Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Batch Management

TABLE OF CONTENTS

Subpart C - Electronic Signatures

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2025
  • 2 minute read

General Requirements (11.100)

There are a number of electronic signature requirements a system must meet to be Part 11 compliant. These requirements are intended to provide evidence and confidence the electronic signatures in the system can be considered the equivalent of handwritten signatures.

The general requirements are:

  • 11.100 (a): Electronic signatures must be unique to an individual

  • 11.100 (b): Organizations must verify an individual’s identity before the individual can use electronic signatures

  • 11.100 (c): Persons using electronic signatures must certify to the FDA their electronic signatures are intended to be the legal equivalent of their handwritten signature

Electronic Signature Components and Controls (11.200)

The implementation of electronic signatures can be accomplished through biometrics or other means. Specific controls are required on the signature mechanism depending on the method used. Those controls are:

  • 11.200 (a): Non-biometric signatures

    • (1): Use at least two different identification components (e.g. user ID and password)

      • (i): Multiple signatures applied by an individual in a continuous session require all electronic signature components for the first signature and only one component for subsequent signatures

      • (ii): Multiple signatures applied by an individual but not in a continuous session require all signature components for each signature

    • (2): Must be used only by their genuine users

    • (3): User administration must be designed to require collaboration of two or more individuals to use another user’s electronic signature

  • 11.200 (b): Biometric signatures must be designed so they can only be performed by their genuine owner

Controls for Identification Codes/Passwords (11.300)

Systems using a combination of identification code (e.g. user ID) and password as the electronic signature components must ensure the integrity of these signatures through a series of controls.

  • 11.300 (a): Maintain user ID and password combinations so no two individuals can have the same combination

  • 11.300 (b): Codes and passwords are periodically checked or revised

  • 11.300 (c): Lost or potentially compromised identification devices (e.g. tokens, cards) or passwords are voided and replaced with a new equivalent

  • 11.300 (d): Transaction safeguards are used to prevent unauthorized use of IDs or passwords

  • 11.300 (e): ID or password generating devices (e.g. tokens) must be tested initially and periodically to ensure they are unaltered and function properly

In This Topic
Related Links
TitleResults for “How to create a CRG?”Also Available in