Jump to content

Electronic Signatures



  • Bert
    21/06/2018 09:11
    Dear All, Can you please confirm that if we capture signatures electronically on monitoring visit reports, these signatures have to meet the requirements of 21 CFR part 11, even if these records are not submitted to FDA? And if so, we need to send a certification to FDA stating that our organisation is using e-signatures? Many thanks, Bert
  • Matt Jones - Chair DIGIT Committee
    21/06/2018 09:45
    Dear Bert, If you are using e-signatures you should always send the attestation to the FDA (The address is on current 21 CFR Part 11 document). Even though the scope and guidance documents states that there are priorities for enforcement of 21 CFR part 11, it is strongly recommended that any documentation required by section 8 of ICH GCP and within the monitoring section 5.18.6 has a robust signature mechanism, they would expect the same level of confidence in the e-signature as a wet signature in the paper process. Other regulators including EMA and MHRA would also look for equivalence to the original process, so it wouldn't only be the FDA looking for the requirement of having a valid and appropriate electronic signature. Best wishes Matt
  • bert
    21/06/2018 12:02
    Thanks a lot Matt. That's clear :-).
  • elma asheley
    03/01/2019 04:25
    Very helpful reply by Matt
  • Anon
    09/01/2020 14:44
    Dear experts, dear all, At our company we would like to introduce the Adobe Sign feature to digitally sign off on PDF documents, including essential study documents. While you can find different documents online explaining how Adobe Sign can comply with 21 CFR part 11, I'm wondering if this type of documents are sufficient for us as a company to demonstrate 21 CFR part 11 compliance? If not, which route do we need to take to be able to demonstrate compliance? Many thanks, Bert
  • Dean Harris - DIGIT Committee Member
    10/01/2020 09:17
    Unfortunately, these types of documents from solution vendors are not sufficient to demonstrate 21 CFR part 11 compliance on their own. There are certain requirements of part 11 that frequently would be outside of the control of a solution vendor and are therefore the responsibility of your organisation. For example: 11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records. 11.10(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification. Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual. 11.100(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional hand written signatures. As such, there will usually need to be procedural controls to put in place and then validation activities to perform. Dean
  • Anon
    10/01/2020 09:21
    Thanks a lot Dean! Much appreciated.
  • Anon
    16/01/2020 09:34
    Hi Dean and others, Based on your experience, is this often checked by auditors/inspectors i.e. that you have submitted this notification to FDA and that you have documentation in place to demonstrate that Adobe Sign is implemented in your organisation to ensure 21 CFR part 11 compliance? Thanks a lot!
  • Dean Harris - DIGIT Committee Member
    17/01/2020 12:28
    From my personal experience, I have not known many auditors/inspectors actually ask to see a copy of the FDA letter but it has been asked for. Ultimately, sending the letter is a simple as writing a letter (or email) to the FDA Office of Reginal Operations stating: RE: Electronic Signature Certificate Statement. To who it may concern: Pursuant to Section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that [COMPANY NAME], intends that all electronic signatures executed by our employees, agents or representatives, located anywhere in the world, are the legally binding equivalent of traditional hand-written signatures. Sincerely yours [NAME, POSITION]. In general, my experience has been that auditors/inspectors want to see that: 1. electronic signatures have the same legal consequences as a hand-written signature at least within the boundaries of the facility/site. 2. electronic signatures are permanently linked to their respective record(s). 3. electronic signatures include the time and date that they were applied. 4. electronic signatures allow the identification of the signatory and the meaning of the signature. 5. password re-entry is required for an electronic signature. As such, these would also be the items I would focus any additional verification of as part of a risk-based approach to validating a system that uses electronic signatures.
  • Bert
    04/02/2020 12:01
    Dear All, One questions specifically regarding this attestation to the FDA. I'm currently in discussion with a company that tells me they don't need to send out this attestation since it's written in their Law that e-signatures are considered as an equivalent to hand written signatures. Hence, it's determined by Law and there is no need to inform FDA. How do you feel about this? Many thanks, Bert
Reply to Thread
« Previous | Page 1 of 2 | Next »