Electronic Records & Signatures
Explore this topic in more depth to build a complete picture of your quality and compliance operations.
Explore
Glossary Term
Electronic Signature
The regulated digital equivalent of a handwritten signature: uniquely attributable to one person, linked to the signed record, captured with meaning and timestamp, and verifiable on inspection.
Electronic signatures are how regulated approvals move from paper to digital without losing accountability. Done well, they replace ink-and-paper at scale. Done poorly, they create inspection findings that affect every signed record they touched.
On this page
What an electronic signature is
An electronic signature is the regulated digital equivalent of a handwritten signature. It's the logical association of one person's identity to a specific action on an electronic record, captured with intent, meaning, and timestamp, and bound to the record so it can't be detached or transferred.
In the U.S., 21 CFR Part 11 defines the criteria. In the EU, Annex 11 and eIDAS (Regulation EU 910/2014) cover overlapping ground. ISO 13485 §4.2.4–4.2.5 addresses signature controls for medical device QMS records. Each framework asks similar questions: who signed, when, for what purpose, and how do we know it was actually that person?
Electronic signatures cover three categories of action in regulated systems. Approval releases a record into a regulated decision: batch release, document approval, CAPA closure. Review captures a reviewer's sign-off that they checked the work. Responsibility or authorship means the signer takes accountability for the content. Each carries a different meaning that has to be captured.
Not just a button click
A compliant electronic signature is more than clicking 'I agree'. It involves re-authentication, role-appropriate authority, meaning capture, record binding, and an audit trail entry — all governed by §§11.50, 11.70, 11.100, 11.200, and 11.300 for FDA-regulated systems.
Why e-signatures sit at the centre of Part 11 inspections
Electronic signatures are how regulated approvals move from paper to digital. They underpin every batch release, every CAPA closure, every document approval, every change request authorisation. The integrity of those approvals depends entirely on the signature being what it claims to be.
FDA's chromatography enforcement actions from 2017 onward produced dozens of warning letters citing electronic signature failures. Shared analyst accounts. Signatures without meaning. Signatures separable from the record. Weak passwords. Biometric signatures without the required controls. Each failure invalidates not just the signature but the regulatory decision it supported.
Inspector perspective: the question inspectors keep coming back to is whether a specific person, with the authority to do this, actually applied this signature with the intent to do what the system says they did. If any link in that chain breaks — shared account, missing meaning, signature that could be moved to another record — the signature isn't evidence of anything.
The e-signature requirements section by section
Electronic signature requirements span multiple frameworks; the U.S. and EU citations most commonly seen in inspection findings:
- 21 CFR §11.50 — Signature manifestations: signed electronic records have to display the printed name of the signer, the date and time the signature was executed, and the meaning (review, approval, responsibility, authorship). The manifestation is part of the record.
- 21 CFR §11.70 — Signature/record linking: signatures have to be linked to their respective records so they can't be excised, copied, or otherwise transferred to falsify an electronic record. Database foreign keys and cryptographic linking both work.
- 21 CFR §11.100 — General requirements: each electronic signature is unique to one individual and not reassigned to anyone else; identity verified before assignment; the firm certifies to FDA that electronic signatures are intended as legally binding equivalents of handwritten signatures.
- 21 CFR §11.200(a) — Non-biometric signatures: at least two distinct identification components (typically an ID and a password); the first signing of a session uses all components; subsequent signings during the same continuous session may use at least one component; users who leave the system re-authenticate fully on return.
- 21 CFR §11.200(b) — Biometric signatures: designed to ensure they can't be used by anyone other than the genuine owner.
- 21 CFR §11.300 — Identification codes and passwords: uniqueness; periodic password change; loss-management procedures; transaction safeguards against unauthorised use; periodic testing of devices that generate or bear identification codes.
- 21 CFR §11.10(d): limiting system access to authorised individuals — the predicate for unique-account requirements that underpin §11.100.
- FDA Part 11 Scope and Application (August 2003): clarifies enforcement focus; electronic signatures remain a core enforcement area.
- EU GMP Annex 11 §14: electronic signatures should be equivalent to handwritten signatures, permanently linked to their record, and include the date and time when applied.
- EU Regulation 910/2014 (eIDAS): defines simple, advanced, and qualified electronic signatures for general EU electronic transactions; GxP context typically requires alignment plus Annex 11 controls.
- ISO 13485 §4.2.4–4.2.5: control of documents and records, including approval and signature controls for device QMS.
- ICH Q10 §4: management responsibility for ensuring system controls, including electronic signatures, operate as intended.
What an inspection-ready e-signature event captures
A complete electronic signature event captures the following, all at the moment of signing:
- Signer identity: authenticated user; no shared accounts; printed name available for display under §11.50
- Authentication: at least two distinct components at first signing under §11.200(a) for non-biometric; biometric with proper controls under §11.200(b)
- Signature meaning: review, approval, responsibility, or authorship — selected by the user before the signature is applied, captured as part of the signature record under §11.50
- Server-side timestamp: UTC, not the client clock, in line with the time-control expectations of §11.10(e)
- Record binding: signature linked to the specific record by foreign key or cryptographic binding under §11.70; not editable or transferable
- Audit trail entry: the signing action written to the per-record audit trail under §11.10(e) with identity, action, timestamp, and the linked record
- Authorisation check: at the moment of signing, the system verifies the signer has the role authority to apply this specific meaning to this specific record
- Re-authentication on session change: leaving the system and returning requires full re-authentication under §11.200(a)(1)(ii)
- Manifestation in the record: when the record is viewed, exported, or printed, the signature manifestation (name, date/time, meaning) appears visibly under §11.50
What strong electronic signature programs share
The programs that hold up under inspection share these patterns:
The 'shared lab account' pattern
A single 'lab' or 'analyst' account used by multiple people violates §11.100 (uniqueness) and §11.10(d) (limited access). A signature applied from a shared account isn't legally tied to a specific individual. Recalls and consent decrees have been driven by exactly this pattern. Eliminate it before it becomes your finding.
- Unique accounts enforced. Provisioning, deprovisioning, and account-sharing prohibition embedded in IT controls and HR offboarding. No shared accounts in any GxP workflow.
- Two-factor identification under §11.200. ID plus password at minimum; multi-factor where risk warrants. Biometric, where used, has the genuine-owner-only safeguards.
- Signature meaning enforced. The signing dialog requires the user to select meaning before applying the signature. Meaning is captured in the audit trail alongside identity and timestamp.
- Continuous-session policy documented. The SOP defines what counts as a continuous session and when re-authentication is required.
- Password controls under §11.300. Periodic change, uniqueness, lockout after failed attempts, loss-management procedures, no sharing or writing down.
- Role-based signature authority. The system verifies authority at the moment of signing. Users can't apply signatures with a meaning they don't have authority for.
- Signature-to-record binding is technical, not procedural. Database FK or cryptographic linking, not "users are trained not to detach signatures".
- Manifestation visible in record output. PDF exports, printed records, and on-screen views all show signer name, date/time, and meaning.
- Audit trail captures signing events. Every signature, including failed authentication attempts, written to the audit trail.
- Periodic review of signature usage. Part of the audit trail review program — look for unusual signing patterns, after-hours signatures, signatures by users who shouldn't have signing authority.
- System validation includes signatures. CSV or CSA evidence specifically addresses §11.50, §11.70, §11.100, §11.200, and §11.300 implementation.
- Training on signature responsibility. Users trained on the legal and procedural meaning of electronic sign-off, including the §11.100 certification.
How Complere implements electronic signatures
Complere is built around regulated approvals. Electronic signatures aren't an add-on — they're how documents get released, CAPAs get closed, changes get authorised, audit findings get signed off, and risk assessments get approved. Every signature your team applies carries the controls regulators expect, every time.
When someone on your team signs something, it's tied to their unique authenticated account — never a shared "lab" or "analyst" login. Complere doesn't let users share accounts; every login belongs to one person. Logging in uses two distinct identification components, and if your user steps away and comes back, they re-authenticate. Before applying the signature, your user picks what it means — review, approval, responsibility, or authorship — and that meaning travels with the signature. The signature is bound to the specific record it was applied to, so no one can lift it and move it somewhere else.
Authority is checked at the moment of signing. Roles decide who can apply which meaning to which record type; the platform confirms your user actually holds that authority before the signature lands. Signature requirements come from controlled templates per record type, so a CAPA closes the same way every time, and a document approval follows the same rules every time — your team isn't reinventing the control set per record.
When records get exported or printed, the signature shows up on the output: signer's name, the moment they signed, and what they signed it for. Every signing event is captured in the record's history with all four elements (who, what, when, why), so when an inspector asks to see the signing history on a release decision, your team produces it without scrambling.
What stays with your team: the SOPs that say who can sign for what, the training that makes sure your users understand the weight of an electronic signature, the periodic review of signing patterns for anything unusual, and the IT discipline that keeps unique accounts unique. Complere makes the technical controls reliable; the program that wraps them is yours.
Frequently asked questions
Common questions about Electronic Signature sourced from regulatory references and inspection patterns.
What makes an electronic signature compliant under Part 11?
Five things, drawn from 21 CFR §§11.50, 11.70, 11.100, 11.200, 11.300: (1) unique to one person and not reassigned; (2) at least two distinct identification components for non-biometric signatures; (3) the signature record captures the printed name of the signer, date and time, and meaning (review, approval, responsibility); (4) the signature is linked to the record so it can't be excised or transferred; (5) the firm has certified to FDA that its electronic signatures are intended as legally binding equivalents of handwritten signatures.
Is a typed name in an email an electronic signature?
Under eIDAS in the EU and ESIGN in the U.S. consumer context — sometimes, depending on intent and context. Under 21 CFR Part 11 for GxP records — no. Part 11 requires unique attribution, two-factor identification components, meaning capture, and record binding. A typed name in an email doesn't carry any of those by default.
Do I need re-authentication for every signature?
Under §11.200(a)(1), non-biometric electronic signatures used during a continuous session work this way: the first signing uses all electronic signature components; subsequent signings in the same session use at least one component (the other being implicit through the session). When the user leaves the session and returns, full re-authentication is required again. The definition of "continuous session" is up to the firm but should sit in an SOP.
What's the difference between an electronic signature and a digital signature?
An electronic signature (Part 11 sense) is a logical association of a signer's identity to a record with intent. A digital signature is one technical implementation that uses cryptographic methods (PKI, hash) to create a tamper-evident binding. All digital signatures are electronic signatures; not all electronic signatures are digital signatures. Open systems under §11.30 require digital signatures plus encryption; closed systems under §11.10 can use other authentication mechanisms.
What does 'signature meaning' actually capture?
Under §11.50, the signature record has to display the meaning associated with the signature: review, approval, responsibility, authorship — whichever applies. The meaning has to be linked to the signature event in the record. A signature without meaning fails §11.50 even if all other controls are in place. The captured meaning is also part of the audit trail under §11.10(e).
What are the most common e-signature findings in FDA inspections?
Recurring patterns: shared accounts violating §11.100 unique-signature requirement; signatures applied without meaning capture, failing §11.50; signatures not bound to the record (excisable or transferable), failing §11.70; passwords shared or written down, failing §11.300; biometric signatures without controls against use by anyone other than the genuine owner, failing §11.200(b). The chromatography enforcement actions that ran from 2017 onward drove many of these.
Do shared 'lab' or 'analyst' accounts work?
No. Shared accounts fail §11.100 (uniqueness) and §11.10(d) (limiting access to authorised individuals). A signature applied from a shared account isn't legally tied to a specific individual. This pattern alone has driven product recalls and consent decrees. The fix is unique accounts only, with formal provisioning and deprovisioning.
Does eIDAS in the EU replace Part 11 for European operations?
No. eIDAS (Regulation EU 910/2014) governs general electronic transactions in the EU and defines simple, advanced, and qualified electronic signatures. For GxP records, EU GMP Annex 11 plus Annex 16 plus Chapter 4 apply alongside eIDAS. Most regulated firms operating in the EU map their Part 11 controls onto Annex 11 expectations and use eIDAS qualified-signature where business-legal context requires it.
Continue Exploring
Explore related topics, modules, and compliance resources for a deeper understanding of your quality system.
See electronic signatures in action during a Complere demo
Walk through Complere's role-based e-signature: identity, meaning, timestamp, record binding, and audit trail across documents, CAPA, change requests, audits, events, and risk assessments.