Skip to main content

Why Seal is different

Traditional GxP systems are frozen after validation. Any change risks triggering months of re-validation work. Teams are forced to choose between compliance and improvement—a fundamental conflict between the goals of quality and the operational needs of the business. Seal resolves this. Unlike systems that must be locked down after validation, Seal is built so that every configuration change goes through Change Sets with formal review and approval, and automated tests verify the system after every change. You evolve your configuration without compromising your validated state. Pharmaceutical, biotech, and medical device companies run their GxP-regulated operations on Seal — GMP manufacturing, GLP laboratories, GCP clinical trials. Customers run their entire QMS on Seal: document control, deviations, CAPAs, change control.
Validation exists to protect patients and product quality. Documentation should be proportionate to risk — rigorous where it matters, streamlined where it doesn’t.
The FDA has inspected companies using Seal as their QMS and MES.

What is platform vs. what is built for you?

A common question from quality teams is where platform ends and customer-specific work begins. There are three distinct layers:

Core platform

The software every customer runs — audit trails, e-signatures, access controls, version history, change sets, search, and the document editor.

Blueprints

Standard modules (ELN, QMS, Inventory, Samples, etc.) version-controlled and tested within the core platform codebase. Every customer runs the same blueprints.

Your configuration

The templates, fields, workflows, review requirements, permissions, and automations you set up through the UI.
Core platform, blueprints, and your configuration are all configured product (GAMP 5 Category 4). Seal develops, tests, and validates the core platform and all blueprints through its development lifecycle — you can leverage Seal’s validation evidence rather than validating these layers yourself. This includes scripts that are part of a blueprint. Your validation effort focuses on confirming that your configuration (templates, fields, workflows, automations, business rules) is correct for your intended use. Customer-specific scripts are the exception. Some customers need field-level logic unique to their processes — for example, a script that parses instrument readings or enforces a domain-specific validation rule. These are scoped to a single field, version-controlled through change sets, and individually validated as custom elements (Category 5) within the configured system using a risk-based approach. Most customers have zero customer-specific scripts.
LayerWho develops itWho validates itHow it changes
Core platformSeal engineeringSeal (development lifecycle + automated testing)Release process with customer notification
Blueprints (modules)Seal engineeringSeal (development lifecycle + automated testing)Release process with customer notification
Your configurationCustomer and/or Seal during implementationCustomer (with Seal guidance)Change sets with formal review
Customer-specific scriptsSeal engineering (with customer)Seal and customer jointlyChange sets with code review and individual test cases

Validating your configuration

Software validation is the process of ensuring and documenting that a system is fit for its intended use. The level of formality scales with risk. Most customers fall into one of two pathways:

GxP systems

GMP, GLP, GCP environments. Formal validation with risk assessment, Validation Master Plan, and compliance documentation.

Non-GxP / R&D

Simpler User Acceptance Testing focused on fitness for purpose. Faster, lighter documentation.
If you’re somewhere in between — process development, scale-up, or early-phase clinical manufacturing — we support phase-appropriate validation. We tailor the approach to your current risk profile and clinical phase, allowing you to scale up compliance requirements as you progress toward commercialization.
In practice: You don’t need to validate that electronic signatures work, that audit trails are immutable, that access controls enforce permissions, or that the ELN, QMS, or Inventory modules function correctly — Seal validates all of that through its development lifecycle and provides the evidence. Your effort is concentrated on confirming your specific workflows, templates, and business rules are configured correctly.

Non-GxP: User Acceptance Testing

For non-GxP systems (early-stage R&D, non-regulated workflows), the goal is to ensure and document that Seal is fit for your intended purpose. This is achieved through a lightweight UAT process. Your responsibilities:
  1. Define requirements — outline the specific configurations and workflows you need
  2. Perform UAT — test against your real-world use cases to confirm Seal is configured correctly
  3. Document acceptance — sign off on a summary report confirming fitness for purpose
We provide templates and scope the UAT plan with you. Most non-GxP validations complete in days.
If your system doesn’t have a direct GxP impact, you don’t need the formal methodology below. The UAT process above is sufficient.

GxP validation

For GxP systems (GMP, GLP, GCP), a formal validation process is required. We handle the heavy lifting—you review and approve. Seal’s validation methodology is built on GAMP 5 2nd Edition and the FDA’s Computer Software Assurance guidance (finalized September 2025), informed by consultation with an author of GAMP 5 2nd Edition. Seal follows CSA (Computerized System Assurance) — the modern, risk-focused alternative to traditional CSV, endorsed by the FDA.

Validation lifecycle

Requirements are defined at increasing levels of detail, then verified through corresponding tests. Risk assessment drives which tests are required and how rigorous they need to be.
PhaseWhat happensDeliverableResponsibility
Validation Master PlanAgree strategy, scope, resources, and acceptance criteriaApproved VMPSeal drafts, you approve
User RequirementsDocument your workflows, business rules, and regulatory requirementsApproved URSYou provide, Seal documents
Functional Spec + Risk AssessmentDefine how the platform meets each requirement; risk assessment determines test scopeApproved FS, risk assessmentSeal drafts, you review
ConfigurationBuild and configure your Seal instance to specification; iterative reviewConfigured system ready for testingSeal builds, you review
Test ExecutionAutomated and manual tests against functional specExecuted test evidence with pass/failSeal executes, results documented
User Acceptance TestingYou test against your user requirements with real workflowsSigned UAT evidenceYou execute, Seal supports
Validation Report + Go LiveSummary of all evidence, deviations, and formal sign-offSigned validation summary reportSeal drafts, you approve
The dotted lines in the diagram show traceability: user requirements trace forward to UAT (did we build what you asked for?), and the functional spec traces forward to test execution (does the system behave as specified?). The traceability matrix connects every requirement to its corresponding test evidence. When a test fails: deviations are documented with root cause, impact assessment, and resolution. Each deviation is reviewed and approved before proceeding. The Validation Report includes a summary of all deviations and their dispositions.

What you get

Every Seal customer receives our validation template pack:
TemplatePurpose
Validation Master PlanOverall strategy, scope, resources, deliverables
Risk AssessmentIdentify and mitigate risks to patient safety and product quality
User Requirement SpecificationDocument your specific requirements
Functional SpecificationDefine how the platform works
Traceability MatrixMap requirements to functions
Change ControlManage and document configuration changes
Automated validation guideSet up automated configuration tests

Platform development lifecycle

Seal maintains a formalized software development lifecycle for the core platform and blueprints, aligned with GAMP 5 2nd Edition agile lifecycle principles and independently verified through SOC 2 Type II controls.

How platform software is developed

Every code change goes through a mandatory process before it reaches production:
  1. Development — engineer builds the change in a version-controlled feature branch with associated automated tests
  2. Automated test suite — CI/CD pipeline runs unit, integration, and end-to-end tests; changes that fail any test cannot proceed
  3. Peer code review — mandatory pull request review assessing correctness, security, and test coverage
  4. Quality review — changes affecting GxP-relevant functionality (audit trails, signatures, access controls, data integrity) receive additional review against compliance requirements
  5. Staging validation — deployed to a staging environment mirroring production; automated end-to-end tests run again
  6. Release preview — functional changes are made available as a release preview with advance notice before becoming generally available
  7. Production release — zero-downtime deployment with automated health checks (see Deployment process)

Testing strategy

Test layerWhat it coversWhen it runs
Unit testsIndividual functions and components in isolationEvery code change
Integration testsService interactions, database operations, API contractsEvery code change
End-to-end testsFull user workflows through the browserEvery code change and daily against production
Security testingVulnerability scanning, dependency auditing, penetration testingContinuous; annual third-party penetration test
Performance testingLoad testing, response time monitoringContinuous in production
All test results are logged and retained. The full suite must pass before any change is deployed. Once live, you can view platform test results in the Validation tab within your Seal platform.

Quality management system

Seal operates under its own quality management system: document control, training (including secure coding and GxP awareness), internal audits, CAPAs, and quarterly management review. SOC 2 Type II certification provides independent third-party assurance that these controls are operating effectively — see trust.seal.run. Internal SOPs are available for review during vendor audits.

Change management

All platform changes follow a documented change management process: tracked issues with defined scope, risk assessment and categorization (risk levels), mandatory code review, automated testing, and staged deployment. Customer notification is governed by the Release process.

Staying validated

Once validated, how do you stay validated as your system evolves? Two mechanisms work together:

Change control

All modifications—configuration, data, workflows—go through Change Sets with formal review and approval. Before any change goes live:
  1. Impact assessment — the system shows exactly what will change
  2. Review and approval — designated reviewers approve with an electronic signature requiring re-authentication, meeting 21 CFR Part 11 requirements
  3. Audit trail — every change is logged with who, what, when, and why
  4. Automated tests — configuration tests run to verify nothing broke
This means you can continuously improve—add fields, update workflows, change permissions—without breaking your validated state. Every change has documented justification and approval.
Learn more about Change Sets.

Continuous testing

Seal can generate and execute User Acceptance Tests for your configured workflows. Tests are written in natural language (e.g., “Create a Batch Record from the Production template and verify all required fields appear”), reviewed and approved by your team. Seal executes them automatically, recording video and system events as audit evidence. When tests run:
  • Every platform release — your test suite runs automatically before your team uses a new Seal version
  • After configuration changes — verify workflows still work after you modify templates, fields, or approval chains
  • On demand — trigger tests manually whenever you need assurance
See Release process for details on risk levels, notification policies, and how automated testing works.

Frequently asked questions

All functionality changes are released behind Release Previews — Organisation Admins control when they take effect, and production is not affected until your team enables the release. A dedicated preview environment is available for running UAT before go-live. See Release process.
Testing follows the risk-based approach agreed in the Validation Master Plan at the start of the project.
  • Infrastructure: Covered by SOC 2 Type II certification — see Infrastructure and Data Storage & Security.
  • Test execution: Seal executes test scripts against your configured workflows. Protocols are shared for pre-approval; executed evidence (pass/fail, screenshots, timestamps) is provided for post-approval sign-off.
  • User Acceptance Testing: Your team tests against real-world use cases. Seal provides UAT templates and support.
All protocols and evidence can be exported to your quality management system.
Yes. Seal provides documentation mapping platform capabilities to your User Requirement Specification — including test IDs, descriptions, and results for requirements met by the core platform and standard blueprints. Executed platform tests are also visible in the Validation tab within your Seal organisation.
Non-GxP validations typically complete in days. GxP validations take 4–7 weeks depending on complexity—still much faster than traditional approaches. Contact us for a specific estimate.
Validate when implementation is complete—with everything built and configured. For larger implementations, we support phased validation where individual workflows are validated as they go live.
Yes. Seal’s validation documentation and templates adapt to fit your QMS. You have full control—and we’re here if you need us.
Yes. We provide a comprehensive validation package including templates for URS and Risk Assessment, platform validation documentation, and a Validation Summary Report you can generate on-demand.
No. There is no change to server locations, databases, or core system architecture when your organisation moves. Our Customer Success team can support any risk assessments you need.
The API enables data flow but does not change platform behaviour. You are responsible for documenting your API configuration and risk assessment. The API itself is tested as part of Seal’s routine testing.
Yes. We provide baseline UAT scripts that you can use as a starting point for testing your specific configuration.
No. Modules (ELN, QMS, Inventory, Samples, etc.) are standard blueprints developed, tested, and maintained as part of the core platform. Every customer gets the same blueprints. You configure them for your processes.
No. Every configurable software system has a formula language — Excel has formulas, ERP systems have calculated fields, LIMS platforms have rule builders. Seal’s automations are the same concept, using Python syntax instead of a proprietary expression language. Writing mass = density * volume is configuration, not custom software development. A single complex formula does not reclassify the entire system as Category 5, just as a complex Excel formula does not make a spreadsheet bespoke software. Automations are sandboxed to the entity they belong to and are Category 4 configuration. Where a specific script involves genuinely bespoke logic, that individual script is validated as a Category 5 element within the Category 4 system.
Seal’s blueprints (ELN, QMS, Inventory, etc.) are the library — standard modules available to all customers, maintained through the core platform development lifecycle. There is no separate library of custom code blocks assembled per customer. Configurations can be exported and imported between organisations as standard platform functionality.
No. Disabled features have no interaction with your platform and don’t require validation.