2026-02-18
- Closed: 2026-04-30
- Duration: 72 days (target: 90 days) ✓
- Actions: 5 (3 corrective, 2 preventive)
- Effectiveness: Verified
- Risk Score Reduction: 12 → 2 (83% reduction)

Ineffective CAPA (Rare)

If effectiveness verification fails:

QA Manager clicks "Close as Ineffective"
CAPA status changes to "CLOSED_INEFFECTIVE"

System automatically generates new CAPA:

CAPA-2026-0043: Re-investigation of CAPA-2026-0042
Source: CLOSED_INEFFECTIVE CAPA
Reference: CAPA-2026-0042
Priority: Same as original (or elevated)

New root cause analysis required

3.8 Sample CAPA Workflow

Complete example from initiation to closure:

Timeline:

Date	Event	Actor	Action
Feb 10	Trigger	Env Monitor	Contamination detected, 3 related deviations logged
Feb 18	Initiation	QA Specialist	CAPA-2026-0042 created, risk assessment completed
Feb 18	RCA Start	QA Specialist	Five Whys analysis performed
Feb 19	RCA Approval	QA Manager	Root cause approved with e-signature
Feb 19	Action Planning	QA Specialist	5 actions defined (3 corrective, 2 preventive)
Feb 19	Action Assignment	System	Notifications sent to assignees
Feb 20-28	Execution	Assignees	Actions 1 & 2 completed with evidence
Mar 5	Execution	Assignee	Action 3 completed
Mar 15	Execution	Assignee	Action 4 completed
Mar 20	Execution	Assignee	Action 5 completed
Mar 20	Verification Start	System	60-day monitoring period begins
Apr 30	Verification Complete	QA Specialist	Verification data collected, success criteria met
Apr 30	Closure	QA Manager	CAPA closed with e-signature

Key Documents Generated:

CAPA Record (CAPA-2026-0042.pdf)
Root Cause Analysis Report
Action Plan with Evidence
Effectiveness Verification Report
Complete Audit Trail (58 audit entries)
Electronic Signature Logs (3 signatures)

Audit Trail Sample:

Entry ID | Timestamp | User | Action | Details
---------|-----------|------|--------|--------
1 | 2026-02-18 09:15:22 | jdoe | CAPA_CREATED | CAPA-2026-0042 created
2 | 2026-02-18 09:18:45 | jdoe | FIELD_UPDATED | Changed priority from LOW to MEDIUM
3 | 2026-02-18 10:32:11 | jdoe | STATUS_CHANGE | Status: DRAFT → INITIATED
...
56 | 2026-04-30 14:22:03 | qamgr | STATUS_CHANGE | Status: EFFECTIVENESS_PENDING → CLOSED
57 | 2026-04-30 14:22:03 | qamgr | SIGNATURE_APPLIED | E-signature: Closure approval
58 | 2026-04-30 14:22:04 | system | METRICS_CALCULATED | Duration: 72 days, Success: TRUE

4. Deviation Management User Guide

4.1 Understanding Deviations

What is a Deviation?

A deviation is an unplanned departure from approved procedures, specifications, or standards during GxP-regulated activities.

Examples:

Temperature excursion during storage (outside specification)
Missed step in manufacturing procedure
Equipment malfunction during critical process
Test result outside acceptance criteria
Delayed approval beyond SLA

Regulatory Context

Regulation	Requirement
FDA 21 CFR Part 211.192	Investigation of discrepancies
FDA 21 CFR Part 820.90	Nonconforming product procedures
ISO 13485:2016 8.3	Control of nonconforming output
ICH Q10 Annex 1	Management of change

Deviation vs. Out-of-Specification (OOS)

Aspect	Deviation	OOS
Definition	Procedural non-compliance	Result outside specification
Example	Skipped cleaning step	Assay result 94% (spec: 95-105%)
Investigation	Procedure review	Lab investigation protocol
CAPA Trigger	If recurring	Always (unless lab error confirmed)

4.2 Recording a Deviation

Step-by-Step: Creating a Deviation Report

Step 1: Recognize and Report Immediately

GxP principle: Deviations must be reported when discovered, not retrospectively.

Step 2: Access Deviation Module

Click "Deviations" in main navigation
Click "+ Report Deviation" button
System records submission timestamp (cannot be backdated)

Step 3: Complete Deviation Report Form

Basic Information:

Field	Description	Example
Deviation Number	Auto-generated	DEV-2026-0087
Title	Brief description	"Temperature Excursion in Cold Storage"
Detected Date/Time	When was it discovered	2026-02-10 08:45:00
Occurred Date/Time	When did it happen (if known)	2026-02-09 22:00:00 (estimated)
Location	Where it occurred	Cold Storage Room 3B
Process/Activity	What was being done	Overnight storage of vaccine batches

Detailed Description:

Provide comprehensive details:

Description:
Upon arriving for morning shift on 2026-02-10 at 08:30, QA Technician observed
temperature logger for Cold Storage Room 3B displaying 12°C. Specification:
2-8°C. Logger history reviewed; temperature alarm threshold (10°C) was exceeded
starting at approximately 22:00 on 2026-02-09. Alarm did not trigger (confirmed
by checking alarm history).

Temperature profile:
- 2026-02-09 18:00: 5°C (normal)
- 2026-02-09 22:00: 10°C (alarm threshold)
- 2026-02-09 23:00: 12°C (peak)
- 2026-02-10 06:00: 11°C
- 2026-02-10 08:45: 12°C (when discovered)

Affected Materials:
- Batch VAC-2026-0123 (Influenza vaccine, 500 vials)
- Batch VAC-2026-0124 (Influenza vaccine, 500 vials)
- Batch VAC-2026-0125 (Influenza vaccine, 300 vials)
Total: 1,300 vials, value $65,000

Immediate Actions Taken:
1. Materials quarantined (moved to Quarantine Area Q2)
2. Facility Maintenance notified at 09:00
3. Refrigeration unit inspection initiated
4. QA Manager notified at 09:15

Affected Records:

Link related records:

Work Orders: WO-2026-0234 (cold storage validation)
Batches: VAC-2026-0123, VAC-2026-0124, VAC-2026-0125
Equipment: COLD-STORAGE-3B, LOGGER-3B-TEMP
Personnel: J. Smith (technician who discovered), M. Johnson (previous shift)

Step 4: Perform Initial Classification

Classify deviation by severity:

Severity	Definition	Example	Investigation SLA
Critical	Immediate safety risk or regulatory violation	Microbial contamination detected	24 hours
Major	Significant quality impact, product may be affected	Temperature excursion (our example)	5 days
Minor	Limited impact, unlikely to affect product quality	Documentation error	10 days

For Our Example: Major (temperature excursion, product potentially affected)

Step 5: Immediate Actions and Containment

Document immediate containment:

Immediate Actions:
1. ✓ Affected batches quarantined (QA hold tag applied)
2. ✓ Refrigeration unit taken out of service pending investigation
3. ✓ Maintenance inspection scheduled (Ticket #MT-2026-0087)
4. ✓ QA Manager informed
5. ✓ Customer shipments for affected batches halted
6. ⏳ Stability study initiated to assess product impact (pending approval)

Containment Verification:
- All 1,300 vials physically moved to Quarantine Area Q2 at 09:30
- QA Hold tags applied with DEV-2026-0087 reference
- Shipping system updated: batches marked "HOLD - DO NOT SHIP"

Step 6: Assign Investigator

Select investigator from dropdown (QA specialists or technical leads)
Set investigation due date per SLA (Major = 5 days from discovery)

Add investigation scope:

Investigation Scope:
Determine root cause of temperature excursion
Assess refrigeration unit performance history
Evaluate alarm system failure
Review temperature data for all cold storage units
Assess product impact (consult stability data)
Determine if affected batches can be released or must be rejected

Step 7: Submit Deviation Report

Click "Submit Deviation"
Deviation status: "OPEN - INVESTIGATION_PENDING"
Investigator receives notification with 5-day SLA

4.3 Deviation Classification

Classification Categories

By Severity:

Level	Impact	Response
Critical	Patient safety or regulatory compliance at immediate risk	Halt production, notify management within 1 hour, external reporting may be required
Major	Significant quality impact, product may not meet specifications	Quarantine affected materials, investigation within 5 days
Minor	Limited impact, product quality not affected	Corrective action, investigation within 10 days

By Type:

Type	Description	Examples
Procedural	Failure to follow SOP	Missed signature, skipped step
Equipment	Equipment malfunction or failure	Temperature excursion, calibration out of tolerance
Material	Material outside specification	Reagent purity below acceptance criteria
Documentation	Recording or data integrity issue	Data entry error, missing record
Personnel	Human error or training gap	Incorrect technique, untrained operator

By Source:

Work Order execution
Validation protocol execution (IQ/OQ/PQ)
Batch manufacturing
Environmental monitoring
Equipment qualification
Supplier quality issue
Audit finding

4.4 Investigation Process

For Investigators

Step 1: Receive Assignment

Email notification:

Subject: Deviation Investigation Assigned — DEV-2026-0087

You have been assigned to investigate:

Deviation: Temperature Excursion in Cold Storage
Severity: Major
Due Date: February 15, 2026 (5 days)
Affected Batches: VAC-2026-0123, VAC-2026-0124, VAC-2026-0125

[Begin Investigation] [View Details]

Step 2: Access Deviation Record

Click "Deviations" > "My Investigations"
Click DEV-2026-0087 to open
Review initial report and affected records

Step 3: Gather Evidence

Collect data to support investigation:

Temperature Data:

Download logger data for Room 3B (Feb 9-10)
Download logger data for all cold storage units (comparison)
Review calibration records for LOGGER-3B-TEMP

Equipment History:

Review maintenance logs for COLD-STORAGE-3B
Review alarm history for LOGGER-3B-TEMP
Check previous deviations involving this unit

Personnel Records:

Interview previous shift operator (M. Johnson)
Review training records for cold storage operation
Check access logs (who entered room Feb 9 evening)

Product Impact:

Review stability data for vaccine batches at elevated temperatures
Consult product specifications for temperature tolerance
Review batch release criteria

Step 4: Document Investigation

Complete investigation report in BIO-QMS:

## Investigation Report — DEV-2026-0087

Investigator: Sarah Lee, QA Specialist
Investigation Period: February 10-14, 2026

### Findings

1. **Root Cause: Equipment Failure**
   The refrigeration unit's compressor failed at approximately 22:00 on
   2026-02-09. Maintenance inspection (Ticket #MT-2026-0087) revealed
   compressor motor bearing failure. Unit has 12,500 operating hours;
   preventive maintenance schedule calls for bearing replacement at 10,000 hours.

   Evidence: Maintenance report (Attachment 1), bearing wear photos (Attachment 2)

2. **Contributing Factor: Overdue Preventive Maintenance**
   Last PM performed 2024-08-15 (18 months ago). Bearing replacement was
   recommended but deferred due to "low priority." No documented risk assessment
   for deferral decision.

   Evidence: PM records (Attachment 3), deferral email (Attachment 4)

3. **Alarm Failure: Configuration Error**
   Temperature alarm was configured to send email notification only. Email
   server was undergoing maintenance Feb 9-10, so alarm emails were not
   delivered. No backup alarm method (SMS, audible alarm, pager) configured.

   Evidence: Alarm configuration screenshot (Attachment 5), IT maintenance
   notice (Attachment 6)

4. **Product Impact Assessment**
   Consulted with Product Development and Regulatory Affairs:
   - Vaccine stability data shows < 2% potency loss after 24 hours at 12°C
   - Product specification allows up to 5% potency loss
   - Batches were exposed for ~11 hours (22:00 to 09:00)
   - **Conclusion:** Product remains within specification (estimated 1% potency loss)

   Evidence: Stability study data (Attachment 7), Product Development memo
   (Attachment 8)

### Investigation Summary

Root cause is equipment failure (compressor bearing) due to deferred preventive
maintenance. Alarm system failure (email-only config + email server outage)
prevented timely detection. Product impact is minimal; batches can be released
after additional stability testing to confirm < 5% potency loss.

### Recommended Actions

1. **Immediate:** Replace compressor bearing in COLD-STORAGE-3B (Completed 2026-02-12)
2. **Immediate:** Configure backup alarm method (SMS) for all critical equipment
   (Target: 2026-02-20)
3. **Short-term:** Conduct additional stability testing on affected batches to
   confirm potency (Target: 2026-03-01)
4. **Long-term:** Review and update PM schedule to enforce bearing replacement
   at 10,000 hours (Target: 2026-03-15)
5. **Long-term:** Audit all deferred PM recommendations; assess risks (Target: 2026-04-01)

Step 5: Attach Investigation Evidence

Upload all supporting documents:

Temperature logger data files
Maintenance reports
Photos and diagrams
Interview notes
Stability study data
Email correspondence

Step 6: Propose Disposition

For affected materials, propose disposition:

Batch	Disposition	Rationale
VAC-2026-0123	Release with additional testing	Stability test to confirm potency > 95%
VAC-2026-0124	Release with additional testing	Stability test to confirm potency > 95%
VAC-2026-0125	Release with additional testing	Stability test to confirm potency > 95%

Step 7: Submit Investigation Report

Click "Submit Investigation"
QA Manager receives notification to review
Deviation status: "INVESTIGATION_COMPLETE - PENDING_REVIEW"

4.5 Resolution and Closure

Step 1: QA Manager Reviews Investigation

QA Manager evaluates:

Is root cause adequately supported by evidence?
Are recommendations appropriate?
Is CAPA required?

Step 2: Determine CAPA Requirement

CAPA is required if:

Deviation is recurring (3+ similar events in 90 days)
Severity is Critical or Major with systemic root cause
Audit finding or complaint related
Risk assessment indicates high likelihood of recurrence

For Our Example:

CAPA decision: Yes

Rationale: Systemic issue with PM deferral process. Risk of recurrence in other equipment.

Step 3: Create Linked CAPA

Click "Create CAPA" from deviation record
System pre-populates CAPA with deviation details

CAPA-2026-0088 created:

CAPA-2026-0088: PM Deferral Process Gaps
Source: DEV-2026-0087
Root Cause: Deferred PM recommendations without risk assessment
Priority: High

Step 4: Approve Disposition

QA Manager decides on affected materials:

Review stability test results (when available)
Consult Quality Control and Regulatory Affairs
Make disposition decision:
- Release: Batches meet specifications after stability testing
- Reject: Batches failed stability testing, must be destroyed
- Rework: Batches can be reprocessed
- Use as Is: Batches acceptable with concession

For Our Example:

Disposition (after stability test completed): Release

Stability test results:

VAC-2026-0123: Potency 97.2% (spec: >95%) ✓
VAC-2026-0124: Potency 96.8% (spec: >95%) ✓
VAC-2026-0125: Potency 98.1% (spec: >95%) ✓

Step 5: Close Deviation

Click "Close Deviation"

Enter closure summary:

Closure Summary:
Investigation complete. Root cause: Equipment failure (compressor bearing)
due to deferred PM. Alarm failure (email-only config) prevented timely
detection. Product impact confirmed minimal by stability testing. All
batches released.

Immediate corrective actions completed:
- Compressor bearing replaced (2026-02-12)
- Backup SMS alarms configured (2026-02-18)

Long-term corrective actions tracked in CAPA-2026-0088.

Enter electronic signature password
Click "Confirm Closure"
Deviation status: "CLOSED"

4.6 Deviation-to-CAPA Linkage

Traceability

BIO-QMS maintains bidirectional traceability:

Deviation DEV-2026-0087 ──► triggers ──► CAPA-2026-0088
     ▲                                          │
     │                                          ▼
     └──────────── references ◄────── CAPA Actions

From Deviation Record:

View linked CAPA:

Click "Related Records" tab
See: "Triggered CAPA: CAPA-2026-0088 (PM Deferral Process Gaps)"

From CAPA Record:

View source deviations:

Source Deviation IDs: DEV-2026-0087
Click link to view original deviation report

Trend Analysis

System automatically detects deviation patterns:

Automated Triggers:

Pattern	Detection Logic	Action
Recurring Deviation	Same deviation type ≥ 3 times in 90 days	Auto-initiate CAPA
Equipment Pattern	Same equipment ≥ 2 deviations in 30 days	Flag for investigation
Procedural Pattern	Same SOP cited in ≥ 2 deviations in 60 days	Flag for SOP review
Personnel Pattern	Same person involved in ≥ 3 deviations in 180 days	Flag for retraining

Trend Dashboard:

View deviation trends:

Navigate to "Deviations" > "Trend Analysis"
View charts:
- Deviations per month (line chart)
- Deviations by type (pie chart)
- Deviations by severity (bar chart)
- Top 10 affected equipment (table)
- Deviation resolution time (histogram)

4.7 Response Time SLAs

Investigation SLAs by Severity

Severity	Investigation Due	Escalation (if overdue)	Approval Authority
Critical	24 hours	Immediate: QA Director + VP Quality	VP Quality
Major	5 business days	Day 6: QA Director	QA Manager
Minor	10 business days	Day 11: QA Manager	QA Specialist

SLA Tracking

System monitors SLAs:

On-Time Performance Dashboard:

Deviation SLA Performance (Last 30 Days)

Critical Deviations:
  Total: 2
  On-Time: 2 (100%)
  Overdue: 0

Major Deviations:
  Total: 15
  On-Time: 14 (93%)
  Overdue: 1

Minor Deviations:
  Total: 42
  On-Time: 39 (93%)
  Overdue: 3

Overall On-Time Rate: 93.2%
Target: > 90% ✓

Overdue Escalation

Automated escalation:

Day 1 (Due Date):

Email to investigator: "Investigation overdue"
Notification to QA Manager

Day 2 (1 day overdue):

Daily reminder emails to investigator
Overdue flag in dashboard (red)

Day 3 (2 days overdue):

Escalation email to investigator's manager
QA Director notified

Day 5 (4 days overdue):

Escalation to VP Quality
Option to reassign investigation

Day 7 (6 days overdue):

Executive escalation (CEO/COO)
Root cause analysis of overdue investigation required

5. Search and Reporting User Guide

5.1 Global Search Capabilities

Using Global Search

Access Search:

Click search icon (magnifying glass) in top navigation
Or press keyboard shortcut: Ctrl+K (Windows/Linux) or Cmd+K (Mac)
Search bar appears with autocomplete

Basic Search:

Enter search terms:

aseptic gowning

System searches across:

Document titles and content
CAPA records
Deviation reports
Work orders
Training records
Audit trail entries

Search Results:

Results grouped by type:

Documents (3 results)
├─ SOP-MFG-042 v2.0: Aseptic Gowning Procedure
├─ TRN-MFG-008: Aseptic Techniques Training
└─ VAL-CR-2A-IQ: Cleanroom Qualification (mentions gowning)

CAPAs (1 result)
└─ CAPA-2026-0042: Contamination Risk in Aseptic Gowning

Deviations (3 results)
├─ DEV-2026-0087: Gowning Room Temperature Excursion
├─ DEV-2026-0091: Incomplete Gowning Procedure
└─ DEV-2026-0093: Gowning Room Contamination

Advanced Search Syntax

Exact Phrase:

"aseptic gowning procedure"

Finds exact phrase only.

Boolean Operators:

aseptic AND gowning
aseptic OR cleanroom
aseptic NOT training

Wildcards:

gown*

Matches: gown, gowning, gowned, gowns

Field-Specific Search:

title:"aseptic gowning"
author:"jane smith"
status:active
created:2026-02-01..2026-02-28

Combined Queries:

title:"SOP" AND status:active AND department:manufacturing

5.2 Advanced Filtering

Click "Filters" button to open advanced filter panel.

Document Filters:

Filter	Options
Document Type	SOP, WI, Protocol, Test, Training, Form
Status	Draft, In Review, Approved, Active, Superseded, Obsolete
Department	Quality, Manufacturing, Lab, Regulatory, IT
Regulatory Impact	FDA, HIPAA, ISO 13485, SOC 2, GDPR
Date Range	Created, Updated, Effective, Review Due
Author	Select from user list
Approver	Select from user list
Tags	Multi-select tags

CAPA Filters:

Filter	Options
Status	Initiated, In Progress, Effectiveness Pending, Closed
Priority	Low, Medium, High, Critical
Classification	Corrective, Preventive, Both
Source	Deviation, Audit Finding, Complaint, Trend
Assigned To	Select from user list
Due Date Range	Custom date picker
Overdue	Yes/No checkbox

Deviation Filters:

Filter	Options
Severity	Critical, Major, Minor
Type	Procedural, Equipment, Material, Documentation, Personnel
Status	Open, Investigation Complete, Closed
Source	Work Order, Validation, Manufacturing, Monitoring, Audit
Investigator	Select from user list
CAPA Required	Yes/No/Pending

Saved Filters

Save Frequently Used Filters:

Configure filters
Click "Save Filter"
Name filter: "My Open CAPAs"
Choose visibility: Private / Shared with Team / Public

Access Saved Filters:

Click "Saved Filters" dropdown
Select from list
Filter applied instantly

Common Saved Filters:

"My Pending Approvals"
"Overdue CAPAs"
"Critical Deviations - Last 30 Days"
"SOPs Due for Review"
"Training Records Expiring Soon"

5.3 Standard Reports

BIO-QMS includes pre-built regulatory and operational reports.

Compliance Reports

1. Audit Trail Report

Purpose: Generate complete audit trail for regulatory inspections.

Parameters:

Record Type: Document / CAPA / Deviation / Work Order
Record ID: Specific record or "All"
Date Range: Start date to end date
User: Specific user or "All"

Output:

PDF report with tamper-evident digital signature
Contains: Timestamp, User ID, Action, Before Value, After Value, IP Address, Reason (if provided)

Example Use: FDA inspector requests audit trail for SOP-MFG-042.

Navigate to "Reports" > "Audit Trail Report"
Select: Record Type = Document, Record ID = SOP-MFG-042
Date Range: All dates
Click "Generate Report"
Download PDF: Audit-Trail-SOP-MFG-042-2026-02-17.pdf

2. CAPA Summary Report

Purpose: Management review of CAPA effectiveness.

Parameters:

Date Range: Created or closed within range
Status: Open / Closed / All
Priority: All or specific level
Department: All or specific department

Output:

Total CAPAs initiated
CAPAs by source (deviation, audit, complaint, trend)
CAPAs by priority
Average time to closure
On-time closure rate
Effectiveness verification rate
Recurring CAPAs (same root cause)

Metrics Included:

CAPA Performance Summary (Q1 2026)

Total CAPAs: 47
  By Source:
    - Deviation: 28 (60%)
    - Audit Finding: 12 (26%)
    - Complaint: 4 (9%)
    - Trend: 3 (6%)

  By Priority:
    - Critical: 2 (4%)
    - High: 15 (32%)
    - Medium: 23 (49%)
    - Low: 7 (15%)

Closure Metrics:
  - Average Time to Closure: 58 days
  - On-Time Closure Rate: 87% (target: 90%)
  - Closed as Ineffective: 2 (4%)

Effectiveness:
  - Verified Effective: 39 (94%)
  - Pending Verification: 6

3. Deviation Log

Purpose: Comprehensive log of all deviations for regulatory compliance.

Parameters:

Date Range: Detected or closed within range
Severity: All or specific level
Status: All or specific status
Department: All or specific department
Include Attachments: Yes/No

Output:

Tabular report with all deviation details:

Dev ID	Date	Title	Severity	Status	Investigator	Days Open	CAPA Link
DEV-2026-0087	02/10	Temp Excursion	Major	Closed	S. Lee	5	CAPA-2026-0088
DEV-2026-0091	02/12	Incomplete Gowning	Minor	Closed	J. Doe	8	CAPA-2026-0042
...	...	...	...	...	...	...	...

4. Training Compliance Report

Purpose: Verify personnel training is current.

Parameters:

Department: All or specific
Training Type: SOP Training / GxP Training / Safety Training / All
Status: Current / Expired / Expiring Soon (30 days)
Person: All or specific

Output:

Training Compliance Report — Manufacturing Department

Total Personnel: 45

Training Status:
  - Current: 42 (93%)
  - Expired: 1 (2%)
  - Expiring in 30 Days: 2 (4%)

Target Compliance: > 95%
Status: ⚠️ Below Target

Expired Training:
  - John Doe: SOP-MFG-042 Aseptic Gowning (expired 2026-02-01)

Expiring Soon:
  - Jane Smith: SOP-LAB-015 (expires 2026-03-10)
  - Tom Johnson: GxP Refresher (expires 2026-03-15)

Action Required: Schedule training for 3 personnel

5. Document Review Due Report

Purpose: Identify documents requiring periodic re-approval.

Parameters:

Date Range: Review due within range
Department: All or specific
Document Type: All or specific
Status: Only active documents

Output:

Doc ID	Title	Current Version	Last Review	Review Due	Days Overdue	Owner
SOP-QA-008	Batch Release	v3.0	2025-02-01	2026-02-01	16	QA Dept
SOP-MFG-023	Equipment Cleaning	v2.1	2024-03-15	2026-03-15	-26	Mfg Dept

Operational Reports

6. Work Order Completion Report

Purpose: Track work order execution metrics.

Output:

Total work orders by type (PM, corrective, validation)
Completion rate (completed on time / total)
Average cycle time
Resource utilization
Cost by department

7. Equipment Downtime Report

Purpose: Monitor equipment availability and unplanned downtime.

Output:

Total downtime hours by equipment
Downtime reasons (PM, corrective maintenance, failure)
Mean time between failures (MTBF)
Mean time to repair (MTTR)

8. Batch Genealogy Report

Purpose: Traceability for material batches.

Output:

Batch production history
Raw materials used (with supplier lot numbers)
Equipment used during production
Personnel involved
Deviations during production
QC test results
Disposition (released / rejected)

5.4 Custom Report Builder

Creating a Custom Report

Step 1: Access Report Builder

Navigate to "Reports" > "Custom Reports"
Click "+ New Custom Report"

Step 2: Select Data Source

Choose primary data source:

Documents
CAPAs
Deviations
Work Orders
Training Records
Audit Trail
Equipment
Materials/Batches

Step 3: Choose Fields

Select fields to include in report:

Example: Custom CAPA Report

Selected Fields:

Step 4: Configure Filters

Add filters to narrow results:

Status: IN_PROGRESS, EFFECTIVENESS_PENDING (exclude CLOSED)
Priority: HIGH, CRITICAL
Department: Manufacturing
Initiated Date: Last 90 days

Step 5: Add Grouping (Optional)

Group by:

Priority (then sort by due date)

Step 6: Add Calculations (Optional)

Add calculated fields:

Average Days Open = AVG(Current Date - Initiated Date)
On-Time Rate = COUNT(Closed On Time) / COUNT(Total Closed)

Step 7: Choose Output Format

Table (rows and columns)
Summary (aggregated metrics)
Chart (bar, line, pie)
Pivot Table (cross-tabulation)

Step 8: Save and Schedule

Name: "High Priority Open CAPAs - Manufacturing"
Visibility: Shared with Manufacturing Team
Schedule (optional):
- Frequency: Weekly
- Day: Monday
- Time: 08:00
- Recipients: Manufacturing QA Team
- Format: PDF email attachment

Step 9: Generate Report

Click "Generate Report"
View in browser or download as PDF/Excel/CSV

5.5 Dashboard Overview

Personal Dashboard

Widgets:

My Tasks:

Pending document reviews (3)
Assigned CAPA actions (2)
Deviation investigations (1)
Training due this month (0)

Recent Activity:

CAPA-2026-0042 closed (2 hours ago)
SOP-MFG-042 approved by QA Manager (1 day ago)
DEV-2026-0087 investigation completed (3 days ago)

Notifications:

Document review required: SOP-LAB-023 (due Feb 20)
CAPA action overdue: Action 5 of CAPA-2026-0088 (2 days overdue)

QA Manager Dashboard

Compliance Metrics:

Regulatory Compliance Status

Documents:
  - Active SOPs: 247
  - Review Overdue: 3 (1.2%)
  - Pending Approval: 8

CAPAs:
  - Open CAPAs: 18
  - Overdue: 2 (11%)
  - On-Time Closure Rate (YTD): 87%

Deviations:
  - Open Deviations: 12
  - Critical/Major: 3 (25%)
  - Investigation Overdue: 1

Training:
  - Training Compliance: 93%
  - Expired Training: 5 personnel

Overall Compliance Score: 92% (target: 95%)

Trend Charts:

Deviations per Month (line chart showing trend)
CAPA Closure Time (histogram)
Training Compliance Over Time (area chart)

Executive Dashboard

High-Level KPIs:

Quality Management System Health

Quality Events (Last 30 Days):
  - Critical Deviations: 2
  - Major Deviations: 15
  - Minor Deviations: 42
  - CAPAs Initiated: 8

Compliance:
  - Audit Findings (Open): 3
  - Training Compliance: 93%
  - Document Control Compliance: 99%

Operational:
  - Work Orders Completed On-Time: 87%
  - Equipment Uptime: 97.2%
  - Batch Release Rate: 94%

Risk:
  - High-Risk Open Items: 5
  - Overdue CAPAs: 2
  - Overdue Investigations: 1

5.6 Exporting Data

Export Formats

1. PDF Export

Use Case: Regulatory submissions, archival, printable reports

Features:

Tamper-evident digital signature
Audit trail included (optional)
Attachments embedded or linked
Watermarks (CONTROLLED COPY / UNCONTROLLED COPY)

Export PDF:

Open any record or report
Click "Export" > "Export as PDF"
Options:
- Include Audit Trail: Yes/No
- Include Attachments: Yes/No
- Watermark: Controlled / Uncontrolled / None
Click "Generate PDF"
Download: CAPA-2026-0042-Export-2026-02-17.pdf

2. Excel Export

Use Case: Data analysis, custom charting, importing into other tools

Features:

One row per record
All fields included (can customize)
Formulas preserved
Multiple sheets for related data

Export Excel:

Navigate to any list view (Documents, CAPAs, Deviations)
Apply filters
Click "Export" > "Export to Excel"
Download: CAPAs-Open-2026-02-17.xlsx

3. CSV Export

Use Case: Importing into external systems, data integration, scripting

Features:

Plain text format
Comma-separated values
UTF-8 encoding
No formulas (raw data only)

4. JSON Export

Use Case: API integration, data exchange, programmatic access

Features:

Structured data format
Nested objects preserved
Machine-readable

Example JSON Export:

{
  "capa_id": "CAPA-2026-0042",
  "title": "Contamination Risk in Aseptic Gowning",
  "status": "CLOSED",
  "priority": "MEDIUM",
  "initiated_date": "2026-02-18T09:15:22Z",
  "closed_date": "2026-04-30T14:22:03Z",
  "actions": [
    {
      "action_id": "ACT-001",
      "type": "CORRECTIVE",
      "description": "Update training workflow",
      "status": "COMPLETED",
      "assignee": "Jane Smith",
      "completed_date": "2026-02-28T10:15:00Z"
    }
  ],
  "audit_trail": [...]
}

Bulk Export

Export Multiple Records:

Navigate to list view
Select records using checkboxes
Click "Export Selected" > Choose format
Download ZIP file containing individual exports

Export All Data (Backup):

Navigate to "Administration" > "Data Management"
Click "Export All Data"
Choose scope:
- All Records
- Date Range
- Specific Modules
System generates export job (may take several minutes for large datasets)
Receive email when export is ready
Download encrypted ZIP file

5.7 Audit Trail Reports

Generating Audit Trail

For Regulatory Inspections:

FDA requires access to complete, accurate, and immutable audit trails per 21 CFR Part 11.10(e).

Step 1: Access Audit Trail Viewer

Navigate to "Reports" > "Audit Trail"
Or from any record: Click "Audit Trail" tab

Step 2: Configure Filters

Filter	Options
Record Type	Document / CAPA / Deviation / Work Order / All
Record ID	Specific ID or All
Date Range	Start date to end date
User	Specific user or All
Action Type	Created / Updated / Deleted / Status Change / Signature Applied / All
Include System Actions	Yes (include automated actions) / No (human actions only)

Step 3: Generate Report

Click "Generate Audit Trail Report"
System compiles all matching audit entries
Progress bar shows generation status

Step 4: Review Report

Audit Trail Entry Format:

Entry ID	Timestamp	User	Role	Action	Record	Field	Old Value	New Value	Reason	IP Address	Session ID
12345	2026-02-18 09:15:22 UTC	jdoe	QA Specialist	RECORD_CREATED	CAPA-2026-0042	-	-	-	Initial creation	192.168.1.50	SES-2026-02-18-001
12346	2026-02-18 09:18:45 UTC	jdoe	QA Specialist	FIELD_UPDATED	CAPA-2026-0042	priority	LOW	MEDIUM	Risk assessment updated	192.168.1.50	SES-2026-02-18-001
12347	2026-02-19 14:32:15 UTC	qamgr	QA Manager	SIGNATURE_APPLIED	CAPA-2026-0042	root_cause_approved	-	TRUE	Root cause analysis approved	192.168.1.75	SES-2026-02-19-008

Step 5: Export Report

Click "Export as PDF"
PDF includes:
- Audit trail entries in table format
- Digital signature certifying report authenticity
- Generation metadata (who generated, when, filters used)
- Page numbering and timestamps

PDF Filename: Audit-Trail-CAPA-2026-0042-Generated-2026-02-17.pdf

Audit Trail Security

Immutability:

Audit trail stored in append-only database table
No delete or update operations permitted
Database-level constraints prevent modification
Hash chaining ensures tamper detection

Access Control:

Role	Permissions
User	View own audit trail entries
QA Manager	View all audit trail entries in department
Administrator	View all audit trail entries (read-only)
Auditor	View all audit trail entries, export reports

Important: No role can modify or delete audit trail entries.

Audit Trail Verification

For Regulatory Inspections:

Demonstrate audit trail integrity:

Step 1: Generate Verification Report

Navigate to "Administration" > "Audit Trail Integrity"
Select date range
Click "Verify Integrity"

Step 2: System Performs Checks

Verify hash chain continuity
Check for gaps in sequence numbers
Validate timestamps (no backdating)
Confirm all signatures are valid

Step 3: Review Results

Audit Trail Integrity Verification Report

Date Range: 2026-01-01 to 2026-02-17
Total Entries: 15,842

Integrity Checks:
  ✓ Hash chain valid (no breaks)
  ✓ No gaps in sequence numbers
  ✓ All timestamps in chronological order
  ✓ All electronic signatures valid
  ✓ No unauthorized modifications detected

Conclusion: Audit trail integrity VERIFIED

Step 4: Export Verification Report

Download PDF with digital signature
Provide to auditor/inspector as evidence

6. Regulatory Compliance and Electronic Signatures

Electronic Signature System

BIO-QMS implements electronic signatures per FDA 21 CFR Part 11 requirements.

What Requires an Electronic Signature?

Action	Signature Required	Signer Role
Document Approval	Yes	Designated Approver (QA Manager minimum)
CAPA Root Cause Approval	Yes	QA Manager or higher
CAPA Closure	Yes	QA Manager or higher
Deviation Closure	Yes	QA Manager or higher
Work Order Final Approval	Yes	System Owner or QA Manager
Batch Release	Yes	QA Manager (per 21 CFR Part 211)
Protocol Approval	Yes	QA Director
Training Completion	Yes	Trainee + Trainer

Signature Meaning

Per 21 CFR Part 11.50, electronic signatures must display meaning.

Example Display:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ELECTRONICALLY SIGNED

Signed By: John Doe, QA Manager
Date/Time: 2026-02-18 14:32:15 UTC
Action: Document Approval
Meaning: I certify that I have reviewed this document and
approve it for controlled use in accordance with established
procedures.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Signature Security

Two-Factor Authentication:

Login password (something you know)
E-signature password (something you know — different from login)
MFA device (something you have)

Session Management:

E-signature session expires after 30 minutes of inactivity
User must re-enter e-signature password to sign again
Prevents unauthorized signing if user steps away from computer

Audit Trail:

Every signature attempt logged (success and failure)
Failed signature attempts tracked (invalid password)
Account locked after 5 failed e-signature attempts

FDA 21 CFR Part 11 Compliance

BIO-QMS is designed to meet all 21 CFR Part 11 requirements:

Subpart B: Electronic Records

Requirement	Implementation
§11.10(a) Validation	System validation per IQ/OQ/PQ protocols
§11.10(b) Audit Trail	Immutable, timestamped audit trail for all actions
§11.10(c) Record Retention	Indefinite retention, protected backups
§11.10(d) Access Control	Role-based access control, unique user accounts
§11.10(e) Audit Trail Content	Who, what, when, why captured for every change
§11.10(f) Operational Checks	Real-time validation, business rule enforcement
§11.10(g) Device Checks	MFA required, device fingerprinting
§11.10(h) Training	User training on e-signature and system use
§11.10(i) Documentation	System documentation maintained
§11.10(k) Data Exchange	Audit trail accompanies data exports

Subpart C: Electronic Signatures

Requirement	Implementation
§11.50 Signature Manifestations	Name, date, time, meaning displayed
§11.70 Signature/Record Linking	Signatures cryptographically bound to record
§11.100 General Requirements	Unique, verifiable, not reusable
§11.200 Signatures via Biometrics	Not implemented (password-based)
§11.300 Password Requirements	Complexity, expiration, uniqueness enforced

HIPAA Compliance

For life sciences companies handling protected health information (PHI):

Access Control (§164.312(a))

Unique user identification
Emergency access procedure (break-glass access)
Automatic logoff after inactivity
Encryption and decryption

Audit Controls (§164.312(b))

All access to PHI logged
Audit trail review procedures
Incident detection and response

Integrity Controls (§164.312(c))

Mechanisms to ensure PHI not altered or destroyed improperly
Audit trail immutability

Transmission Security (§164.312(e))

TLS 1.3 encryption for all data in transit
Integrity controls for transmitted PHI

SOC 2 Type II Compliance

BIO-QMS undergoes annual SOC 2 Type II audits:

Trust Services Criteria

Security:

Access controls (RBAC)
Network security (firewall, IDS/IPS)
Encryption at rest and in transit

Availability:

99.9% uptime SLA
Redundant infrastructure
Disaster recovery plan

Processing Integrity:

Data validation rules
Business logic enforcement
Error handling and logging

Confidentiality:

Data classification
Encryption
Access restrictions

Privacy:

GDPR-compliant data handling
Data subject rights (access, deletion, portability)
Privacy by design

7. Troubleshooting and Support

Common Issues

Symptoms: "Invalid username or password" error

Solutions:

Verify username (email address) is correct
Check Caps Lock is off
Try password reset: Click "Forgot Password?"
If account locked (5 failed attempts), wait 30 minutes or contact admin
Verify MFA device is working (try backup codes)

Issue: Document Won't Save

Symptoms: "Save failed" error or document reverts to previous state

Solutions:

Check internet connection
Verify you have edit permissions (not in read-only mode)
Check if document is locked by another user (collision warning)
Try refreshing page and re-entering changes
If issue persists, export draft to local file and contact support

Issue: Signature Password Not Working

Symptoms: "Invalid signature password" when attempting to sign

Solutions:

Verify you're entering e-signature password (not login password)
Check Caps Lock is off
After 5 failed attempts, account locks for 30 minutes
If forgotten, contact administrator to reset e-signature password
Note: E-signature password reset requires identity verification

Issue: Report Generation Timeout

Symptoms: Report generation starts but never completes

Solutions:

Narrow date range (reports with too many records may timeout)
Add filters to reduce record count
Try generating during off-peak hours
Contact support for large data exports (administrator can run batch jobs)

Getting Help

In-App Help

Click question mark icon (?) in top navigation
Context-sensitive help available on every page
Searchable knowledge base

Support Portal

URL: https://support.coditect.ai
Submit support tickets
Track ticket status
Access knowledge base articles
View system status and planned maintenance

Support Contact

Email: support@coditect.ai
Phone: +1 (555) 123-4567
Hours: Monday-Friday 8:00 AM - 6:00 PM EST
Emergency (Critical Issues): 24/7 on-call support

Training Resources

Video Tutorials: Available in Help Center
Live Webinars: Monthly user training sessions
Administrator Training: On-site or virtual available
Certification Program: GxP QMS Administrator certification

Appendix A: Glossary

21 CFR Part 11: FDA regulation governing electronic records and electronic signatures

CAPA: Corrective and Preventive Action — systematic process for resolving quality issues

Controlled Copy: Document version that always shows current approved version and updates automatically

Deviation: Unplanned departure from approved procedures or specifications

E-Signature: Electronic signature compliant with 21 CFR Part 11 requirements

GxP: Good Practice (cGMP, GLP, GCP) — quality guidelines for pharmaceutical/medical device industries

IQ/OQ/PQ: Installation Qualification, Operational Qualification, Performance Qualification — validation stages

OOS: Out-of-Specification — test result outside acceptance criteria

RBAC: Role-Based Access Control — permission system based on user roles

Root Cause: Fundamental reason for a problem, identified through structured analysis

SOP: Standard Operating Procedure — step-by-step instructions for a process

Appendix B: Keyboard Shortcuts

Action	Windows/Linux	Mac
Global Search	Ctrl+K	Cmd+K
Save Document	Ctrl+S	Cmd+S
New Document	Ctrl+N	Cmd+N
Open Notifications	Ctrl+Shift+N	Cmd+Shift+N
Go to Dashboard	Ctrl+H	Cmd+H
Help	F1	F1
Logout	Ctrl+Shift+Q	Cmd+Shift+Q

Appendix C: Regulatory References

FDA Regulations:

21 CFR Part 11: Electronic Records and Electronic Signatures
21 CFR Part 210/211: Current Good Manufacturing Practice (cGMP)
21 CFR Part 820: Quality System Regulation (Medical Devices)

ISO Standards:

ISO 13485:2016: Medical Devices — Quality Management Systems
ISO 9001:2015: Quality Management Systems — Requirements
ISO/IEC 27001: Information Security Management

ICH Guidelines:

ICH Q10: Pharmaceutical Quality System
ICH Q7: Good Manufacturing Practice for Active Pharmaceutical Ingredients

Appendix D: Document Revision History

Version	Date	Author	Changes
1.0.0	2026-02-17	Documentation Generation Specialist	Initial release — comprehensive user guide covering all 5 tasks (Getting Started, Document Management, CAPA, Deviation, Search & Reporting)

End of User Documentation

For technical support: support@coditect.ai For training inquiries: training@coditect.ai System status: https://status.coditect.ai

Table of Contents​

1. Getting Started Guide​

1.1 System Access and Authentication​

Initial Login​

Multi-Factor Authentication (MFA)​

Password Reset​

1.2 Platform Navigation​

Main Navigation Bar​

Quick Actions Bar​

Breadcrumb Navigation​

Context Menus​

1.3 User Profile and Settings​

Profile Information​

User Preferences​

Electronic Signature Configuration​

1.4 Creating Your First Document​

Step-by-Step: Creating an SOP​

1.5 Understanding Roles and Permissions​

Standard User Roles​

Permission Matrix​

Temporary Access Elevation​

2. Document Management User Guide​

2.1 Document Lifecycle Overview​

Document States​

Regulatory Requirements Met​

2.2 Creating and Editing Documents​

Document Templates​

Advanced Editing Features​

2.3 Review and Approval Workflow​

Configuring Review Workflows​

Review Process​

Approval Escalation​

2.4 Version Control and Revision Management​

Version Numbering​

Creating a New Version​

Version History and Comparison​

2.5 Controlled Copies and Distribution​

Controlled vs. Uncontrolled Copies​

Creating a Distribution List​

Accessing Controlled Copies​

Tracking Document Usage​

2.6 Document Retirement and Archival​

When to Retire a Document​

Retirement Process​

Accessing Archived Documents​

2.7 Best Practices​

Writing Effective Procedures​

Document Review Checklist​

Avoiding Common Mistakes​

3. CAPA Management User Guide​

3.1 CAPA Overview and Regulatory Requirements​

What is CAPA?​

Regulatory Requirements​

When to Initiate a CAPA​

CAPA vs. Deviation vs. Change Control​

3.2 Creating a CAPA Record​

Step-by-Step: Initiating a CAPA​

3.3 Root Cause Analysis​

Root Cause Analysis Methods​

Performing Root Cause Analysis in BIO-QMS​

3.4 Action Planning and Assignment​

Defining Corrective Actions​

Defining Preventive Actions​

Creating Actions in BIO-QMS​

3.5 CAPA Execution and Tracking​

For Action Assignees​

For CAPA Owners (Tracking Progress)​

3.6 Effectiveness Verification​

Planning Verification​

Performing Verification​

3.7 CAPA Closure​

CAPA Closure Metrics​

Ineffective CAPA (Rare)​

3.8 Sample CAPA Workflow​

4. Deviation Management User Guide​

4.1 Understanding Deviations​

What is a Deviation?​

Regulatory Context​

Deviation vs. Out-of-Specification (OOS)​

4.2 Recording a Deviation​

Table of Contents

1. Getting Started Guide

1.1 System Access and Authentication

Initial Login

Multi-Factor Authentication (MFA)

Password Reset

1.2 Platform Navigation

Main Navigation Bar

Quick Actions Bar

Breadcrumb Navigation

Context Menus

1.3 User Profile and Settings

Profile Information

User Preferences

Electronic Signature Configuration

1.4 Creating Your First Document

Step-by-Step: Creating an SOP

1.5 Understanding Roles and Permissions

Standard User Roles

Permission Matrix

Temporary Access Elevation

2. Document Management User Guide

2.1 Document Lifecycle Overview

Document States

Regulatory Requirements Met

2.2 Creating and Editing Documents

Document Templates

Advanced Editing Features

2.3 Review and Approval Workflow

Configuring Review Workflows

Review Process

Approval Escalation

2.4 Version Control and Revision Management

Version Numbering

Creating a New Version

Version History and Comparison

2.5 Controlled Copies and Distribution

Controlled vs. Uncontrolled Copies

Creating a Distribution List

Accessing Controlled Copies

Tracking Document Usage

2.6 Document Retirement and Archival

When to Retire a Document

Retirement Process

Accessing Archived Documents

2.7 Best Practices

Writing Effective Procedures

Document Review Checklist

Avoiding Common Mistakes

3. CAPA Management User Guide

3.1 CAPA Overview and Regulatory Requirements

What is CAPA?

Regulatory Requirements

When to Initiate a CAPA

CAPA vs. Deviation vs. Change Control

3.2 Creating a CAPA Record

Step-by-Step: Initiating a CAPA

3.3 Root Cause Analysis

Root Cause Analysis Methods

Performing Root Cause Analysis in BIO-QMS

3.4 Action Planning and Assignment

Defining Corrective Actions

Defining Preventive Actions

Creating Actions in BIO-QMS

3.5 CAPA Execution and Tracking

For Action Assignees

For CAPA Owners (Tracking Progress)

3.6 Effectiveness Verification

Planning Verification

Performing Verification

3.7 CAPA Closure

CAPA Closure Metrics

Ineffective CAPA (Rare)

3.8 Sample CAPA Workflow

4. Deviation Management User Guide

4.1 Understanding Deviations

What is a Deviation?

Regulatory Context

Deviation vs. Out-of-Specification (OOS)

4.2 Recording a Deviation