Electronic vs. Digital Signatures: The Compliance Factor

November 12, 2013 by

The pharmaceutical industry is evolving in regards to documentation, quality, efficiency and security. Automation is critical, therefore companies are rapidly moving to platforms that leverage paperless working environments in order to enhance quality, reduce costs and gain efficiency. A large component of automation is the ability to workflow documents electronically. This has sparked confusion and debate in regards to signatures, specifically electronic signatures versus digital signatures. These terms are widely misinterpreted and there isn’t clarity around how they impact compliance and regulations, such as 21 CFR Part 11.

Compliance for any signature whether digital or electronic will always revolve around the key elements of information associated with the printed name of the signatory, along with the date, time , and reason for the signature.

Here’s how we explain the two types of signatures to our customers.

Digital Signatures

An electronic signature based upon cryptographic methods of originator authentication, computed by using mathematical rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. What we are talking about here is using actual embedded tokens or components within documents that enforce validity checks. If anyone modifies the document from the signed state the token recognizes that the document state is altered and the digital signature is now “invalid”, thus promoting a solid level of security for documents.

Electronic Signatures

A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. The simplest translation of this is a user ID and password combination which is used most of the time.

Essentially both types of signatures are compliant if certain guidelines are followed. An example would be e-signatures in Validator, the Compliance Associates validation software solution. It uses a combination of User ID and password, both of which are required, and when a user signs electronically, a record is created in the database along with the User ID, time, date of signature, and meaning of signature. When signing approval for documents, the record information is also embedded within a PDF, and the database record will also contain information about the report being approved. This report signature record is then encrypted within the database to secure the link between the record and the PDF and prevent any tampering.

Using this method, the e-signature is compliant and comparable to a digital signature that uses tokens/bits to keep documents valid. The electronic records of the signatures executed and the associated electronic records must contain secured link and ensure that it cannot be altered, erased, copied or falsified. If these attributes are met, the signature is compliant by any standard.

Leave a Reply

Your email address will not be published. Required fields are marked *