Blog July 3, 2026

One Plant, Many Rulebooks: Why Multi-Industry Compliance Needs a Modular MES

IATF for automotive. GMP for pharma. HACCP for food. IPC for electronics. Every industry audits to a different rulebook — but underneath, they all demand exactly the same thing: prove what happened on your floor. Here's what each standard actually means, why one-size-fits-all systems break on them, and how a modular architecture handles several at once.

Different referees, same game

Think of compliance standards as referees. Football, cricket and hockey have different referees enforcing different rulebooks — but every referee is doing the same fundamental job: watching the game and ruling on what actually happened.

Manufacturing works the same way. An automotive OEM sends an IATF auditor. A drug regulator sends a GMP inspector. A food-safety officer checks your HACCP plan. Each speaks a different language, checks different documents, and can stop your business cold. But strip away the vocabulary and every one of them is asking the identical question: "Can you prove your process did what you say it did?"

That one insight — different rulebooks, same underlying demand — is the key to handling compliance without drowning in it. Let's walk the rulebooks first.

The rulebooks, industry by industry

YOUR PLANT one floor · many auditors AUTOMOTIVE IATF 16949 · PPAP · SPC traceability · process capability · 8D PHARMA GMP · 21 CFR Part 11 · ICH Q7 batch records · data integrity · CAPA FOOD & FMCG FSSAI · HACCP · ISO 22000 CCP monitoring · lot trace · recalls ELECTRONICS IPC-A-610 · ESD S20.20 · RoHS component trace · ESD control · workmanship + cross-industry: ISO 9001 · 14001 · 45001 · 50001 · 27001 every arrow ends in the same demand: evidence
The compliance landscape by industry. A contract manufacturer or diversified Tier-2 plant can face three of these quadrants at once — plus the ISO baseline.

What each rulebook actually means, in one breath each:

IATF 16949 (automotive). The global quality standard OEMs impose on their supply chain. In practice it means: every part traceable to its batch, machine and operator; processes proven statistically capable (SPC); new parts approved through a formal evidence pack (PPAP); and every customer complaint answered with structured problem-solving (8D). Miss it and you don't supply automotive — full stop.

GMP / 21 CFR Part 11 / ICH Q7 (pharma). Good Manufacturing Practice — in India, Schedule M; for exports, WHO-GMP and the US FDA's rules. It demands complete batch records for every lot, electronic records that are attributable, timestamped and tamper-evident (that's Part 11), every deviation investigated and closed (CAPA), and data integrity to the ALCOA+ standard. One missing signature can be the difference between a clean inspection and a warning letter. (We covered how batch records can build themselves in the GMP deep-dive.)

FSSAI / HACCP / ISO 22000 (food & FMCG). Food safety runs on Critical Control Points: identify where hazards can enter (temperature, contamination, foreign bodies), monitor those points continuously, and prove the monitoring happened. Add full lot traceability — because when a recall comes, you have hours, not weeks, to know exactly which batches went where.

IPC / ESD / RoHS (electronics). Workmanship standards (IPC-A-610) define what an acceptable solder joint even is; ESD S20.20 requires proof that static controls were in place while boards were handled; RoHS demands material declarations down the component tree. The theme is component-level traceability: which reel, which oven profile, which operator, which board.

The ISO baseline (everyone). ISO 9001 (quality management), 14001 (environment), 45001 (worker safety), 50001 (energy), 27001 (information security). Most serious plants carry two or more of these on top of their industry rulebook — each with its own surveillance audit cycle.

What all of them secretly share

Read those again and a pattern jumps out. Every standard, whatever the vocabulary, decomposes into the same five demands:

IATF lens GMP lens HACCP lens IPC / ESD lens THE COMMON CORE ① capture what happened, as it happens ② trace every unit to its inputs ③ log & investigate every deviation ④ keep records tamper-evident ⑤ produce audit evidence on demand
Five demands, every standard. The rulebooks are lenses — each one reads the same underlying evidence in its own format and vocabulary.
  • ① Capture reality as it happens — not reconstructed at shift end.
  • ② Trace everything — this unit came from that batch, that machine, that operator, those materials.
  • ③ Handle deviations formally — detect, classify, investigate, close the loop.
  • ④ Keep records trustworthy — timestamped, attributable, tamper-evident.
  • ⑤ Produce evidence on demand — when the auditor arrives, the proof exists already.

The differences between standards are real but they live above this core: what counts as a critical parameter, what format the record takes, how long you retain it, who signs it. IATF wants SPC charts; GMP wants batch records; HACCP wants CCP logs. Same evidence, different paperwork.

Why one-size-fits-all systems break here

Now the architectural point. Most compliance software is built as a monolith around one rulebook — a "GMP system," an "automotive quality suite." That works right up until reality intervenes, and reality intervenes constantly:

Plants straddle industries. A Tier-2 machining shop supplies automotive and industrial customers. A contract manufacturer packs food this quarter and cosmetics next. An electronics EMS builds automotive ECUs — IATF and IPC at once. Which monolith do they buy? Both? Now there are two systems, two data entries, and two versions of the truth — the exact parallel-systems trap that makes auditors suspicious.

Rulebooks change on their own schedules. Schedule M was overhauled in 2024. IATF revisions land on their own cycle. FSSAI notifications arrive mid-year. In a monolith, a regulation update means touching — and revalidating — the whole system. That's why plants run five-year-old compliance software: upgrading is scarier than the audit.

Customers demand more over time. Winning your first pharma-adjacent contract, or your first export customer, shouldn't mean replacing your plant software. But if compliance is welded into a monolith's core, that's exactly what it means.

The conclusion writes itself: compliance logic must be modular — separable from the evidence layer beneath it, so rulebooks can be added, updated or retired one at a time, without disturbing each other or the floor.

The modular answer: one backbone, many packs

PLANT FLOOR machines · sensors · cameras · operators EVIDENCE BACKBONE — captured once, at the source immutable timestamps · full traceability · deviations · audit trail IATF module SPC · PPAP · 8D GMP module batch records · CAPA HACCP module CCP logs · lot trace IPC/ESD module workmanship · ESD OEM audit pack inspection pack FSSAI pack customer QA pack One truth below · one pack per referee above add a certification = snap in a module — the backbone and other modules don't change
The modular compliance architecture. Evidence is captured once at the source; each rulebook gets a snap-in module that interprets that same evidence into its own format.

The architecture has exactly two layers, and the split is the whole point:

The evidence backbone does the five common-core jobs — capture at source, trace everything, log deviations, keep records tamper-evident, retrieve on demand. It's rulebook-agnostic, because reality is rulebook-agnostic. A temperature reading doesn't know whether it will one day be GMP evidence or HACCP evidence. It just needs to be true, timestamped, and attributable.

Compliance modules sit on top, one per rulebook. Each module knows its standard's vocabulary and paperwork: the GMP module assembles batch records and routes CAPA workflows; the IATF module watches SPC limits and compiles PPAP evidence; the HACCP module monitors critical control points and keeps recall-ready lot genealogy; the IPC/ESD module ties workmanship checks and static-control logs to each board. Every module reads the same backbone — no duplicate capture, no parallel systems, no divergence.

And because modules are independent: when Schedule M changes, you update the GMP module — the IATF module doesn't even notice. When you win your first automotive customer, you add the IATF module — nothing gets reimplemented. When an auditor arrives, their pack generates from evidence that was accumulating all along.

The cheat sheet: standard → demand → module output

StandardIndustryWhat it really demandsWhat the module produces
IATF 16949AutomotivePart-level traceability, capable processes, formal approvalsSPC charts, PPAP evidence, 8D reports, trace queries
GMP / Part 11PharmaComplete batch records, data integrity, closed-loop deviationsAuto-generated batch records, CAPA trail, one-click audit pack
FSSAI / HACCPFood & FMCGContinuous CCP monitoring, lot genealogy, recall readinessCCP logs with alerts, lot-to-shipment trace, recall report in minutes
IPC / ESD S20.20ElectronicsWorkmanship acceptance, static-control proof, component tracePer-board build history, ESD compliance log, reel-level trace
ISO 9001 / 14001 / 45001 / 50001EveryoneManaged quality, environment, safety, energy — with recordsKPI evidence, incident logs, energy baselines from the same backbone

How wiseDo runs this

This two-layer architecture is exactly how wiseDo is built — it's the same modularity we've described for capability rollout, applied to compliance:

The backbone is the product's core. wiseDo captures floor reality at the source — from the sensors, machines, and cameras you already have — with immutable timestamps and full genealogy. That satisfies the five common-core demands once, for every current and future rulebook. Your ERP stays the system of record for the business; the backbone is the system of evidence for the floor.

Compliance packs are modules you enable. Running a pharma line? Enable the GMP pack and batch records assemble themselves as production runs. Adding an automotive customer next year? Enable the IATF pack — it starts interpreting the same backbone, historically and forward. Nothing is ripped out, nothing re-entered, nothing revalidated below the module line.

Multiple packs run side by side. A plant running food and cosmetics lines, or automotive and industrial parts, carries several packs against one backbone — one truth below, one pack per referee above. And because agents watch the same backbone, deviations get caught and classified in real time, not discovered during audit prep.

One honest note, because compliance deserves honesty: wiseDo doesn't make you certified — audits, quality systems and discipline do. What it removes is the part that burns your team: the evidence scramble. The proof exists the moment the auditor asks, in the format their rulebook expects.


Facing more than one rulebook?

If your plant carries two or more of the standards above — or is about to add one for a new customer — a floor walk will show you exactly which evidence you're already generating, which you're reconstructing by hand, and what a modular setup would look like on your lines.

Book a free floor walk, or read how batch records auto-generate for the deepest of the rulebooks.

wiseDo

wiseDo Technology

Building agentic MES for manufacturing

Field Notes

Plant-floor intelligence, in your inbox.

Practical writing on MES, OEE recovery and agentic systems — for the people who run the line. One email when there's something worth your time. No drip campaigns.

Straight to Substack. No spam, unsubscribe anytime.