CompStack
Integrated Management Systemv1.4 — module store live

Compliance, run as one
operating system.

CompStack links requirements, scope, controlled documents, evidence, audits, findings, CAPA, risk and management review across multiple standards and sites — so compliance becomes an operating rhythm, not a once-a-year scramble.

Book a demoSee the platform
14+
standards modules
42
audit-report fields
100%
changes auditable

Used by quality teams across manufacturing, water & beverages, pharma and healthcare in East Africa, the Gulf, and the EU.

acme-foods.compstack.io/readiness
live
Group readiness
87.4/ 100+3.2 wk
5 sites · 4 standards
Q2 audit · 17 days
QMS
ISO 9001:201594%
5 sites
EMS
ISO 14001:201588%
5 sites
OHS
ISO 45001:201882%
4 sites
DR-W
KEBS · KS 46076%
2 sites
Open findings
112 overdue · 3 awaiting verify
Evidence expiring · 30d
26acks · certs · calibrations
Standards covered

ISO families, country packs and sector schemes — installable as versioned modules. Cross-mapped at the requirement level.

Browse module store
ISOISO 9001Quality management
ISOISO 14001Environment
ISOISO 45001Occupational H&S
ISOISO 27001Information security
ISOISO 22000Food safety
ISOISO 22301Business continuity
ISOISO 13485Medical devices
KEBSKEBS · KS 460Drinking water
KEBSKEBS · KS 2466Bottled water
SONSON · SONCAPConformity assessment
UNBSUNBSUganda standards
EUGDPREU data protection
SAISA8000Social accountability
FSSCFSSC 22000Food safety scheme
ISOISO 9001Quality management
ISOISO 14001Environment
ISOISO 45001Occupational H&S
ISOISO 27001Information security
ISOISO 22000Food safety
ISOISO 22301Business continuity
ISOISO 13485Medical devices
KEBSKEBS · KS 460Drinking water
KEBSKEBS · KS 2466Bottled water
SONSON · SONCAPConformity assessment
UNBSUNBSUganda standards
EUGDPREU data protection
SAISA8000Social accountability
FSSCFSSC 22000Food safety scheme
The platform

One system, eight workflows,
zero spreadsheets.

Every entity is linked: requirements ↔ controls ↔ documents ↔ evidence ↔ audits ↔ findings ↔ CAPA ↔ risk. Change one, the audit trail follows.

01 · Scoping

Decide what applies, where, and prove why.

9001 · 7.5.3Control of documented information
Applicable
9001 · 8.3Design and development
Not applicable
9001 · 8.5.5Post-delivery activities
Applicable
14001 · 6.1.2Significant aspects identification
Applicable
45001 · 8.1.4Procurement (contractor mgmt)
Deferred
02 · Document control

Defensible policy lifecycle from draft to obsolete.

QMS-POL-014 · Supplier evaluation policy
v3.2 · awaiting QM approval · author cannot self-approve
Draft
Review
Approve
Publish
Obsolete
3 ack pendingretain · 7 yrs
03 · Controls

Map controls to requirements and documents.

CTRL-027 · Calibration programPreventive
owner · QA Lead · monthly · evidence: cert.pdf
linked to
requirement
9001 · 7.1.5
document
QMS-PROC-008
04 · Evidence

Files and links that survive an audit.

artifact
type
valid
Mombasa cert · ISO 22000
PDF · 2.4 MB
Mar 12, 2027
Op-09 batch records · 2026-Q1
ZIP · 18.7 MB
Calibration cert · MD-04
PDF · 0.8 MB
in 23 days
Forklift operator · J. Otieno
PNG · 0.4 MB
expired
05 · Audits

Generate checklists from real scope. Run them. Report.

AUDIT-2026-Q2-INT
Q2 internal — Mombasa
Standards9001, 14001, 22000
Sites2
Lead auditorA. Wachira
StatusIn progress
clause
checklist item
verdict
7.5.3
Document control records present
Conform
8.5.1
Production change-control evidence
Obs
9.1.3
Trend analysis on customer complaints
NC
10.2
CAPA closure rate vs target (≥ 90%)
OFI
06 · Findings & CAPA

Close the loop with verification.

Open
5
Action in progress
3
Verifying
2
Closed · 30d
14
verifier ≠ owner · enforced
07 · Risk

ISO 31000 register linked to controls and CAPA.

Risk RGT-094 · Calibration drift — L4 × I3 = 12
likelihood →impact ↑
treatment: mitigate · linked CAPA-0118
08 · Management review

Decisions, attendees, actions — recorded for audit.

meeting
Apr 24
attendees
9 · quorum met
inputs
audits · risks · CAPA
  • 10:14Approve scope reduction · KEBS KS 2466Exec
  • 10:21Allocate budget · 4 calibration unitsQM
  • 10:33Defer SA8000 onboarding to Q4Board
  • 10:48Open CAPA on supplier audit overdueQA
immutable record · PDF + CSV exports for audit
From scramble to operating rhythm

Five linked stages. Run them every quarter.

Each stage produces the inputs the next one needs. Nothing waits for a spreadsheet. Nothing arrives at the auditor unsupported.

  1. Stage 01

    Scope per site

    Mark requirements applicable, not-applicable (with justification), or deferred. Lock the scope baseline by site, by standard.

    scoping ratio
    412 / 614 applicable
  2. Stage 02

    Govern documents

    Drafts move through review and approval with segregation of duties. Distribute, track acknowledgements, retire on schedule.

    controlled docs
    138 published · 6 in review
  3. Stage 03

    Operate controls

    Owners run the control. Frequency, evidence type, and linkage to requirements are pre-defined. Nothing slips silently.

    active controls
    76 · 4 due this week
  4. Stage 04

    Capture evidence

    Files, certificates, screenshots, and links flow into the evidence library — validated, expiry-tracked, audit-linkable.

    evidence library
    1,948 items · 26 expiring
  5. Stage 05

    Audit & close

    Generate checklists from real scope. Capture verdicts. Convert findings to CAPA. Verify with a different person. Close.

    current audit
    Q2-INT · 71% complete
Module store

Standards, shipped as software.

Install ISO families, country packs, sector schemes, and template sets as versioned modules. Upgrades show a structured diff so your team can review what changed before it hits the audit.

license model
Per-org · trial · expiry
upgrade safety
Diff · preview · rollback
Browse the module store
iso-9001-2015@2.4.0 → 2.5.0
42 changes
Added
+11
  • 8.2.4 · Customer property — visit logs
  • 9.1.3 · Trend analysis on complaints
  • 10.3 · Continual improvement evidence
Changed
+26
  • 7.5.3 · Now requires retention metadata
  • 8.5.1 · Tightens production change control
  • 9.2 · Internal audit competence rules
3 publishers contributedReviewed · signed · staged
ISO official
ISO 14001:2015
Environmental management
v1.7.2signed · sha256
KEBS
KS 460 — Drinking water
Sampling & lab cross-mapped
v0.9.1signed · sha256
Sector official
Pharma cleanroom pack
EU Annex 1 + GMP templates
v3.1.0signed · sha256
Tools
Internal audit program
Annual plan · 4 audit kits
v2.0.0signed · sha256
Copilot · grounded answer

Calibration cadence for metal detectors on Line 3 is monthly, per QMS-PROC-008 §4.2 and the FSSC 22000 prerequisite program. Next due: Apr 18.

QMS-PROC-008 §4.2FSSC 22000 · PRP-7CAPA-2026-0118Audit Q1-INT · finding 03
Proposal · awaiting human approval
approval gate
Open CAPA-2026-0119 · Calibration drift on MD-04
  • · Owner: J. Otieno (Maintenance)
  • · Linked control: CTRL-027 · linked finding: Q1-INT/03
  • · Verifier: K. Mbeki (different from owner)
  • · Effectiveness review: 2 cycles after closure
every action logged
AI Copilot

AI that an auditor can trust.

Answers cite the underlying clauses, documents, evidence and prior findings. Anything that changes data is staged as a proposal — and a human approves before it lands in your records.

  • Permission-aware retrieval — tenant + role boundaries.
  • Citations that resolve to live records, not URLs.
  • Approval gate on every write action.
  • Full transcript & reasoning recorded for audit.
How the Copilot stays auditable
A team in production

We stopped preparing for audits. The platform is the preparation. When KEBS arrived, we opened a tab.

AW
Adelaide Wachira
IMS Manager · multi-site beverage manufacturer, Kenya
14 → 4 days
evidence-pack assembly
across 5 sites, 3 ISO standards
71%
reduction in CAPA aging
median open-to-close, 6-month rolling
0
major NCs in last 3 audits
2 OBS, 4 OFI · all closed in cycle
2.4 days
onboarding to first scoped audit
9001 module + KEBS pack installed
Read the case studymetrics verified · Q1 review
Built for the audit

The compliance trail is the product.

The same primitives that protect your data also stand up under a certification body's scrutiny — and an internal investigation.

Tenant isolation

Per-organization row-level isolation across requirements, documents, evidence, audits, CAPA, and AI context.

Role & site boundaries

Admin · manager · auditor · viewer. Plus site-level access boundaries for groups managing many sites under one tenant.

Segregation of duties

Authors cannot approve their own documents. Verifiers cannot be the CAPA owner. Enforced, not advisory.

Immutable audit log

Every scope change, approval, evidence acceptance, and AI action is recorded with actor, time and prior state.

Encryption & signed access

Encrypted at rest and in transit. Time-limited signed URLs for evidence. No public file links, ever.

Data residency

Choose a region for your tenant. EU, US, or Africa. Cross-region replication is opt-in, not default.

Read the security overviewSOC 2 in progressISO 27001 alignedGDPR · data residency
Get a working tenant in a week

See your standards inside CompStack — with your real scope.

Bring three pages of policy, a recent audit report, and one stuck CAPA. We'll show you the same workflow your team will run on Monday — not a demo tenant with mock data.

Book a working sessionBrowse modules45 min · no slides · bring your scope
what you walk away with
  • A scoped tenant for your actual standards.
  • One workflow run end-to-end on your data.
  • A short brief on which modules to install first.
  • An honest read on whether we're a fit.
average time-to-first-audit-pack · 9 days