A pharmaceutical manufacturer operating a solid oral dosage line identifies a process deviation during routine batch record review. A critical process parameter — tablet compression force — exceeded the validated upper limit during a mid-batch equipment adjustment. The deviation is captured the same day. The batch is quarantined pending investigation.
The investigation is thorough. The quality team interviews the operator, reviews the batch record against the validated process parameters, pulls calibration records for the compression equipment going back ninety days, and runs a structured root cause analysis. The conclusion: equipment calibration drift outside the qualified range during a critical process step. The finding is documented. A root cause is declared.
A CAPA is opened. The corrective action is implemented — recalibrated equipment, revised maintenance intervals, updated SOPs, mandatory retraining for line operators. The deviation record is closed with a QA manager signature. The batch is dispositioned.
The FDA inspection that follows is not primarily about the deviation. It is about the root cause authorization.
The deviation record was complete by every internal measure. The event was captured on time. The investigation was opened within the required window. Root cause was documented with supporting data. The CAPA was scoped and opened. A QA manager signature was on the closure. The record was thorough, organized, and closed within the required timeframe.
When the inspector pulled the deviation record on the first day of the inspection, the quality team's initial reaction was confidence. The file was clean. The investigation was well-documented. The root cause was supported by calibration data and process parameter trending going back three months. There was nothing in the file that looked like a gap.
The investigator found the gap in the first fifteen minutes of review.
The investigator did not question whether the deviation was real. She did not challenge the calibration data. She did not dispute that equipment drift had occurred or that it was a plausible contributing factor.
"Who authorized this root cause conclusion — and what is the record of that authorization decision?"
The QA manager pointed to the closure signature on the investigation report. The investigator looked at the signature. Then she asked the question differently:
"I'm not asking who signed the report. I'm asking who made the decision that calibration drift — and not something else — was the actual root cause. What evidence were they reviewing at the moment they made that call. What methodology governed the analysis. What alternative causes were considered and why they were eliminated. And where is the record of that decision."
The quality team went back to the file. The calibration data was there. The process parameter trending was there. The fishbone was there. The closure signature was there.
The authorization record for the root cause conclusion was not there.
The calibration data showed drift outside the qualified range. That was a fact. What the file could not establish was the decision: who evaluated that data, applied an analytical methodology, considered and eliminated alternative causes, and formally concluded that calibration drift — and not operator error, process design, or equipment design — was the root cause.
- The identity of the individual who made the root cause determination and the basis of their authority to authorize that conclusion
- The analytical methodology applied — what framework governed the root cause analysis and why it was appropriate for this deviation type
- The alternative causes considered and the documented rationale for their elimination
- The evidentiary standard applied — what the calibration data needed to show, and in combination with what other evidence, to support this specific root cause conclusion
- The Quality Unit's independent review and formal authorization of the root cause determination as the basis for corrective action
The QA manager had reviewed the investigation. She had concluded calibration drift was the root cause. She had signed the record. But none of those things — not even all three together — constituted an authorization record for the root cause determination.
A signature on an investigation report proves the report was reviewed and approved for release into the quality system. It does not prove that a root cause conclusion was made, by an identified individual, using a defined methodology, against documented evidence, with alternative causes formally eliminated.
"Deviation investigation records were closed without documented authorization of the root cause determination. No record exists demonstrating that a qualified individual applied a defined analytical methodology, considered and eliminated alternative causes, and formally authorized the root cause conclusion as the basis for corrective action."
The observation was not issued because the root cause was wrong. The investigator did not conclude that calibration drift was an incorrect finding. The observation was issued because the record did not demonstrate that the root cause conclusion had been formally authorized — which meant the CAPA built on that conclusion carried the same exposure.
The absence of the root cause authorization record did not stay contained to the deviation file. Because the CAPA was built on an unauthorized root cause determination, the corrective action logic was exposed to the same question. The investigator then examined whether the CAPA closure had been formally authorized. It had not.
What began as a single deviation record became a thread. The investigator pulled it. Every deviation investigation closed in the prior eighteen months was evaluated against the same standard. The pattern was consistent across all of them.
21 CFR 211.192 · Inspection-Ready Format
A root cause determination is a decision. The decision is: this cause — and not others — produced this deviation, as demonstrated by this evidence, evaluated using this methodology, by this individual, on this date, with these alternative causes considered and eliminated.
That decision requires an authorization record. Not the investigation report. Not the corrective action log. Not the closure signature. A separate artifact that captures the decision itself — who made it, what they reviewed, what methodology they applied, what alternatives they eliminated, and why the evidence was sufficient to authorize this specific conclusion as the basis for corrective action.
The root cause authorization record serves a second purpose the investigation report cannot: it becomes the foundation for every downstream decision that relies on it. The CAPA was built on the root cause conclusion. The CAPA closure will be evaluated against the same conclusion. If a batch was released against a CAPA that traces back to an unauthorized root cause determination, the release decision inherits the same exposure. The inspector does not evaluate deviation, CAPA, and batch release as separate records. She follows the authorization thread. If it breaks at the root cause determination, it breaks everywhere downstream.
The authorization record is producible at the moment the root cause conclusion is reached. It captures what is already known — the evidence reviewed, the methodology applied, the alternatives eliminated, the reasoning behind the conclusion — in a form that is immediately inspection-ready. That moment is the only moment it can be produced authentically. After the record closes, the decision cannot be reconstructed. What can be produced is a recreation, and any experienced investigator will recognize the difference.
The Decision Authority Matrix identifies every decision point in your quality system — across Deviations, CAPA, Batch Release, Change Control, Validation, and Governance — that requires a formal authorization record, who must authorize it, what evidence is required, and what the inspection failure condition looks like when the record is missing. Root cause authorization is one of six critical decision categories the Matrix covers. Available at cases.complianceworxs.com/decision-authority-matrix for $27.
Discussion opens when you join. Login with LinkedIn to participate.
Join to Comment →