Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Download PDFDownload PDF
Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Heather Mueller
/
June 22, 2021
Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

MIN
/
June 22, 2021
About the Episode
Episode Highlights
Meet our Guest
Episode Transcript

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Get the Report

Great, thank ya!

You can now access the content.
Oops! Something went wrong while submitting the form.
Blog

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Panelists
No items found.
Introduction
Introduction

Great, thank ya!

You can now access the content.
Download NowDownload Now
Oops! Something went wrong while submitting the form.

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

Panelists
No items found.
Infographic

Electronic Signatures and FDA Part 11 Compliance: Here’s What You Need to Know

Get a quick, easy-to-digest look at FDA Part 11 Compliance: what it is, how it works, and what it means for your business when it comes to eSignature software.
Download InfographicDownload Infographic

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

Collecting payments with online forms is easy, but first, you have to choose the right payment gateway. Browse the providers in our gateway credit card processing comparison chart to find the best option for your business. Then sign up for Formstack Forms, customize your payment forms, and start collecting profits in minutes.

Online Payment Gateway Comparison Chart

NOTE: These amounts reflect the monthly subscription for the payment provider. Formstack does not charge a fee to integrate with any of our payment partners.

FEATURES
Authorize.Net
Bambora
Chargify
First Data
PayPal
PayPal Pro
PayPal Payflow
Stripe
WePay
ProPay
Monthly Fees
$25
$25
$149+
Contact First Data
$0
$25
$0-$25
$0
$0
$4
Transaction Fees
$2.9% + 30¢
$2.9% + 30¢
N/A
Contact First Data
$2.9% + 30¢
$2.9% + 30¢
10¢
$2.9% + 30¢
$2.9% + 30¢
$2.6% + 30¢
Countries
5
8
Based on payment gateway
50+
203
3
4
25
USA
USA
Currencies
11
2
23
140
25
23
25
135+
1
1
Card Types
6
13
Based on payment gateway
5
9
9
5
6
4
4
Limits
None
None
Based on payment gateway
None
$10,000
None
None
None
None
$500 per transaction
Form Payments
Recurring Billing
Mobile Payments
PSD2 Compliant

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

If you work in an industry that's regulated by the Food and Drug Administration, you’ve likely heard about FDA Part 11 compliance.

You probably also know that this particular compliance requirement can be incredibly confusing, to say the least.

The regulation is a highly important component of FDA digital health for pharmaceutical companies, medical device suppliers, and the like. Unfortunately, it's also one of the most complex. 

If you're looking for some clarity on 21 CFR Part 11, we're here to help. While we can’t offer official legal advice, we can give you a Formstack perspective on how this regulation works and what it means for your business. 

Did you know? The FDA issued final part 11 regulations in March of 1997 to provide criteria for acceptance by FDA of electronic records andelectronic signatures.

What Is FDA Part 11 compliance?

To put it in simple terms, 21 CFR Part 11 is a regulation published by the FDA to establish requirements for electronic signatures and the records that go along with them. The purpose is to ensure any eSignatures the agency receives are just as valid as their pen-and-ink counterparts. The acronym stands for “Code of Federal Regulations,” and Part 11 refers specifically to electronic signatures that are submitted to the FDA.

Generally speaking, if your organization follows all of the included regulations and can prove the validity of electronic signatures to an auditor, the FDA will accept those eSignatures in place of traditional paper-based ones.

Related: Electronic Signatures vs. Digital Signatures: What’s the Difference?

What do Part 11 regulations mean for your organization?

It’s important to note that ensuring your eSignatures are FDA-compliant can be fairly involved; Part 11 regulations are far more complex than the much simpler, and more widely known, requirements set by the ESIGN Act and UETA.

The first step you’ll need to take is to send a letter. Before your company can collect signatures electronically, you’ll need to notify the FDA of your intent in a “Letter of Non-Repudiation Agreement.” The letter should be on company letterhead, and include a traditional handwritten signature. 

Once you’ve sent the letter and created a new account, you’ll need to have some important eSignature processes in place. More specifically, you will need to:

Verify identities as part of your electronic signature collection process

In some less-regulated industries, the type of eSignature that's used isn’t imperative—and collecting them could be as simple as adding a signature field to an online form.

Not so with the FDA.

When submitting eSignatures to the FDA, you'll need to prove your identity every time you sign by entering a username and password. 

Thoroughly document each signature and signed document

When using eSignatures to complete digital documents, you’ll need to thoroughly document procedures and policies to prove each electronic record is authentic. Additional regulations specify that any signature attached to an electronic record must remain connected to that record forever—the eSignature can’t be removed, erased, or transferred—and that the record include the printed name of the signer as well as the date and time of the eSignature.

Maintain an audit trail

As another requirement of CFR 21 Part 11, you’ll need to keep a detailed history for each electronic signature. This audit trail should include a full log of all events associated with the document that’s being signed: when the document was created, how it was sent, how the identity of signers was authenticated, and more. In addition to reducing your risks for noncompliance penalties, those details will help protect against any claims that someone didn’t see or sign the document in question.

Learn More: How Formstack Sign Complies with Title 21 CFR Part 11

How can you be sure your signatures are FDA compliant? 

If you’ve already started submitting eSignatures to the FDA and are concerned about audit risks—or if you’re just getting started—begin by looking at your eSignature software. Is it designed specifically to help ensure you’re FDA compliant? Does it maintain a full audit trail?

These are critical questions to answer, since your organization will ultimately be held responsible for any noncompliance issues. While you can rely on technology to automate some steps outlined above, it’s up to you to confirm that the vendor is providing the services they say they are—ones that can help ensure you’ll remain FDA compliant. 

When selecting a vendor, watch for time stamps and other features that will automate the audit trail for you, as well as password protection and other advanced security tools


Looking for eSignature software to help ease the burden of FDA compliance? Formstack Sign complies with Title 21 CFR Part 11 so you can easily collect electronic signatures while maintaining accurate, authentic records for audits and reviews. Try it free for 14 days

Heather Mueller
Heather is a website copywriter and digital content strategist who loves helping brands generate leads through the power of the written word—especially when using Formstack. Connect with Heather on Twitter @heathermueller.
More Articles
Meet The Host
CEO of
Connect
Chris is on a mission to turn people into great leaders. He's passionate about helping problem solvers see more value in the work they do every day.