AuditLog.AI logoAuditLog.AI

International Audit Trial · Q2 2026 · CRO Evaluation

Proof-of-Unchanged Post-Export Evidence Verification
Methodology Evaluation

CRO-selected 10-week participation window within Q2 2026 (non-extendable). This page describes a methodology evaluation of Proof-of-Unchanged under real CRO SOPs and governance constraints. No regulatory approval, clearance, or endorsement is claimed or implied.

Disclosure policy: Aggregate-only; no institutional attribution or endorsement.

Canonical references

See also Regulatory Scope and Proof-of-Unchanged.

1. Purpose

Regulatory inspections routinely rely on evidence that has been exported from operational systems and subsequently retained, transformed, or re-used.

After evidence is exported and analyses are completed, how can one prove, rather than assume, that the evidence has not changed?

For CROs, the practical question is whether exported evidence such as eTMF extracts, EDC exports, or database-lock snapshots can be deterministically verified as unchanged at a later inspection timepoint—often months or years after export—when original personnel, systems, or logs may no longer be available and reconstructive investigation is costly or infeasible.

This trial evaluates whether Proof-of-Unchanged can function as a system-independent, institution-agnostic verification primitive applicable to audit contexts under real-world CRO governance conditions.

Track B is observational only and has no bearing on participation, outcomes, or reporting of Track A.

2. Trial design overview

2.1 Design type

  • International, CRO-executed audit trial
  • Fixed 10-week verification window within Q2 2026
  • Non-interventional; no modification to trial conduct
  • No randomization, no blinding, no treatment arms

2.2 Evaluation tracks

Track A: Cryptographic Verification (Primary)
  • Deterministic verification of evidence integrity via dual-hash: SHA-256 and RIPEMD-160(SHA-256)
  • Evidence-set membership verification via Evidence Set Fingerprint (ESF) equivalence
  • Binary outcomes: PASS (Proof-of-Unchanged) or Divergence enumerated
  • Machine-deterministic outputs with human-verifiable audit artefacts (HVT-A)
  • Verification operates across a four-tier reproducibility architecture (per-evidence, per-batch, per-log, per-session), as documented in C12 and related public materials
Track B: Operational Comparison (Optional)
  • Qualitative comparison with baseline SOPs (e.g., time, effort, review scope)
  • Entirely CRO-controlled. By default, no Track B data will be requested, collected, or referenced in any publication.
  • If a CRO elects to voluntarily disclose Track B results, prior written approval is required and disclosure must be CRO-agnostic and system-agnostic (anonymized).

2.3 What CROs actually do during the trial

This audit trial is intentionally use-case agnostic. Participating CROs are not asked to reproduce a predefined workflow, dataset, or protocol. Each CRO applies Proof-of-Unchanged to their own audit reality, under their own SOPs.

  • Verify any post-export evidence already managed (e.g., eTMF exports, EDC snapshots, audit packages)
  • Apply verification at custody boundaries they consider operationally relevant
  • Re-verify after elapsed time, migration, packaging, or SOP-driven transformation
  • Observe whether verification yields Proof-of-Unchanged (PASS) or divergence enumeration that bounds review scope

There is no prescribed workflow, no required dataset, and no expected outcome.

Under real CRO SOPs and governance constraints, can Proof-of-Unchanged be used to deterministically establish whether evidence has changed since export?

CROs may additionally compare against baseline SOPs, analyse public reference material (Ordinal 15 / Mendeley), or perform no comparative analysis at all and treat the trial as a tooling evaluation.

3. What is being verified

Verification applies to exported audit artefacts, not live systems.

  • after export from source systems
  • after database lock
  • before long-term archival or submission

The verification object is the evidence state, not the clinical data itself, the originating platform, or vendor-controlled logs.

4. System characteristics (regulator-relevant)

Zero custody

No raw data, filenames, directory paths, or study metadata leave the CRO environment. Only proof-only artifacts are transmitted or retained by AuditLog.AI:

  • cryptographic digests (.hash, .2ha) derived from evidence bytes
  • public anchoring receipts (Bitcoin TXID, block height)
  • UTC timestamps associated with anchoring events
  • pseudonymous session identifiers (non-reversible meta-IDs) used solely to correlate verification events

No personal identifiers, study identifiers, file names, directory structures, content metadata, or contextual attributes are transmitted, retained, or processed.

Deterministic outcomes

Results are mathematically derived (PASS or divergence enumeration). Proof-of-Unchanged (PASS) requires 100% dual-hash parity at both evidence and membership layers.

Human governance preserved

All critical system actions, particularly anchoring to a public ledger, require explicit operator confirmation under controlled institutional authentication.

Offline verifiability

Verification can be repeated from retained exports without system participation. Independent auditors may recompute hashes using open-source tools without vendor access.

Public time attestation

Session-level cryptographic commitments are blockchain anchored solely to establish existence at time. OpenTimestamps proofs are optionally implemented at the evidence level.

Fail-closed architecture

Runtime execution is governed by compliance enforcement rules, including a 300-second execution threshold. If process integrity constraints are violated, the system rejects the session rather than producing an unreliable result.

For detailed regulatory mapping, see C12 — AuditLog.AI Global Compliance Matrix.

5. Verification outcomes

  • Proof-of-Unchanged (PASS), or
  • deterministic divergence enumeration (informational)
  • human-verifiable audit artefacts (HVT-A)
Interpretation rule (non-accusatory)
  • PASS confirms evidence is provably unchanged.
  • Divergence does not imply error, misconduct, non-compliance, or control failure.
  • Divergence exists solely to bound proportional human review toward the minimal delta set.

PASS reduces reconstructive effort. Divergence bounds reconstructive effort.

Verification establishes integrity facts; interpretation, materiality, and response remain exclusively human and institutional responsibilities.

6. Independent verification options

  • Recompute cryptographic identifiers from retained exports using open-source tools.
  • Verify equivalence or divergence against pre-anchored canonical states.
  • Confirm public blockchain anchors via any Bitcoin explorer using TXID and payload.

Public materials (worked example): Ordinal 15 — Proof-of-Unchanged Zero-Custody Audit Reproducibility Trial.

Zero-custody packets (optional): Mendeley Data: 10.17632/wjj674twb4.1

Analysis dataset (optional): Mendeley Data: 10.17632/fzw4pzkd83.1

Ordinal 15 is a public worked example; it is not the object of the trial itself.

7. Eligibility

  • Contract Research Organizations (CROs)
  • Accredited academic or research institutions

Participants must have custodial responsibility for regulated, inspectable, or compliance-relevant evidence.

8. Participation constraints

  • Registration required; one CRO-selected 10-week window within Q2 2026
  • Induction: single remote session (~60–90 minutes)
  • No PHI/PII ingestion; proof-only, hash-based zero-custody flow
  • No clinical diagnosis/therapy support
  • Append-only verification with immutable cryptographic anchoring

9. Governance and conflicts

  • The protocol originator does not access, retain, or process participant evidence, filenames, or metadata. Only aggregate, non-attributable system-level facts may be collected (e.g., session count, timestamps).
  • No interference with trial conduct; no regulatory submissions are made as part of this trial.
  • Results may be reported only in aggregate, without attribution.
  • No endorsements will be requested or published.
Conflict of interest disclosure

Cardiovascular Diagnostic Audit & AI Pty Ltd (CDA AI) is the developer of the software under evaluation. Participation does not constitute vendor onboarding, procurement evaluation, or commercial engagement, and creates no licensing, purchase, or endorsement obligation.

10. Post-trial disclosure

Only aggregate, non-attributable information that is available under the zero-custody model may be disclosed. By default, this is limited to system-observable facts (e.g., number of registered participants, number of audit sessions executed, timestamps).

Any analysis beyond these aggregates is possible only if a CRO voluntarily elects to disclose such information under its own governance and with explicit written approval.

11. Regulatory and assurance framework references

Detailed clause-level mapping is provided in C12. Referenced frameworks include FDA 21 CFR Part 11, EMA Annex 11, TGA / PIC/S PE 009-17, PCAOB AS 1105 / AS 1215 (incl. AS 1105.10A), and ISA 230 / 500 / 240.

These references reflect methodological alignment and evidence mapping, not regulatory acceptance or certification.

Contact

Dr. Fernando Telles — Fernando.Telles@AuditLog.AI

This page describes a methodology evaluation. It does not constitute regulatory advice, legal opinion, or a determination by any regulatory authority. Final classification and regulatory acceptance rest with the applicable authorities.