New · Supplier portal, QC inspection & risk management — now live. Read more
Qability
Sign inStart free
Now with AI sidecar

Audit-ready by default.

Qability is the modern Quality Management System for regulated industries. Documents, training, CAPAs, and audit trails — one system, one trail, in real time.

Start free Book a walkthrough
21 CFR Part 11 ISO 9001 · 13485 SOC 2 in progress SSO · SCIM
app.qability.com / mercia-medical / inbox
Your inbox
6 items · sorted by due date
live
DOC
SOP-204 Cleaning Procedure v3.1
Review · Due in 2d · P. Anand
CAPA
CAPA-077 Effectiveness verification
Sign-off · Today · M. Reyes
NC
NC-308 Batch L-2245 deviation
Disposition · Tomorrow · A. Vermeulen
TRAIN
Training T-1093 — 14 trainees
Auto-assigned · Just now · system
DOC
WI-008 Equipment Calibration v2.0
Approval · Due in 3d · L. Park
REVIEW
Periodic review · QM-001
Confirm · This week · system

Built for teams under FDA · ISO · EU MDR

Mercia Medical
Helix Therapeutics
Northbridge Foods
Aetherlab
Volta Biosciences
Granite Aerospace
Pencer Pharma
Halden Devices
Mercia Medical
Helix Therapeutics
Northbridge Foods
Aetherlab
Volta Biosciences
Granite Aerospace
Pencer Pharma
Halden Devices

The product

Nine primitives. One quality system.

Documents, workflows, audit, training, CAPA, risk & RCA, inspections, suppliers, and real-time sync. The whole quality loop, in a single coherent model.

Document control

Every version. Every signature. Every decision.

Draft to effective, captured automatically. Versions, change-controls, periodic reviews — without the paperwork.

Learn more
Workflows

Approvals that route themselves.

Define the steps once. Qability routes, escalates, and remembers — including send-backs without losing context.

Learn more
Audit trail

Know who changed what. Without asking.

An immutable trail of every change in the system. Pull a year of evidence in seconds. Walk into your audit with it ready.

Learn more
Training

The moment a document is effective, training is on the right desks.

Role-based assignment, automatic re-training on revision, manager verification, signature on completion.

Learn more
CAPA, NC & change

Close the loop. Prove the fix.

Nonconformance, CAPA, and change requests — one workflow each, end to end. Auto-numbered, auto-routed, signed at completion.

Learn more
Risk & RCA

From symptom to root cause — on the record.

ISO 14971 risk assessments and structured root-cause analysis — 5 Whys and Fishbone — feeding straight into the CAPA that closes them out.

Learn more
Inspections & QC

Floor-captured evidence. Audit-grade.

Log books, gemba walks, and AQL acceptance sampling (ISO 2859-1 / Z1.4). Edit windows lock records into immutable, signed evidence.

Learn more
Suppliers

Your supply base, inside the system.

Supplier register, evaluations, and document sharing — with a scoped supplier portal so partners submit and respond without ever touching the main app.

Learn more
Real-time

No reloads. No refreshes.

When a colleague approves, you see it. When a document goes effective, your team’s inbox already knows.

Learn more

Workflows

Approvals that route themselves.

Define the steps once. Qability handles routing, escalation, send-backs, and signatures — without losing context.

Stage

Draft

Author writes against a template

Trail

workflow.draft• live
workflow.review— pending
workflow.approve— pending
workflow.effective— pending
workflow.audit— pending

Compliance

Designed around the standards — not retrofitted to them.

Audit-trail, electronic signature, change control, and training are first-class primitives. Not modules you turn on later.

21 CFR Part 11

E-signatures, audit trails, system controls.

ISO 9001

General quality management foundation.

ISO 13485

Medical device quality management.

ISO 14971

Risk management for medical devices.

EU MDR

Medical Device Regulation alignment.

FDA 21 CFR 820

Quality System Regulation for medical devices.

AS9100

Aerospace quality management.

IATF 16949

Automotive quality management.

FSMA

Food Safety Modernization Act.

The lifecycle

From keystroke to compliant.

Six stages, one record. The same document carries its history forever — readable in seconds, defensible under audit.

Authored
Draft against template
Reviewed
Routed by role
Signed
21 CFR Part 11
Effective
Goes live
Trained
Trainees auto-assigned
Audited
Captured forever
Audit trail

Know who changed what.
Without asking.

Every mutation in the system is captured — actor, timestamp, before, after, and (when required) electronic signature. Pull a year of evidence in seconds. Walk into your audit with it ready.

  • Tamper-evident. Append-only log with cryptographic chain of custody.
  • Queryable. Filter by entity, actor, time range, action — in milliseconds.
  • Exportable. CSV, PDF, or audit packet — ready for an inspector’s laptop.
audit_log· mercia-medical
last 8 events

Security

Built for the people who have to say yes.

Security and compliance are not bolted on. They are the substrate.

Tenant isolation

Per-tenant row-level security enforced at the database. Not application checks.

Encryption

AES-256 at rest. TLS 1.3 in transit. Tenant-managed keys on Enterprise.

Identity

SAML 2.0 · OIDC · SCIM. Okta, Azure AD, Google Workspace, Auth0.

Permissions

Role-based access with fine-grained permission strings. API keys with scope.

Backups

Point-in-time recovery. Cross-region replication on Regulated and above.

Residency

US-East and EU-West regions. Dedicated infra on Enterprise.

Integrations

Slots into the systems you already trust.

Single sign-on, identity providers, notifications, storage, and an API for the rest.

OktaSSO
Azure ADSSO
Google WorkspaceIdentity & Docs
Microsoft 365Identity & Docs
SlackNotifications
JiraEngineering
Amazon S3Storage
WebhooksAPI

Customers

Quality teams who don’t get to be late.

We used to spend two weeks pulling evidence before every audit. With Qability, we open it and the evidence is already there.
Priya Anand
VP, Quality & Regulatory · Mercia Medical
The first QMS I have used that did not feel like punishment for working in a regulated industry.
Marco Reyes
Document Controller · Helix Therapeutics
Training assignment used to be a weekly spreadsheet exercise. Now it just happens — the moment a document is effective.
Anke Vermeulen
Director of Operations · Northbridge Foods
0d
Avg. time from draft to effective
down from 38d
0%
CAPA on-time close rate
across all customers
0min
Avg. time to pull a year of evidence
previously 2+ weeks
0.99%
Real-time sync uptime
rolling 90 days

Pricing

Priced like software. Not a consulting engagement.

Per user, billed annually. No per-document fees, no implementation fees, no storage fees.

Starter
For small quality teams getting ISO 9001 right.
$0
per user / month, billed annually
Start free
  • Document control & versioning
  • Up to 3 active workflows
  • Real-time sync
  • Email support
Recommended
Growth
The full closed loop. Training, CAPA, NC, change.
$24
per user / month, billed annually
Start free
  • Everything in Starter
  • Training matrix & auto-assignment
  • CAPA, Nonconformance & Change Request workflows
  • Risk assessments & root-cause analysis
  • Inspections, log books & forms
  • AI sidecar
Regulated
21 CFR Part 11, ISO 13485, SSO.
$48
per user / month, billed annually
Talk to sales
  • Everything in Growth
  • 21 CFR Part 11 e-signatures
  • QC inspection & AQL sampling
  • Supplier register, evaluations & portal
  • SSO (Okta, Azure AD, Google)
  • Audit log retention SLAs
Enterprise
For multi-site, multi-region, multi-audit.
Custom
volume + dedicated infra
Talk to sales
  • Everything in Regulated
  • Data residency (EU / US)
  • Dedicated infrastructure
  • Premium 24×7 support
  • Implementation accelerator

All plans include the audit trail, real-time sync, and the supplier portal. Suppliers are never counted as users.

FAQ

Answers, before you ask.

Yes. Electronic signatures capture identity, meaning, and reason at the moment of signing, with an immutable audit trail and tamper-evident records. Validation packages are available for regulated industries.

ISO 9001, ISO 13485, ISO 14971, FDA 21 CFR Part 820, 21 CFR Part 11, EU MDR, AS9100, IATF 16949, and FSMA. The document, training, CAPA, and audit-trail primitives are framework-agnostic.

Yes. ISO 14971 risk assessments and structured root-cause analysis — 5 Whys and Fishbone — are built in. Findings flow straight into a nonconformance or CAPA, so the analysis and the corrective action live on the same connected record.

Yes. Log books, gemba walks, and shift handovers are captured as form-driven field records with configurable edit windows that lock them into immutable, signed evidence. QC acceptance inspection uses AQL sampling plans (ISO 2859-1 / ANSI Z1.4), with admin-defined custom plans where you need your own tables.

Suppliers log in through a scoped portal with its own session and a reduced endpoint surface — they only ever see their own records, document requests, and assignments, never the main app. The supplier register, evaluations, and shared documents live inside your QMS, on the same audit trail and RBAC. Suppliers using the portal are not counted as billed users.

Most teams are running their first controlled document in under a week. There is no consulting-led implementation; templates and accelerators ship with the product.

Primary regions are US-East and EU-West. Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Per-tenant database isolation via row-level security. Enterprise customers can request dedicated infrastructure or specific data residency.

Yes. SSO via SAML 2.0 and OIDC (Okta, Azure AD, Google Workspace, Auth0). SCIM provisioning available on Regulated and above.

Enterprise customers can deploy Qability in their own VPC. A managed cloud is the default and recommended path.

Per active user, billed annually. No per-document fees, no implementation fees, no storage fees. Suppliers using the supplier portal are not counted as users.

Yes. Starter is free forever for small teams. Growth and Regulated tiers include a 30-day trial of the full feature set.

Audit-ready by default.

Get a tenant, invite your team, and run your first controlled document in under a week. No implementation contract required.

Start free Talk to quality