Data Integrity & 21 CFR Part 11¶
Document reference: GFTCL-DI-001 Β· Framework: GAMP 5 Β· 21 CFR Part 11 Β· EU Annex 11 Β· ALCOA+
FortressAI Research Institute Β· Norwich, Connecticut Patents: USPTO 19/460,960 Β· USPTO 19/096,071 β Β© 2026 Richard Gillespie
How the system meets data-integrity and electronic-records/electronic-signatures expectations. The substrate's persistence model is data-integrity-by-construction: append-only, tamper-evident, attributable, and re-verifiable.
ALCOA+ mapping¶
| Principle | How the substrate satisfies it |
|---|---|
| Attributable | Every row carries daemon_session_id and a signature_quintet federation cosignature naming the signing cell. |
| Legible | Rows are structured columns + a canonical witness string; the Schema Catalog documents every field. |
| Contemporaneous | Each row stamps composed_at_iso at the moment of composition. |
| Original | The append-only SQLite store is the system of record; receipts are sealed copies, not substitutes. |
| Accurate | Exact-rational (IntRational) arithmetic; floating-point value amounts refused at the column level. |
| Complete | No row is deleted; the full history persists, including refusals and rolled-back states. |
| Consistent | Deterministic composition + sealed anchors give bit-exact replay across runs. |
| Enduring | Witness hashes + cosignatures let a row be re-verified years later. |
| Available | Read-only access through the CLI and the Python client; receipts retained in-repo. |
Audit trail¶
Every substrate operation is its own audit-trail record:
- Append-only β
BEFORE UPDATEandBEFORE DELETEtriggersRAISE(ABORT)on every table; there is no privileged path that edits history. - Tamper-evident β
canonical_witnessβwitness_hash_sha256(SHA-256). Any byte change to a sealed row breaks its hash. - Broadcast β each row declares
nats_subject_sealedand is broadcast to the federation mesh, so the audit trail exists beyond the single host.
Electronic records & signatures (Part 11 / Annex 11)¶
| Part 11 expectation | Mechanism |
|---|---|
| Record protection over retention period | Append-only store + retained sealed receipts |
| Audit trail of operator actions | V204 comms-projection rows record operatorβFranklin interactions |
| Electronic signature binding | signature_quintet (five federation contexts) bound to the record's canonical witness |
| Signature non-repudiation | Quintet verifies against the signing cell's pinned federation context public key |
| Copy generation for inspection | gaiaftcl wiki sign manifests + Python client read-side export |
Re-verification¶
Any record or qualification receipt is independently re-verifiable: recompute the
SHA-256 of the stored canonical_witness and compare to witness_hash_sha256; verify
the signature_quintet against the federation public key. The
PQ replay command exercises this across an anchor chain.
Cross-references: Security, Backup & Recovery Β· Risk Assessment Β· Encryption & Effective Irreversibility.
Federation-cosigned
This page's source is sealed in the GaiaFTCL federation manifest β page SHA-256 f25c00e206d03902β¦, manifest witness a090592e0609adc8β¦, signed 2026-06-02T18:58:22Z by cell gaiaftcl-mac-cell. Verify with gaiaftcl wiki sign --all and compare wiki-all-signatures.json.