GxP Risk Management · Built on the Horaxis Platform

Your Risk File.
Your SAP System.
Finally Talking.

ISO 14971 risk management with native SAP QM integration. When a QualityNotification lands in SAP, RiskGuard opens the investigation cockpit automatically — with the affected finished goods, the qualified supplier, and the traceability chain already resolved.

Watch the 5-Minute Demo Request a Pilot

BUILT FOR REGULATED MANUFACTURING

PHARMAICH · ISPE · EU GMP
MEDICAL DEVICEISO 14971 · MDR · FDA 21 CFR 820
FOOD SAFETYHACCP · FSMA · Codex

See it in five minutes.

A single walkthrough: SAP QM incident → BOM cascade → hazard cockpit → AIAG-VDA FMEA → e-signed approval → tamper-evident audit trail.

HOW IT WORKS

Three principles. One platform.

1. Live SAP Master Data

Suppliers, materials, and bills of material sync from SAP over OData on a scheduled pull. Qualification status, audit dates, ISO certifications, GMP class, hazard class — kept in sync from SAP. Every hazard, incident, and FMEA reads from the same source of truth.

2. Regulator Vocabulary Built In

Hazards are tagged with IMDRF Annex A/E/F terminology — the same lexicon FDA, EMA and MHRA inspectors use. No free text a reviewer has to interpret. AIAG-VDA seven-step FMEA. Codex Alimentarius HACCP. Standards-native, not standards-adjacent.

3. Tamper-Evident by Design

Every action is logged with user, timestamp, IP, and a cryptographic hash of the previous entry. Break a row, break the chain. One-click Verify Chain Integrity walks the full audit trail and hands your inspector the chain-head hash and a verification timestamp.

CAPABILITIES

Everything a QA lead needs on a Monday morning.

SAP QM Integration

Auto-created PMS incidents

SAP QualityNotifications land in RiskGuard as PMS incidents with Q1/Q2/Q3/F1 type, priority-mapped severity, linked material, batch, and supplier — no re-typing.

BOM Cascade

Impact resolved in one view

When a raw-material incident opens, RiskGuard resolves the BOM upward and shows the finished goods that consume it. The chain SAP holds but never surfaced.

Live Master Data

Supplier + material sidebar

Hazards linked to a supplier or material show the supplier's qualification status, last audit, ISO certifications, and the material's GMP class and hazard class — read live from the master-data store.

IMDRF Terminology

Regulator-native language

Live search across IMDRF Annex A (Device Problems) and Annex E/F (Health Effects). Hazards stored with codes an auditor recognises, not free text.

AIAG-VDA FMEA

Seven-step, four tabs

Process Flow, Structure Tree, Worksheet (RPN + Action Priority), Control Plan — the modern AIAG-VDA method, not the old MIL-STD-1629 spreadsheet regulators are pushing back on.

Five Methodologies

One workflow engine

FMEA, PHA, FTA, HAZOP, HACCP — same submit/review/approve state machine, same electronic-signature discipline, same audit trail. One platform, five methodologies.

21 CFR Part 11

E-signatures with SoD enforcement

Reviewer and approver sign with their password. The backend refuses to let the same person review and approve. Separation of duties as a permission check at the endpoint, not policy on paper.

Audit Chain

Tamper-evident hash chain

Each audit row carries a hash of the previous row. Verify Chain Integrity walks the whole chain in seconds — hands you the head hash, row count, and the first break if any.

Re-Review Alerts

Automatic reassessment triggers

When SAP marks a supplier's qualification as expired, a re-review alert opens on every hazard and incident that references that supplier. No manual scan, no missed exposures.

ISO 14971 Report

Regulator-ready PDF export

One-click ISO 14971:2019 risk management report with the exact structure your notified body expects. Plus a 12-month hazard trend chart and a supplier heat map.

Multi-Plant

Global scope, local ownership

Every hazard, FMEA, and report is scoped by plant. Quality leads see what they own — not everyone else's noise. Enterprise multi-tenant, single audit chain.

On-Premise

Your data stays in your network

Ships as Docker containers. PostgreSQL 15, Redis 7, no external SaaS dependency. GDPR-native by design.

STANDARDS-NATIVE

ISO 14971:2019Risk Management
21 CFR Part 11Electronic Signatures
EU GMP Annex 11Computerised Systems
AIAG-VDA FMEA7-Step Method
IMDRF Annex A/E/FTerminology
Codex HACCP7 Principles

A risk file made of spreadsheets
will not survive the next inspection.

RiskGuard replaces it with a system regulators recognise — signed, chained, and provable.

Book a Live Demo Explore Horaxis Enterprise