LabCORE
Home LabCORE Solutions News and Events Company Tour Contact
Company

•> LabCORE Overview
•> LabCORE
•> Electronic Signatures
•> 21 CFR Part 11
•> Laboratory Information Management Systems
•> Electronic Document Management
•>Integration with Laboratory Instruments

Electronic Signatures and 21CFR Part 11

An important part of 21CFR Part 11 compliance is Electronic Signatures. Electronic signatures are defined as a computer data compilation of any symbol or series of symbols executed, adopted or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature. Electronic signatures that meet the requirements of 21CFR Part 11 are considered to be the equivalent to hand written signatures. Below is a partial list of requirements for using Electronic Signatures in compliance with 21 CFR Part 11:

    *Requirement: *Signed electronic records must contain information associated with the signing that indicates the printed name of the signer, the date and time of the signing, and the meaning associated with the signature (such as review, approval, responsibility or authorship).

    *Requirement: *Electronic signatures and handwritten signatures applied to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be removed, copied, or transferred to falsify an electronic record.

    *Requirement: *Each electronic signature will be unique to an individual and should not be reused by, or assigned to, another individual.

    *Requirement: *Persons using electronic signatures shall certify to the FDA that they are using electronic signatures intended to be the legally binding equivalent of a traditional handwritten signature, and may be required to provide additional certification that a given electronic signature is the equivalent of the signer's handwritten signature.

    *Requirement: *Electronic signatures not based upon biometrics should employ two distinct identification components such as an identification code and password.

    *Requirement: *When executing a series of signings during a continuous period, the first signing should be executed using all signature components and subsequent signings at least one signature component.

    *Requirement: *When an individual executes one or more signings not performed during a continuous period, each signing should be executed using all of the electronic signature components.

    *Requirement: *Electronic signatures shall be used by their genuine owners, and be administered so that attempted use of an individual signature by anyone other than its genuine owner requires collaboration of two or more individuals.

. The Electronic Signature process works in the following way:

  • A user is given two keys. One key is called a public key. The other key is called a private key.

  • The public key is available to anyone who may need it, but the private key the user never shares.

  • Keys are used to encrypt and decrypt information. Encrypting information means "scrambling it up" so that the person with the appropriate key can make it readable again.

  • Either key (pubic or private) has the ability to encrypt data and then the other key can decrypt that data. For instance, if a user encrypts data using another user's public key, that other user can decrypt that data using his private key. Likewise, if a user uses his private key to encrypt a message, anyone using his public key can decrypt the data.

  • With a private key and the right software the user can put a digital signature on documents and other data.

  • To sign the document the user's software will crunch down the data into just a few lines by a process called "hashing". These few lines are called a "message digest".

  • The software then encrypts the message digest with the user's private key. The result is the digital signature.

  • Finally, the software appends the signature to the document.

  • To view the data, the document must be decrypted with the user's public key so any other user who has access to that public key can read the data. The original hash data is compared with the newly decrypted hash data to discern invalid or altered records.

  • If the message digest is the same as the message digest created when the signature was decrypted, then the signed data has not been changed.

For more information about LabCORE, contact:
Mark Ferrero
President
P-Wave Inc.
591 Canal Street, Suite 304
Reading, Pennsylvania 19602 USA
markf@p-wave.com
www.lab-core.com
+1.610.372.7890 x22


LabCORE | Solutions | News and Events | Company | Electronic Signatures
21 CFR Part 11 | Laboratory Information Management Systems | Electronic Document Management | Contact
© 2005, P-Wave, Inc.