Electronic Signatures - Non-Conformance - ISO 13485:2016

Tidge

Trusted Information Resource
And in response to @Tidge : I agree. Copy pasting a signature has so many ways it can go wrong it's just tragic. What I'm describing is not to take short-cuts with signatures, but evaluate whether you really (still) need them.

Fair enough. my opinion used to be similar to what you have written. However, I have seen that is practically trivial for any sort of 3rd party to find daylight between the (as written) goals and uniform practice. This is the sort of thing that is a key ingredient of a recipe for disaster. For one thing, "documented approval, documented records" is such a key feature of QMS it is impossible to say just how wide and deep a remediation effort is going to take.

Even in the (unlikely, in my experience) there is little divergence between policy and practice, this is precisely the sort of area that "no two people at the company will explain it the same way (to a third party)." Despite extremely serious efforts (including continuous training) on audit prep, I have still observed folks at all levels of the struggle to explain common practices whenever there is any element of subtlety. I have also observed the (shockingly unfortunate) circumstance of a senior person refuse to attest that he wrote a report simply because his signature didn't appear on it with his name, despite EVERYONE knowing he wrote it. While slightly different in scale, I doubt that MWER is assuming full accountability for every unsigned process step at a manufacturer without signatures.
 

Jean_B

Trusted Information Resource
Yep, as ever the characters forming the culture eat strategy, policy, procedure and record for breakfast, lunch, dinner and midnight snack. I must remain a bit idealistic though, because I've seen so many disappointing things that it would get me down even further below sea level.
 

Jean_B

Trusted Information Resource
We don't use adobe sign but I think the Adobe Sign complies with the 21 CFR Part 11 as shown in the following PDF.

https://www.adobe.com/content/dam/c...ndbook-for-fda-regulated-organizations-ue.pdf

To be the explicit nit-picker: If Adobe Sign is installed as off-the-shelf, and configured in a manner concordant with the paper you described, validated to be so, then it is a part of part 11 compliance. There are things that cannot be done by the software system, mainly initial authentication of identity when assigning account and access safekeeping.
 

BradM

Leader
Admin
Hey all!! Great discussion here!!

My input only... there is something specific about using images for signatures. I don't believe that is considered an "electronic signature". So it has to be controlled in other fashions. And the controls needed to do that.... I don't know if it is going to be worth it.

This is a presumptuous statement so it's fully up to being challenged... but being able to electronically sign and folks working from home, isn't going to fade away, but grow. I suggest your organization needs to accept that if they are going to work in an FDA environment, they're going to need to invest in esignatures.

Ok... if most all the employees have at least Adobe reader, then can apply signatures to documents. Your company need only invest in a signature client to integrate with Adobe. I believe links have already been provided in here.

Does this sound like it could work for you?
 

Johnnymo62

Haste Makes Waste
To be the explicit nit-picker: If Adobe Sign is installed as off-the-shelf, and configured in a manner concordant with the paper you described, validated to be so, then it is a part of part 11 compliance. There are things that cannot be done by the software system, mainly initial authentication of identity when assigning account and access safekeeping.

I thought Adobe uses password protection for e-signature and there is a statement in the signature block authenticating it.
 

Jean_B

Trusted Information Resource
Detection of computer screen with a password post-it on it wasn't in the last update I think. And which AI says that active directory account in the name of the CEO actually belongs to the CEO?
 

Raisin picker

Quite Involved in Discussions
We do use e-signature. You need:
- a card reader (~ 50-100€, per person)
- a software (don't know price tag, but should be reasonable), adds to right click file menu
- a signature card (~ 100 €/a, or more, per person), was in our case verified by post-ident (post office clerk compared personal ID card [every German has one] to person and approved that directly to issuer of signature card)

I use this daily, literally. You need to type your pin code every time. Signature is then integrated in PDF files (could also be separate for other file types), and verified by adobe reader and other tools. Works for us, so far with all auditors.
And you can use an image of your signature along with the digital signature.
 

Woodstock

Registered
If budgetary constraints limit the use of DocuSign/Adobe Sign, but technological skills are available, an image of a signature is a file. Files can have checksums calculated against them and stored in secrets management applications. Applied signature images (read: checksums) can easily be compared to the stored checksums at the time of signing and persisted for auditability.
 

Tidge

Trusted Information Resource
If budgetary constraints limit the use of DocuSign/Adobe Sign, but technological skills are available, an image of a signature is a file. Files can have checksums calculated against them and stored in secrets management applications. Applied signature images (read: checksums) can easily be compared to the stored checksums at the time of signing and persisted for auditability.

I'm not sure that this proposal satisfies the intent of electronic signatures; it certainly isn't a workable model. I can't imagine organizations that can't afford (or unwilling to adopt) an Adobe sign are going to establish a blockchain-like approach to electronic signatures.
 
Top Bottom