Deciding the kind of key required for implementation of monitoring software

Different companies seek permission to start and run, from our organization. I am approval or permission-giving authority. I am having an inspector who goes to different places and visits companies and does inspection. Depending upon the company, I give him a booklet with questionnaires to be filled and submitted to me as Inspection Report (IR). Depending on his submission, I give him permission to install a software (which monitors the company) with the right privileges in their company. In future, if there is a problem in the company, a committee in my organisation can question me. In such a situation, I need to submit to the committee, inspector’s (IR) and my permission letter.

Now the entire process is getting automated.

My job is to see to it, that using my permission letter, the inspector (by taking a bribe) shouldn’t install the monitoring software in other companies. In order to achieve that, I will generate a pair of asymmetric keys. My locking of the (IR & permission letter) will act like permission granted to the inspector to install the monitoring software in the company. He will check if the (IR) he sent is the same as the one for which permission is granted by me.

1. Should I use a private key or public key to lock the (IR) and permission letter?
2. Should I send private key or a public key to the inspector to open the (IR) and permission letter?
3. Should I embed a private key or a public key in the monitoring software itself?
   This key will try to open (IR) and permission letter, and check if
   (IR) sent is same as (IR) received and permission letter before
   allowing the monitoring software to be installed and run. Further
   it can do periodic checking of (IR) and permission letter to run the
   monitoring software. This will minimize the requirement of the
   inspector as far as possible.

Any other better idea is welcome.