A Zero‑Trust Compliance Architecture for LLM‑Integrated Pharmaceutical IT Systems: Securing AI‑Assisted Workflows with Data Integrity and Regulatory Controls
DOI:
https://doi.org/10.22399/ijcesen.4979Keywords:
Zero Trust LLM Security, Pharmaceutical AI Compliance, GxP AI Integration, LLM Data Integrity ALCOA, AI Governance Pharmaceutical QualityAbstract
LLMs are being used in regulated pharmaceutical IT workflows for standard operating procedure (SOP) generation, deviation triage and Corrective and Preventive Action (CAPA) writing, but this is complicated by stochastic responses and susceptibility to prompt injection along with issues of data integrity, role-based access control and auditability. This paper proposes the Zero‑Trust Compliance Architecture (ZT-LLM-COMPASS) for this zero-trust setting, where every model invocation, context retrieval, tool invocation, and artifact generation is treated as a potential attacker payload. ZT-LLM-COMPASS incorporates four LLM Security Planes: fine-grained authorization via Identity & Policy Enforcement Plane, prompt firewalls and controlled retrieval via Prompt & Context Security Plane, least-privileged permissions on function calls via Tool Sandbox, and tamper-obvious audit packages via Evidence Plane. Human-in-the-loop verification gates ensure that the LLM can only propose and never commit regulated records. Adversarial evaluation demonstrates that the design is strong against injection attacks, leakage, and auditing challenges, enabling high AI productivity while retaining regulatory compliance.
References
1. Anjaneyulu Muppalla, et al., "Artificial Intelligence in Regulatory Compliance: Transforming Pharmaceutical and Healthcare Documentation," International Journal of Drug Regulatory Affairs, 2025. Available: https://www.ijdra.com/index.php/journal/article/view/764/407
2. Kevin Young, et al., "AI-Enhanced Zero Trust Architecture for Enterprise Systems," ResearchGate, 2025. Available: https://www.researchgate.net/publication/397880920_AI-Enhanced_Zero_Trust_Architecture_for_Enterprise_Systems
3. Zihan Zhu, "Intelligent information management enables quality-by-design in pharmaceutical production," Scientific Reports, 2025. Available: https://www.nature.com/articles/s41598-025-27879-w
4. Martin Haimerl and Christoph Reich, "Risk-based evaluation of machine learning-based classification methods used for medical devices," BMC Medical Informatics and Decision Making, 2025. Available: https://link.springer.com/article/10.1186/s12911-025-02909-9
5. Ananya Goswami, "The Architecture of Generative AI Systems: What Enterprises Must Know," BigStep, 2025. https://bigsteptech.com/blog/generative-ai-enterprise-architecture-guide-2025
6. Kampanart Huanbutta, et al., "Artificial intelligence-driven pharmaceutical industry: A paradigm shift in drug discovery, formulation development, manufacturing, quality control, and post-market surveillance," European Journal of Pharmaceutical Sciences, 2024. Available: https://www.sciencedirect.com/science/article/pii/S0928098724002513
7. Intuition Labs, "Custom Pharma Software Design: A GxP Compliance Guide." Available: https://intuitionlabs.ai/articles/custom-pharmaceutical-software-design
8. Kavitha Palaniappan, et al., "Global Regulatory Frameworks for the Use of Artificial Intelligence (AI) in the Healthcare Services Sector," Healthcare (Basel), 2024. Available: https://pmc.ncbi.nlm.nih.gov/articles/PMC10930608/
9. David B Isaacks and Andrew A Borkowski, "Implementing Trustworthy AI in VA High Reliability Health Care Organizations," Fed Pract, 2024. Available: https://pmc.ncbi.nlm.nih.gov/articles/PMC11147434/
10. Jakob Mökander, et, "Challenges and best practices in corporate AI governance: Lessons from the biopharmaceutical industry," Front Comput Sci, 2022. Available: https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2022.1068361/full
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
