GIMS Compliance Relay converts raw instrument data creation into append-only compliance records in an HMAC-keyed hash chain, attributed to a server-resolved user, timestamp, device, and project. Records are reviewable and signable in-app and export as sealed evidence an auditor can verify offline, all without changing the instrument workflow.
See how it worksWhen a valuable instrument would improve a production or QC workflow but its native data environment falls short of regulated data-integrity expectations, the burden typically falls back onto paper logs, spreadsheets, or manual re-entry, each of which introduces transcription risk and weakens the audit record.
Paper and spreadsheets do not natively bind a user, timestamp, device, and primary data file together in a tamper-evident way. The record and the file are not connected.
Every time an analyst transcribes or manually attaches information into another system, the record can drift from the original file event, introducing error without surfacing it.
Instrument software generates files, but may not provide the user attribution, append-only logging, and tamper evidence that regulated QA workflows require.
The relay runs on the instrument workstation, watches configured folders, and automatically records the compliance event the moment a file is created.
An NMR or other instrument writes primary data into a controlled folder on the workstation.
The desktop relay runs at OS startup, detects new files, and captures the compliance event automatically.
The event is written to an append-only, HMAC-chained log with server-resolved attribution. Events with no resolvable actor are rejected, never recorded as "unknown".
Records are reviewable and signable in-app with password re-authentication, then exported as sealed CSV / JSON an auditor can verify offline.
Turn any instrument that writes files into a traceable, tamper-evident, signable data source for regulated workflows, with no changes to the instrument itself. The Part 11 hardening work is complete and exercised by 134 automated tests against a live Postgres deployment.
The relay is designed to do one thing well: capture the origin and integrity of raw instrument data events. Review, approval, and disposition workflows remain in downstream systems.
| Question | Relay | Handled elsewhere |
|---|---|---|
| Who created the raw data file, when, and from which device? | Core function | — |
| Is there tamper evidence on the raw data record? | HMAC-keyed hash chain + external notarization (object-lock WORM available) | Enterprise storage hardening and SOPs remain necessary |
| Electronic signatures (reviewed, approved, or rejected)? | Core function (§11.200 two-component, re-authenticated, bound to specific records) | — |
| User identity, accounts, and capture attribution | Authenticated accounts, lifecycle, and lockout; server-resolved capture identity | Integrates with enterprise domain login and IT access controls |
| Full scientific review, batch disposition, and product release | Downstream, out of scope | LIMS, ELN, QA systems, or broader GIMS modules |
| Backup, archival, and long-term retention | Object-lock WORM notarization available for trail heads | Customer / IT backup and retention policies remain necessary |
The relay stays deliberately focused: capture, integrity, and signatures done well, without becoming a LIMS. It now provides its own authenticated accounts, electronic signatures, and external notarization, and it is provider-neutral, so it can run where your regulated data must live. It integrates with your existing LIMS, ELN, and identity controls rather than replacing them.
Setup is designed to be straightforward within a controlled enterprise environment. No instrument changes required.
Deploy the desktop package on the instrument workstation or controlled PC.
Select the project and watched folder or folders for one or more instruments.
Set the relay to launch at OS startup so logging begins as soon as the authenticated session starts.
Use the UI for project-level audit logs, filtering, and CSV / JSON exports for QA and inspection use.
The relay is already self-contained for capture, integrity, and signatures. When you need to grow, it grows along two axes without a rewrite: from local storage to a self-hosted or cloud server-of-record, and from single-workstation edge capture to a central ingest point. It integrates with your LIMS or ELN at the compliance-record level rather than duplicating them.