Authorization Framework

The 5-Element Authorization Structure

Authorization Framework The Authorization Record ComplianceWorxs · 2026
Every FDA investigator who finds a documentation gap is asking one of five questions. An authorization record that answers all five — completely, at the time of decision — is a record that survives inspection. One that answers fewer is exposure.
01 Decision Identity

Who made this decision, in what capacity, and under what authority. Not just a signature — a specific identification of the individual, their role, and their qualification to make this type of authorization decision.

Investigator's question

"Who authorized this decision — and what authority did they have to make it?"

What the record must contain
Name and title of the authorizing individual · Their specific role in the decision (e.g., QP, QA Director) · Date and time of authorization · Confirmation that the authorizing individual had the procedural authority to make this type of decision
02 Evidence Record

The specific documentation reviewed at the time of the authorization decision. Not what was available — what was actually reviewed. Each document referenced should be identifiable by title, version, and date.

Investigator's question

"What specific evidence did the authorizing individual review in making this decision?"

What the record must contain
Itemized list of documents reviewed · Batch record sections, test results, or investigation reports explicitly cited · Identification of any data that was pending at time of decision and why the decision was made without it · Date each document was generated relative to the authorization date
03 Governing Standard

The regulatory requirement or internal procedure that governed the decision. The standard tells the investigator that the decision was made within a defined framework — not by judgment alone. Both the external regulation and the internal SOP should be cited where applicable.

Investigator's question

"What regulatory standard and internal procedure governed how this decision was supposed to be made?"

What the record must contain
Applicable 21 CFR section(s) · Internal SOP title and version number · Any applicable guidance documents referenced · The specific standard or threshold the decision was evaluated against (e.g., specification limits, acceptance criteria, risk classification criteria)
04 Alternatives Considered

What other conclusions were evaluated and why they were rejected. This is the element most commonly absent from authorization records — and the one that most directly answers the investigator's implicit question: was this a considered decision, or a reflexive one?

Investigator's question

"What alternative conclusions did the authorizing individual consider — and why was this conclusion chosen instead?"

What the record must contain
Identification of at least one alternative conclusion (e.g., rejection, additional testing, escalation) · The specific reason each alternative was evaluated and not selected · The evidentiary basis for the conclusion that was selected over the alternatives · For exception decisions: why the exception was judged acceptable rather than triggering investigation
05 Temporal Anchor

The timestamp frozen at the moment of authorization — not backdated, not approximated. The temporal anchor establishes that the decision was made when the evidence was live, not reconstructed after the fact. In a data integrity context, the timestamp is the most scrutinized element in the record.

Investigator's question

"When exactly was this decision made — and can you demonstrate it was made before the batch shipped?"

What the record must contain
Date and time of the authorization decision to the minute · System-generated or independently verifiable timestamp (not handwritten date alone) · Sequence evidence: documentation that the authorization preceded subsequent activities (release, shipment, closure) · For electronic systems: audit trail confirmation that the record was created at the stated time
Application Rules

When these five elements must all be present

Not every decision requires a standalone authorization record. These are the decision types where the absence of all five elements creates inspection exposure.

01 Any batch release decision where the batch record contains an exception, out-of-trend result, or deviation from standard process parameters
02 Any OOS investigation closure, including invalidity conclusions, Phase I terminations, and final product disposition decisions
03 Any CAPA effectiveness determination, including closure decisions and effectiveness check extensions
04 Any deviation continuation or closure decision where root cause was not identified
05 Any change control approval where the impact assessment concluded revalidation was not required
06 Any data modification, deletion, or audit trail anomaly disposition in a GMP system

The Authorization Record case files produce all five elements in a structured format at the moment of decision. Scenario-matched for batch release, OOS, CAPA, deviation, and change control.

View Case Files →