Electronic signatures applicability

FDA. Draft Guidance for Industry on Part 11, Electronic Records Electronic Signatures—Scope and Application Availability of Draft Guidance and Withdrawal of Draft Part 11 Guidance Documents and a Compliance Policy Guide, Fed Regr 68 (37), 8775-6 (25 Eebruary 1997). 

Computer applications allow for defining and managing several important nonclinical data types that are managed by the system itself. Such data are referred to as metadata or control data. These are information such as domain-specific descriptions, application conditions, parameters, and methods in a repository. Control data fields can be part of the data collection forms or in system-defined tables. Some of these control fields include electronic signatures, form status, transmission date, transmission number, field completed, and memo fields (large text format). The database contains tables for reference ranges, visit schedule, form schedule, labels, and drug codes. 

Demonstrate that user ID is displayed at the time of application of the password to execute an electronic signature (i.e., at least one electronic signature component that is only executable by, and designed to be used only by, the individual). 

Demonstrate that passwords (one of the two components of electronic signatures) can only be known to the genuine owners, and cannot be viewed by anyone, including administrators of the account (at operating system and application level). 

Does the application or system employ electronic signature capabilities and/or provide the sole record of the signature on a document subject to review by a regulatory agency ... 

CFR - Part 11 means that you must be qualified to do your work, your programming must be validated, you must have system security in place, and you must have change control procedures for your SAS programming. The current additional FDA guidance on 21 CFR - Part 11 is titled Guidance for Industry Part 11, Electronic Records Electronic Signatures—Scope and Application. ... 

FDA Guidance for Industry, Part 11, Electronic Records Electronic Signatures - Scope and Application (Final version, August 2003), Center for Dmg Evaluation and Research (CDER), US Food and Drug Administration (FDA), Beltsville, MD, USA, 2003. 

Electronic Signatures—Scope and Application, http //www.fda.gov/cder/guidance/5667fnl. 

Food and Drug Administration. Guidance for Industry, 21 CFR Part 11 Electronic Records Electronic Signatures—Scope and Application, FDA, Rockville, MD, 2003. 

CFR 21 Part 11, Electronic Records, Electronic Signatures - Scope and Application... 

GUIDANCE FOR INDUSTRY PART 11. ELECTRONIC RECORDS ELECTRONIC SIGNATURES- SCOPE AND APPLICATION... 

W. Winter and L. Huber, Implementing 21CFR Part 11 Electronic Signatures and Records in Analytical Laboratories, part 2, Security Aspects for Systems and Applications, BioPharm 13(1), 44-50, 2000. 

FDA guidance for industry Part 11 Electronic Records and Electronic Signature Scope and Applications, draft February 2003, final version August 2003. 

Existing system applications will need to be evaluated and applicable GMP issues and risks identified. Whether it be legacy systems, systems to be revalidated, or systems yet to be validated, the critical parameters, data, and functions that direcdy impact GMP should be clearly identified and formally documented. Each system should be assessed under a formal procedure to determine compliance with the regulations for electronic records and electronic signatures. Any resulting action plan should include system prioritization and implementation timings. 

Test identification code/password or biometric electronic signature/de-vices (as applicable)... 

These two latter elements are not identical on all systems. Electronic signatures are tested when the technology is implemented. An element out of the scope of this model is the retention of electronic records, but the model should be used to verity and validate the implementation of the system(s) that will hold these records. For applications using electronic signatures, the current validation practices requires inspections and/or testing for many of the following technical controls ... 

One of the most important procedures to be developed and followed is the administration and retention of electronic records. Part 11 requires the retention of electronic records in electronic form. For regulated systems in which electronic signatures are not implemented (hybrid systems) the electronic record requirements (Sub-Part B) in Part 11 are applicable, and the electronic records are maintained and retained in electronic form for the period established by the predicate rule. 

The use of audit trails is not restricted to the modifications of the records. Audit trails may also be used to record operator entries and actions during the operation of the computer system, which can be recorded without the application of electronic signatures. 

A certification must be sent to the FDA by the company, which informs the FDA that electronic signatures will be used. This certification can be a global statement of intent, meaning that a single company certification can cover all systems, all applications, all of the electronic signatures, for all employees in a company, for all the firm s locations anywhere in the world. The Regulatory Affairs Unit of the company will usually send this certification to the FDA. 

Operational checks relating to electronic signatures, if applicable... 

Using PKI is often painful and so there must be a reward for doing that. If users have attractive applications that help them in saving their time and/or money, they are willing to invest their effort into them. Unfortunately, the lack of an attractive application is another obstacle of using electronic signatures. This issue will be dealt with in 3.3. 

E-mail is probably the most widespread ready-made application where electronic signature can be used and is used. Work flow and document management applications are other examples of information systems where an electronic signature is needed. Those applications are mainly dedicated to closed communities of users and documents with a limited validity period. The paperless office is the type of application that may be most promising for coming years. 

E-banking is often presented as a field where electronic signature is used most. E-banking applications use many means of authenticating transactions. Electronic signature based on PKI is just one of them, and probably not the most convenient and user friendly one. 

Only a deep analysis of users needs leads to applications attractive enough and a wider usage of electronic signatures. We should not expect a killer application to appear soon. 

Europe issued its own directive on electronic signatures in 1999." Although originally developed for e-commerce, it is also applicable to GDP and GMP apphcations. The MCA is clarifying the scope of its use for GCP and GLP apphcations, and at least a minimum degree of applicability is certain. European regulatory authorities refer to ISO 17799 on information security management" and reference to advice on the admissibility of electronic records." ... 

FDA (2003), Part 11 Electronic Records, Electronic Signatures — Scope and Application, Guidance for Industry (www.fda.gov). 

The purpose of an electronic signature in a computer application is to enable an individual to authorize an electronic record (e.g., author, review, approve, comment, etc.). Appendix 15B helps identify examples. 

These expectations logically extend to GCP, GDP, and GLP applications. MHRA is currently awaiting confirmation of legal stams with use of electronic signatures to GCP and GLP applications. 

---