IT Checklist
Multi-tenant IT compliance tracking — one NestJS backend serving a React admin panel and another team's Flutter app, with tenant-isolated data and role-specific reporting.
Monthly IT compliance reviews across multiple organizations, tracked in spreadsheets: no shared category structure, no month-over-month visibility, and no way for the people responsible to see who had actually completed what. The fix is one platform where the hierarchy is defined once and every tenant's compliance status rolls up into a report.
Tenants that can't see each other
Three-tier roles — super admin, admin, user — with tenant-scoped data isolation enforced by custom guards and decorators. Each organization sees its own compliance world and nothing else.
Define once, cascade everywhere
Super admins define master categories; tenants customize them into their own category → subcategory hierarchy. Monthly checklists are generated against that structure, tracked by month, year, and review status.
Reports by role
Super admins see compliance across all tenants; admins see their own organization's completion state. The dashboards answer the only question that matters at review time: what's done, what isn't, who's behind.
One backend, two frontends
A single NestJS server serves the React admin panel and the end-user Flutter web app (built by BASF's mobile team) from different routes, sharing one API — two teams shipping against one contract.
NestJS + Prisma: tenant management, the master-category cascade, checklist workflows on month/year and review-status enums, role-specific report modules, file uploads, and JWT auth — with RBAC built as custom guards and decorators rather than scattered if-checks.
The admin panel is React + TypeScript with reusable data-table components. Deployed on its own EC2 instance, provisioned and managed solo — Nginx, PostgreSQL, PgBouncer on one VM, serving both frontends.
Still tracking something important in spreadsheets?
That's usually the sign it's ready to be a system.