Approval Workflow
State Machine
Every document (Jira issue or Confluence page) in SealDoc follows a three-state approval workflow:
| State | Description | Allowed Actions |
|---|---|---|
| Draft | Initial state. Content can be freely edited. | Submit for review, sign |
| In Review | Content has been submitted for review. Signatures are being collected. | Approve, reject, sign |
| Approved | Minimum signer quorum has been met. Content is approved. | Sign (additional signatures), revoke |
Submit for Review
Any user can submit a document for review by clicking "Submit for Review" in the SealDoc panel. This transitions the document from Draft to In Review.
Submitting for review does not require a signing ceremony — it is an administrative action that signals the content is ready for approval.
Approve
To approve a document, a reviewer signs with the "Approved" meaning. This requires the full signing ceremony (affirmation + PIN).
When the number of "Approved" signatures meets the configured minimum signers quorum, the document automatically transitions to the Approved state.
Reject
Any reviewer can reject a document, which transitions it back to Draft. Rejection requires a comment explaining the reason. All existing signatures are revoked and preserved in the audit trail, and the document returns to Draft for rework.
Minimum Signers Quorum
Administrators can configure the minimum number of "Approved" signatures required for a document to transition to the Approved state. This is configured in Admin Settings under Signature Policies.
The quorum can also be configured per safety classification level — for example, requiring 3 approvers for ASIL-D items but only 1 for QM items.
Revert on Edit
When an approved or in-review document is edited, SealDoc automatically:
- Revokes all active signatures on the document.
- Transitions the document back to Draft.
- Logs the revert in the audit trail with reason "content changed".
This ensures that no approved document can be silently modified. Any content change requires re-approval through the full workflow.
Separation of Duties
SealDoc enforces that the person who submits a document for review cannot be the sole approver. This is configurable at two levels:
- Person-level — the submitter and approver must be different Jira users.
- Department-level — the submitter and approver must belong to different Jira groups (departments).
Separation of duties is configured in Admin Settings and enforced at approval time.