eSignature = Electronic Signature
UK: MHRA Guidance on GxP Data Integrity – A signature in digital form (bio-metric or non-biometric) that represents the signatory. This should be equivalent in legal terms to the handwritten signature of the signatory (as per Section 6.14 of MHRA – Guidance on GxP data integrity, March 2018).
The use of electronic signatures should be appropriately controlled with consideration given to:
- How the signature is attributable to an individual.
- How the act of ‘signing’ is recorded within the system so that it cannot be altered or manipulated without invalidating the signature or status of the entry.
- How the record of the signature will be associated with the entry made and how this can be verified.
- The security of the electronic signature i.e. so that it can only be applied by the ‘owner’ of that signature.
It is expected that appropriate validation of the signature process associated with a system is undertaken to demonstrate suitability and that control over signed records is maintained. Where a paper or pdf copy of an electronically signed document is produced, the metadata associated with an electronic signature should be maintained with the associated document (as per Section 6.14 of MHRA – Guidance on GxP data integrity, March 2018).
The use of electronic signatures should be compliant with the requirements of international standards. The use of advanced electronic signatures should be considered where this method of authentication is required by the risk assessment. Electronic signature or E-signature systems must provide for “signature manifestations” i.e. a display within the viewable record that defines who signed it, their title, and the date (and time, if significant) and the meaning of the signature (e.g. verified or approved) (as per Section 6.14 of MHRA – Guidance on GxP data integrity, March 2018).
An inserted image of a signature or a footnote indicating that the document has been electronically signed (where this has been entered by a means other than the validated electronic signature process) is not adequate. Where a document is electronically signed then the metadata associated with the signature should be retained (as per Section 6.14 of MHRA – Guidance on GxP data integrity, March 2018).