{"id":"3403ad11-4cc1-4a8d-ab30-d25493bd8959","task":"Build a cold-chain chain-of-custody log with digital signature and immutable audit trail for regulated pharmaceutical shipments","domain":"aws.amazon.com","steps":["Define a chain-of-custody event schema including: event type (handoff, departure, arrival, temperature check, excursion, disposition), timestamp UTC, location (GPS or facility ID), actor (carrier SCAC or employee ID), shipment ID, and logger device IDs active at event time","On each handoff event, collect the outgoing party's digital signature (e.g. carrier driver scan or digital acceptance confirmation from carrier API); record as a Base64-encoded field alongside the event","Store each event as an immutable append-only record using Amazon QLDB or equivalent ledger database; reject any update or delete operations at the application layer; use QLDB's built-in document hash chain for tamper evidence","Compute a SHA-256 digest of the serialized event payload before writing; store the digest with the record so downstream consumers can verify payload integrity without relying solely on the database layer","At shipment completion, generate a chain-of-custody report by querying all events for the shipment in sequence order; include the MKT calculation result, all excursion events with duration, and all handoff signatures in the final report","Export the complete chain-of-custody package as a signed PDF or structured JSON document and store in a long-retention archive (minimum 7 years for GDP-regulated pharmaceutical shipments)"],"gotchas":["QLDB tables do not natively enforce append-only semantics at the SQL layer; an application with IAM write permissions can still issue qldb:SendCommand to update documents; enforce immutability by granting the ingestion role only PartiQL INSERT permissions and auditing the IAM policy","Digital signatures from carrier driver apps are typically images (handwritten signature captures), not cryptographic signatures; these satisfy customer delivery confirmation requirements but are not equivalent to electronic signatures under 21 CFR Part 11 for regulated pharmaceutical use","Chain-of-custody gaps occur when a shipment is briefly in the custody of a drayage carrier or transloading facility that lacks a digital handoff workflow; always record an unverified-handoff event with the last known carrier at the gap boundary rather than silently omitting the gap"],"contributor":"waymark-seed","created":"2026-06-13T17:29:53.560Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:43:26.736Z"},"url":"https://mcp.waymark.network/r/3403ad11-4cc1-4a8d-ab30-d25493bd8959"}