40–60%
reduction in documentation effort
15–25%
faster validation cycle time
50%
less audit preparation time
Output flows to your DMS for human review and approval. No change to your approval workflow.
Electronic Records & Signatures Binding
SAGA-DEMO-0419 · Rev 01 · Approved 2026-03-28
Four regulatory frameworks govern validation documentation in life-science and medical-device environments: GAMP 5, 21 CFR Part 11, EMA Annex 11, and FDA CSA. The sections below state what SAGA is designed to, what it is assessed against, and what remains your team's responsibility.
Posture claims on this page are based on our internal risk assessment, not on external attestation. Every regulatory decision within your programme remains yours.
SAGA is designed to GAMP 5 as a Category 4 configurable product — a platform deployed in your environment that produces structured validation artefacts (URS, FS, DS, IQ, OQ, PQ) along a traceable lifecycle.
Your team remains accountable for validation of the specific configuration you run in your regulated context. GAMP 5 is about discipline of authoring, review, and evidence; SAGA is designed to carry that discipline into every artefact it helps you produce.
SAGA is assessed against 21 CFR Part 11 per our internal risk assessment for electronic records and electronic signatures. Every artefact SAGA authors carries the metadata Part 11 demands: user-identity binding on each signature, time-stamp integrity, record immutability after sign-off, and a full record of every authorising action.
SAGA itself is not the system of record for your signed documents. Output flows to your DMS, where your Part 11 controls — identity provider, signature workflow, retention policy — take over. SAGA is designed to hand off a complete record, not to replace the system that keeps it.
SAGA is consistent with EMA Annex 11 per our internal risk assessment. Annex 11 governs computerised systems in EU GMP: lifecycle discipline, data-integrity controls, supplier assessment, and continuity of electronic records across upgrades.
The artefacts SAGA produces are designed to answer Annex 11 inspector questions in one pass: a Requirements Traceability Matrix for every claim, a change-control record for every system-state transition, and a data-integrity trail that survives a platform upgrade without rewriting the evidence.
SAGA is designed to FDA CSA — Computer Software Assurance. CSA shifts the balance from exhaustive scripted testing to risk-based assurance: critical thinking about where failure would hurt the patient, testing proportionate to the risk, and documentation that reflects reasoning rather than volume.
SAGA's authoring framework carries the CSA posture by construction. Scope decisions are risk-based; the artefact shape prompts critical thinking at every lifecycle stage; documentation reads as reasoning, not procedural accumulation.
A scannable cross-cut of the four frameworks. The prose sections above are the reasoning; this table is the one-pass reference.
| Framework | Verheim posture | How SAGA aligns |
|---|---|---|
| GAMP 5 | Designed to GAMP 5 as a Category 4 configurable product. | URS → FS → DS → IQ / OQ / PQ traceability baked into every artifact. |
| 21 CFR Part 11 | Assessed against Part 11 per our internal risk assessment. | Identity binding, time-stamp integrity, record immutability, sign-off trail. |
| EMA Annex 11 | Consistent with Annex 11 per our internal risk assessment. | Lifecycle discipline, data-integrity controls, supplier traceability across upgrades. |
| FDA CSA | Designed to FDA CSA — Computer Software Assurance. | Risk-based scope, critical-thinking prompts, reasoning-forward documentation. |
If this posture matches what your quality system needs, the next step is a focused review — your frameworks, your evidence requirements, your DMS. One session, no sales theatre, clear outputs.
https://verheim.dev/compliance/