Computer system electronic signature standard
- Kazi
- Last modified: April 2, 2024
It is a requirement that the electronic signatures are authentic, reliable, trustworthy, and legally equivalent to handwritten signatures according to 21 CFR Part 11, Electronic Records – Electronic Signatures
This standard applies to all GxP computer systems whose records require signatures or initials. This standard does not apply to GxP computer systems whose records are not electronically signed (e.g., audit trails, records created via automatic data collection). similar to a manual typewriter).
An electronic record is any combination of text, graphics, data, audio, pictorial, or other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system.
An electronic signature is a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature.
The technology and controls (automated and/or procedural) established to use electronic signatures within a computer system is called electronic signature solution.
Requirements for Development/Design of computer system electronic record and Signature Solutions in GxP include,
At a minimum, an electronic signature solution must be based on a combination of an identification code (e.g., username) and a password. Other acceptable electronic signature solutions can include the use of ID cards in combination with a password, or other means of verifying a person’s identity based on measurement of the person’s physical features or repeatable actions.
The System Owner is responsible for determining and documenting the number of electronic signatures required for a specific work process (e.g., entering study data, releasing batches of product) and assuring user accountability is unambiguous.
210 SOPs, 197 GMP Manuals, 64 Templates, 30 Training modules, 167 Forms. Additional documents included each month. All written and updated by GMP experts. Checkout sample previews. Access to exclusive content for an affordable fee.
Any time after an electronic record is signed, the displayed and/or printed record must include the following,
The full name of the signer, or a unique identifier that is traceable to the signer
The date and time of signing(s).
The meaning of each signature (e.g., review, approval, responsibility, authorship); it is not necessary to include the signer’s credentials or other lengthy explanations.
If it is acceptable to have one-person sign for another, the signed electronic record(s) must include some notation of that fact.
If a person overrides the actions of another person, both electronic signatures must remain a permanent part of the electronic record.
Electronic signatures must be linked to their associated electronic records to help assure that the signatures cannot be falsified by ordinary means (e.g., cut and paste).
This link must be maintained throughout the retention period of the electronic record (i.e., as part of the record archive).
Procedural or administrative controls alone are not sufficient to prevent copying of an electronic signature from one record to another.
Electronic signature solutions must be designed to ensure that electronic signatures cannot be used by anyone other than their genuine owners.
Each electronic signature must be unique (i.e., not re-used or re-assigned). For electronic signature solutions that are based on an identification code and password, uniqueness can be assured through control of identification code assignment.
When an electronic signature solution that is based on an identification code and password is used, and there are controls in place to assure that access to the workstation is restricted to one person:
If the logon requires entry of the user’s identification code and password, this can serve as an electronic signature. If subsequent signings are required during the session (as defined by the System Owner; see 1.b., above), then these signings only require entry of the user’s password.
One signature can apply to multiple data entries, but all data that make up the record to be signed must be linked to the signature.
Electronic signatures executed by anyone other than the person logged onto the computer system (e.g., second checking) require entry of both the identification code and password of the person signing the record.
Requirements for Use of Electronic Signatures in GxP Computer Systems
The identity of the individual must be verified before he/she is assigned an electronic signature.
Electronic signature solutions that are based on an identification code and password must have controls for the following:
Maintaining the uniqueness of the electronic signature (e.g., through control of identification code assignment).
Recalling, revising, and replacing electronic signatures.
Detecting and reporting unauthorized use of electronic signatures.
Initial and periodic testing of identification devices when used, such as tokens or cards (i.e., secure ID cards, badges with magnetic strips), to ensure they function properly and have not been altered.
Individuals will be held accountable and liable for actions initiated under their electronic signatures. Persons who falsify an electronic signature will be subject to disciplinary action.
Author: Kazi Hasan
Kazi is a seasoned pharmaceutical industry professional with over 20 years of experience specializing in production operations, quality management, and process validation.
Kazi has worked with several global pharmaceutical companies to streamline production processes, ensure product quality, and validate operations complying with international regulatory standards and best practices.
Kazi holds several pharmaceutical industry certifications including post-graduate degrees in Engineering Management and Business Administration.