Hoping people can share how they handle electronic signatures, and more generally electronic systems access.
Is there one system administrator with complete control? ...or are administration rights compartmentalized somehow to ensure security?
Presently, for our (simplistic) system, we have a single administrator, which seems to work fine for us...
But now I'm re-reading the US FDA's 21 CFR Part 11 regulations and notice the following (11.200):
"(a) Electronic signatures that are not based upon biometrics shall:
...
(3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals...."
(emphasis added)
I'm curious how others handle this? Because the system administrator has ultimate control over system access, they could technically forge an electronic signature without the "collaboration of two or more individuals".
Is there one system administrator with complete control? ...or are administration rights compartmentalized somehow to ensure security?
Presently, for our (simplistic) system, we have a single administrator, which seems to work fine for us...
But now I'm re-reading the US FDA's 21 CFR Part 11 regulations and notice the following (11.200):
"(a) Electronic signatures that are not based upon biometrics shall:
...
(3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals...."
(emphasis added)
I'm curious how others handle this? Because the system administrator has ultimate control over system access, they could technically forge an electronic signature without the "collaboration of two or more individuals".
Last edited: