01 / CHANGE
Model-change evidence
Version, policy, threshold, and deployment context tied to the behavior that changed. PCCP-ready.
FDA · “What changed in the model since clearance?”
Regulated clinical AI
Glacis helps clinical AI teams generate runtime evidence for PCCP-ready change records, post-market monitoring, drift review, model-change records, and control-execution proof — without moving sensitive clinical data out of their infrastructure.
Or read the PCCP & runtime evidence guide →
Why now
AI medical products change, drift, touch clinical workflows, and generate outputs that reviewers and health-system buyers will question. Screenshots and retrospective logs are weak evidence when the important question is whether the right controls ran at the right time.
Glacis turns consequential runtime events into signed receipts, then assembles those receipts into evidence packs for regulatory review, PCCP updates, post-market monitoring, and internal quality review.
What gets instrumented
Each consequential event in the lifecycle — change, control execution, drift, post-market signal — emits a signed receipt that maps to your PCCP and post-market plan.
01 / CHANGE
Version, policy, threshold, and deployment context tied to the behavior that changed. PCCP-ready.
FDA · “What changed in the model since clearance?”
02 / CONTROL
Which guardrail, review rule, redaction, escalation, or block executed at decision time.
FDA · “Did the safety boundary fire on edge cases?”
03 / DRIFT
Operational patterns that show where performance, population, or workflow behavior is moving.
FDA · “Is real-world performance still inside the envelope?”
04 / POST-MARKET
Receipts that support lifecycle management, health-system review, and audit readiness.
FDA · “Where is the post-market evidence?”
Receipts first. Packs second.
Receipts are generated at runtime — not in a document created after the fact. Evidence packs are assembled from receipts. The distinction keeps the evidence grounded in what the system actually did.
import { attest } from '@glacis/runtime'; const receipt = await attest({ workflow: 'cdss.recommend', policy: 'pccp.threshold.v3', decision: 'ESCALATE', rules: ['review.threshold'], }); // → signed OVERT receipt; PHI never leaves
Sensitive environments
Glacis runs inside your infrastructure. Local controls generate signed receipts that controls executed and behavior stayed within boundaries — without moving clinical payloads.
Observe, allow, block, redact, escalate, or require review at the AI boundary — executed inside your stack.
Every consequential decision can carry tamper-evident proof of what ran and which boundary held.
Hashes, signatures, and verification metadata travel for review — without prompts, outputs, PHI, customer data, code, credentials, or proprietary context leaving your stack.
Sprint route
Clinical AI products carry agentic surface too — ambient scribes, clinical chatbots, decision-support copilots, and tool-calling workflows all sit inside the same prompt-injection and tool-misuse threat model as horizontal agents.
The Sprint is a fixed-scope way to map that surface and stand up the runtime evidence behind it. Outputs feed change records, post-market monitoring, and drift review.
Related guides
We’ll map the runtime evidence your clinical AI product needs for change records, post-market monitoring, drift review, and control-execution proof — without prompts, outputs, PHI, customer data, code, credentials, or proprietary context leaving your stack.