Post on 07-Jul-2015
description
Implementing Digital Signatures in an
FDA-Regulated Environment
Michelle Engler, Senior Application Architect, Life Sciences, Perficient
with support from
Sally Miranker, Computer System Validation, Life Sciences, Perficient
Tina Howard, Quality Assurance-Compliance, Life Sciences, Perficient
facebook.com/perficient twitter.com/Perficient_LSlinkedin.com/company/perficient
2
Perficient is a leading information technology consulting firm serving clients throughout
North America and Europe.
We help clients implement business-driven technology solutions that integrate business
processes, improve worker productivity, increase customer loyalty and create a more agile
enterprise to better respond to new business opportunities.
About Perficient
3
• Founded in 1997
• Public, NASDAQ: PRFT
• 2013 revenue $373 million
• Major market locations:
• Allentown, Atlanta, Boston, Charlotte, Chicago, Cincinnati,
Columbus, Dallas, Denver, Detroit, Fairfax, Houston,
Indianapolis, Minneapolis, New York City, Northern
California, Oxford (UK), Philadelphia, Southern California,
St. Louis, Toronto, Washington, D.C.
• Global delivery centers in China and India
• >2,200 colleagues
• Dedicated solution practices
• ~90% repeat business rate
• Alliance partnerships with major technology vendors
• Multiple vendor/industry technology and growth awards
Perficient Profile
Business Process Management
Customer Relationship Management
Enterprise Performance Management
Enterprise Information Solutions
Enterprise Resource Planning
Experience Design
Portal / Collaboration
Content Management
Information Management
Mobile
BU
SINESS SO
LUTIO
NS
50
+ PAR
TNER
S
Safety / PV
Clinical Data Management
Electronic Data Capture
Medical Coding
Clinical Data Warehousing
Clinical Data Analytics
Clinical Trial Management
Healthcare Data Warehousing
Healthcare Analytics
CLIN
ICA
L / HEA
LTHC
AR
E IT
Consulting
Implementation
Integration
Migration
Upgrade
Managed Services
Private Cloud Hosting
Validation
Study Setup
Project Management
Application Development
Software Licensing
Application Support
Staff Augmentation
Training
SERV
ICES
5
Michelle Engler, Senior Solutions ArchitectLife Sciences, Perficient
(650) 291-4710
Michelle.Engler@perificient.com
Sally Miranker, Head of Computer Systems ValidationLife Sciences, Perficient
(619) 980-7288
Sally.Miranker@perificient.com
Tina Howard, Head of Quality Assurance ComplianceLife Sciences, Perficient
(760) 696-3650
Tina.Howard@perificient.com
Welcome & Introduction
Agenda
• Digital Signature Technology Overview
• Requirements for a dSignature Solution
• Available dSignature Solutions
• dSignature Solution and 21 CFR Part 11 Compliance
• Implementing, Validating, and Releasing the dSignature Solution
• Demonstration
• Future Plans
• Questions
• Contact Information
6
Digital Signature Technology Overview
Electronic Signatures and Digital Signatures
• Definitions
FDA 21 CFR 11.3 (7) - Electronic Signature
The term 'electronic signature' means an electronic sound, symbol, or process, attached
to or logically associated with a contract or other record and executed or adopted by a
person with the intent to sign the record
• FDA 21 CFR 11.3 (5) - Digital Signature
Digital signature means an electronic signature based upon cryptographic methods of
originator authentication, computed by using a set of rules and a set of parameters such
that the identity of the signer and the integrity of the data can be verified
A digital signature falls into a sub-group of electronic signatures that provides the
highest levels of security and universal acceptance. Digital signatures are based on
Public Key Infrastructure (PKI) technology, and guarantee signer identity and intent,
data integrity, and the non-repudiation of signed documents.1
1. http://www.arx.com/learn/about-digital-signature/digital-signature-faq
7
Digital Signature Technology Overview
What is a digital signature?
• A digital signature takes the concept of traditional paper-based signing and turns it
into an electronic “fingerprint.” This “fingerprint,” or coded message, is unique to
both the document and the signer and binds them together.
• Digital signatures ensure the authenticity of the signer.
• Any changes made to the document after it has been signed invalidate the
signature, thereby protecting against signature forgery and information tampering.
Is a digital signature legally enforceable?
• Yes. In 1999, the EU passed the “EU Directive for Electronic Signatures” and on
June 30, 2000, President Clinton signed the Electronic Signatures in Global and
National Commerce Act (“ESIGN”), which made signed electronic contracts and
documents as legally binding as a paper-based contract. Today, digital signature
(standard electronic signature) solutions carry recognized legal significance,
enabling organizations to comply with regulations worldwide.
8
Business Case for Digital Signatures -
Survey Compliance and Assumptions
9
• Survey Monkey was utilized to create a survey to assess the business need and
results were able to be compiled from 53 respondents
• Perficient-Life Sciences processes approximately 856 signatures for the 53
• Time to print, sign, scan, upload, and mail original document to headquarters for
each signatory was estimated and calculated company-wide
• Time to execute a digital signature was estimated at 5 minutes per signature
• Anticipated time/resource savings is approximately 75% or 314 hours/month
Unaccounted for variables: signer’s location (for mailing), equipment limitations, cost
of materials (e.g. paper, printer ink), and management of hard copies of documents
Business Case for Digital Signatures -
Department Signatures Per Month
10
Business Case for Digital Signatures –
Types of Documents
11
Perficient-Life Sciences Requirements
for a Digital Signature Solution
12
• Support third-party Applications (Word, Excel, PDF)
• Allow for multiple signatures per document
• Allows for sectional signing (MS Word)
• Has audit trail and secured time stamps
• Allows for sequential and parallel signing workflow
• Receives instant alerts when someone signs
• Integrates with our EDMS (Alfresco)*
• Compliant with 21 CFR Part 11
• Integrates with Active Directory and requires username/password for signing
• Provides phone/email support
• System is easy and intuitive to use
• System has trial period
• System is available in the cloud**
* No solutions were able to integrate directly out-of-the-box with our Alfresco environment; hence, this requirement was adjusted to require the ability to integrate systems via a development API
** Later, we determined that having a system in the cloud introduced more risk than having a local installation of the solution based oncontrol of the environment
Digital Signature Solutions
Researched and Reviewed
13
DocuSign*
• Cloud-based only
• Cost determined on number of signatures executed
• Extensive full routing and signing certificates
available
• Utilized in many other industries
• Several configuration options available
• Only signs PDF
• Adequate support available
• Electronic Signatures
• Full Web API for EDMS integration available
AssureSign*
• Client or cloud-based solution available
• Cost determined by number of signers
• Full routing available
• Uses templates for signing
• Only signs PDFs
• Adequate support available
• Digital Signatures
• Full Web API for EDM Integration available
Signadura*
• Least expensive solution
• Not fully translated to English
• Support was provided from Spain
• Only signs PDFs
• Digital Signatures
• Integrated with Alfresco
ARX CoSign*
• Client or cloud-based solution available
• Cost determined by number of signers
• Routing available when integrated with EDMS
• Signs PDFs, MS Word, or MS Excel documents
• Experienced with Life Sciences and 21 CFR Part 11 Compliance
• Cost was competitive with other solutions
• Adequate support available
• Digital Signatures
• Full Web API for EDMS integration available
Adobe EchoSign
• Most expensive solution available
• Ruled out based on existence of lower cost options
* Demonstration completed by vendor for solution
Digital Signature Solution –
Selection of ARX CoSign
• ARX CoSign Selected
– Client based installation with installed, unconfigured appliance
provided by ARX
– Allows for signing of all types of documents
– Integration with SharePoint available and full Web Developers API
available
– Provides for client software or signing via a web browser
– Allows prepping of documents for signature
– Adequate support available and provided
– Cost-effective solution that provides Perficient-Life Sciences
employees/consultants with the ability to sign documents
– Opportunity for Perficient–Life Sciences to become an
implementation expert for digital signature solutions for our clients
14
ARX CoSign and 21 CFR Part 11 (1 of 3)
15
ARX CoSign and 21 CFR Part 11 (2 of 3)
16
ARX CoSign and 21 CFR Part 11 (3 of 3)
17
Implementing and Validating the Digital
Signature Solution
• Receive, install, and configure CoSign Appliance
• Install and configure CoSign Web Application (separate web server)
• Add CoSign User and Administrator Groups to Active Directory
• Determine how the system can be used for existing documents
– Updated signature block of document templates
– Meaning of signature added to signature block of document templates
• Prepare and execute full validation for the system:
– Validation Plan
– User Requirements Specification (URS)
– User Requirements to Performance Qualification Traceability Matrix
– Installation Qualification (IQ) Protocol
– Installation Log
– IQ Test Suite
– IQ Summary Report
– Performance Qualification (PQ) Protocol
– PQ Test Suite
– PQ Summary Report
– Validation Summary Report with Statement of Validation
18
Implementing and Validating the Digital
Signature Solution (continued)
• Create Supplemental Guidelines and Guides
– CoSign Client User Guideline
– CoSign Web Application User Guideline
– CoSign Administrator Guide
• Create New Application Roles
– CoSign Super User Role
– CoSign User Role
• Create Training Materials
– CoSign Overview
– Training on CoSign Client (video and presentation)
– Training on CoSign Web Application (video and presentation)
• Update existing SOP-001 Controlled Documents procedure to allow for
digital signatures
• Send letter of non-repudiation to FDA to inform them of our use of digital
signatures
19
Releasing the Digital Signature Solution
• Perficient-Life Sciences Support Representative trained on Tier 1 support
• Internal bug tracking system updated to accept issues/questions with the
implementation of CoSign
• Controlled Document Required Training Notification sent
• Supplemental training provided as video, live session, and with
presentations
• Rolling release implemented for users that have completed required
training
• Installation support provided to those users that have completed training
and require the CoSign Client
• Solution Released in August 2014
20
Future Plans
• Use ARX CoSign MS Word “Sectional Signing” to allow completion of
test cases electronically
• Create a connector between ARX CoSign and the Perficient-LS EDMS,
Alfresco Community Edition
• Provide implementation and validation services for Life Sciences
companies wishing to implement ARX CoSign
21
Demonstration
22
23
www.facebook.com/perficient
www.perficient.com
www.twitter.com/perficient_LS
Thank You!
For more information, please contact:
Michelle.Engler@perficient.com
LifeSciencesInfo@perficient.com (Sales)
+44 (0) 1865 910200 (U.K. Sales)
+1 303 570 8464 (U.S. Sales)