Regulatory Training Requirement Matrix

The problem this kills

An auditor points at one employee and asks: "Why does this person need this training, and where's the proof they did it?" You freeze. The answer is buried across a master spreadsheet of rules, a separate roster, a third file of completion dates, and a few emails. Worse, the rules overlap: a nurse in your Ohio site needs different annual trainings than the same role in Texas, and a manufacturing line lead picks up extra OSHA requirements the moment they touch a forklift.

Today most teams maintain this by hand. When someone changes role or location, their required training set silently changes too - and nobody recomputes it until the audit. There's no version history on the rule set, no citation tying each requirement to the regulation that demands it, and no single screen that says "here is who is compliant and who isn't, per requirement, right now."

What you'll build

A small internal web app that holds three things and connects them:

• The requirement matrix - the rules: for each role + location, which trainings are required, how often (the cadence), and the exact regulation citation that justifies each one.
• The roster - your people, with their current role and location.
• Completion records - who completed which training, and when.

From those three, the tool computes each person's required training set, compares it to their completions, and shows a live compliant / non-compliant status per person, per requirement - with the citation right there. When an auditor asks "why?", you point at the screen.

What's inside the Implementation Plan

The plan is a full runbook you paste into an AI coding agent (Claude Code), which then builds the tool with you step by step. You do not need to write code.

• It starts by interviewing you about your business. Before building anything, the plan makes the agent ask about your industry, your roles and locations, how your rules are written, your naming conventions, your volumes, and your messiest exceptions - then tailors the data model and validations to your answers. You get a tool shaped around how you actually work, not a generic template.
• A step-by-step build: database, login, the matrix editor, roster + completions import, the compliance engine, and the audit export.
• A versioned requirement matrix so every rule change is captured with who changed it and when.
• Citation fields on every requirement so audit defensibility is built in, not bolted on.
• A "No API yet?" fallback so you can build the whole thing today from spreadsheets, with a clean CSV export back out.

The governance it includes (this is the point)

This is a compliance tool, so the controls are the product:

• Login so only your team can open it.
• Row-level security so each organization only ever sees its own data.
• A complete audit trail - who changed which rule, who imported what, who approved what, and when.
• A human approval gate - because the matrix encodes legal obligations, the AI only ever drafts proposed changes; the compliance manager reviews and approves before anything becomes the official, active rule set. The same gate covers signing off on the compliance status report before it's used in an audit.
• Duplicate guards so the same rule (role + location + training) or the same completion can't be entered twice.

Who it's for

Compliance managers in regulated industries - healthcare, manufacturing, food, finance - who juggle overlapping regulatory training rules across multiple roles and sites and need to prove, on demand, why each person needs each training and whether they've done it.

You've got this. Paste the first prompt and let the agent interview you.