Download →

Agentic operating system

A formal architecture for regulated agentic workflows.

The Agentic OS is USDM's design system for life sciences AI: a shared vocabulary, layer architecture, data ontology, and control topology that governs how agents work in regulated environments.

Map a workflow with USDM See the platform stack

Operating model

Govern · Prepare · Build · Validate · Scale

Five layers. Every layer is a design decision with its own controls.

Decision rights

Human-owned, evidence-backed.

Compliance posture

Part 11-aligned controls where applicable.

The agentic stack

Every component is a design decision.

An agentic workflow isn't a single system — it's a stack. Each layer has a different owner, a different risk profile, and different controls. Understanding which layer a problem lives in determines how it gets solved.

Governance layer

Human approval gates, audit trails, evidence capture, and change control wrap every workflow. Nothing leaves without a review record.

GxPPart 11CSA/GAMPHuman-in-the-loop

Domain agent layer

Specialized agents scoped to regulated domains: Quality, RA, Clinical, Manufacturing, Safety, Medical Affairs, Cybersecurity, and Corporate Functions.

Bounded tasksApproved sourcesEscalation rules

Orchestration layer

Routes intent to the right tool, manages context and memory, controls prompt logic, and handles fallback and escalation paths.

Intent classificationTool selectionContext window

Model layer

Foundation models handle reasoning, long-document analysis, and structured output generation. Model selection matches task type and risk class.

Claude (Anthropic)Azure OpenAIVertex AIAmazon Bedrock

Data & integration layer

Regulated source systems provide the approved data. Every source is bounded by role, permission, and record type before agents can access it.

QMSRIMCTMSMESSafety DBERPGleanSharePoint

Data ontology

Regulated source systems are the foundation.

Agents are only as good as the data they're allowed to see. USDM maps approved source systems to domain agents before any workflow is built — defining which records each agent can read, retrieve, and reference.

Quality
QMSeQMSDeviationsCAPAAudit findings
Quality Agent
Regulatory
RIMSubmissionsLabelsCommitments
RA Agent
Clinical
CTMSeTMFProtocolsSite trackers
Clinical Agent
Manufacturing
MESBatch recordsEquipment logsQMS
Manufacturing Agent
Safety / PV
Case intakeLiteratureSignal DBFollow-up queue
Safety Agent

Control topology

What the control stack looks like in practice.

Every agentic workflow has a boundary between what the agent can do independently and what requires human authorization. That boundary is explicit, tested, and validated before go-live.

What agents are authorized to do

Useful work inside boundaries.

Classify intake and route work to the right queue.

Retrieve approved source records and cite every claim.

Draft summaries, packets, responses, and follow-up tasks.

Compare records, identify gaps, and escalate exceptions.

Monitor queues, missing evidence, and recurring patterns.

What requires human authorization

No surprise automation.

Approve regulated records or replace required reviewer sign-off.

Make release, disposition, medical, safety, or risk-acceptance decisions.

Invent citations, commitments, dates, or source evidence.

Bypass QMS, RIM, CTMS, MES, PV, or TPRM approval workflows.

Change vendor status, access rights, or controlled records without human approval.

Human-in-the-loop

What human oversight actually looks like in a GxP workflow.

Every USDM agentic workflow follows a 6-step pattern. Automation handles intake and routing; humans own review, disposition, and escalation. The audit trail captures everything.

1

Trigger

External event or system signal initiates the workflow.

automated
2

Agent intake

Classify, retrieve source records, draft output, flag gaps.

automated
3

Human review

Qualified owner reviews, edits, or rejects the draft.

required
4

Agent route

Route the reviewed result to the next system or queue.

automated
5

Final action

Disposition, approval, or escalation — human-owned.

human
6

Audit trail

Prompt + source + output + reviewer captured permanently.

always

Shared vocabulary

A shared vocabulary for architecture review boards.

These six terms define the operating model. When USDM and a regulated organization use the same vocabulary, the validation conversation moves faster.

Intended use

The specific workflow, source systems, and human decision points the agent is designed to support. Scoped before build, not after.

Agent boundary

The set of approved sources, queues, and permission sets the agent can access. Everything outside the boundary is off-limits by design.

Human decision gate

A required review point where a qualified human must approve the output before regulated action proceeds.

Evidence capture

The audit trail of prompts, retrieved sources, outputs, reviewer actions, and version history for each workflow execution.

Change control

Documented process governing updates to prompts, models, logic, or data sources — required before any change goes live.

Validation scope

The test evidence aligned to intended use, risk, data sources, and human decision points — not a validation of the model in the abstract.

Explore further

Domains, platform stack, and governance detail.

Domain specialists

The 8 regulated domain workflows.

Quality, RA, Clinical, Manufacturing, Safety, Medical Affairs, Cybersecurity, and Corporate Functions.

See domain workflows

Platform stack

AWS, Azure, Google Cloud, Glean, and Anthropic.

The infrastructure, model, and search layer that the agentic stack runs on.

See the platform stack

Governance & validation

The eight questions that matter before go-live.

Intended use, human approval gates, validation scope, Part 11-aligned handoffs, and deployment readiness.

See governance detail

Talk to an agentic AI specialist

Design the governed operating model your team needs.

USDM can help define the workflow, the validation scope, and the oversight controls — so the first use case is worth automating and audit-ready from day one.

  • Agentic team design scoped to your domain and regulatory context
  • GxP-validated AI agents with human-in-the-loop controls
  • Audit trails from prompt to approval for every agent action
  • Operates inside your existing systems: QMS, Veeva, ServiceNow, ERP

Start here

Talk to USDM

Tell us which domain or workflow you're trying to accelerate and we'll map a governed path forward.

No spam. Your information is handled in accordance with our Privacy Policy.