Following confirmation of Kathleen Sebelius as head of US Department of Health and Human Services and the Food and Drug Administration (FDA), I checked in with contacts at the FDA who assured me that the revised 21 CFR Part 11 guidance is still on track for release later this year. Much rides on this revision, including hope that pharmaceutical firms will get their record quality programs in better shape. Echoing the concerns of attendees at my workshops and online seminars on the revised Part 11 and data quality, anything from the agency to reduce confusion is a good thing.

In my May seminar on improving data quality and records integrity in regulatory submissions (a copy is on my website:, prior to laying out a detailed strategy for how to build data integrity controls into your preclinical and clinical development efforts, I reviewed FDA's increasing frustration with data quality. When it comes to electronic data, agency reviewers continue to find companies struggling to provide "accurate attributability." In other words, you will have a problem if you rely on electronic data capture, review and approval, and you are unable to prove that the person who was supposed to collect/review/approve the information was the actual person who did the collection/review/ approval.

When information was printed out, then reviewed and approved with pen and paper, a review of signature logs, handwriting, and legibility was sufficient to assure agency reviewers of the individuals involved. Today, with electronic data capture systems, Excel spreadsheets, online databases, and the electronic common technical document (eCTD) format, reliance on blue or black ink signatures is a quality tactic on its way to obsolescence. Electronic signatures – one of the key items Part 11 was written to address – are the means to assure electronic data quality through accurate attributability.

Challenges of Electronic Signatures

The industry has moved in fits and starts to adopt electronic signatures (e-signatures). An excellent overview of e-signatures was written by Bill Kurani, MSEE, MSRA, BC, the Quality Assurance manager at Affymetrix, and published in the April Regulatory Affairs Professional Society magazine Regulatory Focus ("Electronic Signatures and Digital Certificates in the US," Regulatory Focus, volume 14, number 4, pp. 44-48). Over the course of several days, I talked with Bill about the challenges he's seen in the adoption of e-signatures.

Question: What are the biggest challenges for pharma (and biotech/devices) when it comes to adopting electronic signatures?

Answer: Biggest challenges for pharmaceutical, medical device and biotech companies come from:

• Lack of Clear Understanding of Title 21 CFR Part 11 Regulation

• Develop Automated System In-house or Purchase it

• User Acceptability

• FDA Acceptability

• Legal Acceptability

Companies should ensure that they have clear understanding of applicability of Title 21 CFR Part 11 with regard to predicate rules. Companies should go to other applicable regulations like GMP Part 211, QSR 820, GLP Part 58 and GCP to determine list of specific records they have to maintain. If they want to maintain that record electronically rather than on paper then Part 11 tells them what they must do for that record to be accepted by FDA.

Companies should also ensure that their electronically signed documents will stand up in the court of the law. They should form an implementation team and select a cost effective solution based on the size of the company. Each employee should be trained to use this automated system.

Question: How viable is the goal of just using e-signatures (e.g., no paper/ink signatures)? What stands in the way?

Answer: The goal is very viable. Companies should first create list of all regulatory records that need to be maintained based on the predicate rules. They should than figure out what needs to be automated first based on a return-on-investment (ROI). This is the only way they can sell the project to the upper management to fund it. Some of the major factors that stand in the way are:

• Upper Management Buy-in

• User Acceptability

• Automated System Selection

• Availability of Internal Resources

• System Validation

• Training

• Cost

Companies can use following rules of thumb when using electronic signatures:

a. Use electronic signatures for the company's internal automated workflow systems requiring signatures such as enterprise resource planning (ERP), document control management system (DCMS), engineering change orders (ECO), training, deviation, nonconformances, corrective and preventive action systems, etc.

b. Use scanned, digital or flattened digital signatures for Clinical Trials and FDA forms requiring signature as part of electronic submission via the Electronic Submission Gateways (ESG).

c. Use digital certificates to encrypt documents for transmission to FDA via the ESG.

Question: For a startup company with limited budget, what are some options when it comes to adopting e-signatures?

Answer: For startup companies, some of the options when it comes to adopting e-signatures are:

• Implement single shared electronic automated signature systems for different type of records to be kept in electronic formats. This way cost will be shared by many departments. It will also reduce the overall implementation and training costs.

• Purchase scalable commercial off- the-shelf systems (COTS); this will allow the company to keep a single system and add modules as needed in the future.

For a startup company it does not make business sense to implement costly automated EDMS/ERP systems. They should purchase COTS solutions that can be integrated later with ERP systems like Oracle, JDE, and SAP etc.

Question: For CMOs and CROs with tight margins and a host of clients who may or may not feel comfortable with e-signatures, what are some suggestions to how to balance adoption of e-signatures with client anxiety or uncertainty?

Answer: It is important for CMOs and CROs to show the benefits of using automated systems which allow third party signatures. The key point they should drive to their client is that use of electronic signatures can dramatically drive down costs:

a. E-signatures greatly speed up workflows and reduce the time to approve and/or submit documents

b. There is no need to print and route documents for signatures. This reduces cost associated with printing, routing, faxing, and paper management.

c. Automated signature verification is much faster and more reliable compared to manual handwritten signatures.

In an ideal world, the system should allow third party signatures and be a secure, web-based system so clients can access it over the internet.

Question: Are you aware of any cost/benefit analyses (other than from e-signature vendors) on the money or time saved on implementing e-signatures (is there a pre-defined base ROI)?

Answer: A ROI can be easily created based on the total cost of implementation vs. savings. Based on my personal experience, the time to recover investment is anywhere from 1 to 3 years based on the size of your company.

Typical costs associated with implementing e-signature systems are:

• Cost of process workflow design

• Cost of systems

• Cost of implementation

• Cost of validation

• Cost of personnel to maintain the system

• Cost of ongoing compliance

• Cost of non-compliance

Standard savings/benefits include:

• Process efficiency gains due to automated streamlined workflow (people)

• Less personnel requirements (people)

• Infrastructure efficiency gains (storage space for paper records)

• Delivering quality products (process)

• Avoid regulatory noncompliance cost

• Avoid regulatory fines cost

Final Thoughts

Qualification of your supplier of e-signatures (for instance, a firm like VeriSign), is dependent on your risk assessment and the level of certainty you require in risk mitigation. Treat the e-signature provider no different than the provider of any shrink-wrapped, commercially available software package like Excel or Acrobat.

Focus your Part 11 validation efforts on e-signature functionality and performance within your environment, with your people, processes and computerized systems. A risk-based assessment of validation efforts required may call for test scripts and protocols within your systems, or simply periodic random sampling and internal quality audits. Revisit your control and validation strategy whenever you plan a regulatory submission. Identify and adopt appropriate best practices to ensure your data quality meets your regulatory and quality criteria … and those of the FDA.

Electronic signatures are only a piece of the data quality and record integrity puzzle, but e-signatures are the ideal means of accurate attributability in the 21st century landscape.

Are you ready?
About the AuthorJohn Avellanet is the founder of the FDA regulatory intelligence and lean quality systems compliance advisory program for executives and business owners, SmarterCompliance™. He is the author of more than 100 articles, is our regular pharma-IT compliance columnist, and is a contributing author to the book Best Practices in Biotechnology Business Development (Logos Press). He serves on the advisory boards of several trade associations, is a frequent speaker at industry events, business schools, and corporate workshops, and meets often with regulatory officials. He can be directly reached through his independent advisory firm, Cerulean Associates LLC, on the web at