eAvioraAviation Safety Intelligence
Action Plans
CODECAP

Closure isn't a button.
It's a signed gate.

Every corrective action carries an owner, a verifier, and a due date. The record can't move to closed until the verifier signs the effectiveness gate — and the owner can't be the verifier. The audit trail enforces it. The regulator sees the chain without asking.

Apply to be a partnerWalk an action through closure
CAPA PIPELINE · LIVE
EFFECTIVENESS GATE · ENFORCED
SLA BREACHOVERDUE2OPEN14IN PROGRESS27VERIFY6CLOSED142SIGNATURE GATEOWNER ≠ VERIFIER
CAP-2026-0142Recurrent training refresh — cabin crew door operations
OWNERJane A.VERIFIERMark T.DUE2026-05-12
EFFECTIVENESS GATE · PENDING VERIFIER SIGNATURE
ACTIONS / 30D
23
+4 vs prev
ON-TIME CLOSURE
91%
+3% / 30d
AVG CYCLE
11d
−2d / 30d
01THE EFFECTIVENESS GATE

Two signatures.
One closure.

The verifier is structurally different from the owner — not by policy, by the workflow itself. Closure is a transaction across the graph, not a status field flip. Override exists, is role-gated, and leaves its own record.

OWNERVERIFIERACTION ASSIGNEDowner acceptsEVIDENCE UPLOADEDowner submitsHAND-OFFEFFECTIVENESS GATEverifier signsOWNER ≠ VERIFIERCLOSEDchain locks
OWNER
VERIFIER
SIGNATURE GATE
SAMPLE FLOW · OWNER ≠ VERIFIER ENFORCED
02FIVE MOMENTS THE PLATFORM ANSWERS FOR

Five moments.
No status-pill theatre.

  • When a finding opens an action.
    Source-linked at birth, owner separated by design.

    Every action carries a typed link upward to the finding, hazard, or audit observation that spawned it. Owner and verifier are different people from the moment the record is created — not by policy, by structure.

  • When SLA pressure rises.
    Severity-driven escalation, not Friday-afternoon panic.

    Due dates cascade by finding severity. As the clock approaches the breach line, the escalation chain fires automatically — to the owner first, then their manager, then the post-holder. No human polling a spreadsheet.

  • When the owner thinks they are done.
    Owner submits. Verifier reviews. Two signatures, one record.

    The owner cannot mark their own action complete. The verifier — a different person — receives the evidence package, reviews against the original finding, and signs the effectiveness gate. The graph refuses to record closure otherwise.

  • When the verifier signs the gate.
    Closure becomes a structural fact, not a status pill.

    Effectiveness is verified before closure, not measured after the fact. The signature locks the record, timestamps the closure, and updates every linked finding, hazard, and SPI in the same transaction.

  • When the regulator audits the closure trail.
    Every action exports as a defensible chain in one click.

    Source finding, owner, verifier, evidence, signature, timestamps. The chain is the record. No screenshots, no PDF assembly — the audit pack is the data, exported on demand.

03WHERE THIS CONNECTS

Closure travels
across the platform.

An action doesn't close in a corner of CAP. The signature locks the source finding, updates the linked SPI, and surfaces in any audit lane that touches the evidence chain. Four examples that matter on Monday morning.

SMS
Safety
Findings from occurrences, hazards, and investigations open actions with the source link preserved.
QMS
Quality
Audit findings share severity, SLA, and the same effectiveness-verification gate as safety findings.
NTF
Notifications
SLA breaches, owner reassignments, and verifier hand-offs route through the alert engine, not email chains.
TRG
Training
A verifier signature can create a recurrent training requirement — a finding does not close in isolation.
CAP · THE CLOSURE MODULE

Walk an action.
From finding to signed gate.

Open a sample finding, assign owner and verifier, watch the SLA cascade, and sign the effectiveness gate — with the founder, on your data shape, in 30 minutes.

Apply to be a partnerAll modules