Seal's Guarantee of Quality

This page is a summary of the Quality processes in Seal. It briefly describes how Seal is developed and delivered to customers in line with software development best practices, especially those of GxP-regulated industries. Seal, designed for GxP-regulated industries, facilitates the creation, review, and maintenance of critical records and databases, as well as the capacity to process information rapidly. Seal upholds quality, reliability, and integrity across its systems, processes, and product that aligns with regulatory frameworks and international standards. Understand our quality practices:

Product Development Lifecycle

This page is a summary of the Seal product development lifecycle. The product development and support phases are guided by the following requirements from GAMP Supplier Good Practices (but are not limited to):

Documented set of procedures and standards
Well-defined requirements from regulated companies before onboarding
Quality planning
Design review process
Defined standards for software production
Clear user documentation and training

A summary of the process is listed below.

Scope

The objective of this stage is to scope issues and requirements, based on following criteria (but not limited to):

Description of requirement, including user stories, user flows, and edge cases
Source of requirement
Level of priority
Additional comments regarding analysis, possible solutions, problems, and queries

This comprehensive approach ensures structured documentation to allow clear, concise scoping plans.

Specify

This converts the scoping conducted above into actionable items to address the issue or requirement. This includes (but not limited to):

Review and clarification meetings to define specifications
Developing designs based on requirements, with design iterations if necessary
Creation of issues for approved designs

This involves collaborative wok between the development, design, and product delivery teams.

Develop

GitHub serves as Seal’s designated task system for creating, tracking, and managing work tasks. This centralised platform proves advantageous for software teams in GxP environments due to features, including version control with auditing capabilities, change tracking and documentation, automated testing and continuous integration tools, and efficient issue tracking.Per Appendix D4 of GAMP 5 on the Management of Software, the following requirements for each software task ensure clear traceability and are all available in GitHub:

Reference/traceability to associated design artefacts
Descriptions of the task
Timestamps
Summary of changes
User account making changes

The timeframe for issues are based on the priority assigned to the requirement.

Testing

A rigorous multi-phase testing process is conducted before any new feature or update is introduced to ensure the platform maintains the highest standards of quality, performance, and reliability for users.Production changes undergo the following stringent approaches prior to release. These include both automated (comprising database and end-to-end tests) and manual testing methodologies:

Module testing (unit and database testing)
Acceptance testing (utilising playwright tests)
Peer reviews

A crucial aspect is the integration of Continuous Integration, where automated checks are performed with each commit. This ensures immediate notification to the developer in case of errors, maintaining a proactive approach to identifying and addressing issues during the development lifecycle. Additionally, if applicable, additional tests are written for changes introduced by the new features to test for any specific interactions and flows that are affected by the new changes.For all changes, it is mandatory that:

All pull requests must pass automated tests
All pull requests require the completion of a peer review and approval

Release

Release would entail passing of all requests, complete QA checks, successful validation of the platform.Feature descriptions are documented on in the Seal Changelog.Executed platform tests documented in the ‘Validation’ tab in your Seal platform.

Platform Operation Tests

This page is a summary of Seal’s platform operation tests, guided by the requirements from GAMP5 Principles. GAMP5 guidelines provide a risk-based approach to testing for software operation, ensuring that systems perform as intended and comply with regulatory requirements.The following lists show a summary of the tests. Note that this is not a comprehensive list of all tests.Database

Adding, removing, and recovering user data
Archiving
Data cached and updated in browser
Adding, deleting, an tracking of changes in cards
Expected API end points and their documentation
Correct permission levels data
Sending and responding to requests
Roles
Database test enviroments correctly set up to run test suits
Integrity of versioned data and the functions that modify it

End-to-end

Creating and deleting orgs
Creating entities
Autosaving functions
Creating a draft from a published versions
Review flows with single and multiple reviewers

Stats, logs, and errors are monitored in the Google Cloud console.Seal maintains a variety of channels to monitor security incidents such as downtime or service disruptions. Learn more in our Incidence Procedure below.

Incident Procedure

Seal prioritizes proactive monitoring and swift response to ensure continuous, secure operations. To maintain high standards of service availability and resilience, a robust array of monitoring channels designed to detect potential security incidents, including downtime, service disruptions, and unusual system activities.This page briefly outlines the Incident Procedure for responding to, documenting, and resolving software downtime incidents. It does not delve into comprehensive details - for more details, see Data Backup and Disaster Recovery, and our Disaster Recovery Plan.DetectionSeal’s commitment to 24/7 monitoring enables Seal to provide a seamless user experience and uphold the security and integrity of the platform.Seal maintains a variety of channels to monitor security incidents such as downtime or service disruptions.Automated alerts are configured to trigger in response to specific thresholds. These alerts are customisable to align with Seal’s risk management criteria, addressing a range of scenarios, from routine service inconsistencies to critical security threats.Regular system audits and validation checks are conducted on all monitoring and alerting protocols. These tests ensure that each channel’s sensitivity, accuracy, and responsiveness remain effective over time. Additionally, incidents are simulated on a periodic basis, to assess alert accuracy and improve incident response times. These simulations allow the Seal Team to practice real-time responses.CommunicationsEffective communication is crucial for rapid response, clear information flow, and effective resolution.Communication during an Incidence procedure involves multiple stages, starting from the first responder’s actions, team notifications, the creation of dedicated communication channels, and continuous status updates. Each step is designed to ensure that all relevant stakeholders, both internal and external, remain informed and coordinated throughout the incident lifecycle.The various communication channels ensure that that Seal’s response teams can quickly share critical information, streamline decision-making, and maintain a transparent, coordinated approach to incident resolution.Assessment and DebuggingThe first responder, in collaboration with relevant engineers and team leads, evaluates the incident based on the following criteria (but not limited to):

User impact: Determine the scope of affected users or services - higher severity is assigned if a significant portion of users or core functions is impacted.
Service dependency: Assess which critical systems or components are affected and any downstream dependencies. Issues affecting core services, such as database security, are prioritised.
Recovery time: Consider the estimated time needed to resolve the issue.

Once severity is assessed, the technical team begins systematic debugging. This may include multiple steps, such as (but not limited to):

Information gathering: The team retrieves relevant logs, metrics, and alerts from monitoring systems to identify anomalies or error patterns.
Reproducibility: Where possible, the team attempts to replicate the issue in a controlled environment, to understand the conditions triggering the incident.
Identification of root cause

All information and findings are documented in the Incident Report.ResolutionOnce the issue has been clearly identified, the Seal team works to implement a resolution, to not only restore functionality but also to mitigate future occurrences. Once the fix is implemented, the team performs thorough testing to confirm that the issue is resolved, such as end-to-end testing.Relevant documentation, tests, and monitoring channels are updated to reflect findings and learning from the incident.

Getting started

Platform Structure

Change Control

Entity content

Misc

Validation

IT & Security Policies

Regulatory Standards

Seal's Guarantee of Quality