Why it exists, how it’s used, and what it protects
The RGDS Decision Log is the spine artifact of Regulated Gate Decision Support.
Its purpose is not to record outcomes, recommendations, or model outputs.
Its purpose is to make phase-gate decisions defensible over time by explicitly capturing:
- what decision was made
- who owned it
- what evidence was considered
- what risks were accepted
- what conditions or follow-up actions were required
- and how governance was exercised
RGDS supports the following outcomes:
gono_goconditional_godeferdefer_with_required_evidence— a governed defer pattern that explicitly records missing evidence and re-entry criteria
In regulated environments, the failure mode is rarely “bad intent” or “bad analysis.”
It is implicit assumptions, undocumented trade-offs, and late-discovered misalignment.
The Decision Log exists to surface and record those before the gate closes.
It is:
- A human-governed decision record for phase-gated workflows
- An audit-ready artifact that links delivery evidence to governance
- A shared contract between delivery teams, quality, and executives
- A way to preserve decision context after the moment has passed
It is not:
- An autonomous decision system
- A replacement for expert judgment
- A log of AI outputs or recommendations
- A compliance checkbox or documentation exercise
- A system that optimizes for speed at the expense of accountability
AI assistance, if used, is explicitly disclosed and bounded.
AI outputs are never treated as evidence by default.
In RGDS, the Decision Log is not “documentation after the fact.”
It is the mechanism that prevents ambiguity from becoming unowned risk.
If a required field is missing, that is a governance failure, not a formatting issue.
Every decision log must enumerate at least two options in options_considered — even when the choice feels obvious.
- “Proceed” vs “Defer” counts as two options.
- The selected outcome must map to a
selected_option_id.
Conceptual example:
| option_id | option_text | when it’s valid |
|---|---|---|
| A | Proceed now | Evidence is sufficient within declared risk posture |
| B | Defer | Missing evidence, unresolved dependencies, or unacceptable residual risk |
Each evidence item must declare a completeness state:
complete— verified, source-linked, and decision-readypartial— materially informative but missing some expected componentsplaceholder— a known gap (e.g., “TBD”) recorded for planning but not treated as supporting evidence
This classification is captured per evidence item
(e.g., evidence.evidence_items[].completeness_state).
Any summary or roll-up completeness field is derived and is not authoritative.
Residual risk is what remains true after you proceed — even when conditions are applied.
A “GO” decision is not “risk-free.”
RGDS requires residual risk to be stated explicitly so decision owners can defend what they accepted.
Record residual risk as:
- a summary statement (e.g.,
risk_assessment.residual_risk_statement) - and, when useful, structured items (e.g.,
risk_assessment.residual_risk_items[])
A decision record missing residual risk is governance-incomplete under v2.0.0.
Regulated decisions expire.
RGDS requires a decision_deadline so stakeholders can distinguish:
- a decision that is still valid, from
- a decision that has become stale due to new evidence, scope changes, or timeline shifts
A Decision Log is created when a real decision must be defended later, including:
- phase-gate readiness decisions
- executive go / no-go reviews
- quality or data readiness determinations
- conditional approvals with follow-up actions
- decisions that explicitly accept residual risk
Drafts may exist, but the log becomes a controlled record once a decision is finalized.
Once controlled, changes require explicit change tracking and may trigger re-review.
The schema is intentionally opinionated.
Each section exists to prevent a known failure mode.
Prevents: ambiguity about which decision was made, when, and under what authority.
Captures:
- stable decision ID
- program / asset context
- gate type and timing
- decision deadline pressure
Prevents: retrospective reframing of what was actually decided.
Captures:
- the exact decision question
- options that were considered
- the selected outcome
- a concise rationale written at the time
The rationale should explain why this decision made sense then — not re-argue the analysis.
Prevents: evidence drift and selective memory.
Captures:
- what evidence was actually used
- where it lives
- who owns it
- how fresh it was at decision time
- a human-assigned confidence rating
- per-item completeness classification
This makes it explicit when decisions are made with incomplete or uneven evidence.
Prevents: hidden risk accumulation.
If something is missing, uncertain, or assumed:
- it is named
- its impact is described
- a mitigation or verification plan is recorded
The following fields reflect real IND delivery constraints—interdependencies, author-at-risk drafting, reviewer triage, and lock points.
They were introduced in v1.3 and extended in later versions.
These fields are optional by default but may be required by program governance.
Prevents: silent risk acceptance.
Captures the phase-appropriate stance
(risk_minimizing / risk_neutral / risk_accepting)
and the conscious trade-offs being made.
Models drafting-at-risk as a governed choice with verification criteria and owners.
Makes compressed review governance explicit.
Logs late discoveries and scope volatility.
Surfaces interdependencies that materially affect risk or schedule.
Provides a lightweight readiness view for rate-limiting items.
Captures rolling publish intent and lock points.
Ensures decisions trace back to Target Product Profile intent.
Prevents: unowned or accidental risk acceptance.
Captures:
- key risks
- mitigations
- residual risk
- whether explicit risk acceptance occurred
Prevents: unclear ownership and post-hoc blame.
Captures:
- decision owner
- reviewers and approvers
- approval method
- individual approvals with timestamps
Mandatory when AI is used
Prevents: silent automation risk.
If AI assistance is used:
- the use case is disclosed
- tools and purposes are named
- human review is recorded
- overrides are documented
- AI risk assessment is captured
Disclosure is informational only.
Authority and risk ownership remain human.
Prevents: decisions that stop at the meeting.
Captures:
- follow-up actions
- owners and due dates
- dependencies affecting execution
Prevents: record tampering and ambiguity over time.
Captures:
- versioning
- change history
- superseded decisions
- retention class (draft vs controlled)
Controlled records are immutable except through documented change control.
RGDS distinguishes between:
- internal — delivery/governance decisions (default)
- regulatory_interaction — decisions about regulatory engagement or interpretation
When decision_category = regulatory_interaction, the log must include a
regulatory_context block capturing interpretation risks and follow-up actions.
program_context.target_product_profile is optional.
It grounds decisions in development intent but does not assert label claims or completeness.
The Decision Log enables:
- faster decisions without reduced confidence
- clearer executive approvals
- cleaner audits
- earlier surfacing of misalignment
- reduced rework caused by late-discovered risk
When asked “Why did you decide this — and who agreed?”
the Decision Log is the answer.