I would appreciate some views on interpretation of 11.200 Electronic signature components and controls.
At least two signature components (e.g. username/password) are required however on first signature during a session, would both need to be entered by the user or is it permissable to have the username pre-populated?
Both elements are saved for any signature events however the scenario is that the username is pulled from the initial login and uneditable with the password always being typed in by the user.
I’ve not seen or encountered anything that would preclude pre-populating the username field. In fact, the regulation says (when executing a series of signings in a single session) that only one component (essentially the password) is required. See 11.200(a)(1)(i).
I think it’s quite defensible. Hopefully others will share their thoughts.
I agree with Yodon. The regulation is clear that both identification components are required at the initial login [11.2(a)(1)], but that only the signature (i.e. password) is required during a continuous session [11.2(a)(1)(i)]. So after the initial login, the software will only prompt for a signature at the appropriate time/event.