Reply to Thread
Dear All, Can you please confirm that if we capture signatures electronically on monitoring visit reports, these signatures have to meet the requirements of 21 CFR part 11, even if these records are not submitted to FDA? And if so, we need to send a certification to FDA stating that our organisation is using e-signatures? Many thanks, Bert
Matt Jones - Chair DIGIT Committee
If you are using e-signatures you should always send the attestation to the FDA (The address is on current 21 CFR Part 11 document).
Even though the scope and guidance documents states that there are priorities for enforcement of 21 CFR part 11, it is strongly recommended that any documentation required by section 8 of ICH GCP and within the monitoring section 5.18.6 has a robust signature mechanism, they would expect the same level of confidence in the e-signature as a wet signature in the paper process.
Other regulators including EMA and MHRA would also look for equivalence to the original process, so it wouldn't only be the FDA looking for the requirement of having a valid and appropriate electronic signature.
Thanks a lot Matt. That's clear :-).
Very helpful reply by Matt
Dear experts, dear all,
At our company we would like to introduce the Adobe Sign feature to digitally sign off on PDF documents, including essential study documents. While you can find different documents online explaining how Adobe Sign can comply with 21 CFR part 11, I'm wondering if this type of documents are sufficient for us as a company to demonstrate 21 CFR part 11 compliance? If not, which route do we need to take to be able to demonstrate compliance?
Dean Harris - DIGIT Committee Member
Unfortunately, these types of documents from solution vendors are not sufficient to demonstrate 21 CFR part 11 compliance on their own. There are certain requirements of part 11 that frequently would be outside of the control of a solution vendor and are therefore the responsibility of your organisation.
11.10(a) Validation of systems to ensure accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.
11.10(j) The establishment of, and adherence to, written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification.
Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.
11.100(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional hand written signatures.
As such, there will usually need to be procedural controls to put in place and then validation activities to perform.
Thanks a lot Dean! Much appreciated.
Hi Dean and others,
Based on your experience, is this often checked by auditors/inspectors i.e. that you have submitted this notification to FDA and that you have documentation in place to demonstrate that Adobe Sign is implemented in your organisation to ensure 21 CFR part 11 compliance?
Thanks a lot!
Dean Harris - DIGIT Committee Member
From my personal experience, I have not known many auditors/inspectors actually ask to see a copy of the FDA letter but it has been asked for. Ultimately, sending the letter is a simple as writing a letter (or email) to the FDA Office of Reginal Operations stating: RE: Electronic Signature Certificate Statement.
To who it may concern:
Pursuant to Section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify that [COMPANY NAME], intends that all electronic signatures executed by our employees, agents or representatives, located anywhere in the world, are the legally binding equivalent of traditional hand-written signatures.
Sincerely yours [NAME, POSITION].
In general, my experience has been that auditors/inspectors want to see that:
1. electronic signatures have the same legal consequences as a hand-written signature at least within the boundaries of the facility/site.
2. electronic signatures are permanently linked to their respective record(s).
3. electronic signatures include the time and date that they were applied.
4. electronic signatures allow the identification of the signatory and the meaning of the signature.
5. password re-entry is required for an electronic signature.
As such, these would also be the items I would focus any additional verification of as part of a risk-based approach to validating a system that uses electronic signatures.
One questions specifically regarding this attestation to the FDA. I'm currently in discussion with a company that tells me they don't need to send out this attestation since it's written in their Law that e-signatures are considered as an equivalent to hand written signatures. Hence, it's determined by Law and there is no need to inform FDA. How do you feel about this?
| Page 1 of 2 |