Custom Software
What a Certificate of Compliance Platform Actually Has to Do
Quick answer: a real Certificate of Compliance platform is not a digital version of a paper form. It has to know who each person is and what they’re allowed to do, walk a worker through submitting a job the right way every time, let a qualified reviewer accept or push back on that work, issue a certificate that can be verified later, and keep a permanent record of every step. And if it’s serious, it also runs the money — subscriptions, invoices and worker payouts. It’s closer to an operating system for the business than a form.
We recently designed and built a Certificate of Compliance platform for an Australian trades business — a plumbing and gas operation — and it’s in production now. This article walks through what a platform like that actually has to do, in plain English, so you can tell the difference between a glorified PDF generator and the real thing.
One note before we start: this is about what the software does, not about which certificates your trade is legally required to issue. That sits with you and your regulator. Our job is to build the tool that makes issuing them fast, consistent and defensible.
Roles: the platform has to know who’s who
The first thing a compliance platform needs is a clear idea of who is using it and what each person is allowed to touch. In software this is called a “role” — a named set of permissions. The platform we built has six of them, but three matter most to understand the shape of it:
- The worker on site. The tradesperson doing the job. They submit work, upload photos, log site visits and attach documents. They can’t sign off their own compliance.
- The reviewer. A qualified person who checks submitted work and decides whether it meets the mark. They accept it, or they send it back with questions. This separation — the person doing the work isn’t the person who signs it off — is the whole point.
- The admin or owner. Runs the business side: who’s active, what plan they’re on, what gets billed, what gets paid out.
Getting roles right is what stops the platform becoming a free-for-all. A worker should never see another business’s jobs; a reviewer should never be able to quietly edit the money. Roles enforce that at every screen.
Onboarding: you don’t just hand someone the keys
Here’s something most people don’t expect. A worker can’t just sign up and start submitting compliant work the same afternoon. There’s an application-and-approval step first, then a guided onboarding that walks them through what they need before they can take jobs.
That gate exists for a reason. Compliance work carries the business’s name and licence with it. The platform has to be sure the person submitting is who they say they are and set up correctly before their work counts. Onboarding as a guided, step-by-step flow — rather than a wall of forms — is what gets people through it without a support call.
Guided job submission: the form engine is the heart of it
This is where a real platform separates itself from a digital form. Submitting a job isn’t one screen — it’s a guided, multi-step flow: customer details, then job details, then photos, then site visits, then supporting documents. The worker is walked through it in order, so nothing critical gets skipped on a job that might be audited years later.
Underneath that flow is what we call a dynamic form engine. In plain terms: the questions the worker sees change depending on their earlier answers. Say “gas” and you get the gas-specific questions; a step that doesn’t apply simply doesn’t appear. Software people call this “conditional logic” — the form adapts to the situation instead of showing every possible field to everyone.
Two things make that engine trustworthy rather than a liability:
- It’s flexible. When requirements change, the forms can be updated without rebuilding the platform.
- It’s versioned. Every form has a version, so a certificate issued last year is tied to the exact set of questions that applied last year. If you ever need to show what was asked and answered at the time, the record holds up. This kind of versioning discipline is the same reason integrations built for the long run don’t quietly break in production — you never lose track of which version of the truth you were working from.
Review: accept, assess, recall, and a proper conversation
Once a job is submitted, the reviewer picks it up. They can accept it, or mark it for assessment — flag that something isn’t right yet. When it isn’t right, the platform supports recall and resubmit: the job goes back to the worker to fix and send again, rather than being rejected outright and lost.
Crucially, there’s a question-and-answer thread attached to the review. Instead of the reviewer and worker chasing each other by phone or text — with no record of what was asked — the back-and-forth lives on the job itself. Anyone looking at that job later can see exactly what was queried and how it was resolved.
Real jobs are rarely one clean submission, either. The platform handles multi-stage projects — work that happens in phases — and rectification chains, where a follow-up job is formally linked to the original it’s fixing. The history stays connected instead of scattered across unrelated records.
The certificate: issued, and verifiable later
When work is accepted, the platform issues the certificate. The part that matters here is verification: each certificate carries a QR code that anyone — a customer, a building inspector, a future buyer — can scan to confirm it’s genuine and check its details against the platform. That’s the difference between a PDF anyone could fake in five minutes and a certificate that can be proven authentic on the spot.
The audit trail: the quiet feature that matters most
An audit trail is a permanent, time-stamped log of who did what and when — who submitted, who reviewed, what changed, when the certificate issued. It’s the boring feature nobody asks for until the day they desperately need it: a dispute, an insurance query, a regulator’s question about a job from three years ago. Because the platform records every step as it happens, that history is already there. You’re not reconstructing it from memory and a shoebox of paperwork.
The commercial layer: the part most compliance tools skip
Here’s the piece that turns a compliance tool into an actual operating system for the business — and the piece most off-the-shelf compliance apps leave out entirely. A real platform has to run the money.
The one we built includes:
- Tiered subscriptions. Different plans at different prices, handled through Stripe (via a well-tested billing layer). Each plan unlocks a different set of features — a concept called “feature gating,” where the plan you’re on decides what you can access.
- Compliant invoicing. Invoices built to Australian requirements, with GST and ABN handled correctly, so the paperwork is right without manual fixing.
- Automated worker payouts. A remittance module that works out what each worker is owed and pays it out — without someone rebuilding a spreadsheet every fortnight. We go deeper on that specific problem in automating worker remittance for trades businesses.
That commercial layer is exactly where the decision to build custom earns its keep. Bolting billing, plan management and payouts onto a form tool is usually harder than it looks — a trade-off worth weighing honestly through a proper build-vs-buy lens before you commit either way.
What “a platform, not a form” really costs to build
To give a sense of scale: the platform we built is a Laravel application — roughly 50 or more distinct data models and around 100 database changes to shape the underlying structure. That’s not a boast, it’s the honest weight of doing all of the above properly: the roles, the versioned forms, the review workflow, the certificates, the audit trail and the commercial engine, each of which is a real body of work.
If you’re weighing up whether your compliance process warrants a real custom web application — or whether it needs to plug into tools you already run through custom API integrations — the honest answer depends on how much of the anatomy above your business actually needs. The tools that only cover the form are cheaper for a reason; they’re also solving a smaller problem.
If you run a trades business and your compliance is still living in PDFs, spreadsheets and text messages, we can help you scope what a real platform would look like for you. Start a project and we’ll walk through it, or get in touch for a straight conversation about whether it’s worth building at all.
About the author
Andrew Roper
Founder and technical director of Advantage Digital, an Adelaide-based technical studio. 22+ years of practice building production software for institutional, premium, and growth-stage businesses across Australia, the UK, Europe and South Africa. Writes from the studio’s direct integration, custom application, and AI automation work.
More reading
Automating Client Intake for Law Firms — Without Breaking Trust-Account Rules
What law firms can sensibly automate in client intake — enquiry capture, forms, conflict-check prompts, matter creation — and where a lawyer must stay in the loop.
Custom SoftwarePaying Workers Automatically: The Remittance Engine Most Trades Software Skips
Paying subcontractors from completed jobs is usually manual, error-prone and slow. Here is what an automated worker-remittance engine actually does for a growing trades business.
StrategyCutting Clinic No-Shows: What Actually Reduces Missed Appointments
No-shows are an operations problem, not a bad-luck problem. Here is what actually reduces missed appointments in an Australian clinic — reminders, deposits, easy rescheduling, waitlists and measurement.