Man with glasses on iPad, wearing a suit and filling out a form

Compliance

21 CFR Part 11

Commitment to compliance is the core of what we do. FormAssembly aligns with the Food and Drug Administration (FDA) requirements for electronic signatures as per 21 CFR Part 11.

Alignment with 21 CFR Part 11

What steps do you take to achieve system validation?

FormAssembly takes three steps to achieve system validation:

  1. Risk assessments: FormAssembly identifies and assesses the potential risks associated with the use of electronic signatures in the platform.
  2. Rigorous testing: FormAssembly performs comprehensive testing of the platform features, including signature creation, verification, audit trails, and access control mechanisms.
  3. Documentation: The validation process, risk assessment procedures, testing plans, test results, and any identified risks or corrective actions are all documented and securely stored.

Can you describe the security of the FormAssembly environment?

FormAssembly approaches security in three ways.

  1. Physical security: There are physical safeguards implemented to protect the platform’s infrastructure, such as access controls, intrusion detection systems, and environmental controls.
  2. Logical security: FormAssembly uses strong authentication mechanisms, data encryption, and access control policies to safeguard electronic records and signatures.
  3. Procedural safeguards: Clear procedures are in place for data handling, disaster recovery, and incident response to maintain the integrity of electronic records.

You can request and view FormAssembly’s security and compliance documentation in our dedicated trust center.

VISIT TRUST CENTER

Do you have audit trails, and for what actions?

User activity logs
User logins, document creation, signature events, and any modifications to electronic records are all tracked.

System events
System events such as server restarts, data backups, and security incidents are all recorded.

Data access
Access to electronic records, including who accessed what data, when, and from where are monitored and logged.

What access controls are in place?

User authentication
Strong authentication methods are implemented, such as multi-factor authentication (MFA) and reCAPTCHA to verify user identities.

Role-based access control (RBAC)
FormAssembly assigns access permissions based on user roles and responsibilities, ensuring that users can only access the data and functions they need.

Password management
Strong password policies are enforced and require regular password changes to prevent unauthorized access.

Can you explain your signature management?

Secure signature generation
Secure mechanisms are provided for users to generate their electronic signatures.

Signature verification
FormAssembly has implemented several methods to verify the authenticity and integrity of electronic signatures.

Signature revocation
In the case of errors or fraud, policies have been put into place to allow for electronic signature revocation.

What training and education is in place?

Education
Platform users and employees alike are educated on the specific requirements of 21 CFR 11 and how to use the platform within its compliance requirements.

Platform feature training
Users are trained on the features within the platform for creating, managing, and verifying electronic records, logs, and signatures.

Best practices
Receive detailed guidance on secure practices for using the platform, including password management, access control, and data handling.

Documentation you can trust

Everything you need to know about FormAssembly’s security and compliance in one location.

VISIT the SECURITY PORTAL

Let’s talk about secure data collection for your organization.

Book a Demo