New — The Inspection Record: 483 Observation Library, inspection prep checklists, and the first article. Join free →

How to Document Change Control Risk Assessment for FDA Inspection

If this question was asked in your next FDA inspection:

"What risk was evaluated before this change was approved — and how did you determine it would not impact product quality, safety, or regulatory compliance?"

Could your team produce that record immediately?

Most organizations cannot. Not because the change failed — but because the authorization record does not exist.

Personal Exposure Check

  • Can you identify who determined the change would not impact product quality?
  • Can you show what evidence supported that conclusion at the time of approval?
  • Can you produce the criteria used to define "acceptable risk" for this change?

If any answer requires reconstruction, you have inspection exposure.

Change control decisions are routinely re-examined during inspections when changes are linked to deviations, complaints, or validation issues.

Produce the Change Control Authorization Record — before your change approval decision is challenged

This is the record investigators expect to review during change control evaluations.

Inspector Reality

The investigator does not explore your process.

They isolate a decision and ask:

"How did you determine this change would not impact product quality — and what evidence ruled out potential risks?"

Then they wait.

They are evaluating whether your conclusion was justified — or accepted without sufficient evidence.

At that moment, your team either produces the record — or begins reconstructing it under observation.

If this inspection happened tomorrow:

  • You produce the authorization record immediately or
  • You reconstruct the decision under inspection

There is no third outcome — and no time to create the record once the question is asked.

Authorization Gap

The change control record documents what was changed.

It does not document:

  • Who authorized the risk assessment conclusion
  • What evidence was evaluated at the time of authorization
  • What regulatory standard governed that risk determination

That is the gap.

The change was approved.
The justification for that approval was not documented at the time the decision was made.

Case File Preview

Investigator Question: "What risk was evaluated before this change was approved and how did you determine the impact was acceptable?"

What Exists

  • Change control record
  • Technical evaluation
  • Approval signature

What Doesn't Exist

  • Defined risk acceptance criteria
  • Evidence evaluation at decision point
  • Authorization record tied to regulatory expectation

Result: The change was implemented correctly. The supporting evaluation exists.

The authorization record does not.

The investigator expects it to already exist.

Most teams only realize this gap during inspection. By then, it is too late to create the record.

Produce the Change Control Authorization Record — before your change approval decision is challenged

Not sure which case file you need?

Browse all 10 decision-specific case files and find the scenario that has your name on it.

See All Case Files →