Pharma & GMP

HR for pharma and GMP environments

When audits, GMP inspections and regulatory reviews look at the same data, the audit features of an HR system must be reliably documented. lumen.hr supports this with an audit log, role-based access and traceable change records.

Book an audit-focused demo → Sign in

What regulated companies need

Traceability at the database level

Traceable records, unambiguous attribution to people and timestamps, and a traceable representation of changes: lumen.hr supports these requirements with an audit log and a SHA-256 hash chain at the database level.

Append-only audit trail without update rights for existing entries
Pseudonymisation of personal fields based on a defined rule set
Application and database on Hetzner servers in Germany
Audit features supporting requirements from 21 CFR Part 11

Hash chain in action

Every change chained, every manipulation visible

09:02:14 UTC
actor
employee_07
action
clock_in
prev
000000000…0000
hash
8fe91c4a…b57d
09:14:38 UTC
actor
lead_02
action
approve_overtime
prev
8fe91c4a…b57d
hash
2c14aa07…f9e1
12:47:09 UTC
actor
hr_01
action
adjust_booking
prev
2c14aa07…f9e1
hash
d3b72e88…3f02
17:59:57 UTC
actor
employee_07
action
clock_out
prev
d3b72e88…3f02
hash
45cc91b6…71aa

Four demo audit entries. Each contains the SHA-256 hash of the previous one — a changed row breaks the chain.

FAQ — Pharma context

Answers for quality and compliance

The questions pharma and GMP leads ask us most often.

Is lumen.hr 21 CFR Part 11 compliant?
The audit foundations of 21 CFR Part 11 — electronic records, audit trails, access controls — are productively implemented. lumen.hr provides the technical foundation; validation in your specific environment is the customer's responsibility and is performed together with your quality assurance team.
How are GMP audits supported?
lumen.hr supports GMP-related audits with a hash-chain audit log, before/after states, role-based read access for the audit role and exportable audit information. The assessment and validation of your specific setup is performed project-specifically together with your quality assurance team. lumen.hr provides the technical foundation for this.
What happens with GDPR Art. 17 erasure requests?
Erasure requests are reviewed and processed according to the legal requirements. Personal data is deleted insofar as an erasure right exists and no legal retention obligations or other exceptions apply. If certain booking or evidence data must continue to be retained, further processing is restricted accordingly and traceably documented.
Which pharma customers use lumen.hr?
We only publish reference names with the explicit approval of the respective customers. If you would like to learn more about suitable use cases, please use the contact link at the top.

Demo

Talk to us about your compliance requirements

We will show you in an audit-focused demo how lumen.hr supports audit logs, role-based access and traceable change records. We also point out where the limits of the software are and which requirements need to be reviewed on your side.

Book a demo → See audit features