AI-Powered Gap Analysis

Upload any compliance document and receive a structured gap assessment report in under 60 seconds. Our AI evaluates your document against clause-level regulatory criteria and produces risk-rated findings with specific remediation actions.

01

Upload your document

PDF format. SOPs, policies, validation plans, procedures.

02

Select a framework

FDA Part 11, CSA, ALCOA+, ICH E6(R3), or QMSR/ISO 13485.

03

Get your report

Risk-rated findings, regulatory citations, remediation actions.

Frameworks Available

FDA 21 CFR Part 11 (33 criteria) FDA CSA Feb 2026 (80 criteria) Data Integrity ALCOA+ (117 criteria) ICH E6(R3) GCP (101 criteria) QMSR / ISO 13485 (100 criteria)

Step 1: Upload & Configure

Select your regulatory framework, then upload the document you want assessed.

Select Framework

FDA CSA (Feb 2026)

80 criteria

FDA 21 CFR Part 11

33 criteria

Data Integrity (ALCOA+)

117 criteria

Upload Document

↑

Drop your PDF here or click to upload

PDF format, max 10 MB (up to 50 pages)

📄

SOP-QA-006_Software_Validation_v2.1.pdf

387 KB

Ready

Step 2: AI Analysis

Your document is evaluated against clause-level regulatory criteria. Typical analysis takes 30-60 seconds.

·

Reading document...

·

Mapping to FDA CSA (Feb 2026) criteria...

·

Evaluating 80 regulatory requirements...

·

Generating risk-rated findings...

What's happening: The AI reads your entire document, identifies which regulatory requirements apply, evaluates compliance against each criterion, assigns risk ratings based on inspection impact, and generates specific remediation actions referencing your document's actual section numbers.

Step 3: Your Gap Analysis Report

The report opens with an executive summary, compliance score, and risk distribution.

42 Score

Major Overall Risk Rating

SOP-QA-006 lacks fundamental FDA CSA requirements including intended use determination, risk-based process assessment, and distinction between production vs quality system software. The procedure follows traditional validation without risk categorization or proportionate assurance activities required by the Feb 2026 FDA guidance.

2

Critical

5

Major

3

Minor

2

Observations

Strengths Identified

✓ Procedure acknowledges both Agile and Waterfall methodologies with appropriate lifecycle approaches

✓ Validation plan template attachment provides structured documentation framework

✓ Deviation management process integrated for unresolved bugs (reference to SOP-QA-002)

The score reflects how well the document addresses the selected framework's requirements. Scores below 60 indicate significant gaps likely to draw regulatory attention during inspection.

Detailed Findings

Each finding includes the regulatory clause, current state, gap identified, risk rating, and a specific remediation action referencing your document's sections.

FDA CSA Guidance Section III.A — Intended Use Determination Critical

Software intended use must be clearly documented with distinction between production and quality management system software.

Current State

SOP-QA-006 states validation is for 'final product prior to production release' and 'software relating to services and products' but does not distinguish between production vs QMS software or define intended use categories.

Gap

No documented framework for determining software intended use or categorizing as production vs quality management system software.

Remediation

Add Section 5.1 defining intended use determination criteria and establish categories (production software, QMS software) with examples. Reference FDA CSA guidance categorization framework.

FDA CSA Guidance Section III.B — Risk-Based Approach Critical

Risk assessment must determine high-risk vs not-high-risk processes to establish proportionate assurance activities.

Current State

The procedure applies uniform validation requirements regardless of software risk level, with no mention of risk-based categorization or differentiated assurance activities.

Gap

No risk assessment framework to distinguish high-risk from not-high-risk software processes before determining validation approach.

Remediation

Incorporate risk-based decision tree in Section 6 to assess patient safety impact, data integrity criticality, and product quality factors. Define criteria for high-risk determination per FDA CSA Section IV.

FDA CSA Guidance Section IV.B — Assurance Activities Proportionate to Risk Major

High-risk software requires rigorous testing with objective evidence; not-high-risk may use vendor documentation reliance and exploratory approaches.

Current State

SOP-QA-006 mandates validation plans and reports for all software without risk-based tailoring of assurance activities or allowance for simplified approaches for lower-risk software.

Gap

Testing approach is not proportionate to determined risk level; all software follows same validation rigor regardless of risk.

Remediation

Add Section 5.2 establishing tiered assurance activities: Level 1 (not-high-risk) allowing vendor documentation review and unscripted testing; Level 2 (high-risk) requiring formal validation with objective evidence.

Showing 3 of 12 findings — full report includes all 12 findings with evidence citations

Your Deliverable

Every analysis produces a branded, downloadable PDF report suitable for audit documentation and management review.

RegulatoryIQ

AI Gap Analysis Report

Report ID: RIQ-GAP-DEMO-001

March 14, 2026

FDA CSA (Feb 2026) Gap Assessment

Document: SOP-QA-006_Software_Validation_v2.1.pdf

42/100

Score

2

Critical

5

Major

12

Findings

The PDF report includes: cover page with document metadata, executive summary with compliance score, all findings with regulatory citations and remediation actions, strengths identified, regulatory references, and the data privacy disclaimer.

↓ Download PDF Report Run Another Framework

Session access: Your report and download link remain available for 48 hours after purchase. Download the PDF for permanent records. Need to re-run against a different framework? Use a multi-analysis pack for the best value.

Data Privacy & Security

We built this for regulated industries. Your data handling questions, answered directly.

🔒

Is my document stored on your servers?

No. Your document is transmitted directly from your browser to the AI analysis engine via encrypted connection, processed in memory, and discarded immediately after your report is generated. No file is saved to any server, database, or storage system.

🧠

Does the AI model learn from or retain my document?

No. We use the Anthropic API which maintains a zero-data-retention policy. Your document content is not used for model training, is not stored in any logs, and is not accessible after the API call completes. This is contractually guaranteed by Anthropic's API terms.

📈

What data do you collect?

Only what Stripe requires for payment processing: your email, name, and billing information. We do not collect, store, or have access to the content of your uploaded documents. The PDF report you download is the only artifact that exists after analysis.

🔐

Is the transmission encrypted?

Yes. All data transmission uses TLS 1.2+ encryption (256-bit). Your document travels encrypted from your browser to the analysis API. At no point does unencrypted document content exist outside your browser and the analysis engine's processing memory.

Important: This analysis tool provides AI-assisted preliminary compliance screening. Findings should be reviewed by a qualified regulatory professional. Resolution of identified gaps does not guarantee regulatory compliance, inspection readiness, or favorable regulatory outcomes. This tool does not establish an auditor-client or consulting relationship.

Get Started

Professional-grade gap analysis at a fraction of consulting costs. No login required.

Single Analysis

$79

One document, one framework

✓ Upload any PDF (up to 50 pages)

✓ Choose from 5 regulatory frameworks

✓ Branded PDF report with findings

✓ 48-hour access to results

✓ No account required

Get Single Analysis

3-Analysis Pack SAVE $38

$199

Three analyses, any framework

✓ Everything in Single Analysis

✓ Run same doc against 3 frameworks

✓ Or analyze 3 different documents

✓ Compare compliance across standards

✓ Ideal for multi-framework coverage

Get 3-Pack

Don't have compliance documents to analyze yet?

Start with our audit-ready template packs. Build your SOPs, gap assessments, and compliance documentation, then run them through AI analysis to validate coverage before your next inspection.

Gap Assessment Toolkit ($499) → CSV/CSA Package ($199) → Part 11 Pack ($299) → Data Integrity Pack ($179) →

Need more than a report?

Our regulatory team reviews your findings, validates the AI analysis, builds your remediation roadmap, and supports you through closure. 14+ years of hands-on audit experience across FDA, EU MDR, ISO 13485, and ICH GCP.

Book a Discovery Call →

Manual gap assessment: 8-20 hours at $225-275/hr = $1,800-5,500
AI gap analysis: $79 in under 60 seconds