Medical and Pharma industry around the world uses FDAs Guidelines 21 CFR Part 11 as global standard. This regulation was drafted at a year 1997 and these days you can satisfy these requirements easily most high quality electronic signatures. FDA here means US Food and Drug Administration.

Qualified Electronic Signatures handle out of the box most technical requirements. However since this regulation states that name, date and signature meaning must be there also after the signature printout the during PDF signing you must ensure that there is signature visual part that has these 3 pieces of information.

Hardest requirement to fulfill is “pecific electronic signature is the legally binding equivalent of the signer’s handwritten signature”. This comes from Subpart C – Electronic Signatures § 11.100 General requirements. (c) (2)

Qualified electronic signature QES is designed exactly for these kinds of higher confidence use cases as described in eIDAS regulation.

Here we need to consider that many countries and regions have higher standards that USA ESIGN Act. In USA the electronic signatures requirements are very relaxed and almost any electronic signature is equal to the handwritten signature. However in Europa and many other countries there are very specific rules. There needs to be personal certificate and specific government approved Certificate Authority.

This means that to get FDA compliance around the world then you need to have integrations with a lot of different Certificate Authorities and Trust Service Providers. This is exactly why eID Easy API is built. We can tell you more about it, just book the free electronic signature consultation here

Here you can find full text of the relevant part from the FDA regulation.

§ 11.50 Signature manifestations.

(a) Signed electronic records shall contain information associated with the signing that clearly indicates all of the following:

(1) The printed name of the signer;

(2) The date and time when the signature was executed; and

(3) The meaning (such as review, approval, responsibility, or authorship) associated with the signature.

(b) The items identified in paragraphs (a)(1)(a)(2), and (a)(3) of this section shall be subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).

§ 11.70 Signature/record linking.

Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

Subpart C – Electronic Signatures

§ 11.100 General requirements.

(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.

(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual’s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.

(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.

(1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.

(2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.

§ 11.200 Electronic signature components and controls.

(a) Electronic signatures that are not based upon biometrics shall:

(1) Employ at least two distinct identification components such as an identification code and password.

(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.

(2) Be used only by their genuine owners; and

(3) Be administered and executed to ensure that attempted use of an individual’s electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.

(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.

GDPR Badge BVCER ISO 27001 eIDAS eID Easy Google for Startups