It is the accountability of the organizations that implements e-signatures to ensure that each electronic signature is unique to one individual and my not be reused or reassigned to anyone else within the organization.
Users should work only under their own user profiles encompassing unique user IDs and individual passwords or other access keys and not share these with others.
The regulated organization also needs to authenticate the signer’s identity.
There are three main user authentication methods:
- PIN (Personal Identification Number) and static passwords
- PIN and dynamic passwords
- Biometric devices
Typically, the authentication process starts when a user enters a PIN into a system and authenticates his or her identity by providing a second piece of information which is known or can be produced only by the user (a password, typically).
The most common methods for providing a strong authentication include automatic password generators (tokens) and smartcards.
Tokens and smartcards store information about a person and require the use of a reader device.
To protect against theft, the person must enter a password or PIN before the information in the token or smartcard can be accessed.
For most IT applications in the life science sector the username/password combination is the most widely used.
Legally Binding
The FDA requires organizations to certify that the e-sigs used (on or after August 20, 1997) in its systems are a legally binding equivalent of traditional handwritten signatures.
All employees must be trained regarding the importance of applying their electronic signature to electronic records and they must understand that this is the legally binding equivalent to applying a handwritten signature to a paper document.
