For Manufacturing & QMS · ISO 9001 / 13485 / IATF 16949

Controlled documents your inspector can verify.

Kodori is an AI-native document management system built for ISO 9001, 13485, and IATF 16949 manufacturers. Content- addressable revisions mean only one current SOP exists at a time. Hash-chained audit means tampering is detectable at the chain level. Legal hold deny-wins makes recalls and CAPAs defensible at FDA inspection.

Begin with Google →See every featureNo credit card · audit-defensible by default

Pain points · From real audit prep stories and ISPE forums

What QA / RA teams tell us about their QMS DMS.

"ISO 9001 audit hit and we had two SOPs in active use that didn't match the controlled copy in MasterControl."

Quality manager · LinkedIn

Kodori

Content-addressable identity — the SHA-256 of the SOP IS its identity. There can't be two "active" copies because there's only one current_version_hash. Field operators see the same authoritative copy as the QA team.

"Operator pulled the old work instruction off the shop-floor laminator. Six months of training records pointed at the wrong revision."

Manufacturing supervisor · r/Manufacturing

Kodori

Per-tenant ingest endpoint + URL-stable document IDs mean point-of-use distribution can be a printed QR linking to the always-current revision. Training-attestation lookups by document ID never go stale.

"Greenlight Guru was great when we had 50 people. At 400 the per-seat cost is brutal and we still don't have AI search."

Medical device QA director · LinkedIn

Kodori

Per-seat pricing without forced premium tiers. Hybrid search (Postgres FTS + vector embeddings) finds SOPs by content even when titles drift, sub-second across tens of thousands of controlled docs.

"FDA 21 CFR Part 11 inspector wanted us to prove an SOP was never edited between v3 and v3.1 — assembling that took three days."

Medical device QMS lead · ISPE forum

Kodori

Hash-chained event log per tenant means version transitions are tamper-evident at the chain level. The /audit log shows every event with prev_hash linking — inspectors verify continuity end-to-end without re-running anything.

"Recall hit. We needed every document mentioning lot ABC123 frozen for preservation. Three different teams had to be told manually."

Recall coordinator · medical device firm

Kodori

Open a legal hold with the recall reference. Bind documents in one click. Held records refuse to delete, refuse to dispose under retention, refuse to downgrade sensitivity. Subjects stay on the hold record forever as audit evidence.

"Change Control Board approval is a paper trail across email, Outlook calendar invites, and a Word doc — auditors hate it."

CCB chair · IATF 16949 audit prep

Kodori

CCB approval becomes a chain of audit events on the SOP's document stream — proposed change, comments, approval, implementation. Each event captures actor, timestamp, payload, and the hash linking to the previous. Single chronological audit trail per controlled document.

Built for the controlled-document discipline.

  • Controlled-document version control

    Content-addressable identity. The current revision is unambiguous — identified by its SHA-256, not a filename convention. Every prior revision is immutable. Server-rendered text-diff compare across any two revisions, including ones from years ago.

  • Significant-version flagging for review-cut SOPs

    Mark a version as "significant" (signed, released, effective-date) so the audit trail surfaces it prominently. Pairs with the per-document history timeline so 21 CFR Part 11 inspectors see effective-revision transitions at a glance.

  • Legal hold for recalls and CAPAs

    Bind documents to a recall reference, a CAPA, or a regulatory inspection. Held records refuse to delete, refuse retention disposal, refuse sensitivity downgrade. Subjects remain on the hold record after release as audit evidence — provable preservation, defensible at FDA, ISO, and IATF audits.

  • Retention classes per record type

    Define classes ("DHR — 5 years post-distribution", "DHF — life of device + N years", "Training records — 5 years"). Records that elapse appear in /retention/review with defer + dispose actions, captured reasons, held-doc deny-wins for active inspections.

  • Hybrid search across the QMS corpus

    FTS for SOP numbers, lot codes, part numbers; embeddings for conceptual phrases ("instructions related to particle ingress"). Sub-second across tens of thousands of controlled documents. Permission-trimmed at the index — operators see only what they're trained on.

  • Hash-chained audit for 21 CFR Part 11 + ISO

    Per-tenant, tamper-evident, the same log the agent acts against. Substrate underneath SOC 2 Type II, 21 CFR Part 11-capable, ISO 9001 / 13485 / IATF 16949 audit-ready. Every consequential mutation appends an event with actor + timestamp + payload + chain hash.

  • Check-in / check-out on controlled documents

    Soft edit lock prevents two QA engineers from uploading conflicting revisions of the same SOP / DHF entry / WI. While held, other workspace members see "Held by alice@…" instead of overwriting. Uploading clears the lock atomically; QA admin can force-release with the action captured on the chain.

  • External connectors — pull supplier correspondence + audit-question threads from Outlook / SharePoint / Slack

    QMS document gravity is rarely just the controlled-doc archive — supplier corrective-action threads live in Outlook, audit-question rounds live in Slack, parts of the DHF live in SharePoint. Connect six vendors from /integrations (Slack, Gmail, Outlook, SharePoint, OneDrive, Google Drive). Messages and attachments index into the same retrieval the controlled docs use, and the agent's `unifiedSearch` answers "every supplier-A communication about lot 2024-Q3 contamination" with hits from the controlled CAPA record AND the SharePoint folder where supplier-A uploaded their 8D AND the Outlook chain where QA escalated. Tenant-scoped. OAuth tokens encrypted at rest. Retention + legal-hold gates apply to the Kodori records that reference the connector content; the connector content itself stays vendor-side (no compounded breach blast-radius).

Questions QMS / RA teams ask.

Is Kodori a drop-in replacement for MasterControl / Greenlight Guru / ETQ?
Honestly: no, not yet. We're missing the QMS-native modules (CAPA, change control, training-attestation as first-class object types) — those land in Phase 6 (Manufacturing QMS module, post-24-month). What we DO have is a working AI-native DMS with hash-chained audit, legal hold deny-wins on retention, hybrid search, and an agent that can move/rename/retag/hold/dispose with full audit trail. Usable today as a parallel system or as the surface for greenfield product lines.
How does hash-chained audit map to 21 CFR Part 11?
21 CFR Part 11 §11.10(e) requires "secure, computer-generated, time-stamped audit trails" that record creates, modifies, and deletes "without obscuring previously recorded information". Kodori's per-tenant chain meets the test: every event records actor, timestamp, payload, and a SHA-256 prev_hash. Tampering is detectable at the chain level, not just the row level. The full section-by-section conformance claim — Subparts B (§§11.10, 11.50, 11.70) and C (§§11.100, 11.200, 11.300) — is published at /legal/21-cfr-part-11.
What about controlled-copy distribution and point-of-use access?
Document IDs are URL-stable (/doc/[id] forever). Point-of-use signage can be a printed QR pointing to that URL — operators land on the current revision automatically. Read access is permission-trimmed; an operator without training on a particular SOP doesn't see it. Stale-revision reads are impossible because there's only ever one current_version_hash.
How do training records and attestation work?
Training-attestation as a first-class object lands in the Phase 6 QMS module. Today, you can model it via metadata on documents (operatorIds attested, attestation timestamps) plus the audit log's actor + payload — the events table is the substrate. The dedicated UI + reporting comes later.
Do you support change-control board (CCB) workflow?
Phase 6. Today, CCB approvals can be modeled as a chain of events on a document's stream — proposed, comments, approved, implemented — with each event captured as actor + payload + chain hash. The dedicated CCB workflow UI (parallel-approval routing, escalation, electronic signature per 21 CFR Part 11 §11.50) ships in the QMS module.
How does retention work for DHRs, DHFs, batch records?
Define a retention class per record type — "Device History Records — 5 years post-distribution", "Design History File — life of device + N years", "Batch records — 5 years". Records that elapse appear in /retention/review with defer + dispose actions. Active recalls or open CAPAs (modeled as legal holds today) refuse disposal until released.

Drop your SOP set. See it survive an audit.

Five minutes from Google sign-in to a working DMS on your own controlled documents — on a tenant isolated from everyone else.

Begin with Google →Read the docs first