Suggestions for Electronic Signature Software (FDA 21 CFR Part 11 Compliant)

Mark Meer

Trusted Information Resource
#1
Can anyone suggest a software solution for applying FDA CFR Part 11 compliant electronic signatures that:
1. Is simple to implement; and
2. Isn't going to break the bank.

We're a small organization (< 10), however, people are often travelling or otherwise unavailable for handwritten signatures, so a reliable electronic signature solution would be very useful.

I've done some preliminary searching around, but the prices are pretty staggering. For example, Adobe Sign, requires $25USD per person per month. Given that we only need to sign things every now and then (and only then require electronic signatures infrequently), such a cost is difficult to justify...

Another feature that would be nice is some developer/vendor documentation regarding validation against the Part 11 requirements.

Can anyone kindly share the solutions they have experiences with? Pros/cons, suggestions, etc...?

Thanks in advance,
MM.
 
Elsmar Forum Sponsor

Sam Lazzara

Trusted Information Resource
#2
Hello Mark,

This is not the answer you are looking for but I thought this may interest some people.

Most of my clients are very small organizations (2 to 10 people) and we do not employ electronic signatures. Instead, when we require signatures (to meet FDA requires for document control for example), we use simple smartphone/tablet apps. These apps typically work best by emailing the document to the signers. They open the email attachment in the app, sign and date using a stylus, and email the document back from within the app. My favorites app is SignNow. It can accept any MS Word document and it returns a signed/dated PDF document. Other apps like the native signing app in IOS requires the email attachment to be a PDF.

Most people might think of this as an electronic signature but I am pretty sure it is a "handwritten signature" as defined by FDA.

HANDWRITTEN SIGNATURE (US 21 CFR Part 11): The scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.

ELECTRONIC SIGNATURE (US 21 CFR Part 11): A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.

Regarding your question, one of my client's has been using DocuSign since their early days, and I helped them validate it by reviewing/critiquing their protocol. DocuSign provides very good Part 11 guidance, accessible from this link: How the DocuSign Part 11 Module fits with 21 CFR Part 11 - New DocuSign Experience | DocuSign Support Center

If any software company claims their e-signature solution is 21 CFR Part 11 compliant, they are full of it. Many/most of the requirements are outside of their control. DocuSign does a good job explaining the obligations of the user organization to achieve Part 11 compliance.
 

Mark Meer

Trusted Information Resource
#4
...They open the email attachment in the app, sign and date using a stylus, and email the document back from within the app. My favorites app is SignNow. It can accept any MS Word document and it returns a signed/dated PDF document. Other apps like the native signing app in IOS requires the email attachment to be a PDF.

Most people might think of this as an electronic signature but I am pretty sure it is a "handwritten signature" as defined by FDA.

HANDWRITTEN SIGNATURE (US 21 CFR Part 11): The scripted name or legal mark of an individual handwritten by that individual and executed or adopted with the present intention to authenticate a writing in a permanent form. The act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark.
...
Thanks for sharing your input Sam. I've also considered this (given everyone has a touch phone and/or touch tablet or laptop these days).

As you point out, it appears that simply opening a PDF in, for example, Adobe Reader (free), and then using the Sign->Draw feature to scrawl a signature with their finger or stylus, then saving the PDF would suffice as a "handwritten signature" according to the FDA?

I can't argue with your logic, given the 21CFR11 wording...it just seems strange that this doesn't require any additional controls, yet if a signature is placed (using the same software tool) all the other controls (authentications, date/time, meaning,...) are suddenly required. Seems terribly inconsistent, and makes me wary that the solution might be "too easy"...

Has anyone else adopted such an easy & free solution with respect to signing documents electronically?
 
#5
My company uses a Sharepoint based system that is configured to be FDA compliant. You have to put your password in at every change or revision of a document. The password acts as your signature.

If I remember correctly this functionality is built into SharePoint and if you are already paying for Office 365 for your employees you have access to SharePoint. Might be the cheapest option money wise but not time wise. SharePoint is not the easiest thing to set up or manage, however, it has gotten much easier in the last few years.
 

Attachments

Mark Meer

Trusted Information Resource
#6
Adobe Acrobat Reader DC (free) can apply Digital Signatures...if setup correctly, would this suffice?

It seems that the Digital Signatures applied might be setup to meet requirements of Part 11's Electronic Signatures. I'm just not sure of the following:

1. 21 CFR 11.200(a)(1)(i) "When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual."

Our rationale is that the Windows operating system requires a user/password login, and this is considered the "continuous period", and the password setup in Adobe Reader is the "at least one electronic signature component". Personnel setup Adobe Reader on their personal computers so it is ensured that only they use it. Is this acceptable?

2. 21 CFR 11.200(a)(3) "[electronic signatures shall] Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals."

I'm not sure why this is a requirement. Is it not sufficient that NO ONE other than the owner can use a personal electronic signature? Why require that a collaboration of people can use a person's signature?

---

Thoughts? Anyone else using Adobe Acrobat Reader DC on personal computers to implement electronic signatures?
 

v9991

Trusted Information Resource
#7
Adobe Acrobat Reader DC (free) can apply Digital Signatures...if setup correctly, would this suffice?

It seems that the Digital Signatures applied might be setup to meet requirements of Part 11's Electronic Signatures. I'm just not sure of the following:

1. 21 CFR 11.200(a)(1)(i) "When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual."

Our rationale is that the Windows operating system requires a user/password login, and this is considered the "continuous period", and the password setup in Adobe Reader is the "at least one electronic signature component". Personnel setup Adobe Reader on their personal computers so it is ensured that only they use it. Is this acceptable?

2. 21 CFR 11.200(a)(3) "[electronic signatures shall] Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals."

I'm not sure why this is a requirement. Is it not sufficient that NO ONE other than the owner can use a personal electronic signature? Why require that a collaboration of people can use a person's signature?

---

Thoughts? Anyone else using Adobe Acrobat Reader DC on personal computers to implement electronic signatures?
we do use Adobe digital signatures for certain activities viz., audit reports etc., here's quick references
https://www.adobe.com/content/dam/acom/en/security/pdfs/adobe-sign-compliance-21CFRpt11-wp-ue.pdf

https://helpx.adobe.com/content/dam...ownload_section/download-1/21_cfr_part_11.pdf

Is Adobe Sign 21 CFR Part 11 Compliant?

Security @ Adobe | "This is legal, right?" – Electronic Signatures & The Law

https://www.globalsign.com/en-sg/resources/solution-datasheet-cds-healthcare-cfr21.pdf

it has its limitations for using same for laboratory records, which are primary records !!!,
 

Sam Lazzara

Trusted Information Resource
#8
Adobe Acrobat Reader DC (free) can apply Digital Signatures...if setup correctly, would this suffice?

2. 21 CFR 11.200(a)(3) "[electronic signatures shall] Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals."

I'm not sure why this is a requirement. Is it not sufficient that NO ONE other than the owner can use a personal electronic signature? Why require that a collaboration of people can use a person's signature?

---

Thoughts?
Hi Mark, regarding your question about 11.200(a)(3), I saw some guidance on that in this document:
https://www.perficient.com/-/media/files/guide-pdf-links/the-ultimate-guide-to-21-cfr-part-11.pdf

The subtext here is something like, “The system administrator and the individual’s supervisor would need to work together to use the individual’s signature.” This would only come into play if the individual who should have signed was unavailable (e.g., left the company, out on medical leave) and there was no workaround available.
 

Enka_Spy

Starting to get Involved
#9
Adobe Acrobat Reader DC (free) can apply Digital Signatures...if setup correctly, would this suffice?

It seems that the Digital Signatures applied might be setup to meet requirements of Part 11's Electronic Signatures. I'm just not sure of the following:

1. 21 CFR 11.200(a)(1)(i) "When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual."

Our rationale is that the Windows operating system requires a user/password login, and this is considered the "continuous period", and the password setup in Adobe Reader is the "at least one electronic signature component". Personnel setup Adobe Reader on their personal computers so it is ensured that only they use it. Is this acceptable?

2. 21 CFR 11.200(a)(3) "[electronic signatures shall] Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals."

I'm not sure why this is a requirement. Is it not sufficient that NO ONE other than the owner can use a personal electronic signature? Why require that a collaboration of people can use a person's signature?

---

Thoughts? Anyone else using Adobe Acrobat Reader DC on personal computers to implement electronic signatures?

I believe only paid version of AdobeSign is 21 CFR Part 11 compliant.
 

Mark Meer

Trusted Information Resource
#10
...The subtext here is something like, “The system administrator and the individual’s supervisor would need to work together to use the individual’s signature.” This would only come into play if the individual who should have signed was unavailable (e.g., left the company, out on medical leave) and there was no workaround available.
In this case though, why would you want to have the person's signature (or allow it)? This would not be possible at all with paper records, so why allow it (or, indeed, require it) with electronic records? If a person is unavailable, then another should be delegated and justified accordingly. This "workaround" still reeks of forging someone's signature...

I believe only paid version of AdobeSign is 21 CFR Part 11 compliant.
Curious: Aside from cloud stuff and notifications (unrelated to 21 CFR Part 11), what features does the paid version of AdobeSign have that the certificates system in the free version does not?
 
Thread starter Similar threads Forum Replies Date
V Electronic Document Control Software suggestions wanted Document Control Systems, Procedures, Forms and Templates 14
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
R Suggestions for putting together a DHF (Design History File) ISO 13485:2016 - Medical Device Quality Management Systems 4
J Textiles needed for home monitoring device - any suggestions? Other Medical Device Related Standards 1
Q Calibrated Equipment Managment Software Suggestions General Measurement Device and Calibration Topics 12
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
E CSR SHIPPING - Need suggestions for making SOP/WI for our shipping dept (automotive)... Customer and Company Specific Requirements 11
M Software Validation Guidance Suggestions Various Other Specifications, Standards, and related Requirements 6
Ron Rompen Dual level holes - Measurement method suggestions wanted General Measurement Device and Calibration Topics 9
E Best GD&T training - Your suggestions and recommendations please Training - Internal, External, Online and Distance Learning 3
O Suggestions for templates for formulating test plan for IEC 60601-1-2 4th ed CE Marking (Conformité Européene) / CB Scheme 0
S Need Continuous improvement Suggestions - Small (30 of us) all-CNC machine shop ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28
M How to Document Internal & External Communications - Suggestions/examples pls IATF 16949 - Automotive Quality Systems Standard 3
Q Suggestions for a "budget-conscious" Colorimeter Device Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
J Suggestions on Inadequate Resources in a Small Machine Shop Nonconformance and Corrective Action 2
T ISO 9001:2015 Training for Management Team in NM - Seeking Suggestions and Providers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Tools for Risk - ISO 9001:2015 - Suggestions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
A Suggestions for a UK based course in Process Auditing wanted Training - Internal, External, Online and Distance Learning 2
D Course / Conference suggestions to attend? Professional Certifications and Degrees 5
S Planning to appear for CQIA Examination - Tips and Suggestions ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 1
A Suggestions of Videos for Internal QUALITY Training Training - Internal, External, Online and Distance Learning 3
L Making a Medical Devices Registration Database - Help and Suggestions Wanted Other Medical Device and Orthopedic Related Topics 2
A Software Suggestions for Engineering Change/QMS Design and Development of Products and Processes 2
T "Customer Specific" Internal Audit suggestions needed Internal Auditing 12
A Audit report writing course - Suggestions wanted Internal Auditing 9
C Suggestions requested on handling batch record papers exposed to hormonal products Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 1
S Suggestions or advice on complying with ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 3
O Looking for IVD MD conference to attend, suggestions? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
P Suggestions on conducting Internal Audit of a new site Internal Auditing 15
T Suggestions for Internal Audit OFI for ISO 14001 Internal Auditing 2
B Suggestions for job interview regarding CCD's (Charge Coupled Device) Quality Tools, Improvement and Analysis 3
S Any suggestions for ASQ CPGP (Certified Pharmaceutical GMP Professional) exam prep? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 4
S Suggestions for a 100% Paperless Manufacturing Shop Floor Quality Tools, Improvement and Analysis 10
AmandaMusser Internal Calibration Process Suggestions General Measurement Device and Calibration Topics 6
N Suggestions for Management Review Presentation Management Review Meetings and related Processes 2
L ISO 13485 Document Control - Document Changes - Needing Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 1
K Process Writing Software Suggestions for Internal Procedures ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
hogheavenfarm Suggestions for next Professional Certification Professional Certifications and Degrees 11
M Suggestions for Textile Suppliers for use in Medical Devices Other Medical Device and Orthopedic Related Topics 5
E Empty Test Tube Storage - Suggestions Please Manufacturing and Related Processes 8
C Suggestions on Sample Plans for High Volume/Low Cost/Low Risk Components Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
C Suggestions for the RAC Regulatory Affairs Spring 2014 - US exam Professional Certifications and Degrees 1
Q Requirements and suggestions for ISO/TS 16949 Internal Auditor Preparation IATF 16949 - Automotive Quality Systems Standard 1
S Suggestions for Six Sigma Online Training Training - Internal, External, Online and Distance Learning 6
M Suggestions for Medical Device System Identification 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
S Looking for Air Sampler Suggestions Manufacturing and Related Processes 4
drgnrider Suggestions for conducting a Spill Clean-up Exercise Miscellaneous Environmental Standards and EMS Related Discussions 8
J Quality Standard as part of our version of PPAP - Suggestions APQP and PPAP 1
T Non Conformance Report Training Suggestions Training - Internal, External, Online and Distance Learning 5
S Establishing an MSA Plan and Justification Suggestions wanted Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 1
Similar threads


















































Top Bottom