Compatibility as a regulated computerized system - 21 CFR Part 11 and EU GMP Annex 11

I am working in an industry that is regulated by GMP, GLP and GCP requirements.
Especially for computerized systems there are a lot of requirements that need to be adressed to be compliant.
We have had a look at nextcloud at several times in the last years, though some features are still missing to use it in our industry:

  • electronic signatures (in the sense of above mentioned regulations)
  • easy to customize workflow engine (that includes for example rights management for files and folders, and also simple file operations like move and copy)
  • requirement to give a comment for certain actions (eg. “reason for change”)
  • ability to go through a list of nextcloud action and tick where a electronic signature and/or a comment is required

What a workflow could look like:

  • Person A creates a file and signs it as “submitted” (eg. a modal pops up and asks for username and password and eventually a comment, a tag “submitted” is attached to the file)
  • Person B read through the file and signs it as “reviewed” (see above)
  • Person C approves by signing as “approved” (see above AND file is set read only and copied to a location with “approved” files, where it can only be changed by 1-2 distinct persons)

What would be the easiest solution for this requirement?
Will it be possible right away with NC18?
Is a AddOn or App enough?
How could this app be designed?


List with privileged actions in settings: