Trust Centre
Regulated Procurement Compliance Briefing
A consolidated briefing for compliance and quality teams at pharmaceutical, biotech, EPCM, and chemical manufacturing organisations evaluating ChemCapital.
What ChemCapital is
ChemCapital is a procurement and supplier collaboration platform for engineering, process, and life-science projects. It is designed to support:
- Request for Quotation (RFQ) creation and management with regulated mode and criticality classification
- Supplier document register (VDR) for collecting certifications, test reports, and technical documents
- Quotation comparison with AI-assisted extraction and human review step
- Deviation and clarification registers for procurement non-conformances
- Audit trail on all procurement actions, attributable to named users with UTC timestamps
- Data subject rights (DSR) management for GDPR compliance
- Enterprise data isolation, tenant controls, and AI opt-out for regulated buyers
Regulatory position by framework
ChemCapital creates and maintains electronic records for all procurement actions with a tamper-evident SHA-256 hash-chained audit trail. Part 11-compliant e-signature ceremonies are live: each signature captures the operator's identity, a re-authentication step, a declared meaning-of-signature (e.g. 'I reviewed', 'I approved'), and generates a verifiable PDF manifest. Dual-approval (four-eyes) workflows are also live with configurable value-threshold gating.
Our platform addresses all nine ALCOA+ principles: Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available. User attribution, UTC timestamps, and SHA-256 hash-protected original records are fully implemented. Retention controls and legal hold — underpinning the Enduring (+E) principle — are live and configurable per tenant. See the ALCOA+ mapping in the Trust Centre for the full breakdown.
ChemCapital is classified as GAMP 5 Category 5 (custom software) and follows a risk-based validation approach. All four key 2nd Edition modules are addressed: M11 (Infrastructure Qualification Pack, available on request), M12 (Critical Thinking rationale per artefact, live), D8 (Agile release notes with GAMP change classification, live), D11 (AI/ML control set per feature, live). Trace links (URS → artefact → test evidence) and the Validation Pack JSON export are available today. A PDF/XLSX renderer is on the roadmap.
The FDA's Computer Software Assurance (CSA) guidance shifts focus from prescriptive testing to risk-based assurance. Our development approach is aligned with this philosophy: we concentrate testing and documentation effort where the risk to data integrity or procurement outcomes is highest. Critical Thinking rationale per validation module formally captures this risk-based judgement.
ChemCapital applies ICH Q9 principles at RFQ creation via the regulated-mode toggle and risk-tier selector: users assign GMP impact (Direct / Indirect / No Impact), process classification, and criticality tier to procurement packages. These fields drive the compliance requirements rules engine. A dedicated FMEA-style ICH Q9 criticality wizard is not currently on the roadmap; the risk classification is embedded in the procurement workflow itself.
Evidence and documentation
How each ALCOA+ principle is addressed in the platform today.
Module-by-module GAMP 5 2nd Edition position (M11, M12, D8, D11).
How AI features are controlled, traced, and human-gated.
What is included and when the full pack will be available.
Pre-answered responses to common due diligence questions.
Data ownership, export formats, RTO/RPO, and offboarding.
Current security controls and certification roadmap.
How we address NIS2 obligations as a digital supplier.
For a qualification review
If your organisation is conducting a formal Computer System Validation (CSV) assessment or supplier qualification for ChemCapital, we recommend the following approach:
- Review this briefing and the Trust Centre documentation.
- Complete or review our pre-answered security questionnaire.
- Request a copy of our GAMP 5 alignment document (available on request).
- Request the current validation evidence export from your admin console.
- Contact our enterprise team to discuss DPA, data residency, and escrow requirements.
- Agree a supplier audit scope if required by your quality system.