Intelligent automation for GxP validation
OqoVal automatically generates the full CSV/CSA documentation set —VP, URS, DQ/IQ/OQ/PQ protocols, risk analysis, traceability matrices and validation report— audit-ready from day one.
AI generates. Humans decide.
OqoVal proposes completed GxP documents based on project context. Technical review and signature always rest with qualified people — the system never approves or validates autonomously. This model is aligned with the draft EU GMP Annex 22 (July 2025) and the FDA 2025 guidance on AI in regulatory decision-making.
Project management
Real projects. One system for pharma, medical devices and clinical studies.
OqoVal manages parallel software validation projects (CSV/CSA) for the pharmaceutical industry, medical devices and clinical studies. Each project with its own blocks, documents, protocols and signature team.
| Sistema / Proyecto | Fase | Progreso | Estado | Entrega |
|---|---|---|---|---|
| Validación SAP ERP QM | OQ | 78% | En revisión | 15 jun 2025 |
| CSV QMS Veeva Vault | IQ | 100% | Aprobado | 2 may 2025 |
| CSV Sistema LIMS LabWare | PQ | 45% | En curso | 30 sep 2025 |
| Validación MES Rockwell | DQ | 100% | Aprobado | 18 mar 2025 |
| CSV ERP Oracle Pharma | OQ | 62% | En curso | 28 ago 2025 |
| Revalidación SCADA ProView | IQ | 89% | En revisión | 10 jul 2025 |
Audit Copilot
GxP assistant for real-time inspections.
Before an FDA or EMA audit, Audit Copilot answers any technical question in seconds: electronic integrity, user requirements coverage, audit trail behavior, deviation case studies. Based on real evidence from your projects, with configurable scope per project.
¿En qué lugar evidencia el funcionamiento previsto del Audit Trail sobre la entidad de artículos del sistema ERP?
Queda evidenciado en la siguiente base documental: el funcionamiento previsto del Audit Trail está especificado en los requerimientos URS-AT-01, URS-AT-02 y URS-AT-03 del documento URS-SAP-ERP-QM-v2.1; el Audit Trail de artículos se describe específicamente en URS-AT-01. El riesgo está evaluado en la clave R-AT-05 del AR-SAP-ERP-QM-v1.0. Las verificaciones realizadas son los casos de prueba OQ-AT-03 y OQ-AT-04, documentados en OQ-SAP-ERP-QM-v1.0 y PQ-SAP-ERP-QM-v1.0. Puede acceder a todos los documentos en: Evidencias del proyecto SAP ERP QM.
¿Quién fue el probador y en qué fecha se realizó?
El probador fue Rosa García y la prueba fue realizada el 18 de junio de 2025. Queda documentado en OQ-SAP-ERP-QM-v1.0, Sección 4.3 — Evidencia de Ejecución, con firma electrónica de la ejecutora y timestamp de sistema.
Electronic signatures
Generator → Reviewer → Approver flow. Immutable from the first click.
Each document follows a sequential signing workflow with personal PIN + OTP as a second factor. Author, reviewer and approver sign in order: every action is recorded with SHA-256 hash, IP and timestamp. Native compliance with 21 CFR Part 11 and EU Annex 11.
Traceability
From URS to PQ: every requirement linked to its tests, risk and deviations, live.
The Traceability Matrix links each URS requirement to its DQ, IQ, OQ and PQ steps, the initial and residual risk, and open deviations per phase. Any change to protocols or tests is reflected instantly. Full coverage and status of every requirement visible at a glance.
| Código URS | Descripción | DQ Paso | Riesgo Ini. | IQ Paso | OQ Paso | PQ Paso | Desv. DQ | Desv. IQ | Desv. OQ | Desv. PQ | Riesgo Res. |
|---|---|---|---|---|---|---|---|---|---|---|---|
| URS-001 | Registro de usuarios con 2FA | DQ-001 | Alto | IQ-003 | OQ-007 | PQ-002 | — | — | — | — | Bajo |
| URS-002 | Audit trail 21 CFR Part 11 | DQ-002 | Crítico | IQ-004 | OQ-008 | PQ-003 | — | DEV-001 | — | — | Bajo |
| URS-003 | Firma electrónica con certificado | DQ-003 | Crítico | IQ-005 | OQ-009 | PQ-004 | — | — | DEV-002 | — | Bajo |
| URS-004 | Backups con integridad verificable | DQ-004 | Alto | GAP | OQ-010 | PQ-005 | — | — | — | — | Medio |
| URS-005 | Tiempo de respuesta <2 s | GAP | Medio | IQ-006 | OQ-011 | GAP | — | — | — | — | Medio |
| URS-006 | Exportación PDF con metadatos GxP | DQ-005 | Bajo | IQ-007 | GAP | PQ-006 | — | — | DEV-003 | — | Bajo |
ADVANCED CAPABILITIES
Traceability, risk and signature: fully integrated
Every action is logged, every requirement traced, every signature verifiable.
DIGITAL SIGNATURE
Authenticity verification from any device
Scan the document QR code and instantly confirm that signatures are valid and content has not been altered, without logging into the platform.
RISK ANALYSIS
Heatmap with categorised risk items
See the severity × likelihood distribution at a glance. Identify 6 critical risks and prioritise mitigations before running tests.
TRACEABILITY
URS → tests matrix updated in real time
Each URS requirement is linked to its DQ, IQ, OQ and PQ tests. Coverage recalculates automatically as executions progress, surfacing gaps instantly.
More features
Everything you need for regulatory compliance
Risk analysis AR / ICH Q9
RPN scale according to ICH Q9 / GAMP5 (Severity × Probability × Detectability). Automatic risk generation from confirmed URS requirements. Table injected as Annex I in the Word file.
Regulatory library with RAG
Query GxP regulations using Retrieval Augmented Generation over GAMP 5, FDA, EMA, ISO 13485 and Annex 11. AI-powered search and automatic alerts for updates.
Deviation management
Standalone module to record and manage deviations and corrective/preventive actions (CAPA). Workflow: Open → Under Investigation → Under Review → Closed.
Granular RBAC access control
Configurable roles and permissions from administration without hardcoding. Three layers: global role, project access and role in the signature workflow. Client portal with limited visibility.
Live flow with AI
Real-time monitoring: active AI models (Claude + OpenAI), generated documents, words processed, PDFs in queue and scheduled automatic tasks. Full visibility of what is happening in your validation environment at every moment.
Complete CSV documentation, AI-generated
Each lifecycle phase automatically generates its own deliverables from project context.
- Validation Master Plan (VP)
- User Requirements Specification (URS)
- Technical Specification (ET)
- Risk Analysis (AR)
- Design Qualification (DQ)
- Installation Qualification (IQ)
- Operational Qualification (OQ)
- Process Qualification (PQ)
- Residual Risk Analysis (ARR)
- Traceability Matrix (MX)
- Validation Report (IV)
Built for SAP. Ready for any change.
Two additional capabilities for SAP environments that go beyond the validation lifecycle.
Native SAP connection
OqoVal connects to your SAP system (S/4HANA or ECC) via API to automatically extract configuration data. This feeds DQ, IQ, OQ and PQ protocols without manual data entry, eliminating transcription errors and shortening execution time.
Automated Change Control
OqoVal automatically detects transport requests (TRs) applied to your SAP environment, analyses the regulatory impact on validated systems, and triggers the corresponding revalidation workflow — with no manual intervention until a decision needs to be made.
Architected for regulatory compliance
Every technical decision in OqoVal responds to a specific regulatory requirement.
- Electronic signatures with unique identification
- Immutable signature record with SHA-256 hash
- Complete Audit Trail
- RBAC with secure authentication
- System lifecycle management
- Risk-based validation approach
- User requirements updated throughout the lifecycle
- Traceability matrix
- DQ, IQ, OQ and PQ qualifications
- Technology supplier control
- Validation project based on GAMP 5 categories
- Risk-based validation approach
- System lifecycle management
- Attributable
- Legible
- Contemporaneous
- Original
- Accurate
- Complete
- Consistent
- Enduring
- Available
- Traceable
Audit-ready GxP templates — or bring your own
OqoVal ships with a template library adapted to GAMP 5, 21 CFR Part 11 and EU Annex 11. If your organisation already has approved formats, import them and the AI will use them as the base.
Take it to your Board.
8-page document for CEO, CFO and Operations leadership. Covers regulatory context, defensible ROI and use cases by sector. Print-ready in A4 or exportable to PDF.
Next step: a 30-minute conversation with the CEO.
Ready to eliminate documentation bureaucracy?
Request information and we'll explain how OqoVal can adapt to your regulated environment.
Request more information