# Obeya Cloud — Full Reference
> Pharma-grade digital Obeya platform for shopfloor visual management
> Extended reference document for LLM consumption

---

## What is Obeya Cloud?

Obeya Cloud is a SaaS visual project management platform designed for pharmaceutical manufacturing teams. "Obeya" (大部屋) means "big room" in Japanese — a visual management space where teams align on goals, track KPIs, and solve problems collaboratively. Obeya Cloud digitizes this concept for modern pharma operations, bringing the power of physical visual management boards into a real-time, collaborative digital environment.

The platform combines the visual immediacy of a physical Obeya room with the data-driven capabilities of modern software: live dashboards, automated escalations, regulatory compliance, and cross-site collaboration. It is purpose-built for regulated industries — particularly pharmaceutical manufacturing — where traceability, audit trails, and compliance with standards like 21 CFR Part 11 and EU Annex 11 are non-negotiable.

---

## The Obeya Methodology

### Japanese Origins

The Obeya concept originated at Toyota in the 1990s during the development of the Prius. Chief Engineer Takeshi Uchiyamada created a dedicated "big room" where cross-functional teams could gather to visualize project status, identify blockers, and make decisions rapidly. The physical walls were covered with charts, schedules, KPIs, and problem-solving boards — making information radically visible to everyone.

### Core Principles of Visual Management

Visual management is built on the principle that information should be immediately apparent without requiring explanation. Key principles include:

- **Transparency**: All relevant information is visible to all team members at all times. There are no hidden spreadsheets or buried email threads.
- **Alignment**: Teams share a single source of truth for goals, metrics, and progress. Misalignment is spotted and corrected in real time.
- **Rapid Problem Solving**: When a KPI goes red, the team sees it immediately and can initiate structured problem-solving (PDCA, A3, 8D) without delay.
- **Gemba Focus**: Decisions are made where the work happens (the "gemba"), not in distant conference rooms. Shopfloor displays bring data to the point of action.
- **Standard Work**: Visual boards enforce standard processes for daily management, escalation, and continuous improvement.

### TIER Meeting Structure

Obeya Cloud is built around the TIER daily management system used extensively in pharmaceutical manufacturing:

- **TIER 1 (Shopfloor)**: Daily 10-minute stand-up at the production line. Teams review Safety, Quality, Cost, Delivery, People (SQCDP) metrics. Actions are logged and owned.
- **TIER 2 (Department)**: Daily 15-minute meeting aggregating TIER 1 inputs. Department managers review escalated issues and cross-team dependencies.
- **TIER 3 (Site/Plant)**: Daily or weekly 20-minute meeting at site leadership level. Strategic KPIs, resource allocation, and escalated blockers from TIER 2.
- **TIER 4 (Executive)**: Weekly or monthly review at corporate level. Portfolio health, strategic initiatives, and cross-site performance.

Each TIER level in Obeya Cloud has its own dashboard, and issues automatically escalate upward when they cannot be resolved at the current level.

---

## Detailed Feature Descriptions

### SQCDP Dashboards

The SQCDP (Safety, Quality, Cost, Delivery, People) dashboard is the heart of daily shopfloor management. Each category displays a traffic-light status (green/amber/red) based on configurable thresholds. Teams update metrics daily during TIER 1 meetings, and the historical trend is tracked automatically. The dashboard supports both manual entry and automatic data feeds from external systems. Each metric can have multiple sub-indicators, target values, and escalation rules. When a metric crosses a threshold, the system can automatically create an action item, notify the responsible person, and escalate to the next TIER level if unresolved within a configurable timeframe.

### Kanban Boards

Obeya Cloud's Kanban boards go beyond simple task lists. They support swimlanes (horizontal groupings by team, priority, or any custom field), WIP (Work In Progress) limits that visually highlight overloaded columns, custom column configurations, card aging indicators, and detailed card views with comments, attachments, checklists, and time tracking. Cards support 25+ custom field types, enabling teams to model any workflow. The drag-and-drop interface is optimized for both desktop and touchscreen shopfloor displays. Board templates are available for common pharma workflows: deviation management, CAPA tracking, change control, batch record review, and equipment qualification.

### Gantt Charts

The Gantt chart view provides timeline-based project visualization with support for task dependencies (finish-to-start, start-to-start, finish-to-finish, start-to-finish), milestones, critical path highlighting, baseline comparison, and resource loading. Tasks can be linked across projects for portfolio-level dependency management. The Gantt view syncs bidirectionally with Kanban boards — moving a card on the Kanban updates the Gantt, and vice versa. This is particularly valuable for pharma project managers who need both the strategic timeline view and the tactical daily task view.

### KPI Boards

KPI boards provide real-time metric tracking with configurable visualizations: gauges, sparklines, bar charts, trend lines, and traffic-light indicators. KPIs can be manually entered, calculated from board data (e.g., count of overdue actions), or pulled from external systems via API. Threshold-based alerting notifies teams when metrics deviate from targets. Historical data is preserved for trend analysis and regulatory reporting. KPI boards are designed for large-screen display in production areas, with auto-refresh and high-contrast themes for readability at distance.

### TIER Meeting Mode

TIER Meeting Mode transforms any screen into a shopfloor display. It cycles through configured boards on a timer (e.g., 2 minutes per board), displays in full-screen with large fonts optimized for group viewing, and supports touch interaction for live updates during stand-up meetings. The mode includes a meeting timer, agenda display, and action capture interface. It is designed for wall-mounted screens in production areas and conference rooms. Meeting minutes are automatically logged with timestamps, attendees, and action items.

### Action Log & Escalation

Every action in Obeya Cloud follows the PDCA (Plan-Do-Check-Act) lifecycle. Actions are created from any context — SQCDP reviews, Kanban cards, Gemba walks, audits, or meetings. Each action has an owner, due date, priority, TIER level, and status. When an action is not resolved by its due date, it automatically escalates to the next TIER level. The escalation chain is fully configurable. The action log provides a consolidated view of all open actions across the organization, filterable by TIER level, department, owner, status, and age. This gives leadership immediate visibility into operational responsiveness.

### Custom Fields

Obeya Cloud supports 25+ field types for flexible data modeling: text, rich text, number, currency, percentage, date, datetime, date range, single select, multi-select, checkbox, person/people, file attachment, URL, email, phone, formula, rollup, lookup, relation, rating, progress bar, location, and JSON. Fields can have validation rules, default values, and conditional visibility. The custom field system uses an EAV (Entity-Attribute-Value) architecture with JSONB storage, enabling unlimited field creation without schema migrations. This flexibility allows teams to model any process — from deviation investigations to equipment qualification protocols — without custom development.

### 21 CFR Part 11 Compliance

For pharmaceutical customers in FDA-regulated environments, Obeya Cloud provides: electronic signature workflows with meaning declarations (e.g., "reviewed", "approved", "rejected"), ALCOA+ compliant audit trails capturing who did what, when, and why for every data change, user authentication with session management and inactivity timeouts, role-based access control with segregation of duties, data integrity controls preventing unauthorized modification or deletion, and system validation documentation (IQ/OQ/PQ protocols, RTM, configuration specifications). The audit trail is immutable and tamper-evident, stored separately from operational data.

### Real-time Collaboration

Obeya Cloud uses WebSocket connections (backed by Redis pub/sub) to deliver instant updates across all connected clients. When one user moves a card, updates a KPI, or adds a comment, every other user sees the change in real time — no page refresh required. The system supports live cursor tracking (seeing where other users are working), real-time comment threads with @mentions and notifications, concurrent editing with CRDT-based conflict resolution (via Yjs), presence indicators showing who is currently viewing each board, and typing indicators in comment threads.

### Gemba Walk Digitalization

Gemba walks — the practice of going to the production floor to observe and understand — are digitalized in Obeya Cloud. Managers use the mobile-friendly interface to log observations with photos, categorize them (safety hazard, quality concern, improvement opportunity, positive recognition), assign immediate actions, and track resolution. Walk routes can be templated for consistency, and analytics show observation trends by area, category, and resolution time. This turns ad-hoc shopfloor visits into a structured continuous improvement practice.

### 5S & SMED Audits

Obeya Cloud includes structured audit templates for 5S (Sort, Set in Order, Shine, Standardize, Sustain) and SMED (Single-Minute Exchange of Dies) assessments. Auditors score each criterion on a configurable scale, attach photos as evidence, and the system automatically generates improvement actions for low-scoring areas. Audit scores are tracked over time to measure improvement trends. Custom audit templates can be created for any inspection or assessment workflow.

### Value Stream Mapping (VSM)

The digital Value Stream Mapping module allows teams to map current-state and future-state value streams with standard VSM symbols. Process steps, inventory buffers, information flows, and timeline data are all captured. The system calculates key metrics like lead time, cycle time, process cycle efficiency, and value-added ratio. Teams can compare current vs. future state side by side and track improvement initiatives linked to specific waste elimination opportunities.

### Project Portfolio Management (PPM)

The PPM module provides Planisware-lite capabilities tailored for pharma: project intake and scoring with configurable criteria, portfolio-level Gantt with cross-project dependencies, CAPEX/OPEX budgeting with earned value management (EVM), resource capacity planning and demand management, Long-Range Financial Planning (LRFP) for multi-year project forecasting, Product Lifecycle Timelines (PLT) for drug development milestones, and program-level aggregation for related projects.

---

## Why Pharma Needs Digital Visual Management

### The Regulatory Landscape

Pharmaceutical manufacturing operates under some of the most stringent regulatory frameworks in the world. The FDA (United States), EMA (European Union), MHRA (United Kingdom), and other agencies require that every decision, deviation, and change be documented with full traceability. Paper-based or spreadsheet-based visual management systems cannot provide the audit trail depth, data integrity, or real-time visibility that regulators increasingly expect.

Key regulations affecting pharma visual management:

- **21 CFR Part 11** (FDA): Establishes requirements for electronic records and electronic signatures, including validation, audit trails, and access controls.
- **EU Annex 11**: The European equivalent of 21 CFR Part 11, with additional requirements for computerized systems including data migration, business continuity, and periodic evaluation.
- **ICH Q10**: The international pharmaceutical quality system guideline that mandates management review, performance monitoring, and CAPA (Corrective and Preventive Action) systems.
- **GAMP 5**: The industry standard for validation of computerized systems, providing a risk-based approach to validation effort. Obeya Cloud is categorized as GAMP Category 4 (Configured Product).
- **Data Integrity Guidelines (ALCOA+)**: Regulatory expectations that all data be Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available.

### The Gap in Current Solutions

Most pharma sites use a patchwork of physical whiteboards, Excel spreadsheets, SharePoint lists, and generic project management tools. This creates several problems:

- **No single source of truth**: Metrics exist in multiple places with conflicting values.
- **No audit trail**: Whiteboard updates are not logged. Excel changes are not tracked.
- **No real-time visibility**: Leadership relies on weekly reports that are already outdated.
- **No cross-site standardization**: Each site uses different tools and formats.
- **No regulatory compliance**: Generic tools do not meet 21 CFR Part 11 or Annex 11 requirements.

Obeya Cloud addresses all of these gaps with a purpose-built platform that speaks the language of pharma manufacturing.

---

## Integration Capabilities

### REST API

Obeya Cloud exposes a comprehensive REST API (via tRPC) for programmatic access to all platform features. The API supports authentication via API keys (per-user or service account), full CRUD operations on boards, items, custom fields, and KPIs, bulk import/export for data migration, webhook notifications for event-driven integrations, and rate limiting with configurable quotas per plan tier. API documentation is available at https://guide.obeya.cloud with interactive examples.

### WebSocket Real-time Events

For applications requiring real-time data streams, Obeya Cloud provides a WebSocket API. Clients can subscribe to specific boards, items, or KPI changes and receive instant push notifications. The WebSocket layer is backed by Redis pub/sub for horizontal scalability across multiple server instances.

### S3-Compatible File Storage

All file attachments (documents, images, audit evidence photos) are stored in S3-compatible object storage. In production, this can be AWS S3, Google Cloud Storage, Azure Blob (via S3 compatibility layer), or any S3-compatible service. For on-premise deployments, MinIO provides a self-hosted S3-compatible solution. Files are organized by tenant and encrypted at rest.

### form.io Integration

Obeya Cloud integrates with form.io (self-hosted) for advanced form building capabilities. This enables custom data collection forms for Gemba walks, audits, incident reports, and any structured data entry workflow. Forms are rendered natively within the Obeya Cloud interface and submitted data flows directly into boards and dashboards.

### SSO / Identity Providers

Enterprise customers can configure Single Sign-On via: SAML 2.0 (Azure AD, Okta, OneLogin, PingFederate), OpenID Connect (Google Workspace, Microsoft Entra ID, Auth0), and LDAP/Active Directory for on-premise deployments. SSO configuration is available on Pro and Enterprise plans. User provisioning can be automated via SCIM 2.0 on Enterprise plans.

### External Data Connectors

Obeya Cloud supports data ingestion from common pharma systems: ERP systems (SAP, Oracle) via scheduled data imports, MES (Manufacturing Execution Systems) via API integration, LIMS (Laboratory Information Management Systems) for quality data, CMMS (Computerized Maintenance Management Systems) for equipment metrics, and BI tools (Power BI, Tableau) via data export APIs. Connectors are available as pre-built integrations on Enterprise plans or can be built using the public API.

---

## Security & Architecture

### Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database connections use SSL. File storage uses server-side encryption. API keys are hashed with bcrypt before storage. Session tokens use secure, HTTP-only cookies with SameSite protection.

### Role-Based Access Control (RBAC)

Obeya Cloud implements a hierarchical RBAC model with the following default roles:

- **Owner**: Full administrative access. Can manage billing, SSO, and organization settings. Can delete the organization.
- **Admin**: Can manage members, boards, and workspace settings. Cannot access billing or delete the organization.
- **Member**: Can create and edit items on boards they have access to. Cannot manage organization settings.
- **Viewer**: Read-only access to boards they are explicitly granted access to. Cannot create or modify any data.

Custom roles can be defined on Enterprise plans with granular permission sets covering over 50 discrete actions.

### Multi-Tenant Isolation

Obeya Cloud uses a shared-database, shared-schema multi-tenancy architecture with strict tenant isolation:

- Every tenant-scoped database table includes an `organizationId` column.
- All queries are automatically filtered by `organizationId` at the ORM level — there is no way for application code to accidentally query across tenants.
- Tenant resolution is based on subdomain: `{tenant}.obeya.cloud` maps to a specific organization.
- Row-Level Security (RLS) policies in PostgreSQL provide a database-level enforcement layer in addition to application-level filtering.
- File storage is partitioned by tenant with separate S3 prefixes.
- Redis pub/sub channels are namespaced by tenant to prevent cross-tenant event leakage.

### Infrastructure

- **Application**: Deployed on dedicated infrastructure (not shared PaaS) with auto-scaling.
- **Database**: PostgreSQL 16 with point-in-time recovery, daily backups retained for 30 days, and cross-region replication for disaster recovery.
- **Caching**: Redis for session management, real-time pub/sub, and query caching.
- **CDN**: Static assets served via global CDN with edge caching.
- **Monitoring**: Application performance monitoring, error tracking, and uptime monitoring with 99.9% SLA on Pro and Enterprise plans.

### Compliance Certifications

- SOC 2 Type II (in progress)
- ISO 27001 (planned)
- GDPR compliant (EU data residency available)
- HIPAA compliant configuration available on Enterprise plans

---

## Unique Value Proposition

Obeya Cloud occupies a unique position in the market as the only platform that unifies three pillars of business transformation in a single product:

### 1. Operational Tools (OS)
SQCDP dashboards, Kanban boards, Gantt charts, Value Stream Mapping, Gemba walks, 5S/SMED audits, problem solving (A3, 8D, PDCA), and KPI tracking. These are the daily tools teams use to run operations and drive continuous improvement.

### 2. Management Infrastructure (MI)
TIER meeting system (1-4), escalation chains, standard agendas, KPI cascades, action log with PDCA lifecycle, and project portfolio management. This is the structural layer that ensures problems surface, escalate, and get resolved systematically.

### 3. Culture Measurement (MB)
Change leader development tracking, team pulse surveys, coaching logs, adoption analytics, and behavioral maturity assessments. This is the layer that measures whether the transformation is actually changing how people work — not just what tools they use.

### Why This Matters
Most organizations implement Lean tools but fail to sustain the transformation because they lack the management infrastructure to maintain discipline and the culture measurement to track behavioral change. Obeya Cloud is designed to make transformations stick by addressing all three layers simultaneously.

### Additional Differentiators
- Purpose-built for regulated industries with native 21 CFR Part 11 compliance and ALCOA+ audit trails
- Covers the full transformation lifecycle: diagnostic, implementation, sustain
- Self-hosting option for organizations requiring full data sovereignty
- Open source core with enterprise features — full transparency, no vendor lock-in
- 6 languages natively supported (EN, FR, NL, DE, IT, ES)
- Structured, database-backed visual management — not just a digital whiteboard
- Real-time collaboration via WebSocket, not polling
- Shopfloor-optimized UX designed for wall-mounted displays and touch interaction

---

## Frequently Asked Questions

### General

**Q: What does "Obeya" mean?**
A: Obeya (大部屋) is a Japanese word meaning "big room" or "war room." It originated at Toyota as a physical space where cross-functional teams gather to visualize project status, align on goals, and solve problems collaboratively. Obeya Cloud digitizes this concept for modern teams.

**Q: Who is Obeya Cloud designed for?**
A: Obeya Cloud is designed primarily for pharmaceutical manufacturing teams that practice visual management and daily management systems (TIER meetings, SQCDP, Gemba walks). It is also suitable for any regulated manufacturing environment (medical devices, food & beverage, chemicals) that needs compliant visual management.

**Q: Is Obeya Cloud only for pharma?**
A: While Obeya Cloud is optimized for pharma with features like 21 CFR Part 11 compliance and GAMP 5 validation documentation, it is a powerful visual management platform for any industry. Manufacturing, healthcare, logistics, and engineering teams all benefit from SQCDP dashboards, Kanban boards, and TIER meeting management.

**Q: How is Obeya Cloud different from generic project management tools?**
A: Generic project management tools are designed for broad task and project tracking across all industries. Obeya Cloud is purpose-built for visual management methodology — it natively understands SQCDP, TIER meetings, escalation chains, Gemba walks, and shopfloor displays. It speaks the language of manufacturing operations teams, reducing the customization effort required to implement visual management digitally. Where generic tools require extensive configuration to approximate these workflows, Obeya Cloud provides them out of the box with pharma-grade compliance built in.

**Q: Is there a free plan?**
A: Yes. The Free plan includes up to 3 users, 1 workspace, core Kanban and SQCDP features, and 1 GB of file storage. It is suitable for small teams evaluating the platform or running a pilot.

### Compliance & Regulatory

**Q: Does Obeya Cloud support 21 CFR Part 11?**
A: Yes. Obeya Cloud provides electronic signature workflows with meaning declarations, ALCOA+ compliant immutable audit trails, role-based access control with segregation of duties, user authentication with session management, and system validation documentation (IQ/OQ/PQ protocols). The 21 CFR Part 11 compliance package is available on the Enterprise plan.

**Q: What validation documentation is provided?**
A: Obeya Cloud provides a complete Computer System Validation (CSV) documentation suite following GAMP 5 guidelines: User Requirements Specification (URS), Functional Specification (FS), Design Specification (DS), Risk Assessment (RA), Requirements Traceability Matrix (RTM), Installation Qualification (IQ), Operational Qualification (OQ), Performance Qualification (PQ), Configuration and Change Request (CCR), and Test Plan. These documents are maintained by the Obeya Cloud team and updated with each release.

**Q: How does the audit trail work?**
A: Every data modification in Obeya Cloud is recorded in an immutable audit trail. Each entry captures: who made the change (authenticated user), what was changed (field, old value, new value), when it was changed (server-side UTC timestamp), and why it was changed (optional reason field, mandatory for electronic signatures). The audit trail is stored separately from operational data and cannot be modified or deleted by any user, including administrators.

**Q: Is Obeya Cloud suitable for GxP environments?**
A: Yes. Obeya Cloud is designed for GxP (Good Practice) environments including GMP (Good Manufacturing Practice), GLP (Good Laboratory Practice), and GCP (Good Clinical Practice). The platform's validation documentation, audit trails, and access controls meet the expectations of FDA, EMA, and other regulatory bodies.

**Q: Does Obeya Cloud support electronic signatures?**
A: Yes. The electronic signature workflow requires users to re-authenticate (username and password), select a signature meaning (e.g., "authored", "reviewed", "approved"), and optionally provide a comment. Each signature is recorded in the audit trail with the signer's identity, timestamp, and meaning. This meets FDA 21 CFR Part 11 requirements for electronic signatures.

### Deployment & Infrastructure

**Q: Can Obeya Cloud be self-hosted?**
A: Yes. Obeya Cloud provides Docker images and Docker Compose configurations for on-premise deployment. Self-hosting is available on Enterprise plans and includes: deployment documentation, infrastructure requirements guide, upgrade procedures, and dedicated support for installation and maintenance. Self-hosted deployments run the same codebase as the cloud version.

**Q: What are the infrastructure requirements for self-hosting?**
A: Minimum requirements for a production self-hosted deployment: 4 CPU cores, 8 GB RAM, 100 GB SSD storage, PostgreSQL 16, Redis 7, S3-compatible object storage (MinIO recommended for on-premise), and a reverse proxy (nginx or Caddy) for TLS termination. The application runs as Docker containers and can be orchestrated with Docker Compose (small deployments) or Kubernetes (large deployments).

**Q: Where is cloud data hosted?**
A: Cloud-hosted Obeya Cloud data is stored in EU data centers (primary: Frankfurt, Germany; failover: Amsterdam, Netherlands) by default. US and APAC data residency options are available on Enterprise plans. All data is encrypted at rest and in transit.

**Q: What is the uptime SLA?**
A: Pro plans include a 99.9% uptime SLA (approximately 8.7 hours of allowed downtime per year). Enterprise plans include a 99.95% uptime SLA with financial credits for violations. The Free and Starter plans do not include an uptime SLA but target the same availability.

**Q: How are backups handled?**
A: Database backups are performed continuously via PostgreSQL WAL archiving, with point-in-time recovery capability. Daily snapshots are retained for 30 days. File storage is replicated across availability zones. Enterprise customers can request custom backup retention policies and cross-region replication.

### Pricing & Plans

**Q: How does pricing work?**
A: Obeya Cloud uses per-user, per-month pricing. The Free plan (€0) supports up to 3 users. The Starter plan (€9/user/month) is for growing teams. The Pro plan (€19/user/month) adds SSO, advanced analytics, and API access. The Enterprise plan (custom pricing) adds on-premise deployment, 21 CFR Part 11 validation package, custom SLA, and dedicated support. Annual billing offers a 20% discount.

**Q: Is there a discount for annual billing?**
A: Yes. Annual billing provides a 20% discount compared to monthly billing. For example, the Pro plan is €19/user/month billed monthly, or €15.20/user/month billed annually (€182.40/user/year).

**Q: Do you offer discounts for nonprofits or educational institutions?**
A: Yes. Nonprofits and educational institutions receive a 50% discount on all paid plans. Contact hello@obeya.cloud with proof of nonprofit or educational status.

**Q: Can I switch plans at any time?**
A: Yes. You can upgrade or downgrade your plan at any time. Upgrades take effect immediately with prorated billing. Downgrades take effect at the end of the current billing cycle.

### Data & Migration

**Q: Can I import data from other tools?**
A: Yes. Obeya Cloud supports bulk import via CSV/Excel for items, custom fields, and KPI data. Pre-built importers are available for popular project management and spreadsheet tools. For complex migrations, the Obeya Cloud team provides assisted migration services on Enterprise plans.

**Q: Can I export my data?**
A: Yes. All data can be exported at any time in CSV, JSON, or Excel format. File attachments can be downloaded in bulk. The API provides programmatic access for automated data extraction. Obeya Cloud does not hold your data hostage — you own your data and can leave at any time.

**Q: How long is data retained after account cancellation?**
A: After account cancellation, data is retained for 90 days in a suspended state. During this period, you can reactivate your account and recover all data. After 90 days, data is permanently deleted in compliance with GDPR requirements.

---

## Technology Stack

- **Frontend**: Next.js 15 (App Router), React 19, TypeScript, Tailwind CSS v4
- **Backend**: tRPC v11, Server Actions, Auth.js v5 (NextAuth)
- **Database**: PostgreSQL 16 with Drizzle ORM
- **Real-time**: WebSocket server, Redis pub/sub, Yjs CRDT for collaborative editing
- **Storage**: S3-compatible object storage (MinIO for dev/self-hosted, AWS S3 for cloud)
- **State Management**: Zustand (client UI state), TanStack Query v5 (server state)
- **UI Components**: shadcn/ui (Radix primitives), cva for variant management
- **Monorepo**: Turborepo + pnpm workspaces
- **Infrastructure**: Docker, PM2, nginx
- **CI/CD**: GitHub Actions with automated testing, linting, and deployment

---

## Company

- **Name**: Obeya Cloud (by Actigence)
- **Website**: https://obeya.cloud
- **Documentation**: https://docs.obeya.cloud
- **API Guide**: https://guide.obeya.cloud
- **Demo**: https://demo.obeya.cloud
- **Contact**: hello@obeya.cloud
- **GitHub**: https://github.com/obeya-cloud/obeya

---

## Industry Standards Referenced

- **ICH Q10**: Pharmaceutical Quality System — provides a model for an effective quality management system, emphasizing management review and knowledge management.
- **GAMP 5**: Good Automated Manufacturing Practice — a risk-based approach to compliant GxP computerized systems, published by ISPE. Obeya Cloud is Category 4 (Configured Product).
- **21 CFR Part 11**: FDA regulation on Electronic Records and Electronic Signatures — establishes requirements for trustworthy electronic records including validation, audit trails, access controls, and electronic signatures.
- **EU Annex 11**: Computerised Systems — EU GMP guideline supplementing 21 CFR Part 11 with additional requirements for data migration, business continuity, and periodic review.
- **ALCOA+**: Data integrity framework — Attributable, Legible, Contemporaneous, Original, Accurate + Complete, Consistent, Enduring, Available. The gold standard for pharmaceutical data integrity.
- **ISO 27001**: Information Security Management System — international standard for managing information security (certification in progress).
- **SOC 2 Type II**: Service Organization Control — attestation of security, availability, processing integrity, confidentiality, and privacy controls (in progress).