Every feature in CertLink traces to formal requirements drawn from industry regulations. We designed the system from the ground up so that compliance isn't bolted on — it's the architecture.
Manual CoA exchange — PDFs emailed between QA teams, results re-keyed into spreadsheets, signatures collected on paper — leaves organisations exposed. Data integrity gaps, missing audit trails, and inconsistent validation make every regulatory inspection a scramble.
CertLink eliminates these risks architecturally. The platform uses event sourcing with SHA-256 hash chains so every state change is recorded immutably and tamper-detectably. Electronic signatures capture identity, meaning, initials, and a cryptographic hash of the signed payload. Role-based access control enforces separation of duties across suppliers and receiving organisations. And strict tenant isolation ensures each company only sees the data it is authorised to access.
The result: a system where compliance is the natural outcome of using the software, not an extra process layered on top.
ALCOA+ is the framework regulators use to evaluate data integrity. Here is how CertLink addresses each principle.
Every record is linked to the creating or modifying user via authenticated sessions with unique identifiers. URS-DI-001
Records are presented in human-readable, structured format through both the web interface and the JSON export API. URS-DI-002
All timestamps are set server-side at the moment of creation — never client-supplied — ensuring chronological accuracy. URS-DI-003
The event store preserves data exactly as entered. Original entries are never overwritten — new events record changes. URS-DI-004
Numeric values are validated against template-defined specification ranges (min/max) with automatic in-spec/out-of-spec flagging. URS-DI-005
The system tracks all fields defined by the template version, distinguishing between provided and missing values. Nothing is silently omitted. URS-DI-006
A SHA-256 hash chain guarantees event ordering and detects any modification, deletion, or insertion of audit trail entries. URS-DI-007
Records are persisted in PostgreSQL with support for standard database backup and disaster recovery procedures. URS-DI-008
Authorised users can access records at any time during system availability through the web interface and the REST API. URS-DI-009
CertLink's audit trail is built on event sourcing — a pattern where every state change is recorded as an immutable event rather than overwriting previous data. Each event captures the user identity, the action performed, and a server-side timestamp. (URS-AT-001, URS-AT-002)
Events are chained using SHA-256 cryptographic hashes: each new event includes the hash of the previous event, creating a tamper-evident chain. If any event is modified, deleted, or inserted out of order, the chain breaks — making unauthorised changes detectable. (URS-AT-003)
The event store is the single source of truth. Read models (the data you see in the UI) are derived by replaying the event stream, meaning the system can reconstruct the state of any record at any point in time. Optimistic concurrency control prevents conflicting modifications. (URS-AT-004, URS-AT-005, URS-AT-007)
CertLink enforces a strict CoA lifecycle with role-based separation of duties at every transition.
Every transition requires an electronic signature with initials and a cryptographic payload hash. (URS-WF-001–007)
CoA templates define the fields, units of measurement, and specification ranges for each product type. Templates follow their own controlled lifecycle (Draft → Under Review → Active → Retired) and require QA approval before production use. When a CoA is created, it snapshots the active template version, decoupling the instance from any future template changes. (URS-TM-001–005)
CertLink uses capability-based roles that are independent of organisation type. An org.user can create and submit CoAs; an org.qa can approve or reject them; an org.viewer has read-only access to approved records. Permissions are verified at every route before executing any action. (URS-RBAC-001–007)
Each organisation operates within its own tenant boundary. Data isolation is enforced at the database query level — every query is scoped to the authenticated user's tenant. Cross-tenant visibility is controlled exclusively by active supplier relationships, meaning organisations only see CoA data for products where they are a designated supplier or receiver. (URS-MT-001, URS-MT-002)
The dual supplier/receiver model means any organisation can participate on both sides of the CoA exchange simultaneously. Products define who manufactures and who receives, and the review queue is always scoped to the reviewer's own organisation. (URS-MT-003, URS-MT-004)
Database-level scoping ensures organisations never see each other's data
Cross-tenant visibility only through explicit supplier relationships
Any organisation can act as both supplier and receiver simultaneously
All 67 requirements from the CertLink User Requirements Specification, grouped by category. Click to expand.
Each requirement group maps to specific design references, source code, and qualification verification methods (IQ/OQ/PQ).
| Requirements | Design Reference | Verification Method |
|---|---|---|
| URS-AUTH-001–004 | Authentication & session management | OQ: Attempt access without login; verify redirect. Verify session expiration. |
| URS-RBAC-001–007 | Roles & permissions | OQ: Test each role against permission matrix. Verify unauthorized actions blocked. |
| URS-ER-001–006 | Domain model & record management | IQ: Verify DB schema. OQ: Create records; verify UUIDs, timestamps, snapshots. |
| URS-ES-001–007 | Digital signatures | OQ: Approve/reject CoA; verify signature contains user ID, meaning, initials, payload hash. |
| URS-AT-001–007 | Event sourcing & hash chain | OQ: Perform workflow actions; verify event log, hash chain continuity, event replay. |
| URS-DI-001–009 | Data integrity (ALCOA+) | PQ: Execute end-to-end CoA lifecycle; verify each ALCOA+ attribute. |
| URS-WF-001–007 | CoA workflow | OQ: Full lifecycle (draft → submit → approve/reject); verify transitions & rejection comments. |
| URS-TM-001–005 | Template management | OQ: Create, version, approve template; verify immutable snapshots & lifecycle. |
| URS-BP-001–004 | Batch & product tracking | OQ: Create product & batch; verify relationships and cross-tenant visibility. |
| URS-DM-001–004 | Document management | OQ: Upload file; verify SHA-256 hash; download via presigned URL; verify expiration. |
| URS-MT-001–004 | Multi-tenancy & isolation | OQ: Log in as different org users; verify data isolation & relationship visibility. |
| URS-EX-001–003 | Export API | OQ: Export CoA; verify JSON contains all fields, signatures, event trail with hashes. |
CertLink gives your QA team a compliant, auditable digital workflow — from CoA creation to approval, with every action traced and signed.