Electronic Signatures - Non-Conformance - ISO 13485:2016

Syllica

Starting to get Involved
#1
Hello everyone,
Recently a 3rd party audited us and we received a non-conformance for using images of signatures to document approval of processes such as CAPA actions and change controls.
The organization uses images of signatures to document approval of processes such as CAPA actions and change controls. According to interviewee, at the end the area Manager approves the form to validate the previous signatures. Record integrity per ISO 13485:2016 (4.2.5) shall be maintained, applying uncontrolled signature images prevents the assurance of the record integrity. Control of records also include control of electronic records, which includes access, storage, reproducibility, readability, audit trails and electronic signatures as appropriate.
We have up until November to respond and unfortunately, the company does not have much an appetite to invest in e-signatures, so e-signatures are not much of an option for us at this time.
Given that there is this evidence and the company doesn't want to invest, I am at a loss. Are there any alternatives/corrections? What would be the recommended next steps in answering to this?
 
Last edited:
Elsmar Forum Sponsor

blackholequasar

The Cheerful Diabetic
#3
Uh-oh! Not a great situation to be in... I would say that since the company does not want to invest in e-signature software, perhaps you could try to align to 21 CFR Part 11 and file notice - IF you are able to meet those requirements.
If not, then, you'll have to tell the company that they will not longer be able to use the image signatures and will have to hand-sign everything.
 

Syllica

Starting to get Involved
#4
When posting about an audit nonconformity, it's best to give us the full text of the auditor's NC statement.
Hi Jim, thanks for your reply.
I quoted the auditor's statement right after I posted so it probably didn't show up right away.
I added just a little bit more, but not much different.
3 Measurement Analysis and Improvement
3.1 Corrective and Preventive Action

•Quality Manual
•Internal CAPA program
•TUV 13485:2016
•Certificate SX 60152433 0001
•Overseas facility certificate MD85963 with scope including the sterilization of medical devices in accordance with EN ISO 11137-1:2015
•CAPAs
•Feb 24, 2021 Management review meeting minutes
•Recall ID (FDA)
•Change control records
•Quality Records Maintenance and Good Documentation Practices Procedure

The requirements audited were:
•8.5.2, 8.5.3, 820.100

Requirement:
8.5.2, 8.5.3, 820.100, 4.2.5

NC -There are multiple processes that have a CAPA such as:
•Training
•CAPA
•Electronic signatures

The organization uses images of signatures to document approval of processes such as CAPA actions and change controls.
Evidence: Feb 24, 2021 Management review meeting minutes, CAPAs, Change control record. The organization uses images of signatures to document approval of processes such as CAPA actions and change controls. According to interviewee, at the end the area Manager approves the form to validate the previous signatures. Record integrity per ISO 13485:2016 (4.2.5) shall be maintained, applying uncontrolled signature images prevents the assurance of the record integrity. Control of records also include control of electronic records, which includes access, storage, reproducibility, readability, audit trails and electronic signatures as appropriate
 

blackholequasar

The Cheerful Diabetic
#5
I suppose that 4.2.5 does apply to the protections of the document... I imagine anyone can drop the signature image and therefore has no control?
 

Syllica

Starting to get Involved
#6
Uh-oh! Not a great situation to be in... I would say that since the company does not want to invest in e-signature software, perhaps you could try to align to 21 CFR Part 11 and file notice - IF you are able to meet those requirements.
If not, then, you'll have to tell the company that they will not longer be able to use the image signatures and will have to hand-sign everything.
Thank you for your reply. A reason we were doing images is that we were and currently still are working from home. Majority of the employees do not have a printer/scanner, so employees were using images for their signatures. Some of our SOP's actually state how signatures must be captured but with the pandemic, it ended up resulting in that alternative.
 

blackholequasar

The Cheerful Diabetic
#7
What we did, in a very similar situation to this, was stated that the employee log-in is a safety feature in which the signature image is secure in lieu of scanning... From what I recall, our auditor gave us a pass on it because of the situation (it was in FL and there were hurricanes) - perhaps the same could be said for your processes if you can prove the image files are not accessible by any other employee?
 

Syllica

Starting to get Involved
#8
I suppose that 4.2.5 does apply to the protections of the document... I imagine anyone can drop the signature image and therefore has no control?
Yes, that's what happens. For example, our CAPA forms have signature approval's in a few areas throughout the process and you can take your signature image and attach it if you are an approver. One section has a approval signature requirement for a QA designee and CAPA Lead in the initiation of a CAPA.
 

Syllica

Starting to get Involved
#9
What we did, in a very similar situation to this, was stated that the employee log-in is a safety feature in which the signature image is secure in lieu of scanning... From what I recall, our auditor gave us a pass on it because of the situation (it was in FL and there were hurricanes) - perhaps the same could be said for your processes if you can prove the image files are not accessible by any other employee?
Oh this is quite interesting! Hmm, proving that the image files are not accessible is something to really think about.
You said that you stated this to the auditor, did you update your procedure to say this and to say show you prove these images are not accessible?
 

Tidge

Trusted Information Resource
#10
Here is a simple smell test: Is it possible for one associate to apply another associate's signature image? If it is possible, then this is a serious non-conformance, at least with respect to the FDA (11.70, 11.200). For medical device manufacturers, the element of the QSR brought into question is 820.40 (document controls).
 
Thread starter Similar threads Forum Replies Date
K Is implementing Electronic Signatures a Significant Change to the QMS? ISO 13485:2016 - Medical Device Quality Management Systems 10
D Question on electronic signatures and initials on batch records ISO 13485:2016 - Medical Device Quality Management Systems 3
D Advice on capturing electronic signatures ISO 13485:2016 - Medical Device Quality Management Systems 8
R Electronic handwritten signatures for approvals - Signed with a Stylus or a Finger Document Control Systems, Procedures, Forms and Templates 2
P FDA inspections and electronic signatures Other US Medical Device Regulations 2
K 21 CFR Part 11 Biometrics for electronic signatures Other US Medical Device Regulations 2
S 21 CFR 11 - Require paper and hand signatures not electronic Other US Medical Device Regulations 2
F Electronic Signatures (21CFR Part 11) - Must They Appear on Printed Documents Document Control Systems, Procedures, Forms and Templates 9
J Unsigned Certification of Conformance (Electronic Signatures) Records and Data - Quality, Legal and Other Evidence 8
D FDA 21 CFR Part 11 Compliant Digital (electronic) Signatures Document Control Systems, Procedures, Forms and Templates 7
R 21 CFR Part 11: Electronic Signatures Qualification and Validation (including 21 CFR Part 11) 12
Ron Rompen Computerized Electronic Signatures on Inspection Records Records and Data - Quality, Legal and Other Evidence 8
M Original written signatures vs. Copies/scans/faxes/electronic documents US Food and Drug Administration (FDA) 24
I Could We use electronic signatures rather than manual sign offs? ISO 13485:2016 - Medical Device Quality Management Systems 8
K Question about paperless signature - Electronic signatures in outlook emails ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K Document Approvals and 21 CFR 11 - Electronic signatures and approvals Qualification and Validation (including 21 CFR Part 11) 6
K Application of Electronic Records & Signatures in Calibration Management Software Document Control Systems, Procedures, Forms and Templates 0
M Date Stamping for Electronic signatures Qualification and Validation (including 21 CFR Part 11) 3
G Validation of Electronic Signatures on Multiple Servers Document Control Systems, Procedures, Forms and Templates 13
J 21 CFR Part 11 - Securing Electronic signatures using Adobe Acrobat Qualification and Validation (including 21 CFR Part 11) 1
Q Should electronic copies of Procedures show the approval signatures? Document Control Systems, Procedures, Forms and Templates 5
D Document Control - How can I switch to electronic signatures? Document Control Systems, Procedures, Forms and Templates 12
C Electronic Nonconformance and CAR signatures - Are actual signatures required? Document Control Systems, Procedures, Forms and Templates 2
J Electronic Signatures - We're trying 1" x 5" Digital Sign-on Pads Like UPS's Document Control Systems, Procedures, Forms and Templates 14
T Managing approval of Level II procedures - Moving to Electronic Signatures Document Control Systems, Procedures, Forms and Templates 17
Marc Electronic Records and Signatures - 21 CFR Part 11 Records and Data - Quality, Legal and Other Evidence 3
H Electronic care product on patient bed side - Flammability requirements (62368-1) Hospitals, Clinics & other Health Care Providers 0
blackholequasar Price Gouging? (Electronic components) Manufacturing and Related Processes 9
H Prodigit DC Electronic Load - Drawing current but showed 0 on the screeen Manufacturing and Related Processes 0
M Design Control - Management of Electronic CAD files Design and Development of Products and Processes 14
M Correcting Electronic QMS Records AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Electronic forms QMS Document Control Systems, Procedures, Forms and Templates 12
S Reporting REACH - Electronic components distributor REACH and RoHS Conversations 5
K ISO 13485 and compliance of electronic signature ISO 13485:2016 - Medical Device Quality Management Systems 5
M MDR - eIFU - When you can supply an electronic IFU instead of a paper IFU EU Medical Device Regulations 6
C Shelf life electronic components 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
C Cleaning of electronic transmitter Other Medical Device Related Standards 2
D Preservation of Electronic Data / Information Technology ISO 13485:2016 - Medical Device Quality Management Systems 5
M Is IEC 60601-1-2 required by FDA for all electronic medical devices? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
Anonymous16-2 21 CFR Part 11 - Steps to take if we want to validate an electronic system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
R Electronic and hand-written footnotes for GDP Document Control Systems, Procedures, Forms and Templates 1
A 21 CFR part 11 - section 11.100 - Electronic Signature Certification Other US Medical Device Regulations 6
qualprod From paper to Electronic (records) in the QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S FDA's E submitter - For clinical electronic thermometer Medical Device and FDA Regulations and Standards News 6
J Integrity of electronic digital records - Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 4
T Electronic ECO/ECR Process - Software recommendations Document Control Systems, Procedures, Forms and Templates 3
M Informational EU – DSVG 03 – Cardiac Implantable Electronic Devices (CIED) – Guidance on the vigilance system for CE-marked medical devices Medical Device and FDA Regulations and Standards News 0
D Benefits of electronic QMS software Software Quality Assurance 5
M Informational US FDA Draft Guidance – Providing Regulatory Submissions for Medical Devices in Electronic Format – Submissions Under Section 745A(b) of the Federal F Medical Device and FDA Regulations and Standards News 0
WEAVER Electronic Weighing Scale Calibration Tolerance Manufacturing and Related Processes 1

Similar threads

Top Bottom