Compliance & Onboarding Kit
Shared-Responsibility Guide for Regulated Labs
Aliquora
aliquora.com
Regulated labs are accountable for their own compliance — no software makes a lab compliant on its own. This guide states plainly which data-integrity controls Aliquora provides out of the box, and which activities remain your laboratory's responsibility to define, execute, and document.
Document type
Evaluation guide
Audience
QA / validation leads, lab managers
Last updated
July 2026
Read this first. Aliquora is not a validated 21 CFR Part 11 system on its own, and using it does not by itself make your laboratory compliant with Part 11, cGMP, CLIA, or ISO/IEC 17025. Aliquora provides the technical controls described below; your organization remains responsible for validation, procedures, training, and regulatory obligations. Statements here are qualitative descriptions of product capability — not certifications or legal advice.
1. How to use this guide
For each area, the table below separates what Aliquora provides (technical controls that exist in the product today) from what your lab owns (the procedural, documentation, and validation work that only your organization can do). Use it to scope your evaluation, your validation plan, and your SOP updates. For requirement-level detail, pair it with the Part 11 & ALCOA+ capability matrix and the ISO/IEC 17025 alignment guide.
2. Responsibility matrix
| Area | Aliquora provides | Your lab owns |
|---|---|---|
| Audit trail | Computer-generated, time-stamped, append-only audit log of key actions (creation, edits, approvals, unlocks, exports). No application interface exists to edit or delete entries. Exportable to CSV. | Define which events your SOPs require you to review, perform periodic audit-trail review, and retain exported logs per your retention policy. |
| Electronic signatures | Signatures capture signer identity, timestamp, and meaning; require password re-authentication at the moment of signing (configurable by your admin); and are cryptographically bound to a snapshot of the signed record so later changes are detectable. | Decide whether e-signatures are legally acceptable for your records, keep the password re-authentication setting enabled where Part 11-style signing is required, define signature meanings in your SOPs, and certify signature use to regulators where applicable (e.g. FDA letter of non-repudiation). |
| Record protection | Verified results are locked against edits. Unlocking requires administrator password re-authentication and a documented reason, and is written to the audit trail. Result corrections require a reason code. | Define who may unlock records, what reasons are acceptable, and how unlock events are reviewed in your quality system. |
| Access control | Role-based access control with server-side authority checks on every request; per-organization data isolation; password hashing, account lockout, and idle session timeout. | Assign roles to match real job duties, remove leavers promptly, review accounts periodically, and enforce your own password and acceptable-use policies. |
| QC & release controls | QC batching with acceptance criteria snapshotted at batch build, automatic evaluation, and a release gate: failed QC blocks validation, verification, and reporting of covered results. Levey-Jennings control charts with Westgard rule evaluation and optional alerts. | Define your QC acceptance criteria, control limits, and rules per method; decide the disposition process for failed QC; and document your control strategy in SOPs. |
| Holding-time tracking | Tracks EPA Part 136-style holding times from collection/receipt, flags approaching and expired analyses, and can raise scheduled alerts. | Configure the holding times that apply to your methods and matrices, and define what your lab does when a holding time is exceeded. |
| Chain of custody | Custody records tie samples to transfer events with automatic status progression and a server-computed reconciliation summary. | Define custody procedures, ensure staff record transfers contemporaneously, and reconcile custody records per your SOPs. |
| Computer-system validation | Provides a stable, documented system plus customer-executed IQ/OQ/PQ protocol templates to support your validation effort. Aliquora is not delivered pre-validated. | Own the validation: define intended use, adapt and execute the protocols in your environment, document results and deviations, and approve the system for use through your quality unit. |
| SOPs & training | Product documentation and onboarding materials describing how features behave. | Write and maintain the SOPs that govern how your lab uses the system, train users, and keep training records. |
| Method & specification management | Configurable test catalog with methods, units, specification limits, and automatic out-of-spec flagging; a bundled method/analyte reference library you can adapt. | Validate your analytical methods, set scientifically justified specifications and action limits, and keep the catalog current under change control. |
| Data migration & integrity of legacy data | CSV import templates and import tooling for samples, materials, tests, and bulk results. | Verify migrated data against source records, document the migration, and decide how legacy records are retained. |
| Backups, retention & business continuity | Managed hosting with full data export (CSV/PDF) available on demand so you always hold your own copies. | Schedule your own periodic exports where your retention SOPs require independent copies, define retention periods, and include the system in your continuity plan. |
| Regulatory interactions | Human-readable and electronic copies of records for review and inspection; exportable evidence. | All submissions, registrations, accreditation applications, and inspection responses are yours. Aliquora is a tool that supports them, not a party to them. |
3. Capabilities that are planned, not present
The following are on the roadmap and are not available today. Do not rely on them in a current compliance assessment:
- Org-wide MFA enforcement (MFA itself is available; mandatory-for-all is roadmap) Planned
- Application-level field encryption (infrastructure-level encryption at rest is already in place) Planned
- SOC 2 examination Planned
- Configurable data-retention controls Planned
4. Getting started
When you're ready to stand up an instance, follow the regulated-lab onboarding checklist — a printable, phase-by-phase checklist covering configuration, QC setup, data migration, validation, and go-live. The validation support pack (IQ/OQ/PQ) provides the customer-executed protocol templates referenced in the validation phase.
This document describes Aliquora product capabilities as of the date provided and is offered for evaluation purposes. It is not legal or regulatory advice and is not a warranty of compliance. Each organization is responsible for validating and confirming that the system meets its own regulatory obligations. Generated by Aliquora · aliquora.com