Electronic Signatures Guide
21 CFR Part 11 compliant electronic signatures.
Overview
Electronic Signatures in Buttress QMS provide legally binding, FDA 21 CFR Part 11 compliant digital signatures for quality documents.
Key Features
- Regulatory Compliance: Meets FDA 21 CFR Part 11 requirements for electronic records and signatures
- Multi-Factor Authentication: Requires password re-entry and optional 2FA for signatures
- Signature Meaning: Capture purpose (Approved, Reviewed, Authored, etc.)
- Tamper-Evident: Cryptographic hash ensures document integrity
- Complete Audit Trail: All signature activities are logged with timestamps
21 CFR Part 11 Compliance
Buttress QMS electronic signatures are designed to meet FDA 21 CFR Part 11 requirements:
Unique User Identification
- Each user has unique login credentials
- Signatures linked to individual user accounts
- User identity verified at time of signing
Signature Security
- Password re-authentication required
- Optional two-factor authentication
- Session timeout enforcement
Record Integrity
- Cryptographic hash of signed content
- Tamper detection mechanisms
- Version control for all changes
Audit Controls
- Complete signature audit trail
- Timestamp of all signature events
- Cannot be modified or deleted
Signing Documents
How to Apply an Electronic Signature
Step 1: Navigate to the Document
Open the record requiring signature (NCR, CAPA, Document, etc.) and click the Sign button.
Step 2: Select Signature Meaning
Choose the purpose of your signature:
- Approved: Formal approval of the document
- Reviewed: Acknowledgment of review completion
- Authored: Original creation of the document
- Verified: Confirmation of accuracy
- Witnessed: Attestation as a witness
Step 3: Authenticate Your Identity
Enter your password to confirm your identity. If 2FA is enabled, provide your authentication code.
Step 4: Add Comments (Optional)
Optionally add comments or notes to accompany your signature.
Step 5: Confirm and Sign
Review the signature details and click Apply Signature. The signature is permanently recorded.
Signature Verification
Verify the authenticity and integrity of electronic signatures:
Signature Information Displayed
- Signer Name: Full name of the person who signed
- Signature Meaning: Purpose of the signature
- Timestamp: Date and time of signature (UTC)
- IP Address: Network location at time of signing
- Document Hash: Cryptographic fingerprint of signed content
Integrity Verification
The system automatically verifies document integrity by comparing the current document hash with the hash recorded at signing time.
Audit Trail
All electronic signature activities are recorded in an immutable audit trail:
Captured Events
- Signature application (who, when, what meaning)
- Signature verification attempts
- Failed authentication attempts
- Document access and viewing
- Export and printing of signed documents
Audit Trail Fields
| Field | Description |
|---|---|
| Timestamp | Date and time of event (UTC, system clock) |
| User | User who performed the action |
| Action | Type of event (Sign, Verify, View, Export) |
| IP Address | Client IP at time of action |
| Details | Additional context (signature meaning, comments) |
Admin Configuration
Administrators can configure electronic signature settings.
Signature Settings
- Require 2FA for Signatures: Enforce two-factor authentication for all signatures
- Signature Meanings: Configure available signature meanings
- Required Signatures: Set minimum signatures required per document type
- Signature Order: Define sequential signature workflows (e.g., author then approver)
Compliance Settings
- Password Expiry: Enforce password changes at intervals
- Session Timeout: Auto-logout after inactivity
- Login Attempt Lockout: Lock accounts after failed attempts
- Audit Retention: Define audit log retention period