DeviceBridge · Security & Compliance
DeviceBridge files real FDA 510(k) submissions to CDRH. Every artifact a specialist agent drafts, every signature a named regulatory lead applies, and every regulatory citation resolves into one tamper-evident substrate — built so an FDA inspector or a vendor-risk reviewer could verify it remotely. This page states what is shipped and what is scoped, without overclaiming.
21 CFR Part 11 posture
Part 11 §11.10(e) requires secure, computer-generated, time-stamped audit trails. DeviceBridge implements that as a hash-chained ledger with immutability enforced at the database tier and a standalone verifier — so the integrity claim is mechanical, not a matter of trust.
Tamper-evident, not just append-only
Every action — login, gate signature, agent run, document mutation, payment reconciliation — appends to a hash-chained ledger. Each event embeds the SHA-256 of the prior event, so the chain is its own integrity proof. Append-only logging tells you a row was added; a hash chain tells you whether any earlier row was altered after the fact.
Immutability at the database tier
The audit ledger is protected by database triggers that reject UPDATE, DELETE, and TRUNCATE outright — not by application convention that a stray migration could bypass. In the AWS healthcare-grade target, S3 Object Lock in Compliance mode extends the same guarantee to exported evidence for long-horizon regulated retention.
Standalone verifier
A verifier walks the chain on demand and re-computes every hash. If a single byte of a single event was changed, it names the broken link rather than returning a vague pass/fail. This is the artifact an inspector spot-checks: the chain can be re-verified independently of the running application.
E-signature manifests
Gate sign-offs produce a signed manifest recording signer, role, UTC timestamp, intent string ("approved" / "reviewed" / "released"), and the SHA-256 of the exact artifact reviewed — plus the corresponding audit event. A signature cannot be silently re-pointed at a different document version; the hash binding makes substitution detectable.
Identity & signatures
A 510(k) program advances only through nine human-in-the-loop Gates. None of them can be signed with a password alone.
Two distinct factors · Part 11 §11.200(a)
Login is bearer-token with a mandatory FIDO2/WebAuthn second factor once enrolled. Every Gate signature additionally requires the e-signature PIN and a fresh WebAuthn assertion bound to the artifact hash. The assertion is replay-resistant: a captured signature cannot be reused against a different artifact or a later session.
Nine gates · named approvers
Pathway and CDRH-vs-CBER routing, predicates, the substantial-equivalence narrative, the test plan, the section bundle, eSTAR assembly, user-fee reconciliation, and the final release to the CDRH Portal are each a named human's signed decision. Critical gates require multiple signers.
The same signature substrate powers INDBridge, the sister IND platform — so a sponsor running a combination product or companion diagnostic gets one consistent signature and audit model across drug and device.
See the nine Gates in detail →Multi-tenant isolation
Isolation is enforced at three tiers — database, application, and storage — so no single mistake collapses the boundary between sponsors.
Database tier
Tenancy is enforced by Postgres Row-Level Security keyed on org_id, evaluated by the database on every read and write. A query that omits the tenant predicate returns nothing rather than another tenant's rows. Service-role credentials never leave the backend.
Application tier
The API resolves and pins the tenant from the authenticated session and scopes every query independently of the database policy. RLS and the application layer must agree; neither is the sole control. A bug in one is caught by the other.
Storage tier
eSTAR attachments, signed manifests, and assembled PDFs are namespaced per tenant. Every attachment is SHA-256 hashed at rest so its integrity can be re-verified, and the hash is what signatures and audit events reference.
The LLM boundary
The hardest question a CISO asks an AI-first vendor is what crosses the model boundary. DeviceBridge treats that boundary as a control point, not an afterthought.
Minimize at the edge
Patient identifiers and personal data are scrubbed at the LLM boundary — agents reason over de-identified, minimized inputs. A 510(k) is primarily device, predicate, and test data; where clinical content appears, it is reduced to what the section actually requires before any prompt is constructed.
Provenance over the boundary
Each agent run records its tool-use trace and token telemetry. An inspector can reconstruct exactly what each agent reasoned over and which grounded sources it cited. The source-of-truth doctrine means agents refuse to emit a regulatory claim they cannot ground in a snapshotted FDA source — there is no path for an ungrounded K-number or predicate to enter a submission.
Read about AI provenance →Data residency & hosting
Production today runs on SOC 2 Type II sub-processors. The AWS healthcare-grade migration is a committed Day-30 implementation milestone, stated plainly rather than implied as already complete.
Current production
Web edge on Vercel, FastAPI and the agent fleet on Fly.io (region IAD), and Postgres on Supabase Pro with Row-Level Security on every tenant table. All three are SOC 2 Type II sub-processors, documented per region.
AWS healthcare-grade · Day 30 target
Compliance program · honest status
Regulated buyers reject overclaiming instantly. So every certification claim here carries its real status: what is in place, and what is scoped for when.
SOC 2
The control environment is built to the SOC 2 Trust Services Criteria today. The Type II audit window is in progress (2026). We say "SOC 2-aligned," not "SOC 2 certified," until the report is issued.
ISO 27001
An ISO 27001 information-security management program is underway, with Stage 1 scoped for 2026. We do not claim certification before the certificate exists.
HIPAA
The architecture is HIPAA-ready — encryption, access control, audit, and minimization are in place. The AWS Business Associate Agreement executes at Day 30 of implementation, when the healthcare-grade environment stands up. It is a milestone, not a Day-0 claim.
Penetration testing posture
We run an internal penetration suite and a STRIDE threat-model walk across the authentication, signature, multi-tenant, and submission-RPA surfaces. An independent external assessment is commissioned for Q3 2026. We will share scope and a summary of findings under NDA with serious evaluators.
Honest disclosure
Q BRIDGE AI publishes what is shipped and what is scoped. SOC 2 Type II and ISO 27001 audits are in progress (2026). An external penetration assessment is commissioned. The first production FDA submission lands with our first customer; the platform is validated end-to-end against a mock-FDA fixture and a development CDRH simulator today. Our full known-issues register is available on request.
Security review
We will walk a CISO, a QA lead, and a vendor-risk reviewer through the audit chain, the signature model, and the data boundaries on a live workspace — and share the known-issues register under NDA.
