Electronic signature components and controls (11.200)
- Last UpdatedAug 14, 2025
- 1 minute read
The implementation of electronic signatures can be accomplished through biometrics or other means. Specific controls are required on the signature mechanism depending on the method used. Those controls are:
11.200 (a): Non-biometric signatures.
-
Use at least two different identification components (e.g. user ID and password)
(i): Multiple signatures applied by an individual in a continuous session require all electronic signature components for the first signature and only one component for subsequent signatures
(ii): Multiple signatures applied by an individual but not in a continuous session require all signature components for each signature
-
Must be used only by their genuine users
-
User administration must be designed to require collaboration of two or more individuals to use another user's electronic signature
11.200 (b): Biometric signatures must be designed so they can only be performed by their genuine owner.