Evidence Capture for Regulated Software

Signed evidence for every test. Mapped to every requirement.

Microfilm captures your testers' work and structures it into audit-ready proof — and into actionable context for the developers and AI agents fixing what fails.

Request early access See how it works
Built for
FedRAMP · CMMC · 21 CFR Part 11 · IEC 62304
A signed microfilm
MICROFILM History › TKT-1417
TKT-1417 Build 2.3.1 Signed

Form 1090-EZ submission verification

Briefing Microfilm
Attestation
Mia Nakamura · QA Engineer
May 13, 2026 · 16:42 UTC
7a3f29c1b8e94f1a06d24fc8a3b58e91
TC-417 User can submit Form 1090-EZ with all required fields populated Pass
Validation errors triggered correctly on empty submit.
Walkthrough — confirmation receipt displayed.
TC-418 Form submission fails when fiscal year out of range Fail
"Picker showing 2024 as max — we're in 2026."

The problem

Testing evidence isn't built. It's reconstructed.

01

Evidence lives in screenshots and Slack.

Testing evidence is scattered across Jira comments, screenshots in tickets, manual spreadsheets, and tribal knowledge.

02

Traceability is a spreadsheet maintained by hand.

The RTM is a doc someone rebuilds before each audit, with broken links and stale references.

03

Audits reveal the gaps too late.

Coverage gaps surface during 3PAO review or FDA inspection, not during the work.

Two loops, one record of truth

The same captured work feeds compliance and engineering.

01 The Evidence Loop

For testers, QA leads, and auditors.

Testers, QA leads, and auditors need signed proof that every requirement was verified. Microfilm produces it as a byproduct of the work.

02 The Development Loop

For developers and AI agents.

Developers and AI agents need structured context when something fails. Microfilm delivers it where they already work — Jira tickets, Slack, and a native MCP server for agents.

The same captured evidence serves both. No duplicate work. No drift.

How it works

Five steps, one record per change.

  1. 01

    Connect your existing tools.

    Microfilm reads requirements and test cases from Jira, Linear, or Azure DevOps. No migration.

  2. 02

    Testers capture in one place.

    A lightweight desktop app sits beside the browser. Screen, voice, screenshots, and structured comments are captured against the specific test case being executed.

  3. 03

    Evidence is signed and immutable.

    Every verdict is signed by the tester. The evidence log is append-only and tamper-evident.

  4. 04

    Failures route to developers and agents with full context.

    When a test fails, the linked Jira or Linear ticket gets a structured comment with the requirement, the acceptance criteria, what the tester saw and said, and a link to the evidence. AI coding agents — Claude Code, Cursor, and others — query the same evidence through a native MCP server, so they know exactly what failed, why, and against which acceptance criteria.

  5. 05

    The traceability matrix builds itself.

    Requirements → acceptance criteria → test cases → execution evidence → signatures, exported as an audit package on demand.

Who it's for

Regulated software teams shipping with AI.

Government contractors

Shipping into federal environments under FedRAMP, CMMC, NIST 800-171 / 800-53.

Teams shipping with AI agents

Claude Code, Cursor, and other coding agents fix what testers find. Microfilm gives them the structured context they need — requirement, AC, evidence, prior executions — through a native MCP server. Compliance and AI velocity in the same loop.

Medical device and digital health

IEC 62304, ISO 13485, FDA QMSR, 21 CFR Part 11.

Regulated software generally

Pharma (GAMP 5), aerospace (DO-178C), automotive (ISO 26262), or anyone whose auditors ask for a traceability matrix.

Request access

Tell me about your team.

Microfilm is in early access. I'm working with a small number of teams to make sure it earns its place in your evidence and engineering loops before we open it up.

Regulatory environment