Hi,
This one is regarding signatures on records and reports generated by an application.
Let us take an example of a purchase order (PO) being raised with a workflow. The initiator raises a request, forwards it for approval and the approver approves the same after provision of electronic signature password.
Now a print of the PO is taken with the initiator’s name and the approvers name and a note saying that the record is electronically signed and needs no manual signatures.
As of my knowledge, the above case is OK.
Another case where a few reports are generated that only provide some information but could also be used to a few decisions.
For example,
A stock report. The report gives the current stock of all the items in the inventory. If incase an item is low in inventory a decision to raise a PO for the same is taken. But how can this report be taken as authenticate without a sign on the same. If this report is to be handled online or as a hard copy what sort of authenticity is to be provided to the report.
Because the inventory changes over many transactions and not one transaction.
[quote=phani]Hi,
Let us take an example of a purchase order (PO) being raised with a workflow. The initiator raises a request, forwards it for approval and the approver approves the same after provision of electronic signature password.
Now a print of the PO is taken with the initiator’s name and the approvers name and a note saying that the record is electronically signed and needs no manual signatures.
As of my knowledge, the above case is OK.
[/quote]
This sounds correct but be careful what is your master copy the paper or electroinic record. In my view its the electronic copy. If the paper record is lost misplaced the user can always go back to the system and retrive the record as its the master copy.
Dear Graham,
The reply is not clear to me. What authenticity can be provided to the reports as such so as to proove that the report is authentic.
Another point I would like to ask is taking the first case of the PO generation and approval, is it ok if we keep a note ‘this is an electronically signed document…’ on the printed PO, in case we do not have the option of electronic signature provision during the approval of the same but the PO is approved through a workflow.
[quote=phani]Dear Graham,
The reply is not clear to me. What authenticity can be provided to the reports as such so as to proove that the report is authentic.
[/quote]
Well the proof that the report is authentic is the fact that you are working with a fully validated system. I assume it has been validated?
[quote=phani]
Another point I would like to ask is taking the first case of the PO generation and approval, is it ok if we keep a note ‘this is an electronically signed document…’ on the printed PO, in case we do not have the option of electronic signature provision during the approval of the same but the PO is approved through a workflow.
I hope I am clear with my query.[/quote]
I’m a little confused on this point, why mdo you want to keep a note saying that this is an electonically signed document on the printed PO, the reason you are validating your system is that you can approve documents electonically.
In case you do not have the option of electronic signatures your system will then be deemed a hybrid system where you will state on the URS that the system will perform XY or Z but that the sign off will be a hand written signature.
Please expand further if I am missing the point here.
Dear Graham,
My question here is that can a record be regarded as an electronically signed and approved if only approved thourgh a workflow (without the check that the appropriate user is approving the same). i.e. the approver will not provide any authentication by means of a password etc. at the time of approval.
Now if I have to use the hard copy of such a record, can I use it without the manual signatures.
[quote=phani]the approver will not provide any authentication by means of a password etc. at the time of approval.
[/quote]
Then it cannot be regarded as an electronic signature. Do you mean that when the person logs in and performs a certain task that it is linked to his/her log-in?
For this record to have an electronic signature first the person would need to log in in terms of security to access the system. Then if they were performing such a task as approving a document then they would need to enter a username password combination again to commit their signature to that task.
I have seen it happen where the electronic signature was not available ina system but it was written into the SOP that once someone had entered the system their username would be assocaited with certain tasks even if they did not have to re-enter their username password combination again.
Not sure if this makes sense to you but hope it helps