FDA APPROVED E-SIGNATURE
21 CFR Part 11 Compliant Forms
E-signature forms trusted by pharmaceutical and medical device companies to fulfill the requirements outlined in the Code of Federal Regulations Title 21 Part 11
Alignment with 21 CFR Part 11
Describe your approach to risk reduction.
FormAssembly takes three steps to achieve system validation:
- Risk assessments: FormAssembly identifies and assesses the potential risks associated with the use of electronic signatures in the platform.
- Rigorous testing: FormAssembly performs comprehensive testing of the platform features, including signature creation, verification, audit trails, and access control mechanisms.
- Documentation: The validation process, risk assessment procedures, testing plans, test results, and any identified risks or corrective actions are all documented and securely stored.
How secure is this software?
FormAssembly approaches security in three ways.
- Physical security: There are physical safeguards implemented to protect the platform’s infrastructure, such as access controls, intrusion detection systems, and environmental controls.
- Logical security: FormAssembly uses strong authentication mechanisms, data encryption, and access control policies to safeguard electronic records and signatures.
- Procedural safeguards: Clear procedures are in place for data handling, disaster recovery, and incident response to maintain the integrity of electronic records.
You can request and view FormAssembly’s security and compliance documentation in our dedicated trust center.
Describe your audit trail documentation.
User activity logs
User logins, document creation, signature events, and any modifications to electronic records are all tracked.
System events
System events such as server restarts, data backups, and security incidents are all recorded.
Data access
Access to electronic records, including who accessed what data, when, and from where are monitored and logged.
What user controls are in place?
User authentication
Strong authentication methods are implemented, such as multi-factor authentication (MFA) and reCAPTCHA to verify user identities.
Role-based access control (RBAC)
FormAssembly assigns access permissions based on user roles and responsibilities, ensuring that users can only access the data and functions they need.
Password management
Strong password policies are enforced and require regular password changes to prevent unauthorized access.
Describe e-signature security features.
Secure signature generation
Secure mechanisms are provided for users to generate their electronic signatures.
Signature verification
FormAssembly has implemented several methods to verify the authenticity and integrity of electronic signatures.
Signature revocation
In the case of errors or fraud, policies have been put into place to allow for electronic signature revocation.
What training is available?
Education
Platform users and employees alike are educated on the specific requirements of 21 CFR 11 and how to use the platform within its compliance requirements.
Platform feature training
Users are trained on the features within the platform for creating, managing, and verifying electronic records, logs, and signatures.
Best practices
Receive detailed guidance on secure practices for using the platform, including password management, access control, and data handling.