Part 11 Compliant Digital Signature Requirements - Sharepoint

M

Micked

Hi,


I have come across a software package for digital signatures, that is said to be part 11 compliant. The company has lots of customers in the medical device industry.

The package works fine, except for the following:
When signing digitally, the system prompts for an additional password. Just as it is supposed to do.

But there is a backdoor...
There is a possibility to go into the configuration menu and turn off the prompting for an additional password. The deficiency is that the configuration menu is not password protected. The setting can be changed by anyone.

The protection of the signature is based on the screen lock functionality, and metadata created in Sharepoint where the signatures are stored.
This implies that the non-repudiation of the signature may be questioned. The supplier of the software package is not worried at all about this issue.
What do you fellow cavers think?
Is this acceptable by a part 11 compliant digital signature package?
 
M

MIREGMGR

As you describe it, it sounds problematic. What's the supplier's argument as to why it's not of concern?

Can the supplier provide references that you can check, i.e. other FDA-regulated companies that you regard as regulatorily proactive and competent, and perhaps reputable third party auditors that have qualified the package?
 
Top Bottom