Skip to main content

Compliance overview

This page explains, in one place, how Better Comply helps you satisfy the standards it targets and the mechanisms that make its records trustworthy to an auditor.

Who this is for

Quality and compliance owners, auditors, and administrators. Learners and supervisors do not need this area, but the controls described here run on every action they take.

What Better Comply provides, and what you own

Better Comply provides the controls and evidence that support your compliance: an immutable audit trail, electronic signatures, frozen evidence records, and enforced segregation of duties. The controls run on every regulated action, server-side, and they cannot be turned off from the user interface.

You own your validated state. Better Comply is not itself "certified" or "validated" in the abstract. It is the customer who runs the validation in their environment, keeps the records, and signs off that the system is fit for their regulated use. See Validation and CSV for the posture and what you need for your own validation.

note

Throughout this area, "the standard clause" is cited only to help you map a control to a requirement. Citing a clause is not a claim of certification against it.

Standards targeted

StandardWhat it asks forWhere Better Comply helps
ISO 9001 (quality management)Controlled documents, records of competence and training, control of changes.Controlled Documents lifecycle, training records, immutable versions.
ISO 13485 (medical devices)Document control, records that are legible and retrievable, traceability.Same controls, plus per-version traceability from source document to training to evidence.
21 CFR Part 11 (electronic records and signatures)Secure, computer-generated, time-stamped audit trails; signature manifestation; identity re-verification; protection of records.Fail-loud audit log, electronic signatures with server-side IP capture, immutable evidence.

The four pillars

Every trust claim in Better Comply rests on one of four controls. Read each one for the exact guarantee.

1. Immutable audit trail

Every state change on a regulated entity is recorded as a time-stamped row written by a single server-side function. For the actions that matter most, a failed audit aborts the action: no audit row, no change. Authenticated users can never edit or delete audit rows.

Read the audit trail page

2. Electronic signatures

Training completions that require a signature, and every controlled-document approval, capture a signed manifestation, the signer's identity, and the IP address and time. The IP is read server-side; the client never asserts it. Once written, a signature record cannot be altered.

Read the electronic signatures page

3. Immutable evidence

Once a completion record references a training version, that version freezes: its content, quiz, objectives, and signature settings can no longer be edited, and the row cannot be deleted. The same freeze applies to approved document versions and the sources a version cites. This is enforced by database triggers and delete-blocking policies, not by application code alone.

Read the evidence and immutability page

4. Segregation of duties

The person who authors training content cannot approve it. The person who submits a document for review cannot be the one who signs its approval. The system enforces this at the server, not just by hiding a button.

Read the segregation of duties page

How the pillars connect

These four controls reinforce one another. The audit trail proves who did what and when. The signature proves they meant it and were who they claimed to be. Immutability proves the record they signed has not changed since. Segregation of duties proves a single person could not have both produced and blessed the record. Together they map to the ALCOA+ data-integrity principles.

Where to go next