Why Seal is different
Traditional GxP systems are frozen after validation. Any change risks triggering months of re-validation work. Teams are forced to choose between compliance and improvement—a fundamental conflict between the goals of quality and the operational needs of the business. Seal resolves this. Unlike systems that must be locked down after validation, Seal is built so that every change goes through Change Sets with formal review and approval, and automated tests verify the system after every change. You evolve your configuration without compromising your validated state. Pharmaceutical, biotech, and medical device companies run their GxP-regulated operations on Seal—GMP manufacturing, GLP laboratories, GCP clinical trials. Customers run their entire QMS on Seal: document control, deviations, CAPAs, change control.Our approach to validation
The FDA has inspected companies using Seal as their QMS and MES.
Risk-based validation
Software validation is the process of ensuring and documenting that a system is fit for its intended use. The level of formality scales with risk—early R&D needs lightweight documentation, GMP manufacturing requires formal compliance evidence. Most customers fall into one of two categories:GxP systems
GMP, GLP, GCP environments. Formal validation with risk assessment, VMP, and compliance documentation.
Non-GxP / R&D
Simpler User Acceptance Testing focused on fitness for purpose. Faster, lighter documentation.
Platform testing
Seal runs automated tests daily—unit tests, integration tests, and end-to-end tests—covering functionality, stability, and reliability. These verify the platform operates as intended and maintains its validated status across its lifecycle. Once live, you can view all platform test results in the Validation tab. This applies to all customers regardless of pathway. For testing your specific configuration, see Staying validated.Non-GxP: User Acceptance Testing
For non-GxP systems (early-stage R&D, non-regulated workflows), the goal is to ensure and document that Seal is fit for your intended purpose. This is achieved through a lightweight UAT process. Your responsibilities:- Define requirements — outline the specific configurations and workflows you need
- Perform UAT — test against your real-world use cases to confirm Seal is configured correctly
- Document acceptance — sign off on a summary report confirming fitness for purpose
If your system doesn’t have a direct GxP impact, you don’t need the formal methodology below. The UAT process above is sufficient.
GxP validation
For GxP systems (GMP, GLP, GCP), a formal validation process is required. We handle the heavy lifting—you review and approve.Our approach
Seal’s validation methodology is built on GAMP 5 2nd Edition and the FDA’s 2022 CSA Guidelines, informed by consultation with an author of GAMP 5 2nd Edition.GAMP 5 software categories
| Category | Type | Validation effort | Example |
|---|---|---|---|
| 3 | Non-configured product | Verify installation and intended use | Off-the-shelf tools used as delivered |
| 4 | Configured platform or product | Verify your specific configuration | Standard platform configured for your processes |
| 5 | Custom software application built for this purpose | Full testing of bespoke code | In-house developed application built from scratch |
Seal is a Category 4 system
Seal is a GAMP 5 Category 4 (Configured Product). You configure standard, vendor-tested features — workflows, templates, fields, approval chains, permissions — to match your business processes. Seal validates the platform; you validate your configuration.In practice: You don’t need to test that electronic signatures work, that audit trails are immutable, or that access controls enforce permissions — Seal validates all of that. Your effort is concentrated on confirming your workflows, templates, and business rules are configured correctly.
CSV vs CSA
Seal follows CSA (Computerized System Assurance) — the modern, risk-focused alternative to traditional CSV, endorsed by the FDA. CSA asks “does the system do what it’s supposed to do?” rather than “did we produce all the documents?”.Your responsibilities
- Define requirements — provide your URS, relevant SOPs, and specify regulatory standards (21 CFR Part 11, EU Annex 11, etc.)
- Risk assessment — participate in identifying high-risk areas for patient safety, product quality, and data integrity
- Review and approval — review key validation documents (VMP, validation report) and participate in formal UAT
Process and timeline
Our implementation team drives each step:Align on VMP (1–2 days)
Agree on the Validation Master Plan—strategy, scope, resources, and deliverables.Deliverable: Approved VMP
Complete URS, FS, and risk assessment (1 week)
Document your requirements and functional specifications. Conduct risk assessment.Deliverable: Approved URS, FS, risk assessment
Complete configuration (1–3 weeks)
Build and configure your Seal instance based on documented requirements.Deliverable: Configured system ready for testing
Develop tests (3–5 days)
Identify required manual and automated tests based on risk assessment. Develop automated configuration tests.Deliverable: Test scripts and automation suite
Execute tests (1–2 weeks)
Run manual and automated configuration tests. Document results.Deliverable: Executed test evidence with pass/fail status
What you get
Every Seal customer receives our validation template pack:| Template | Purpose |
|---|---|
| Validation Master Plan | Overall strategy, scope, resources, deliverables |
| Risk Assessment | Identify and mitigate risks to patient safety and product quality |
| User Requirement Specification | Document your specific requirements |
| Functional Specification | Define how the platform works |
| Traceability Matrix | Map requirements to functions |
| Change Control | Manage and document configuration changes |
| Automated validation guide | Set up automated configuration tests |
Platform validation
Seal validates the platform through our software development lifecycle, automated testing, and collaboration with customers on major updates.
Configuration validation
You validate your configuration using our templates. We guide you through—your focus is review and sign-off.
Staying validated
Once validated, how do you stay validated as your system evolves? Two mechanisms work together:Change control
All modifications—configuration, data, workflows—go through Change Sets with formal review and approval. Before any change goes live:- Impact assessment — the system shows exactly what will change
- Review and approval — designated reviewers sign off electronically
- Audit trail — every change is logged with who, what, when, and why
- Automated tests — configuration tests run to verify nothing broke
Learn more about Change Sets.
Continuous testing
Seal can generate and execute User Acceptance Tests for your configured workflows. Tests are written in natural language (e.g., “Create a Batch Record from the Production template and verify all required fields appear”), reviewed and approved by your team. Seal executes them automatically, recording video and system events as audit evidence. When tests run:- Every platform release — your test suite runs automatically before your team uses a new Seal version
- After configuration changes — verify workflows still work after you modify templates, fields, or approval chains
- On demand — trigger tests manually whenever you need assurance
Frequently asked questions
How long does validation take?
How long does validation take?
Non-GxP validations typically complete in days. GxP validations take 4–7 weeks depending on complexity—still much faster than traditional approaches. Contact us for a specific estimate.
When should I validate?
When should I validate?
Validate when implementation is complete—with everything built and configured. For larger implementations, we support phased validation where individual workflows are validated as they go live.
Can I validate the system myself?
Can I validate the system myself?
Yes. Seal’s validation documentation and templates adapt to fit your QMS. You have full control—and we’re here if you need us.
Does Seal provide validation templates and reports?
Does Seal provide validation templates and reports?
Yes. We provide a comprehensive validation package including templates for URS and Risk Assessment, platform validation documentation, and a Validation Summary Report you can generate on-demand.
Do I need to revalidate if my organisation moves site?
Do I need to revalidate if my organisation moves site?
No. There is no change to server locations, databases, or core system architecture when your organisation moves. Our Customer Success team can support any risk assessments you need.
How does the API tie in with validation?
How does the API tie in with validation?
The API enables data flow but does not change platform behaviour. You are responsible for documenting your API configuration and risk assessment. The API itself is tested as part of Seal’s routine testing.
Does Seal provide User Acceptance Tests?
Does Seal provide User Acceptance Tests?
Yes. We provide baseline UAT scripts that you can use as a starting point for testing your specific configuration.
Are Seal's modules custom-built for each customer?
Are Seal's modules custom-built for each customer?
No. Seal’s modules (ELN, Inventory, Samples, QMS, etc.) are standard blueprints available to every customer. You configure them for your processes.
Do automations make Seal a Category 5 system?
Do automations make Seal a Category 5 system?
No. Each automation reads and writes fields on the entity it belongs to. They are Category 4 configuration.
Do I have to validate features that are not enabled?
Do I have to validate features that are not enabled?
No. Disabled features have no interaction with your platform and don’t require validation.