The Authorization System
The Authorization System for Post-Warning Letter Decisions.
Every decision you make over the next 18–24 months will be re-examined. This system produces the record the inspector will ask for.
Reconstructed decisions get cited. Contemporaneous authorization records don't.
Self-Diagnosis · 30 Seconds
Would your last CAPA closure pass an inspection right now?
Can an investigator reconstruct who authorized the closure, what evidence they reviewed, and which standard governed the determination?
The authorization record does not exist as a single artifact.
What's missing
- Who evaluated the effectiveness evidence
- What standard governed the determination
- What evidence was weighed and ruled out
- Who formally authorized the closure
- When authorization occurred relative to closure
Under inspection, this is cited as undocumented decision rationale. After a Warning Letter, it's cited as failure to operationalize response commitments.
The Resolution
The Authorization System produces this record at the moment of the decision — not reconstructed when the inspector asks.
See the authorization capacity →A 483 Observation, Verbatim
This is what gets cited when the record doesn't exist.
The decision: CAPA closed. Effectiveness marked complete. All corrective actions documented in the QMS.
The question: The investigator asks who authorized the effectiveness determination, on what evidence, and against what standard.
The gap: The record isn't in the file. The QMS shows the closure occurred, not the authorization logic behind it.
483 OBSERVATION: Failure to document the rationale supporting the determination that corrective and preventive actions were effective. Reference: 21 CFR 211.192.
This is the record that prevents that observation.
Build the record →What the System Produces
Five deliverables per decision. One brief when the agency comes back.
Buyers don't purchase artifacts. They purchase inspection survival. Here's what survives the inspection — and what survives the follow-up.
The record you hand the inspector when they ask who authorized this decision.
Inspection Response Record (IRR) — five deliverables per decision
Every decision generates the complete Inspection Defense Package — the Authorization Record (decision owner, evidence reviewed, regulatory standard applied, risk evaluation, alternatives weighed, timestamped authorization) plus the four documents built from it: an Executive Brief, a Defensibility Analysis, a Response Kit, and an Investigator Challenge Guide. Generated at the moment of the decision — not reconstructed when the inspector asks.
The file the agency reads to verify your response commitments were followed.
Audit Defense Brief
When the agency asks for evidence that a corrective action was applied systematically — not just on the deviation that triggered the letter — your IRRs across that subject are compiled into a single brief. A program-tier deliverable, assembled from the records you've already generated.
Every one of these decisions will be reviewed again. The question is whether the record survives the second reading.
Select a decision type to see how investigators reconstruct it — and where the authorization record usually breaks down.
Start with a real case. See how an FDA investigator reconstructed the decision, what was missing from the record, and why the organization became exposed.
View Case Files →90 Days After the Letter
The agency comes back for evidence.
FDA Follow-Up — Response Verification
"You committed to enhanced authorization controls on every CAPA closure. Show me how the closures since the response demonstrate that commitment."
A record-backed answer
The team produces an Audit Defense Brief covering every CAPA closure since the response date. Each one has an IRR. Each IRR cites the response commitment as the governing standard. The agency reads the brief. The pause — the one that gets cited — never happens.
Authorization Capacity
You have 18–24 months of decisions that will be re-examined.
Pick the capacity that matches your decision volume.
Individual Authorization
For the QA director, validation lead, or compliance owner personally accountable for high-risk authorizations.
- Unlimited IRRs — all decision types
- Five deliverables on every decision
- Single decision authority
- IRR ID assignment & record retention
What the inspector reads
Sample structure — actual record reflects your decision
Team Authorization
For quality teams managing multi-decision audit trails across deviations, CAPA, batch release, and change control.
- Everything in Individual
- Up to 5 users with shared decision visibility
- Audit Defense Briefs compiled from your IRRs
What the agency reads
Sample structure — actual brief reflects your decisions
Volume Authorization
For quality operations running high-frequency authorizations — batch releases, CAPA closures, deviation dispositions — every working week.
- Everything in Team
- Built for high-decision-volume operations
- A record at every routine authorization
- Audit Defense Briefs across your full decision volume
What the inspector reads
Sample structure — actual record reflects your decisions
Enterprise Authorization
For organizations under consent decree, multi-facility warning letters, or remediation programs requiring contracted SLAs.
- Unlimited users · Audit Defense Briefs included
- Organizational audit trail
- Role-based authority & API integration
- Contracted SLAs · volume guarantees
What the regulator sees
Sample structure — actual rollout reflects your scope
The next inspector will ask. Have the record ready.
Build the record now — while the response is fresh and the commitments are explicit — not in 90 days when the agency comes back asking for evidence.
Produce the authorization record →