Electronic vs. Digital Signatures

One of the more confusing topics about 21 CFR Part 11 is surrounding electronic vs. digital signatures. The law includes definitions for both, then proceeds to only refer to “electronic signatures.” Below is a quick overview of the differences to get you thinking about what you're using currently, or what you need to use moving forward.

Definitions

An electronic signature can be any combination of digital components and symbols that are meant to be the legally-binding equivalent to handwritten signatures. Digital signatures require additional originator authentication that is computed using a set of rules and parameters that allows for the identity of the signer to be identified. From a practical standpoint, what does this mean? Let’s consider signature blocks on PDF documents.

Practical Examples

It is common for a user to create their own PDF signature using a mouse, or typing their name in using a signature-like font. Providing either of these electronic signatures within a document requiring compliance with 21 CFR Part 11 compliance would not be sufficient. While the signature manifestation would be intended to be used as a handwritten signature (as the definition of Electronic Signature suggests), there is no digital certificate that can be provided to authenticate where that signature came from, and there is no two-factor authentication as required by the law. These are but two main differences, but they are the most obvious and easily identifiable ones.

Are you compliant?

So, how can you know if electronic signatures used by your life science business are compliant with 21 CFR Part 11? Aside from checking with the law requirements, ask these questions:

• Is there an internal policy and/or procedure regarding using electronic signatures?

• Have the individuals documented the signatures and attested to their use as equivalent to handwritten signatures? If not, check out our free FDA notification letter.

• If the electronic signatures are not biometric in nature, is there two-factor authentication in use?

• From where is my authentication certificate originating?

• Can the electronic signatures be replicated by people aside from the correct individual?

• If passwords are used to apply signatures, what is the password requirements and the frequency of change?

• What technical safeguards are in place to protect the integrity of the electronic signatures?

• Are my handwritten signature processes costing me time and money that justify making the switch? Check out our related article on 5 Costs of Not Going Digital to make your pitch!

Ready to make the transition to electronic signatures but don’t know where to start? Book a 30 Minute Complimentary Consultation today!