Frequently Asked Questions

Answers on compliance, standards, and security.

How Astraea handles FDA 21 CFR Part 11, CDISC SDTM/ADaM automation, data security, and the human-in-the-loop workflows behind 99%+ precision.

FAQ

Compliance, standards, and security — answered.

The questions clinical sponsors, CROs, and biometrics teams ask most about running regulated work on Astraea.

FDA 21 CFR Part 11 Compliance

Is Astraea designed to support 21 CFR Part 11 compliance?
Yes. Astraea is built around 21 CFR Part 11 as a design constraint, not a retrofit. The platform provides the controls Part 11 expects for records and signatures that FDA relies on — computer-generated audit trails, access controls, system validation, record retention, and linked electronic signatures — so the electronic records it produces stay trustworthy, traceable, and inspection-ready.
How does Astraea handle audit trails?
Every action the platform takes is logged, time-stamped, and attributable to a specific user or agent. Audit trails capture data creation, modification, and deletion for critical fields, are retained as permanent records, and cannot be altered after the fact. Because audit readiness is a property of the system rather than a manual reconstruction, you can produce audit-trail extracts on demand during monitoring or inspections.
How are electronic signatures handled?
Signed electronic records carry the printed name of the signer, the date and time the signature was executed, and the meaning of the signature (for example, authorship or approval). Signatures are cryptographically linked to their records so they cannot be excised, copied, or transferred to falsify a record — consistent with the requirements in 21 CFR 11.50 and 11.70.
How does Astraea validate its systems?
Astraea follows a risk-based approach to computerized system validation, aligned with FDA's Part 11 Scope and Application guidance and ICH E6/E8. Validation effort scales with the risk a given function poses to data integrity and patient safety, and validation documentation — including the intended use, controls, and testing evidence — is maintained so it can be demonstrated during an inspection.
How is access to the system controlled?
Access is governed by role-based permissions with logical access controls, so only authorized personnel can view, enter, or modify records, and each person's privileges are recorded and reviewable. This limits who can change data and ties every change back to an identified individual.

CDISC Standards — SDTM & ADaM Automation

Does Astraea automate SDTM mapping?
Yes. Astraea's standards-mapping agents map collected study data into SDTM-conformant domains, applying controlled terminology and domain structure so datasets are consistent and submission-aligned. Mapping is proposed by the platform and confirmed by your team, keeping expert judgment on the critical decisions.
How does Astraea handle ADaM dataset generation?
Astraea derives ADaM analysis datasets from SDTM inputs and the statistical analysis plan, generating traceable analysis variables and preserving the SDTM-to-ADaM lineage that regulators expect. The goal is to compress the biometrics-to-reporting window while keeping every derivation reviewable and reproducible.
Does Astraea produce submission artifacts like define.xml?
Astraea is built to generate the metadata and documentation that accompany CDISC deliverables — including define.xml-style metadata and dataset-level documentation — so your SDTM and ADaM packages arrive standards-conformant and ready for the downstream submission process rather than requiring manual assembly.
Can Astraea work with legacy or non-standard source data?
Yes. Real-world clinical data is rarely pristine. Astraea's annotation and standards agents are designed to reconcile heterogeneous, legacy, and non-standard source formats into CDISC-conformant structures, with human review at the points where interpretation matters most.

Data Security & Privacy

How does Astraea protect our data?
Data is encrypted in transit (TLS) and at rest, protected by role-based access controls, and monitored through continuous logging. Security safeguards such as network controls and access tracking are maintained and updated, and the platform is architected for secure end-to-end handling of the records it processes.
Is Astraea aligned with HIPAA and GDPR?
Yes. Astraea is built around HIPAA and GDPR alongside FDA guidance as design constraints. That means safeguards for protected health information, encryption and access restrictions, data-processing agreements with vendors handling patient data, and support for data-subject rights — so cross-border trials can meet privacy obligations without bolting compliance on afterward.
Is our data used to train your models?
No. Your proprietary study data is used to operate Astraea for your trials, not to train shared or third-party models. Your data remains yours, isolated to your environment and governed by your access controls and agreements.
How do you handle IT service providers and hosting?
Where Astraea relies on infrastructure or IT service providers, those relationships are governed by agreements that carry Part 11 expectations forward — accurate and complete records, access controls, audit trails, and data security and confidentiality — because the sponsor's regulatory responsibility extends to the systems that hold trial records.

99%+ Precision & Human-in-the-Loop

How does Astraea achieve 99%+ precision on validated outputs?
Precision comes from combining a multi-agent AI architecture with mandatory expert review. Astraea's models are grounded in real biometrics work — built with biostatisticians and clinical programmers in the room — and every critical output is checked against automated edit checks and human validation before it is accepted. The 99%+ figure reflects validated outputs: results that have passed both machine and human quality control.
What does human-in-the-loop actually mean in practice?
Astraea executes trial tasks under full human supervision. The platform proposes annotations, mappings, derivations, and compliance actions; qualified people — your biostatisticians, programmers, and reviewers — confirm, correct, or reject them. AI does the heavy, repetitive execution; experts keep authority over every decision that affects data integrity or a submission.
What happens when the AI is uncertain?
Uncertain or ambiguous cases are surfaced for human review rather than pushed through silently. Because every action is logged and versioned, reviewers can see exactly what the system did and why, correct it, and have that correction captured in the audit trail — so the system gets safer and more transparent, not more opaque.
Who is accountable for the final output?
Your team is. Astraea is a clinical co-pilot, not a replacement for regulated roles. The platform accelerates the work and makes it auditable, but sign-off and accountability stay with the qualified professionals your regulatory obligations require.

Getting Started

Who is Astraea built for?
Astraea partners with pharmaceutical sponsors, biotech innovators, CROs, and research institutions — from teams entering first-in-human trials to top-10 global pharma — that want faster, standards-native, audit-ready biometrics and submissions.
How do we get started?
The best first step is a demo tailored to your workflow. We'll walk through how Astraea fits your SDTM/ADaM pipeline, your compliance requirements, and your review process, then scope a path to your first study.

Still have questions?

Talk to the biostatisticians and clinical programmers behind Astraea. We'll walk through compliance, standards, and security against your specific workflow.