Electronic signatures under GxP: How to implement it securely in practice

The Challenge of Electronic Signatures

Electronic signatures have become a more widespread practice in the pharma industry, but their implementation is often more challenging than many companies expect. This is particularly due to the extensive compliance requirements defined in 21 CFR Part 11 from the FDA and Annex 11 from the EMA. Many pharma companies underestimate the complexity of implementing electronic signatures correctly and securely, which can lead to compliance issues.

The issues often arise because companies do not have a clear strategy or understanding of the requirements surrounding electronic signatures. Typical mistakes include lack of or insufficient documentation, poor processes around identity verification, and challenges in ensuring the integrity of signatures over time.

Consequences of Incorrect Implementation

If electronic signatures are not implemented correctly, it can lead to serious compliance challenges with the FDA and EMA. Errors or deficiencies in the implementation can result in regulatory sanctions, which can be both costly and time-consuming to rectify. Furthermore, errors in electronic signatures can lead to data integrity issues, thus affecting trust in the company's documentation and data.

Another problem is that poor implementation often creates uncertainty and frustration among employees. If employees experience that electronic signatures are not working effectively, it can negatively affect both their productivity and engagement. Therefore, it is important that the implementation is carried out in a way that is simple, intuitive, and compliant.

How to Ensure Correct Implementation

A correct implementation of electronic signatures under GxP starts with a clear and well-defined policy. The company should clearly describe which types of documents and processes require electronic signatures and how the signatures are managed in practice. This policy should include clear guidelines for user identification, access control, and ongoing maintenance.

It is also important to ensure that the technical solution that supports electronic signatures is robust and compliant with the requirements from the FDA and EMA. The solution must clearly document the authenticity and integrity of the signatures, and there must be clear procedures for how the data is stored and protected against alterations.

A central part of the implementation is also ongoing training and follow-up. Employees must be clearly instructed on how to use electronic signatures correctly and how to handle any issues that arise. Regular training ensures that the procedures are adhered to and that employees feel secure in using electronic signatures.

Finally, ongoing monitoring and auditing of the process are crucial to ensure that it remains compliant. This means regular internal audits, where the implementation and use of electronic signatures are thoroughly reviewed to quickly identify and rectify any errors and deficiencies.

If you would like to know more about how pharma companies safely and correctly implement electronic signatures under GxP, feel free to reach out to us so we can have a non-binding conversation.