HQ Cortex

Compliance

HQ Cortex is built for regulated product manufacturers. This page tracks, in public, where we stand on the regulations and standards our customers operate under — cGMP for dietary supplements, FDA 21 CFR Part 11, NSF/ANSI 455-2, DSHEA, ISO 27001, SOC 2, GAMP 5, USP <797>/<800>, and HIPAA.

Each requirement is color-coded green (we support it today), yellow (partial or in progress), or red (not yet planned). We err toward yellow or red unless a reviewable mechanism exists in the product.

Status legend

  • SupportedWe can do this today.
  • In progressPartially in place or actively in development.
  • Not yet plannedNot yet started or not in scope.

cGMP for Dietary Supplements (21 CFR Part 111)

Core regime

Current Good Manufacturing Practice requirements for manufacturing, packaging, labeling, or holding dietary supplements.

11 supported13 in progress3 not yet planned27 requirements tracked

FDA 21 CFR Part 11 — Electronic Records & Signatures

Core regime

Trustworthy electronic records and signatures equivalent to handwritten signatures and paper records.

8 supported13 in progress4 not yet planned25 requirements tracked

NSF/ANSI 455-2 — GMP for Dietary Supplements

Core regime

Retailer-driven third-party GMP standard built on top of 21 CFR Part 111.

1 supported2 in progress2 not yet planned5 requirements tracked

DSHEA — Dietary Supplement Labeling & Claims

Core regime

Structure/function claim rules, mandatory disclaimer, and 30-day post-market notification under DSHEA.

1 supported2 in progress3 not yet planned6 requirements tracked

ISO/IEC 27001:2022 — Information Security

Advisory

Information Security Management System covering 93 Annex A controls across organizational, people, physical, and technological themes.

2 supported9 in progress3 not yet planned14 requirements tracked

SOC 2 Type II — Trust Services Criteria

Advisory

AICPA Trust Services Criteria for Security, Availability, Confidentiality, Processing Integrity, and Privacy.

4 supported7 in progress1 not yet planned12 requirements tracked

GAMP 5 (2nd Edition) — Computerized System Validation

Advisory

ISPE's risk-based approach to validating computerized systems used in regulated GxP environments.

1 supported4 in progress4 not yet planned9 requirements tracked

USP <797> & <800> — Sterile and Hazardous Compounding

Opt-in module

Pharmacy compounding standards for sterile preparations and hazardous drugs (only applies to compounding-pharmacy customers).

0 supported2 in progress6 not yet planned8 requirements tracked

HIPAA — Generally Not Applicable

Advisory

HIPAA does not apply to HQ Cortex's default product because we do not handle Protected Health Information.

1 supported0 in progress1 not yet planned2 requirements tracked

A note on honesty

Compliance pages are a temptation to overstate. We try to do the opposite: an item is only marked green when there is a specific, reviewable mechanism in the product — something you can see, query, or export. Where the controls actually come from our infrastructure providers (Vercel, PlanetScale, Clerk, Upstash), we say so rather than claim them as our own. If you find a status that overstates reality, please tell us through the support channel for your workspace.

Security overview·Validation hub·Status·Contact