After the advent of electronic record keeping and digitized business processes, the natural evolution for companies was to support electronic signatures. The technological requirements to support this feature have been around for some time but the laws and regulations had to catch up. Today, electronic signatures are very common and legally accepted in numerous industries to meet a wide variety of use cases and regulations. There are also many online signature tools like DocuSign and Adobe Sign (formerly EchoSign) that have become standard for applications in real estate, contracts, and insurance transactions.
Given the flexibility in interpretation of the applicable laws and regulations, there are many ways for business software systems to support electronic signatures. Here are a few of the requirements you should consider when evaluating software options:
Is the electronic signature associated with the specific electronic record or document that is being reviewed? There has to be a technological and auditable way to link the electronic signature to the record. This can be accomplished by taking a snapshot of the record when digitally signed and associating that snapshot with the signature. It can also be accomplished by encoding the signature and other parameters to the specific document, i.e., inside the PDF or Word document itself.
How do you ensure that the user digitally signing is authenticated? This can be accomplished in a number of ways. Some systems rely on the user simply being logged in as a form of authentication and when digitally signing, the assumption is that it is the same person. However, more stringent regulations like the FDA’s 21 CFR Part 11 require more verification that the user digitally signing is the same person and this can be accomplished by requiring the user to enter their password again at the point of digital signature to ensure authentication. Some systems go further and require that the user maintain two separate signatures, one for the logging into the system and another for signing.
How do you track and maintain a historical record of the electronic signature? Many systems provide a full historical trail of who signed the document or record and when it was signed. Given the nature of electronic data and that it can be changed, some go further and track the exact information that was signed off on at the time of signature, so there is an exact record of what exactly was reviewed, even if the data changed later on.
Electronic signatures are critical for meeting compliance and for a comprehensive Quality Management System (QMS), among many others. In the not too distant future, electronic signatures will permeate all aspects of our lives. I am sure the technology will evolve further and leverage other types of authentication and means of signature that we haven’t conceived of yet.