Are You Compliant With the Latest Electronic Signature Guidelines?
Pharmaceutical companies, medical device manufacturers, and contract research organizations (CROs) must comply with regulatory requirements, including guidance on electronic signatures for the life sciences industry. However, many companies are still unaware of these regulations and therefore are not compliant with this guidance.
ISO, US, and EU Guidelines on Electronic Signatures
There are three guidelines to follow for electronic signatures.
For medical device companies, ISO 13485 is the relevant ISO standard. It doesn’t mention the term “electronic signature.” However, Section 4.2.4 (Control of Documents) requires that manufacturers prove documents are written, reviewed, and approved prior to the issue. These requirements can only be met by assigning the document and tasks to different people.
The U.S. Food & Drug Administration (FDA) has required compliant electronic signatures for many years and is already widely used and highly regarded in the industry. The relevant document is Title 21 CFR Part 11, or Title 21 of the Code of Federal Regulations (CFR), which establishes the FDA regulations on electronic records and electronic signatures. Part 11 from the FDA is under re-examination, with the goal of narrowly interpreting its scope. However, Part 11 remains in effect during this time.
The FDA allows electronic signatures instead of pen and ink signatures on paper documents. To be compliant, signed electronic records must indicate:
- The printed name of the signer
- The date and time the signature was executed
- The meaning of the signature (such as review, approval, responsibility, or authorship)
Electronic and handwritten signatures executed to electronic records must be linked to their respective electronic records, so that they can’t be excised, copied, or transferred to falsify an electronic record by ordinary means.
The requirements for electronic signatures in Title 21 CFR Part 11 are found in Subpart C. In summary, each electronic signature must be:
- Unique to one individual and not reused or reassigned to someone else
- Verified by the organization as to the individual’s identity
- Certified to the FDA that it’s intended to be the legally binding equivalent of a traditional handwritten signature
There are also requirements for electronic signature components and controls. If based on biometrics, electronic signatures must be designed such that only genuine owners can use them. If not based on biometrics, electronic signatures must:
- Employ at least two distinct identification components, such as an identification code and password
- Be used only by their genuine owners
- Be collaborated by two or more individuals if they are used by anyone other than the genuine owner
CFR Part 11 also specifies controls for identification codes and passwords, such as:
- Maintaining the uniqueness of each combined identification code and password
- Periodically checking, recalling, or revising identification code and password issuances
- Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information
- Using transaction safeguards to prevent unauthorized use of passwords and identification codes and detecting and reporting them immediately
- Initial and periodic testing of devices, such as tokens or cards that bear or generate identification code or password information to ensure they function properly
The European Medicines Agency (EMA) released in June 2021 a new draft guidance document for public consultation titled “Guideline on computerized systems and electronic data in clinical trials.” This replaces the “Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials” published in 2010.
EMA’s guidance includes item 4.8, which provides guidelines for electronic signatures used in clinical trials replacing wet-ink signatures. In essence, it requires that the computerized system must include functionality to:
- Authenticate the signatory to ensure a record was signed by the claimed signatory
- Ensure non-repudiation so the signatory can’t later deny having signed the record
- Ensure an unbreakable link between the electronic record and its signature, such that no one can later change the contents of a signed, approved version of a record without automatically being rendered visibly unsigned or unapproved
- Provide a timestamp so the date, time, and time zone when the signature was applied is recorded
The above requirements apply to closed systems where the system owner knows the identity and has complete control of all users and signatories. However, for open systems where the signatories and users are not known in advance, electronic signatures should meet EU Regulation 910/2014 (“eIDAS”), which makes electronic signatures legal in Europe.
Electronic Signatures for Localization Clients
Companies working in clinical research must update their procedures to comply with latest FDA and EMA requirements. CROs and their sponsors conducting global clinical trials need their language service providers to offer electronic signature solutions that are CFR Part 11-compliant.
Welocalize has already implemented process adaptations for our localization clients, supported by validated tools fully in line with the latest requirements in electronic signatures. We use our electronic signature tool to sign Linguistic Validation Reports and Certificates of Translation for customers, mostly CROs, that require compliance with CFR Part 11.
Our effective electronic signature process meets the legal requirements of FDA and EMA guidelines.:
- Verifies signer identities with multiple forms of authentication (username and password are required several times during the signature process)
- Confirms signer intent to sign electronically (the statement of the reason for signing is required , i.e. “I approve this document”)
- Links signatures to signers and documents
- Records all important documents and signature activities
- Allows ongoing, secure access to signed documents
- Protects documents with a tamper seal that uses a combination of secure system processes and PKI (Public Key Infrastructure) technology (the signature includes a timestamp that generates automatically and cannot be modified)
Ensure Regulatory Compliance for Electronic Signatures
Welocalize Life Sciences specializes in life science translation. We translate complex content and documents at the highest quality and accuracy to comply with regulations and drive patient engagement. Part of regulatory compliance is ensuring electronic signatures meet the requirements of CFR Part 11 of the FDA, EMA’s guidelines and other future regulations.
Contact us today to learn more about our solutions for the life sciences industry.