Re: E-Signatures

[Faith Mcgrath <faith.mcgrath () YALE EDU>]

I am also interested in what people are using for electronic signatures
if they need to certify that they are in compliance with FDA Electronic
Records; Electronic Signatures regs -- 21 CFR Part 11
(http://www.fda.gov/ora/compliance_ref/part11/). I am just being to do
some background reading on the requirements, but we are beginning to see
this requirement related to pharmaceutical research protocols. Thanks. -fm

Harrold Ahole wrote:
> > Is anyone doing any work with e-signatures within their applications?
> > I'm not talking about crypto-based digital signatures.  Rather, we
> > need something that is the equivalent of someone signing a piece of
> > paper to attest that the contents are correct.  Some applications
> > we've seen just have something like "type your name in this field to
> > sign this form".  A campus customer is looking for something more
> > comprehensive than that.  What are other people doing short of
> > implementing PKI or using login credentials as a signature?
>
> Well, the first thing to decide is what you want to accomplish.  The US
> Esign law allows "type your name" as a form of electronic signature
> simply because it's very natural to show consent (willful action).
> The first consideration is how do you authenticate the user at the time
> they take this action?  Depending on the application, it could be very
> little, such as if they are requesting the purchase of a transcript, in
> which authentication may not be too high provided they also pay by
> credit card.  If the user is logged into a campus application, you can
> certainly use that as a credential for authentication.
>
> The next consideration is to create a reliable electronic record, one
> that can be shared with all parties involved.  This is typically done
> with digital signatures, but of course other methods are likely
> acceptable if they can be shown to reflect the agreed upon document and
> are stored in a manner suitable to show non-modifiable archived storage
> (such as when paper docs are scanned to microfilm, it's generally
> assumed that the microfilm version is accurate as it's hard to tamper
> with).
>
> Harry


--
Faith McGrath, Associate Director
Yale University ITS - Information Security
faith.mcgrath () yale edu
voice: 203.737.4087 telefax: 203.737.2859
security () yale edu || security.yale.edu

Please be aware that email communication can be intercepted in
transmission or misdirected. Please consider communicating any sensitive
information by telephone, fax or mail. The information contained in this
message may be privileged and confidential. If you are NOT the intended
recipient, please notify the sender immediately and destroy this
message. If you wish to confirm the content of this message and/or the
identity of the sender please contact me at the phone number given above.