runbookify
← All plans
Compliance, Quality & Risk / Certification & License Renewal Tracking

Customer-Required Compliance Certificate Tracker: Never Lose a Contract to a Lapsed Cert

Map which customer and contract requires which certification (ISO, SOC 2, food-safety, insurance), track expiry and surveillance audits, and get reminders early — with the compliance owner confirming each recertification before the customer-facing status updates.

IntermediateA weekendBuilds onNext.jsSupabaseResend
What you'll build

A web tool where you import your held certifications and your customer/contract requirements, the tool maps coverage and flags which certs are at risk and exactly which customers are affected, Resend sends audit and renewal reminders, the compliance owner confirms each recertification, and you export both a cert register and a customer-impact view.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A Supabase account (free)
  • A Vercel account (free)
  • A Resend account (free)
  • A list of certifications you hold (type, body, expiry, next audit)
  • A customer/contract-to-required-cert mapping (CSV or Google Sheet)
  • Claude Code or any AI coding agent

The problem this kills

Your biggest customers don't just want your product — they want proof you still hold the certifications their contract demands. ISO 9001, ISO 27001, SOC 2, a food-safety scheme, a supplier scorecard threshold, your own certificate of insurance. Each one has an expiry date, and most also have a surveillance audit months before expiry that you have to pass to keep the certificate alive.

The danger isn't usually a cert you forgot existed. It's the one you knew about but lost track of: the surveillance audit that crept up while everyone was busy, the certificate that expired three weeks before a customer's annual vendor review, the insurance cert that renewed but nobody sent the new copy to the five customers who require it on file. One lapse, and a customer can suspend orders or quietly move you off their approved-supplier list. You don't need to be a developer to stop that from happening.

What you'll build

A simple internal web tool. You import two things: the certifications you hold (type, issuing body, certificate number, expiry date, next surveillance audit) and a customer/contract-to-required-cert mapping (which customer and which contract requires which certification, and any minimum scope or version). The tool maps coverage so you can see, for every customer, whether you currently satisfy every cert their contract demands — and the reverse: for any single certificate, exactly which customers and contracts you'd put at risk if it lapsed. It flags certs that are at risk (expiring soon, or with a surveillance audit due) and shows the contract impact of each one. Resend sends reminders ahead of audits and renewals. When a cert is renewed, the compliance owner reviews and confirms the recertification before the customer-facing status flips to green. You export a clean cert register and a customer-impact view whenever you need them.

What's inside the Implementation Plan

The downloadable plan is a step-by-step file you paste into an AI coding agent. It opens by interviewing you about your business — which certifications you actually hold, how your team names cert types and bodies, where the customer requirements live today (a spreadsheet, a contract folder, your CRM), how far ahead you need to be warned for an audit versus a renewal, who is allowed to confirm a recertification, and the messy edge cases like a cert that covers only one site or one product line — and then it tailors the data model, the coverage rules, the reminder lead times, and every later step to your answers. This is not a generic template; the agent reflects a short spec back to you and waits for your thumbs-up before it builds anything. From there it walks the agent through importing your certs, importing the customer requirements, computing coverage and risk, the at-risk and customer-impact views, the reminder emails, the owner confirmation gate, and the two CSV exports — each step with a ready-to-copy prompt. There's also a fallback so you can build the whole thing today even with no API to your CRM or document system.

The governance it includes (this is the point)

This is contract-critical record-keeping, so it ships with the controls a compliance function needs: login so only your team can use it, row-level security so you only ever see your own organization's certs and customers, a complete audit trail of who confirmed which recertification and when, a hard human-approval gate so a renewed certificate's customer-facing status doesn't go green until the compliance owner confirms it, and duplicate guards keyed on certification ID so the same certificate can't be loaded or confirmed twice. At-risk certs and the customers they affect are surfaced for action, not silently buried.

Who it's for

Account managers, compliance leads, and quality managers who must keep certifications current as a condition of holding key contracts — and who are tired of a fragile spreadsheet that nobody trusts on the day a customer asks. If you can describe which customer needs which certificate, you can build this.

You've got this — start with the plan, paste the first prompt, answer the interview, and you'll see your coverage-and-risk view take shape the same afternoon.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.