Owner: Robert Taylor (Eng) · Department: Engineering · Status: Live · Version: 1.0
Effective Date: 2026-06-13 · Last Reviewed: 2026-06-13 · Next Review Date: 2026-09-13
Source of Truth: code audits + gap registry · Maturity: 4 (Operational)
Does each platform gap prevent execution of a documented workflow? Cross-references the Platform Gap Registry.
| Gap | Sev | Prevents execution? | Affected workflows |
|---|---|---|---|
| #1 Recall doesn't auto-delist | P0 | NO (manual workaround) | Recall execution — delist is a manual step |
| #2 No delivery age-verification | P0 | YES for compliant delivery | Delivery handoff (no documented manual gate either) |
| #3 Go-live not enforced | P0 | NO (advisory) | Vendor activation — gate is manual |
| #4 KYC verified/CLEAR bug | P0 | YES | Vendor activation — go-live may never clear |
| #5 RLS inert | P1 | NO (per-route filters) | All vendor-scoped reads (latent risk) |
| #6 RBAC display-only | P1 | NO (works, unsafe) | Recall/POS authorization |
| #7 COA expiry not enforced | P1 | NO | COA review / product compliance |
| #8 Seal revoke no write-path | P1 | YES (eng escalation only) | Seal revocation |
| #12 Label compliance unwired | P2 | YES for label validation | OCR Label Validation deliverable |
| #13 No complaints/CAPA | P2 | YES for complaint handling | Customer support / §300.208 |
| #14 Legal-hold absent | P2 | YES for legal hold | Legal hold (manual only) |
5 gaps actually block execution (#2, #4, #8, #13, and label #12). The rest have manual workarounds or are latent risks. None is a documentation problem — all are engineering, tracked in the gap registry with owners.
Program Closeout · Platform Gap Registry · Operational Readiness Audit · Home