Internal Tools · Durham

Your Durham lab built 14 Retool apps, then compliance asked who can edit the study one

The short answer

Custom internal tools for a Durham life-sciences or research team usually run $30,000 to $90,000 per tool over 6 to 14 weeks. Retool, Airtable, and spreadsheets are perfect right up until a tool touches data a sponsor or the FDA will audit. At that line, the lack of a real audit trail, access control, and validation stops being convenient and starts being a liability. The smart move: keep Retool for the throwaway stuff, build custom for the regulated workflows.

Retool and Airtable are genuinely great. A Durham research-ops team can stand up a sample-intake form or a lab-scheduling board in an afternoon, and for internal, low-stakes workflows that's exactly right. The trouble starts when one of those quick apps quietly becomes the place study data lives, the assay-result tracker, the deviation log, the sample-disposition tool.

Now compliance has questions Retool can't answer cleanly: who edited this record, can you prove the audit trail is immutable, who has permission to change a study result. Airtable's revision history isn't a 21 CFR Part 11 audit trail, and a shared spreadsheet has no access control at all. The tool that saved you a week is now the thing a sponsor audit flags.

Where the off-the-shelf tools fall short

  • An Airtable base that started as a convenience is now the system of record for study data with no real audit trail
  • Retool's permissions don't map to the role separation a regulated workflow requires
  • Spreadsheets tracking sample disposition have zero access control and infinite copies
  • When a sponsor audits, you can't prove who changed a result or when, because the platform wasn't built to
$30k to $90k
typical per regulated internal tool in Durham
6 to 14 weeks
build window for a single tool
2 to 3
tools usually worth building custom vs keeping on Retool
0
real audit trails a shared spreadsheet provides

Custom internal tools: what Durham teams actually get

The custom case isn't 'replace Retool for everything.' It's surgical: identify the two or three internal tools that touch regulated or audit-sensitive data and build those properly, with immutable audit trails, role-based permissions, and validation. Everything else stays on Retool and Airtable where speed matters more than rigor.

Build custom when
  • A Retool or Airtable app has become the system of record for audit-sensitive data
  • Compliance can't answer 'who changed this and when' from the current tool
  • You need real separation of duties that the platform's permissions can't enforce
  • A sponsor audit has flagged the lack of an immutable audit trail
Buy or configure when
  • The tool is genuinely internal and low-stakes, no audit exposure
  • Speed of iteration matters more than rigor
  • Retool's permissions and Airtable's history are sufficient for the data involved
  • You'd be over-engineering a workflow that changes every month
The benefits
  • Immutable, timestamped audit trails on the tools that actually face an audit
  • Role-based permissions that match the separation of duties a regulated workflow demands
  • A validated system of record for study data, not a convenient spreadsheet pretending to be one
  • Keep Retool and Airtable for the 90 percent of internal tools where speed wins
  • Integration with your LIMS and ERP so data isn't re-keyed and re-trusted
The trade-offs
  • A custom tool costs far more than a Retool app, so only the regulated ones justify it
  • You take on hosting, security, and maintenance you didn't have with a SaaS platform
  • Validation adds time and cost if the tool touches regulated study data
  • Move too much off Retool and you lose the speed that made internal tooling worth it

Feature priorities for Durham teams

What to build in
+Immutable audit trail with user, timestamp, and before/after values
+Role-based access control mapping to separation-of-duties requirements
+Electronic signatures for regulated record changes (21 CFR Part 11)
+Integration with LIMS, ERP, and inventory systems via API
+Configurable workflows for sample disposition, deviation logging, and result review
+Export and reporting formatted for sponsor and regulatory review

Durham internal tools: the full scope

The engagements Durham teams bring us most often:

Internal Tools development in DurhamDurham internal tools companyinternal tools developers Durhamadmin panel developmentinternal dashboardsRetool alternativeworkflow automationback-office softwareoperations toolingapproval workflowsinternal portalbusiness process automationdata-entry tools

The honest cost picture for Durham

Project scopeTypical costTimeline
Single custom internal tool (audit-grade)$30k to $60k6 to 10 weeks
Suite of 2 to 3 regulated tools with shared auth and audit$70k to $120k3 to 5 months
Validation package for regulated tools$15k to $35k3 to 6 weeks
Cost by project scopeCost by project scopeSingle custom internal tool (audit-grade)$30k to $60kSuite of 2 to 3 regulated tools with shared auth and audit$70k to $120kValidation package for regulated tools$15k to $35k
Typical project cost bands. Source: Digital Heroes 2026 delivery benchmarks.
Want a fixed quote instead of estimates?
One scoping call, then a named senior team and a fixed price within 48 hours.
Talk to Digital Heroes

Timeline: what happens, and when

Delivery timeline by phaseDelivery timeline by phaseDiscovery1 wkDesign2 wkBuild6 wkTest2 wkLaunch1 wk
Indicative delivery timeline by phase.
What drives the price up mostWhat drives the price up mostAudit trail and Part 11 complianceIntegration with LIMS and ERPRole-based access and separation of dutiesWorkflow configurability
What pushes the price up most, relative impact.

Exactly what you get

A small number of internal tools built to survive an audit: immutable audit trails, real role-based permissions, electronic signatures where the data is regulated, and clean integration with your LIMS and ERP. The point is surgical, you don't rebuild your whole internal toolkit, you harden the two or three workflows that face a sponsor or the FDA. It connects to your inventory management software, business intelligence dashboards, and helpdesk software so the audit-grade data flows where it's needed.

How to choose a developer in Durham

The right partner in the Triangle will talk you out of over-building. Ask them which of your current Retool and Airtable apps they'd leave alone and which they'd rebuild custom, the answer tells you whether they understand the cost-rigor trade-off. They should be fluent in audit trails, separation of duties, and Part 11 without you prompting. A vendor who wants to rebuild everything is selling hours, not judgment.

Red flags when hiring (and what to ask instead)
  • !A vendor who wants to replace all your Retool apps, ask which ones actually need it and why
  • !They can't explain how their audit trail differs from Airtable's revision history, ask for specifics
  • !No mention of role-based access or separation of duties, ask how compliance signs off
  • !They quote per tool without asking what data it touches, ask how regulated data changes the estimate
  • !They've never validated software for a regulated workflow, ask for a comparable Part 11 example

Teams investing in internal tools in Durham usually scope it next to custom software, wordpress, accounting, since these systems share data and budgets.

Rohan Malhotra · Enterprise Software Consultant

Rohan advises mid-market and enterprise teams on ERP, CRM and custom software, and has led delivery on dozens of business-software builds.

Writes for Digital Heroes, shipping business software for 2,000+ brands across 55+ countries since 2017.

FAQ

Frequently asked questions

Isn't Retool good enough?

For most internal tools, yes, keep Retool. It's only when a tool becomes the system of record for audit-sensitive study data that its permissions and history fall short. Build custom for those few; leave the rest on Retool where speed wins.

What's wrong with Airtable's revision history?

Airtable shows you changes, but it isn't an immutable, 21 CFR Part 11 compliant audit trail with electronic signatures and locked records. For internal use that's fine; for sponsor-audited study data it doesn't meet the bar a reviewer expects.

How do we decide which tools to build custom?

Ask one question per tool: would a sponsor or the FDA ever audit the data in it? If yes, it needs a real audit trail and access control, build it. If no, keep it on Retool or Airtable. That single filter usually narrows it to two or three tools.

Do custom internal tools need validation?

If they touch regulated study data, yes. That adds a validation package and some time. For internal, non-regulated tools, you skip it. The validation requirement is exactly what separates a 'build it' tool from a 'keep it on Retool' one.

What does each tool cost to run?

Budget for hosting and a maintenance retainer, roughly 15 to 20 percent of build cost a year per tool. That's the trade for owning it instead of renting Retool. It's why you only build the tools where rigor justifies the cost.

Keep reading