[b]Electronic Signatures Explained
Electronic signature means a computer data compilation of any data or symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. 21 CFR Part 11.3(7)
The application of an electronic signature refers to the act of affixing, by electronic means, a signature to an electronic record. Part 11 references two types of nonbiometric-based electronic signatures: password/userid combination-based signatures and digital signatures.
1. There are some basic elements to be considered:
- An electronic signature solution must make electronic signatures secure through the use of a copy protection mechanism that makes it impossible to copy, cut or paste signatures and audit trails from an approved record. This is an element that is necessary in order to ensure the integrity of digitally signed records.
- In an electronic environment, an electronic signature on an electronic record must carry the same legal weight as an original signature on a paper-based document.
2. The electronic signature process involves:
- Authentication of the signer
- A signature process that complies with the system design and software instructions specified
- The binding of the electronic signature to the electronic record
- Non alterability after the signature has been affixed to the electronic record
3. The controls applicable to electronic signatures include:
- Uniqueness of the signature
- Signature record linking
- Electronic signature security
- Password management (assignment, removal, loss management, aging)
4. Electronic signature manifestation
The electronic signature must be displayed in human readable from, including printouts and video displays:
- Immediately after the signature is executed
- After displaying a signed record
- When printing signed electronic record
- Password management (assignment, removal, loss management, aging)
5. Multisigning
When an individual executes one or more signings that are not performed during a single, continuous period of controlled system access, each signing must be executed according to the following:
- First signing: using both the userID and password components
- Second and subsequent signings during a period of a continuous, controlled access: either re-entry of the password alone or using both the userID and the password components
- One signature can be applied to multiple data entries on a screen as long as the items that the signature applies to are clearly indicated
Password based signatures
Part 11.300 allows the use of password-based signatures. There are two password based authentication schemes: static passwords and dynamic passwords. The same password combination used for authentication may also be used for an electronic signature. The affixing of a signature to a record should be an affirmative act that is deliberate, unique, and independent of the authentication process, and that serves the ceremonial and approval functions of a signature and establishes the sense of having legally consummated the transaction.
The record/signature linking using password based signatures is either centered on the use of software locks, the storage of the electronic signature in a database table separate from it’s associated record, or the storage of the signature within the subject electronic record.
[/b]electronic record.