ISO 14971 risk management with native SAP QM integration. When a QualityNotification lands in SAP, RiskGuard opens the investigation cockpit automatically — with the affected finished goods, the qualified supplier, and the traceability chain already resolved.
BUILT FOR REGULATED MANUFACTURING
A single walkthrough: SAP QM incident → BOM cascade → hazard cockpit → AIAG-VDA FMEA → e-signed approval → tamper-evident audit trail.
HOW IT WORKS
Suppliers, materials, and bills of material sync from SAP over OData on a scheduled pull. Qualification status, audit dates, ISO certifications, GMP class, hazard class — kept in sync from SAP. Every hazard, incident, and FMEA reads from the same source of truth.
Hazards are tagged with IMDRF Annex A/E/F terminology — the same lexicon FDA, EMA and MHRA inspectors use. No free text a reviewer has to interpret. AIAG-VDA seven-step FMEA. Codex Alimentarius HACCP. Standards-native, not standards-adjacent.
Every action is logged with user, timestamp, IP, and a cryptographic hash of the previous entry. Break a row, break the chain. One-click Verify Chain Integrity walks the full audit trail and hands your inspector the chain-head hash and a verification timestamp.
CAPABILITIES
SAP QualityNotifications land in RiskGuard as PMS incidents with Q1/Q2/Q3/F1 type, priority-mapped severity, linked material, batch, and supplier — no re-typing.
When a raw-material incident opens, RiskGuard resolves the BOM upward and shows the finished goods that consume it. The chain SAP holds but never surfaced.
Hazards linked to a supplier or material show the supplier's qualification status, last audit, ISO certifications, and the material's GMP class and hazard class — read live from the master-data store.
Live search across IMDRF Annex A (Device Problems) and Annex E/F (Health Effects). Hazards stored with codes an auditor recognises, not free text.
Process Flow, Structure Tree, Worksheet (RPN + Action Priority), Control Plan — the modern AIAG-VDA method, not the old MIL-STD-1629 spreadsheet regulators are pushing back on.
FMEA, PHA, FTA, HAZOP, HACCP — same submit/review/approve state machine, same electronic-signature discipline, same audit trail. One platform, five methodologies.
Reviewer and approver sign with their password. The backend refuses to let the same person review and approve. Separation of duties as a permission check at the endpoint, not policy on paper.
Each audit row carries a hash of the previous row. Verify Chain Integrity walks the whole chain in seconds — hands you the head hash, row count, and the first break if any.
When SAP marks a supplier's qualification as expired, a re-review alert opens on every hazard and incident that references that supplier. No manual scan, no missed exposures.
One-click ISO 14971:2019 risk management report with the exact structure your notified body expects. Plus a 12-month hazard trend chart and a supplier heat map.
Every hazard, FMEA, and report is scoped by plant. Quality leads see what they own — not everyone else's noise. Enterprise multi-tenant, single audit chain.
Ships as Docker containers. PostgreSQL 15, Redis 7, no external SaaS dependency. GDPR-native by design.
STANDARDS-NATIVE
RiskGuard replaces it with a system regulators recognise — signed, chained, and provable.