Documents Approved via Email

P

pandora412

We are a paper based QMS in medical devices. Due to the nature of our business, our regulatory consultants are off-site. When we have a document that requires regulatory approval, we consider their email reply the signature. Our Notified Body has just told us to consider that this might be a violation of CFR Part 11. Is an email approval acceptable?
 

Kales Veggie

People: The Vital Few
R

rclanzillotto

Not a simple yes or no - prepare a validation report or a procedure that accounts for CFR 11 requirements
 

sagai

Quite Involved in Discussions
I have seen this practise, actually it was passed several FDA audits, so ... my opinion is that this is faaar not compliant with part11, however practise my dictate otherwise.
The other angle on this subject is that I have never came across any warning letter for device manufacturer claiming part11 breach. The closest kind of I have seen was about validation of process software (820.70(i)).
Cheers!
 

yodon

Leader
Super Moderator
You've already said you're a paper based company so take part 11 is out of the picture and figure out how to show approval on the hardcopy.

What I've seen most often is that the off-site approver signs a copy of the signature page and scans / faxes it in. A hardcopy is made and attached to the official record.

I suppose it could be argued that the copy the off-site reviewer approved is not the same as the one approved by everyone else but the same argument can be made for any hardcopy-based system. So far, I haven't seen the above approach questioned by regulators / auditors (FDA or ISO).
 
P

PBuckley

Have you considered using Adobe Acrobat as a means of gathering electronic signatures?

I came from a paper based company as well, but recently have started a position where all document reviews are performed on PDF's generated from the original source documents, (usually Word documents but not always). When sent for a shared review, comments and edits to the documents are made on the PDF document, and are visible to all other reviewers. After the review cycle is completed, the source document can be updated and sent out again as a PDF for approval with a digital signature. The signature can be certified since it is password protected, and can only be generated by the person who set it up.

Search Adobe Acrobat 11 Pro for more information.

Good luck!!
 
P

pandora412

Thank you all for your tips. I like the Acrobat approval approach. We used to do the fax/scan/email approach, but the person we are working with doesn't always have access to the required peripheral equipment and we often need approvals faster than he can comply with our requests. In the short term, we will have to go back to this method, though.

Again, this is my first time posting here...so I am thoroughly grateful for all your responses!:applause:
 

Mark Meer

Trusted Information Resource

I don't see anything in this guidance that explicitly rules out email as a possible method of document approval.

Except, perhaps for FDA 21 CFR 11.200(a)(1):

"(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components."


Typically, people have their systems "remember" their email login credentials, which wouldn't comply. ...that being said, in most cases there is access required to the terminal (e.g. computer, smart-phone...) that must be input in order to access the email....

Have you considered using Adobe Acrobat as a means of gathering electronic signatures?

Software solutions such as Adobe Acrobat may also not be appropriate for the same reason above. People can have their computer "remember" their credentials...
 
Top Bottom