Meta: Learn how to add a new vertical to QAtrial by creating vertical templates, mapping the domain in the registry, and selecting the right risk taxonomy.
Why Verticals Matter
A pharmaceutical company validating a manufacturing execution system and a medical device company performing design verification are both doing regulated quality work. They may even use the same terminology — requirements, tests, risk assessments, CAPA. But the regulatory frameworks they operate under are fundamentally different.
New Vertical
| Vertical ID | Display Name | Risk Taxonomy | Primary Standards | Templates |
|---|---|---|---|---|
| pharma | Pharmaceuticals | ICH Q9 | 21 CFR 210/211 · ICH Q7/Q10 · EU GMP Annex 11 | ✓ Done |
| biotech | Biotechnology | ICH Q9 | 21 CFR Part 600 · ICH Q5A–Q5E | ✓ Done |
| medical_devices | Medical Devices | ISO 14971 | QMSR/21 CFR 820 · ISO 13485 · IEC 62304 · ISO 14971 | ✓ Done |
| cro | CRO / Clinical Research | ICH Q9 | ICH E6(R3) · 21 CFR Part 58 | ✓ Done |
| clinical_lab | Clinical Laboratories | FMEA | CLIA · CAP · ISO 15189 | ✓ Done |
| software_it | Software & IT (GAMP/CSV) | GAMP 5 | 21 CFR Part 11 · EU Annex 11 · GAMP 5 2nd Ed | ✓ Done |
| aerospace | Aerospace | FMEA | AS9100D · DO-178C · DO-254 · EASA Part 21 | ✓ Done |
| logistics | Logistics / GDP | FMEA | WHO GDP · EU GDP · FDA DSCSA | ✓ Done |
| cosmetics | Cosmetics / Chemical | Generic | ISO 22716 · OECD GLP · REACH | Open → |
| chemical_env | Chemical / Environmental | FMEA | REACH · CLP · TSCA · ISO 14001 · ISO 45001 | Open → |
{vertical}-{topic}. Stable ID for deduplication when vertical + country templates compose together.verticals/food/common or verticals/food/software.ISO 22000 §7.4 — not “applicable food safety standard.”food → verticals/food/verticals.food.nameverticals.food.focusfmeatemplateId — if the same requirement would be added twice (from country + vertical overlap), the duplicate is silently dropped.Pharmaceutical GMP requires ICH Q7 compliance, process validation under 21 CFR 211, and quality risk management per ICH Q9. Medical device quality systems require ISO 13485 compliance, design controls under the QMSR (formerly 21 CFR 820), and risk management per ISO 14971. The risk taxonomies differ. The submission formats differ. The audit expectations differ.
QAtrial handles this through industry verticals. Each vertical encodes the regulatory reality of a specific GxP domain: the applicable standards, the risk taxonomy, the template requirements and tests, and the terminology. The same platform serves all verticals, but the content adapts to the domain.
This means the pharma team sees requirements referencing ICH Q7 and 21 CFR 211, while the device team sees requirements referencing ISO 13485 and ISO 14971 — all within the same application, using the same dashboard, audit trail, and reporting engine.
Rapidesign Electro-Logic Symbol Template, 1 Each (R308)
Features various sizes of AND/OR gate and inverter symbols
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Current Verticals
QAtrial defines 10 industry verticals:
| Vertical ID | Display Name | Risk Taxonomy | Primary Standards |
|---|---|---|---|
pharma | Pharmaceuticals | ICH Q9 | FDA 21 CFR 210/211, ICH Q7/Q10, EU GMP Annex 11 |
biotech | Biotechnology | ICH Q9 | 21 CFR Part 600, ICH Q5A-E |
medical_devices | Medical Devices | ISO 14971 | QMSR/21 CFR 820, ISO 13485, IEC 62304, ISO 14971 |
cro | CRO / Clinical Research | ICH Q9 | ICH E6(R3), 21 CFR Part 58 |
clinical_lab | Clinical Laboratories | FMEA | CLIA, CAP, ISO 15189 |
logistics | Logistics / GDP | FMEA | WHO GDP, EU GDP, FDA DSCSA |
software_it | Software & IT (GAMP/CSV) | GAMP 5 | 21 CFR Part 11, EU Annex 11, GAMP 5 2nd Ed |
cosmetics | Cosmetics / Chemical | Generic | ISO 22716, OECD GLP, REACH |
aerospace | Aerospace | FMEA | AS9100D, DO-178C, DO-254, EASA Part 21 |
chemical_env | Chemical / Environmental | FMEA | REACH, CLP, TSCA, ISO 14001, ISO 45001 |
Of these 10, 8 have base templates with requirements and tests. Adding templates for the remaining verticals — or adding an entirely new vertical — is a valuable contribution.
Executive Regulatory & Compliance Dashboards: Templates, Scorecards & Workbooks for Regulatory Compliance Program Management: Templates, Scorecards & … (Executive Project Governance Series)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Where Vertical Templates Live
Vertical templates are TypeScript files organized under src/templates/verticals/:
src/templates/verticals/
pharma/
common.ts # Core pharma requirements and tests
software.ts # Pharma + software project type specifics
quality-system.ts # Pharma + QMS project type specifics
medical_devices/
common.ts # Core device requirements and tests
software_it/
common.ts # GAMP 5 / CSV requirements and tests
...Each vertical has a common.ts file that contains the core requirements and tests for that domain. Optional additional files provide project-type-specific content (e.g., software.ts adds requirements specific to software projects within that vertical).
Computer Systems Validation: Quality Assurance, Risk Management, and Regulatory Compliance for Pharmaceutical and Healthcare Companies
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Step 1: Create the Vertical Common Template
Create a new directory and file at src/templates/verticals/{id}/common.ts.
Real example: Adding a “food” vertical for food safety
The food industry operates under standards including ISO 22000 (Food Safety Management Systems), HACCP (Hazard Analysis and Critical Control Points), FSSC 22000 (Food Safety System Certification), and FSMA (FDA Food Safety Modernization Act for US-based operations).
// src/templates/verticals/food/common.ts
import type { VerticalTemplateSet } from '../../types';
export const templateSet: VerticalTemplateSet = {
verticalId: 'food',
requirements: [
{
templateId: 'food-haccp-plan',
source: 'verticals/food/common',
title: 'HACCP Plan Implementation',
description: 'A documented HACCP plan shall be established, implemented, and maintained in accordance with Codex Alimentarius HACCP principles. The plan shall include hazard analysis, identification of critical control points (CCPs), establishment of critical limits, monitoring procedures, corrective actions, verification procedures, and record-keeping.',
category: 'Food Safety',
tags: ['haccp', 'food-safety', 'hazard-analysis', 'ccp'],
riskLevel: 'critical',
regulatoryRef: 'Codex Alimentarius HACCP / ISO 22000 §7',
},
{
templateId: 'food-iso22000-fsms',
source: 'verticals/food/common',
title: 'ISO 22000 Food Safety Management System',
description: 'The organization shall establish, implement, maintain, and update a food safety management system (FSMS) in accordance with ISO 22000:2018. The FSMS shall address organizational context, leadership, planning, support, operation, performance evaluation, and improvement.',
category: 'Management System',
tags: ['iso-22000', 'fsms', 'food-safety-management'],
riskLevel: 'high',
regulatoryRef: 'ISO 22000:2018',
},
{
templateId: 'food-prerequisite-programs',
source: 'verticals/food/common',
title: 'Prerequisite Programs (PRPs)',
description: 'Prerequisite programs shall be established to maintain the hygienic conditions necessary for food safety. PRPs shall address facility layout, equipment maintenance, pest control, cleaning and sanitation, personnel hygiene, water and air quality, waste management, and supplier control, in accordance with ISO/TS 22002-1.',
category: 'Food Safety',
tags: ['prp', 'prerequisite-programs', 'hygiene', 'sanitation'],
riskLevel: 'high',
regulatoryRef: 'ISO/TS 22002-1',
},
{
templateId: 'food-traceability-recall',
source: 'verticals/food/common',
title: 'Traceability and Recall Procedures',
description: 'The organization shall establish and maintain a traceability system that enables identification of incoming materials, processing steps, and distribution of finished products. A documented recall procedure shall enable effective withdrawal of products from the market within regulatory timeframes.',
category: 'Traceability',
tags: ['traceability', 'recall', 'withdrawal', 'lot-tracking'],
riskLevel: 'critical',
regulatoryRef: 'ISO 22000 §8.3 / EU Regulation 178/2002 Art. 18',
},
{
templateId: 'food-allergen-management',
source: 'verticals/food/common',
title: 'Allergen Management Program',
description: 'An allergen management program shall be established to prevent unintended allergen presence in food products. The program shall address allergen identification, segregation, cleaning validation, labeling verification, and cross-contact prevention.',
category: 'Food Safety',
tags: ['allergen', 'allergen-management', 'cross-contact', 'labeling'],
riskLevel: 'high',
regulatoryRef: 'FSSC 22000 Additional Requirement 2.5.6',
},
{
templateId: 'food-fssc-certification',
source: 'verticals/food/common',
title: 'FSSC 22000 Certification Requirements',
description: 'The food safety management system shall meet FSSC 22000 certification requirements, including ISO 22000, sector-specific PRPs (ISO/TS 22002-1 or equivalent), and FSSC additional requirements covering food defense, food fraud prevention, allergen management, and environmental monitoring.',
category: 'Certification',
tags: ['fssc-22000', 'certification', 'food-defense', 'food-fraud'],
riskLevel: 'medium',
regulatoryRef: 'FSSC 22000 v6',
},
],
tests: [
{
templateId: 'food-test-haccp-ccp-monitoring',
source: 'verticals/food/common',
title: 'Verify HACCP Critical Control Point Monitoring',
description: 'Confirm that all identified critical control points (CCPs) have defined critical limits, monitoring procedures at prescribed frequencies, and documented corrective actions when critical limits are exceeded. Verify monitoring records are complete and current.',
category: 'Food Safety',
tags: ['haccp', 'ccp', 'monitoring'],
linkedReqTags: ['haccp', 'ccp'],
},
{
templateId: 'food-test-traceability-exercise',
source: 'verticals/food/common',
title: 'Verify Traceability System Effectiveness',
description: 'Conduct a mock traceability exercise: select a finished product lot, trace backward to all incoming materials and processing steps, and trace forward to all distribution points. Confirm the exercise can be completed within the regulatory timeframe (typically 4 hours).',
category: 'Traceability',
tags: ['traceability', 'recall', 'mock-recall'],
linkedReqTags: ['traceability', 'recall'],
},
{
templateId: 'food-test-allergen-controls',
source: 'verticals/food/common',
title: 'Verify Allergen Control Measures',
description: 'Confirm that allergen segregation controls are in place, cleaning validation for allergen removal has been performed and documented, and product labels accurately reflect allergen content including precautionary statements.',
category: 'Food Safety',
tags: ['allergen', 'cleaning-validation'],
linkedReqTags: ['allergen', 'allergen-management'],
},
{
templateId: 'food-test-prp-implementation',
source: 'verticals/food/common',
title: 'Verify Prerequisite Program Implementation',
description: 'Audit a sample of prerequisite programs (pest control, sanitation, personnel hygiene) to confirm they are documented, implemented, monitored, and verified. Check records for the past 90 days.',
category: 'Food Safety',
tags: ['prp', 'sanitation', 'hygiene'],
linkedReqTags: ['prp', 'prerequisite-programs'],
},
],
};
export default templateSet;
Pharmaceutical Computer Systems Validation: Quality Assurance, Risk Management and Regulatory Compliance (Drugs and the Pharmaceutical Sciences)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Step 2: Add to VERTICAL_DEFINITIONS
In src/templates/registry.ts, add an entry to the VERTICAL_DEFINITIONS array:
{
id: 'food',
name: 'verticals.food.name',
focusKey: 'verticals.food.focus',
icon: 'UtensilsCrossed', // Lucide icon name
riskTaxonomy: 'fmea',
primaryStandards: [
'ISO 22000:2018 (FSMS)',
'Codex Alimentarius HACCP',
'FSSC 22000',
'ISO/TS 22002-1 (PRPs)',
],
},Fields explained:
- id: A unique lowercase identifier. This is used in file paths, code references, and the
IndustryVerticaltype. - name: The i18n translation key for the vertical’s display name.
- focusKey: The i18n key for a short description of the vertical’s regulatory focus (shown in the wizard).
- icon: A Lucide React icon name displayed next to the vertical in the wizard. Browse available icons at lucide.dev.
- riskTaxonomy: Which risk taxonomy to use for this vertical (see Step 3).
- primaryStandards: The main regulatory standards for this vertical. Displayed in the wizard and used as context for AI features.
Step 3: Choose the Right Risk Taxonomy
The risk taxonomy determines how risk assessments are framed — the labels for severity levels, the scoring approach, and the regulatory context for AI risk classification. Choose the taxonomy that best matches your vertical’s domain:
| Taxonomy | ID | Best For | Severity Focus |
|---|---|---|---|
| ISO 14971 | iso14971 | Medical devices, diagnostics | Patient safety: negligible injury through death |
| ICH Q9 | ichQ9 | Pharmaceuticals, biotech, clinical research | Product quality and patient safety |
| FMEA | fmea | Aerospace, manufacturing, food, logistics | Process failure: severity x occurrence x detectability |
| GAMP 5 | gamp5 | Software, computerized systems | System impact on GxP processes |
| Generic | generic | General quality management, cosmetics | Basic severity x likelihood |
For the food vertical example, FMEA is the appropriate choice because food safety risk assessment traditionally uses severity, occurrence, and detectability — the same three factors used in FMEA. HACCP hazard analysis is structurally similar to FMEA.
The taxonomy affects:
- How the risk matrix displays severity and likelihood labels
- What context the AI uses when performing risk classification
- What safety classes are available (ISO 14971 has Class I/II/III; GAMP 5 has Categories 1/3/4/5)
Step 4: Add Project-Type Sub-Templates (Optional)
If the vertical has meaningfully different requirements for different project types, create additional template files:
src/templates/verticals/food/quality-system.ts # QMS project: food safety manual, FSMS documentation
src/templates/verticals/food/compliance.ts # Compliance/audit project: GFSI benchmarking, audit prep
src/templates/verticals/food/software.ts # Software project: food traceability system validationEach sub-template follows the same VerticalTemplateSet interface. The template composer loads the common.ts file for every project in the vertical, plus the project-type-specific file if the user selects that project type in the wizard (Step 4).
Sub-templates are optional. For many verticals, the common.ts file provides sufficient coverage. Add sub-templates only when the project type introduces genuinely different regulatory requirements (not just slightly different emphasis).
Step 5: Add Country Overlays Where Needed
If the vertical has country-specific regulatory requirements, add overlay files in the country template directories:
src/templates/regions/us/overlays/food.ts # FDA FSMA specifics for US food safety
src/templates/regions/eu/overlays/food.ts # EU Regulation 852/2004, 178/2002
src/templates/regions/jp/overlays/food.ts # Japan Food Sanitation ActFor the food vertical:
- The US overlay would include FDA Food Safety Modernization Act (FSMA) requirements: preventive controls, HARPC (Hazard Analysis and Risk-Based Preventive Controls), supply chain program, and FSMA produce safety rule.
- The EU overlay would include EU Regulation 852/2004 (General hygiene), Regulation 178/2002 (General food law), and EFSA guidance.
- The Japan overlay would include the Food Sanitation Act and MHLW food safety requirements.
Country overlays are loaded when the user selects both the country and the vertical. They add jurisdiction-specific depth on top of the vertical’s common template.
Step 6: Add Translation Keys
In public/locales/en/common.json and all other locale files, add the vertical’s display name and focus description:
{
"verticals": {
"food": {
"name": "Food Safety",
"focus": "HACCP, ISO 22000, FSSC 22000, FSMA"
}
}
}For German (public/locales/de/common.json):
{
"verticals": {
"food": {
"name": "Lebensmittelsicherheit",
"focus": "HACCP, ISO 22000, FSSC 22000, FSMA"
}
}
}At minimum, add the English translation. Other languages will fall back to English if a translation is missing.
Step 7: Test with the Wizard
After creating all files and updating the registry:
- Run
npm run dev - Click “New Project” to open the setup wizard
- Select any country — verify your new vertical appears in Step 2 if the country’s
availableVerticalsincludes it - Select the new vertical — verify the icon, name, and focus text display correctly
- Continue through the wizard to Step 6 (Preview)
- Verify that the vertical’s common requirements and tests appear
- If you selected a country with an overlay for this vertical, verify the overlay requirements also appear
- Create the project and verify all requirements have correct metadata: titles, descriptions, tags, risk levels, regulatory references
Also verify that:
- The risk taxonomy is correct (check the Risk dashboard for proper severity/likelihood labels)
- AI risk classification uses the right taxonomy context
- Tags are creating proper test-to-requirement linkages
Tips for Writing Useful Templates
Be specific — cite clause numbers. “The system shall comply with ISO 22000” is not useful as a template requirement. “The system shall implement hazard analysis procedures per ISO 22000 §7.4, including hazard identification, hazard assessment, and selection of control measures” is useful.
Use proper tags for linking. Tags are the mechanism by which tests are automatically linked to requirements during project creation. A requirement tagged ['haccp', 'ccp'] will link to a test with linkedReqTags: ['haccp', 'ccp']. Plan your tag taxonomy before writing templates: use consistent, specific tags across requirements and tests.
Set realistic risk levels. Not everything is “critical.” A requirement about documenting allergen management is “high” risk because allergen failures can cause serious harm. A requirement about maintaining FSMS documentation is “medium” because it supports the system without directly preventing food safety incidents. Risk level inflation reduces the signal value of the risk matrix.
Write 5-8 requirements and 3-5 tests per common template. This provides enough substance to be useful without overwhelming a new project with template content. Users can always add more requirements manually.
Final Takeaway
Adding a vertical to QAtrial means encoding a regulated industry’s standards, risk approach, and quality expectations into reusable templates. The process involves creating a common.ts template with requirements and tests, registering the vertical with the appropriate risk taxonomy and primary standards, optionally adding project-type sub-templates and country overlays, and wiring translations.
The template composition system ensures your vertical works automatically with all 37 countries, all 15 quality modules, and all 7 project types. Your domain expertise becomes a reusable asset for every QAtrial user in that industry.
Related Topics
- How to Add a New Country — How country templates compose with vertical templates
- Risk Management — How risk taxonomies affect risk assessment, scoring, and AI classification
- How to Contribute to QAtrial — Overview of all contribution types and where to start
Open a vertical proposal and implement it. Visit github.com/MeyerThorsten/QAtrial, open an issue describing the vertical you want to add, then implement it following the steps in this guide. Vertical templates are among the most impactful contributions because they unlock an entire industry domain for all QAtrial users.
