You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This directory contains the documentation that a deploying organization (transplant
center, OPO, or transplant IT vendor) needs in order to validate TransTrack against
HIPAA Security Rule, 21 CFR Part 11, AATB Standards, and internal change-control
requirements.
Important: Nothing in this directory is a certification. These are design-control
documents and templates. Actual compliance attestations (SOC 2 Type II, HITRUST r2,
21 CFR Part 11 validation summary signed by a QA officer, FDA non-device determination,
etc.) must be produced by the deploying organization or its auditors.
Index for a fully-fleshed-out walkthrough of an executed validation package against a fictional pilot site. Demonstration data only — see the disclaimer banner.
Read VALIDATION_PLAN.md end-to-end and adapt to your organization's QMS.
Review RISK_REGISTER.md and add organization-specific risks.
Execute templates/IQ_PROTOCOL_TEMPLATE.md on each install.
Execute templates/OQ_PROTOCOL_TEMPLATE.md after the IQ passes.
Execute templates/PQ_PROTOCOL_TEMPLATE.md with your real (test) clinical workflow.
Use VALIDATION_SUMMARY_REPORT_TEMPLATE.md as the signed cover document.
Map your local SOPs to HIPAA_SECURITY_RULE_MAPPING.md and PART_11_CONTROL_MAPPING.md.
How to use this package as a vendor / acquirer
The presence and quality of these artifacts is itself a buying signal. A reviewer
should expect to find: numbered requirements traced to tests, a risk register with
mitigations, executable IQ/OQ/PQ templates, and explicit policy documents that map
to HIPAA Administrative Safeguards. All of those exist here.