How ComplianceRAG Works
25 years of pharma expertise encoded into purpose-built compliance modes โ not a generic chatbot
From Your Documents to Audit-Ready Answers
Generic RAG retrieves text. ComplianceRAG understands compliance.
Ingest Your Documents
Upload SOPs, validation protocols, regulatory guidelines, and internal policies. Each document is parsed, chunked, and semantically indexed โ searchable by meaning, not just keywords.
SOP-VALID-001 ยท GAMP 5 Second Edition ยท 21 CFR Part 11 ยท ICH Q1025 Years of Pharma Expertise, Built In
This is where ComplianceRAG differs from any off-the-shelf RAG tool. Every mode is driven by specialized prompts developed from deep GxP experience โ encoding how a real validation engineer thinks: which sections of a deviation matter, what a CAPA must contain to survive an FDA inspection, what "risk-based approach" means in the context of GAMP 5 Category 4 software.
Domain knowledge you can't prompt-engineer in an afternoonChoose Your Compliance Workflow
Each mode runs a structured compliance workflow โ not a generic "chat with your docs" interface. Q&A mode surfaces sourced policy answers. Deviation mode classifies and triggers 5M analysis. CAPA mode drafts corrective actions with regulatory traceability. CSV mode generates protocol outlines aligned to IQ/OQ/PQ phases.
Q&A Deviation CAPA CSV ProtocolStructured, Sourced, Audit-Ready
Every answer cites the exact document and section it came from. Outputs match the structure your QA team already knows โ deviation reports, CAPA tables, protocol sections. Ready to paste into your DMS, not to edit from scratch.
[Major Deviation] โ 5M Root Cause โ Actions โ OwnerSource: SOP-DEV-042 ยง4.1 ยท 21 CFR Part 11 ยง11.10(e)
Try the Community API โ Free
No account. No registration. Query the public regulatory knowledge base right now.
Ask anything about GxP compliance
The Community API is trained on publicly available regulatory frameworks: GAMP 5 Second Edition, 21 CFR Part 11, EU Annex 11, ICH Q7/Q10, and EU AI Act guidance. Every answer cites its source.
10 free queries per day ยท Public regulatory knowledge base ยท No registration
Self-Host in 5 Minutes
Run ComplianceRAG on your own infrastructure โ bring your own documents, your own API key, your own data boundary.
# 1. Clone the quick-start repo git clone https://github.com/llmops-pro/compliancerag cd compliancerag # 2. Set your Anthropic API key cp .env.example .env # โ edit .env and add: ANTHROPIC_API_KEY=sk-ant-... # 3. Start the stack docker compose up -d # 4. Open the web UI # โ http://localhost:8000
Ingest Your Documents
Drop PDFs, Word docs, or plain text into the docs/ folder, then run the ingest command to build your private knowledge base.
docker compose exec api \
compliancerag ingest \
--client my-company \
--path ./docs/
Query the API
Every answer returns source citations with similarity scores. Use the web UI or call the API directly from your existing tools.
curl -X POST http://localhost:8000/query \ -H "X-API-Key: your-key" \ -d '{"query":"What is our CSV policy?", "mode":"qa","client":"my-company"}'
Four Compliance Modes
Switch modes to match your workflow. Q&A for policy lookup, Deviation for structured RCA, CAPA for corrective action drafts, CSV for validation protocol outlines.
mode: "qa" # sourced Q&A mode: "deviation" # 5M analysis mode: "capa" # CAPA drafting mode: "csv" # IQ/OQ/PQ outlines
Multi-Tenant & Isolated
Each client gets an isolated FAISS index and per-client API keys. Perfect for CDMOs running separate instances for different sponsors.
data/clients/ โโโ sponsor-a/ # isolated โโโ sponsor-b/ # isolated โโโ internal/ # your docs
Community image includes:
Need setup help, a GAMP5 validation package, or your own SOP library ingested?
See the Private Pilot Programme โ
Ready to try this with your own documents?
We're accepting a limited number of qualifying pharma and CDMO teams for a free 90-day pilot โ ComplianceRAG trained on your actual SOPs, validation protocols, and regulatory guidelines.
Apply for Free Pilot