Hello All - We are using AdobeSign for electronic signatures and was wondering how to validate it to meet the requirements of 21 CFR 11. Is validation even necessary since it is an off-the-shelf software?
Yes, you will need some level of validation, either performed yourself or evidence from Adobe that it is validated to Part 11. In particular, you need to check that when signing or accessing the files, you need to provide secure identification, including ID and password each time. Many systems do not do this.
FYI, I use DocuSign which has a specific 21CFR Part 11 module in addition to the standard modules.
From the top of that page:
"Adobe offers a package of validation document templates to assist Adobe Sign customers in documenting compliance with FDA’s 21 CFR Part 11 regulatory requirements pertaining to electronic signatures. These templates are designed to be adapted and executed by customers according to their internal compliance validation strategy procedures and governance as well as assist in establishing documented evidence that their system is fit for its intended use."