ES - 21 CFR 11 Validation report
Title 21 CFR Part 11 is the FDA's regulations for electronic documentation and electronic signatures. It outlines the administration of electronic records in FDA-regulated industries and defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records. 21 CFR 11 is important for those FDA-regulated companies that want to use electronic records and electronic signatures instead of their paper signatures to comply with FDA regulations more quickly and effectively. To view the full text of the Part 11 regulation, click here.
This page describes how Electronic Signatures add-on that build in electronic signatures into your workflow with custom field validation, helps to compliance FDA 21 CFR Part 11. Below you can find a detailed match of sections 21 CFR 11 to the characteristics of the Electronic Signatures app.
Please see the detailed report attached Electronic Signatures FDA CFR 21 part 11.
Subpart A - General Provisions
Electronic Signatures add-on enables you to check user credentials and meets the requirements of technical elements of 21 CFR Part 11 that define the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records. According to this part, electronic signatures can be equivalent to full handwritten signatures.
In accordance with Subpart A, section 11.2, persons may use Electronic Signatures add-on for both submitted and non-submitted records.
According to definition of electronic signature, User Validator Field and Logged User Validator Field which use username and password, as well as PIN in case of using Jira cloud, can be considered electronic signatures because they are data compilation of series of symbols executed, adopted, or authorized by an individual.
Subpart B - Electronic Records
Electronic Signatures app prevents unauthorized actions on Jira tickets. The add-on contains custom fields for checking user credentials. To execute transition or edit issues the users have to type valid credentials to proceed. In compliance with 21 CFR 11.10, only a Jira Administrator, a person with appropriate knowledge, authority and permission is able to install and configure Electronic Signatures plugin. In addition to this, on the configuration page you are able to set up 'Username check' sensitivity and count of invalid login attempts.
Using either the User Validator Field or the Logged User Validator within Electronic Signatures add-on, the user password is invisible and is not disclosed for security reasons and to ensure the authenticity, integrity, and the confidentiality.
Information about username of the signer, date, time and meaning of signature you can find within ticket. To do this, go to Issue Sign Information tab in Jira server platform and to E-Signatures tab if you use Jira cloud platform.
Electronic Signatures add-on automatically links signatures to issues and does not allow further modification to be tampered to ensure 21 CFR Part 11 compliance.
Subpart C - Electronic Signatures
Both the User Validator Field and the Logged User Validator Field use username and password of the Jira user profile, reconciling of them is unique to each Jira account and cannot be reused by, or reassigned to, anyone else. In case of using Electronic Signatures for Jira cloud, apart from login and password, special PIN is verified, which is personal for each Jira user and, as well as cannot be transferred or disclosed to third parties.
Because the Electronic Signatures add-on is not based upon biometric data, identification always involves the use of mandatory authentication components, such as a username and password. If you use Electronic Signatures for Jira cloud, identification components includes verification of username and password when logging in and checking your personal PIN when signing.
Existence of two or more users with the same combination of login and password is impossible and contradicts the Atlassian Password policies. As an organization admin, you can use a password policy to require all of your managed users to meet a minimum password strength or set a password expiration period. Apart from this, you can set up count of invalid login attempts during signing the issue and sensitivity check on Electronic Signatures configuration page.
If you have any questions, contact the appfire Products team at support@appfire.com or visit our Support Desk to request support or suggest a feature.