Compliance And Governance

Compliance and Governance


The Orcanos Compliance Engine introduces a “Virtual Auditor” designed to assess project data compliance with industry regulations and quality best practices. This includes adherence to standards such as ISO 14971, IEC 62304, ISO 13485, and more.

This versatile tool, Orcanos Compliance Engine, enables users to define regulations directly within the tool or through a simple Excel or Google Sheet. Users can specify the standard, section, classification (in the case of medical devices – Class I, II, III), remediation requirements, and various other parameters. Subsequently, these defined regulations can be imported into the Orcanos ALM and QMS platform, establishing a connection with electronic records.

The Orcanos QMS Compliance Engine then conducts scans on project data based on the specified regulations and associated logic. It presents identified issues in an executive summary format. When combined with Orcanos’ dashboard and notification mechanism, this integrated approach provides enhanced control and monitoring capabilities.


The compliance engine comprises a collection of electronic records known as Compliance Audit (Code=CCA), and these records are exclusively managed within the ALM Templates project.

Activation of the Compliance engine is initiated from the main menu.

To enable the Compliance and Governance option:

  1. Go to Admin->Data Sharing and Settings->Modules
  2. Check the Compliance and Governance option to the relevant groups (default=”All”)


The mechanism of the compliance engine is straightforward. You need to define Compliance Audit work items (We will refer to them as CCA) for every compliance rule you wish to setup (such as “Requirements shall have test traceability”)

Then, build a filter (such as “ISO 14971 Audit“) to be applied ONLY to the CCA work item within the ALM Templates project.

To set up compliance Audit work item:

  • Enter ALM Templates project
  • Open Work Items in the main menu
  • Select the Compliance Audit work item on the left side
  • Click the PLUS button to add the Compliance Audit item

Let’s review CCA work time properties:

  • Key – unique identifier, system-generated
  • Name – the short description of the Compliance audit check. Example: “Software requirements must have test traceability
  • Compliance Remediation – describe what is required to resolve this CCA, in case it fails.
  • Compliance Class -Select the Safety Class (I, II, III)
  • Compliance Standard – list of standards (Such as IEC 62304, ISO 13485, ISO 14971…)
  • Work Item – If this CCA is required to check a specific work item – select the relevant work item from this list (such as “Software Requirement“)
  • Compliance Enumerator – internal numbering, must be unique
  • Compliance Logic – this is the heart of the engine. Here you select the Logic to apply when running the Compliance engine check. This list is constantly updated. The available values are as follows:
  • SP_COMPLIANCE_DEFECT_STATUS_CHECK – Examines the number of active (Fail) or complete (Pass) statuses of Defect items.
  • SP_COMPLIANCE_FAIL_TEST_CHECK – Evaluates the Pass (Pass) or Fail (Fail) status of test cases in the selected project.
  • SP_COMPLIANCE_STATUS_CHECK – Assesses the number of active (Fail) or complete (Pass) statuses of the selected work item.
  • SP_COMPLIANCE_TEST_TRACE – Chooses the quantity of records for the selected work item with test traceability (Pass) and without traceability (Fail).
  • SP_COMPLIANCE_TRACE_APPROVED_CHECK – Determines the number of records for the selected work item with traceability to COMPLETED STATUS work items (Pass) and without traceability (Fail).
  • SP_COMPLIANCE_TRACE_CHECK – Identifies the number of records for the selected work item with traceability (Pass) and without traceability (Fail).
  • SP_COMPLIANCE_TRACE_PASS_TEST_CHECK – Selects the number of records for the selected work item with test traceability and a Pass status (Pass) and without traceability or with a Fail status (Fail).
  • SP_COMPLIANCE_UNACCEPTED_RISK – Reviews the number of risks within the acceptable zone after mitigation (Pass) and those outside the acceptable zone (Fail).
  • SP_COMPLIANCE_FILTER_BASE – This is a powerful mechanism for creating a compliance rule based on a filter. Two available files include:
    • Compliance Audit Total: Shows the total items audited (e.g., All software requirements).
    • Compliance Audit Inconsistency: Displays the total items that failed in a specific rule (e.g., all software requirements without test cases).

Note: For traceability auditing, you need to link item in the audited project to the CCA in order for this audit to Pass

  • Status – Status of the CCA
  • Compliance Module – Module classification, such as CAPA, Requirements Management, Test Management, Risk Control and more
  • Compliance Regulatory Authority – Such as CE, FDA
  • Compliance Criticality – This is a system field to be used to indicate how critical this CCA is (High Medium Low)
  • Compliance Type:
    1. Standard Checklist: Derived directly from the official standard.
    2. Best Practice: Although not explicitly outlined in the standard’s sections, it fulfills a specific requirement. For instance, ensuring that defect statuses are completed may not be mandated by the IEC 62304 standard, but it is considered a best practice in the Orcanos system to ensure thorough defect verification.
  • Compliance Section – the section in the standard (Text)


You can now generate multiple filters for auditing safety, design, all, quality, and more.

These filters will categorize a list of CCA items to be utilized in the audit.

The fields you choose in the filter will be displayed on the executed audit report.

For additional details on filters – click here

Note: You must include Priority, Compliance Logic and Remediation in the filter


To run the compliance engine:

  • Select Compliance and Governance in the main menu
  • On the left side, click Run Assessment
  • Select the Project you wish to check
  • Select the Compliance Filter you wish to apply
  • Click Run Button

You will get the results as follows:

Expand each audit (CCA) using the button on the right.

The Pass or Fail status is indicated by Green for Pass and Red for Fail. If a group of e-records is audited and one fails, the check will be marked as failed.

Details included in each audit (CCA):

  • Name of CCA
  • Number of items audited
  • Number of items failed in the audit
  • List of selected filter fields (values only)
  • Description of CCA
  • Remediation steps for CCA
  • Related items, if any, are displayed here
  • Criticality (High, Medium, Low) is shown on the right side of each CCA.


Compliance Custom Fields

Related Articles