IntuitionLabs
Calyx validation services for 21 CFR Part 11, GAMP 5, and ICH E6(R3) GCP compliance

Calyx Compliance & Validation — 21 CFR Part 11, GAMP 5, ICH E6(R3)

Full-lifecycle Calyx EDC, IRT, and Medical Imaging validation. Risk-based GAMP 5 Category 4 validation, FDA CSA-aligned testing, supplier qualification, periodic review, and BIMO inspection readiness.

Our Calyx Validation Services

End-to-end validation lifecycle services for Calyx eClinical Suite — covering study build, integrations, AI extensions, continuous-release management, and inspection support.

Validation
GAMP 5 Validation Package
Complete URS, configuration spec, FMEA risk assessment, IQ/OQ/PQ protocols and reports, traceability matrix, and validation summary report for Calyx EDC, IRT, and Imaging — built to GAMP 5 Cat 4 and FDA CSA expectations.
Discuss validation
Compliance
21 CFR Part 11 & Annex 11
Procedural controls, periodic review SOPs, and documentation packages closing the gap between Calyx platform capability and customer-side compliance with 21 CFR Part 11 and EU Annex 11.
Part 11 framework
Inspections
BIMO & GCP Inspection Readiness
Pre-built inspection binders covering validation, change control, user access, audit trails, SAE reconciliation, and supplier qualification. Producible within hours of a BIMO or EMA inspection notification.
Inspection prep

Shared Responsibility — Done Properly

Every SaaS vendor — Calyx included — operates a shared-responsibility validation model. The vendor proves the platform; the sponsor proves that their configuration of the platform is fit-for-intended-use. We deliver the customer-side validation package: study build verification, integration testing, change control evidence, periodic review execution, and supplier qualification. This framework is consistent with GAMP 5 Second Edition guidance on infrastructure and SaaS validation, and the FDA CSA draft guidance on risk-based software assurance.

Shared responsibility model between Calyx as SaaS vendor and the sponsor as configured-product owner

Risk-Based Validation, Not Documentation Theater

Heavy CSV scripts that test every menu option waste time without improving patient safety. We apply FDA Computer Software Assurance principles to Calyx validation: high-rigor testing on the controls that matter (randomization logic, electronic signatures, SAE reconciliation, audit trail integrity), lighter assurance on lower-risk elements, and documented critical thinking explaining why each control received its rigor level. The result is leaner packages with stronger evidence where it counts.

FDA Computer Software Assurance critical-thinking approach applied to Calyx EDC validation

Built for Continuous SaaS Releases

Calyx releases platform updates on a continuous-deployment cadence — multiple times per quarter. Trying to re-validate every release fully is impractical and unnecessary. We operate maintained regression test suites covering the critical workflows, focus regression on areas identified in Calyx release notes, and use a periodic review to confirm continued fitness-for-purpose. This pattern aligns with the iterative and agile guidance in GAMP 5 Second Edition and keeps your validation footprint proportional to actual risk.

Continuous SaaS release validation framework with risk-based regression testing for Calyx

What We Deliver in a Calyx Validation Engagement

A complete validation lifecycle package — designed for sponsor and CRO operating environments where Calyx is a strategic eClinical platform.

Validation Strategy

Validation plan, GAMP 5 categorization analysis, FMEA-based risk assessment, regulatory framework mapping (FDA, EMA, MHRA, PMDA), and validation scope agreed with QA and Regulatory before any test execution.

Plan validation

IQ/OQ/PQ Execution

Install qualification (environment, tenant configuration), operational qualification (functional verification of CRFs, edit checks, IRT rules, integrations), and performance qualification (end-to-end study build with realistic data). All scripted, executed, and audit-trailed.

Execute validation

Supplier Qualification

Supplier audit (remote or on-site), SOC 2 Type II and ISO 27001 evidence review, quality agreement, change notification protocol, and periodic review framework aligned to ICH Q10 supplier control expectations.

Supplier qualification

Change Control & Periodic Review

Documented change control workflow for protocol amendments and Calyx releases, with impact assessment, focused re-validation, traceability updates, and periodic review SOPs that satisfy GxP expectations.

Change control

Integration Validation

End-to-end validation of Calyx integrations with Veeva Vault CDB, Medidata, Oracle Argus, ArisGlobal LifeSphere, CTMS, ERP, and depot WMS — with interface specs, message-level test cases, and reconciliation procedures.

Integration validation

Inspection Support

Pre-built BIMO inspection binders, mock inspection drills, inspector Q&A preparation, and on-site or remote support during FDA BIMO, EMA GCP, MHRA, or PMDA inspections.

Inspection support

Why Sponsors Trust IntuitionLabs for Calyx Validation

Validation is craft work. Our team has executed validation packages for EDC, IRT, safety, CTMS, and imaging platforms across hundreds of regulated studies. We bring the discipline of pharmaceutical CSV with the efficiency of modern risk-based assurance — and we deliver packages that survive inspection on the first pass.

CSA-Native

Risk-based assurance proportional to patient safety and data integrity impact — not exhaustive scripts.

Inspection-Tested

Our validation packages have supported BIMO, EMA GCP, MHRA, and PMDA inspections — and held up under scrutiny.

SaaS-Native

Built for continuous-release SaaS realities — maintained regression suites, periodic review, and proportional change control.

Regulatory Frameworks We Cover

🇺🇸

21 CFR Part 11 (US)

Electronic records and electronic signatures requirements for FDA-regulated clinical, manufacturing, and quality systems. Covers audit trails, controls, attribution, and signature meaning.

🇪🇺

EU Annex 11 & EU CTR

EudraLex Volume 4 Annex 11 controls for computerized systems and the EU Clinical Trials Regulation 536/2014 — including CTIS submission, transparency, and EU-wide safety reporting expectations.

🌐

ICH E6(R3) GCP

The January 2025 ICH E6(R3) Good Clinical Practice guideline emphasizes risk-based, technology-enabled trial conduct, fit-for-purpose data systems, and quality-by-design — the framework our validation approach is built against.

📘

GAMP 5 Second Edition

ISPE GAMP 5 guide for risk-based validation of GxP computerized systems, with explicit support for iterative, agile, and SaaS continuous-deployment delivery models.

🧠

FDA CSA Guidance

Computer Software Assurance draft guidance — risk-based, critical-thinking-driven assurance proportional to patient safety and product quality impact. Replaces heavy traditional CSV documentation.

🛂

MHRA & PMDA Expectations

UK MHRA GxP data integrity guidance (ALCOA+) and Japan PMDA expectations for clinical trial data systems — supported by our validation packages and inspection-ready documentation.

The Calyx Validation Lifecycle

Initial Validation

First-time Calyx study build validation produces the foundational package — URS, configuration spec, FMEA, IQ/OQ/PQ, traceability matrix, and validation summary — supporting FDA and EMA inspection requirements. Typical duration is 6–12 weeks running parallel to the study build.

Change Control

Every protocol amendment, edit-check change, integration update, or user role modification flows through a documented change control workflow with impact assessment, focused re-validation, and traceability updates.

Periodic Review

Annual or risk-based periodic reviews confirm continued fitness-for-purpose, capture cumulative change control history, and identify any drift requiring corrective action. Reviews are scoped to evidence rather than ceremony.

Inspection Readiness

Pre-built inspection binders, sample audit trail extracts, user access matrices, and supplier qualification files are kept current and producible on demand for FDA BIMO, EMA GCP, MHRA, and PMDA inspections.

Frequently Asked Questions

Calyx, like every regulated SaaS vendor, attests to platform validation — but every sponsor and CRO remains accountable for customer-side validation of their specific configuration. This shared-responsibility model is consistent across 21 CFR Part 11, EU Annex 11, and ICH E6(R3) GCP. The vendor proves the platform; you must prove that your study build, your edit checks, your IRT supply rules, your integrations, your user provisioning, and your change management make the platform fit-for-intended-use. IntuitionLabs delivers the customer-side validation package and the supplier qualification artifacts that bridge vendor capability to inspection-ready operations.
Calyx EDC, Calyx IRT, and Calyx Medical Imaging are GAMP 5 Category 4 configured products. Validation focuses on the configuration — eCRF designs, edit checks, randomization rules, IRT supply logic, imaging charters, user roles, integration interfaces — rather than re-testing platform code that Calyx has already validated. The second edition of GAMP 5 (released by ISPE in 2022) explicitly accommodates agile, iterative, and SaaS continuous-deployment models, which fits the Calyx release cadence and minimizes the validation footprint when properly applied.
A complete validation package for a Calyx EDC study includes: validation plan, user requirements specification (URS), functional specification or configuration specification, FMEA-based risk assessment, requirements-to-test traceability matrix, IQ protocol and report (installation/environment verification), OQ protocol and report (functional verification of edit checks, workflows, integrations), PQ protocol and report (end-to-end study build verification with realistic data), validation summary report, periodic review SOP, change control SOP, and supplier audit/quality agreement. For Calyx IRT and Medical Imaging, the package adds randomization list verification, supply-rule simulation, and imaging charter compliance testing.
Calyx provides the technical controls required by 21 CFR Part 11 — Part 11–compliant electronic signatures with printed name, date/time, and meaning of signature; immutable audit trails on every record; password policy and session controls; and validated platform releases. However, "compliant out of the box" is not the same as "compliant in your hands": the customer is responsible for configuring those controls correctly, training users, executing periodic reviews, and qualifying Calyx as a supplier. IntuitionLabs delivers the procedural and documentation framework that closes that gap, and we maintain inspection-ready packages for FDA BIMO inspections, EMA GCP inspections, and MHRA reviews.
Calyx releases platform updates on a continuous-deployment cadence — typically multiple times per quarter. Heavy revalidation of every release is impractical and not required by current regulatory expectations. Instead we operate a risk-based regression model: maintained regression test suites covering critical workflows, automated test execution where feasible, focused regression on impacted areas highlighted in Calyx release notes, and a documented periodic review confirming continued fitness-for-purpose. This approach aligns with the agile validation guidance in GAMP 5 Second Edition and the FDA Computer Software Assurance (CSA) guidance.
The FDA's Computer Software Assurance (CSA) draft guidance represents a risk-based, critical-thinking-driven shift away from heavy CSV scripts. CSA emphasizes assurance proportional to risk — record-keeping should focus on what matters for patient safety, product quality, and data integrity, not on exhaustive documentation of every menu option. We apply CSA principles to Calyx validation: high-rigor testing on randomization logic, electronic signatures, and SAE reconciliation; lighter assurance on cosmetic UI elements; and documented critical thinking about why each control received its rigor level. The result is leaner validation packages that still satisfy computer system validation expectations.
Calyx supplier qualification is a documented, periodic process. We start with an initial supplier audit (typically via remote questionnaire and review of Calyx's SOC 2 Type II report, ISO 27001 certificate, and platform validation summary), establish a quality agreement covering change notification, incident reporting, and audit rights, and define a periodic review cadence (typically annual). For high-risk applications (pivotal Phase III studies, oncology BICR) we may execute on-site or virtual supplier audits. Documentation feeds the ICH Q10 supplier control framework and the supplier oversight expectations of ICH E6(R3).
ALCOA+ — Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring, and Available — is the data integrity framework articulated in MHRA GxP data integrity guidance, FDA data integrity guidance, and ICH Q9(R1). Calyx supports ALCOA+ through user-attributed audit trails, contemporaneous timestamping, original data preservation, and immutable record storage. Our validation package documents the specific technical controls that satisfy each ALCOA+ dimension and identifies the procedural controls (training, periodic review, change management) that the customer must operate.
FDA Bioresearch Monitoring (BIMO) inspections look at sponsor oversight, monitor activity, site conduct, and the integrity of the eCRF and database systems used. For Calyx specifically, inspectors typically request: the validation package for the study, the change control log for protocol amendments, the user access matrix and provisioning evidence, audit trail samples showing data changes with attribution and timestamps, edit-check verification, SAE reconciliation logs against the safety database, and the supplier qualification file for Calyx. We assemble these as a pre-built inspection binder that can be produced within hours of an inspection notification.
The EU Clinical Trials Regulation (Regulation 536/2014) and the Clinical Trials Information System (CTIS) changed how sponsors submit clinical trial applications, manage safety reporting, and publish results across the EU. Calyx-based studies still feed CTIS via the sponsor's regulatory operations workflow — typically through Calyx Regulatory (formerly LIQUENT InSight) or a separate publishing platform. Our validation package documents how data flows from Calyx EDC into the CTIS submission pipeline and ensures that the chain of custody, version control, and audit trail satisfy CTR transparency expectations.
Integration validation is its own discipline. For each integration interface — Calyx EDC to Veeva Vault CDB, Calyx to Argus via E2B(R3), Calyx IRT to ERP, Calyx Imaging to EDC — we build interface specifications, message-level test cases, error-handling test cases, idempotency tests, and reconciliation procedures. Each interface is validated end-to-end with documented test evidence and added to the periodic review scope. For iPaaS-based integrations (MuleSoft, Boomi, Workato) the middleware itself receives a configured-product validation package alongside the Calyx-side configuration.
Protocol amendments are the most common operational stress point on a live Calyx study. We operate a documented change control workflow: impact assessment against the validation package, identification of affected configuration items (CRFs, edit checks, IRT rules, integrations), focused re-validation of impacted items, traceability matrix updates, and re-execution of relevant PQ tests. The change control record is the audit trail an inspector reviews — it must show that every amendment was assessed, scoped, executed, and verified before going live. Our framework is built to keep this overhead proportional to amendment scope (a CRF label change is not the same as adding a new arm).
Ready to Make Calyx Inspection-Ready?
Ready to Make Calyx Inspection-Ready? image

Ready to Make Calyx Inspection-Ready?

Book a discovery session to scope a risk-based Calyx validation package aligned to GAMP 5 Second Edition, FDA CSA, 21 CFR Part 11, EU Annex 11, and ICH E6(R3) — built to clear BIMO, EMA, MHRA, and PMDA inspections.

Book a Meeting

© 2026 IntuitionLabs. All rights reserved.

Privacy PolicyTerms of ServiceBook Meeting