The problem you are accountable for
The Engineering Authority is accountable for decisions that will not be fully tested until the platform fails in service — and may be questioned for decades after the team that made them has moved on.
The question is never simply whether the decision was correct. The question — in a certification review, a modification programme, or a Board of Inquiry — is whether the reasoning behind the decision can be produced: what options were considered, what constraints applied, what evidence the approval was based on, and who in the authority chain authorised it.
That evidence today lives in meeting minutes, review packs, analysis files, email threads, and the memories of engineers who may no longer be reachable. When it is needed, it must be reconstructed. The reconstruction takes weeks, produces incomplete results, and is itself the subject of scrutiny.
Three structural problems follow:
Decision records don't survive the team
The decision is recorded. The reasoning is not.
The analysis that justified a design choice, the options that were rejected and why, the review authority that approved the recommendation — scattered across documents and the memories of engineers no longer with the programme. When the decision is challenged, the reconstruction must find those people and those documents. The ones that can be found are often incomplete.
Change impact depends on the engineer, not the model
Assessing the impact of a proposed change requires knowing the configuration — which is not a query, it is a reconstruction.
When a proposed change arrives for authority approval, the impact assessment depends on the engineering authority's knowledge of the programme configuration at that moment — which interfaces are affected, which requirements are touched, which downstream baselines are implicated. That knowledge is held by people, not by the system.
Certification evidence is a preparation exercise
Producing the evidence for a design review or certification submission takes weeks and is stale on delivery.
The analysis results, review records, test reports, and approval chains required for a certification event must be aggregated from multiple systems, archives, and people. It takes weeks to prepare. It is accurate as at the moment of preparation — and the programme continues to change while it is being assembled.
What Clarity provides
Every technical decision carries its evidence chain — permanently. When the engineering authority approves a design decision in Clarity, the approval is a structured record: what options were considered, what analysis supported the recommendation, what constraints applied, what the authority decided, and why. The reasoning is not in a separate document. It is part of the decision record itself, permanently connected to the configuration item it governed.
When that decision is questioned in 2040 — in a modification programme, a certification event, or a Board of Inquiry — the answer is a navigation through the programme model, not a reconstruction from archives and memories.
Requirements → design → baseline traceability as a live graph. The connection from a requirement to the design decisions it governs, to the analysis that validated the design, to the baseline that froze it, is a live navigable path in Clarity — not a compliance matrix maintained in a spreadsheet. When a requirement changes, the affected design decisions are immediately visible. When a design decision is queried, the requirements that governed it are immediately traceable.
Interface configuration as a first-class object. Subsystem interfaces are managed as first-class entities in the programme model, not as documents. When a proposed change affects an interface, the impact propagates through the model. The engineering authority sees what the change touches before approving it — not after the ECN is issued and the downstream consequences become visible.
Change impact before approval, not after. Query the programme model to understand what a proposed change affects. Which requirements does it touch? Which baselines does it implicate? Which interfaces does it cross? The impact assessment is a query over the current programme model — not a reconstruction exercise that depends on who happens to be available to answer the question.
Certification readiness as a permanent state. The evidence for any design decision is retrievable at the moment it is needed. Not assembled under time pressure for a review event. Not reconstructed from archives after the engineers who held the knowledge have moved on. The programme model is the evidence — live, current, and permanently structured.
The 30-year standard of care
In a defence programme, the engineering authority’s decisions are not tested at delivery. They are tested when a platform encounters an edge case in service that nobody anticipated. They are tested when a modification programme needs to understand why the original design was done a particular way. They are tested when a Board of Inquiry asks for the complete technical decision record.
The standard of care for a 30-year platform is not “the decision was documented.” It is “the reasoning was recorded in a way that is recoverable by someone who was not there — without relying on the people who were.”
“The design decisions being made today will be questioned in 2050. The engineers making them will not be available to explain them.”
Clarity ensures they do not need to be.
Designed for 14 Eyes compliance — by architecture, not by bolt-on
The engineering authority record in Clarity is sovereign by architecture. Technical baseline data, design decisions, and approval authority records run in your AWS account, encrypted with your KMS keys, in your AWS region. Clarity has zero access to your programme data. The technical record of a sovereign programme is held within the programme’s own jurisdiction — permanently.
For classified programmes where the technical baseline is itself a national security asset: air-gapped AWS Australia regions, no outbound connectivity required, customer-held KMS keys. The engineering authority record does not cross a sovereignty boundary by design — not by vendor policy assertion that can change at contract renewal.