NSF uses an Azure AI–based, agentic solution to handle many of the manual, document-heavy steps in its life sciences audits. Here’s how it works in practice: - Tens of thousands of audit documents are stored in Azure Blob Storage. - Azure Document Intelligence checks that all required documents are present and extracts their content. - Azure OpenAI models and Azure Model Context Protocol (MCP) tools classify and sort documents into the correct, internationally regulated folder structures. - Azure Python SDK, Azure Document Intelligence, and Azure Cosmos DB work together to automate version control. - Azure Document Intelligence then passes raw text to Azure OpenAI models, which generate first-draft summaries that NSF experts review and refine. By automating these steps, NSF has cut the average audit time from 4–6 weeks down to about 2 weeks—reducing turnaround by roughly half or more. This means potentially life-saving or life-improving medications can move through regulatory processes and reach patients and hospitals faster, while NSF’s scientists focus more on higher-value work like regulatory strategy instead of repetitive document handling.

NSF reports that its Azure AI–based tool delivers what they describe as 100% “truth value” in the summaries it generates. In practice, this means: - The AI-generated summaries are factually accurate based on the underlying documents. - Human reviewers mainly make cosmetic or style-related edits rather than correcting substantive errors. This level of accuracy has two key effects on the audit process: 1. **Reduced risk of human error:** Automating the handling and synthesis of tens of thousands of documents helps minimize mistakes that can occur when people manually track, sort, and summarize large volumes of information. 2. **Refocused expert time:** Scientists and regulatory specialists spend less time on repetitive tasks (like document collation and first-draft summaries) and more time on higher-level activities, such as developing regulatory strategies and interpreting results. NSF initially faced some internal skepticism about whether the tool could be this accurate, but ongoing use has built confidence in the results and encouraged plans to expand the solution to other audit areas.

NSF operates in a highly regulated environment with sensitive medical data and intellectual property, so security and compliance are central to its Azure AI approach. Key elements of their security model include: - **Private data environment:** Data is maintained in a private tenant within SharePoint and then funneled into Azure Blob Storage. The entire auditing workflow runs inside the Azure Cloud, so data is not exposed externally. - **Role-based access control:** NSF uses Microsoft Entra ID and Azure role-based access control to ensure that only authorized users can access specific data sets and tools. - **Private connectivity:** All connections to and within NSF’s applications use private links to reduce exposure and risk. - **Controlled AI interactions:** Azure Model Context Protocol (MCP) Servers manage how language models interact with external tools and data sources. NSF can decide how networked or isolated each AI solution is, which helps maintain strong boundaries between systems and data. - **Microsoft ecosystem alignment:** As a “Microsoft shop,” NSF benefits from the integrated nature of Microsoft 365, Azure, and tools like Microsoft 365 Copilot, which operate in a closed environment aligned with NSF’s security and governance standards. This setup allows NSF to scale AI use—replicating and tailoring the audit solution for areas like medical devices, dietary supplements, and water safety—while maintaining tight control over data security and regulatory compliance.