That medical device development entails a lot of documentation should not be a surprise to anyone. Hundreds of documents are created, reviewed, released, then modified, reviewed and released again. The majority of these documents needs to be signed, often by two persons or more. Collecting signatures, although it seems like a trivial task, becomes a significant nuisance when the number of documents and releases increase.
One of our customers insisted on having 3 people sign each test case before release. Their 18 000 test cases yielded a combined signature collection effort of 5 man-years (estimated 30 mins to collect a single signature, their estimation).
It is rare to find medical device manufacturers that enjoy writing medical device development documents, but it is even rarer to find those who gladly spend their days collecting signatures for the said documents.
The obvious question is hence: how can we spend less time on document signatures?
For many medical device manufacturers, the equally obvious answer seems to be electronic (or digital) signatures.
So why is it so hard to get a signature?
There are several potential reasons for this. Maybe the Signer is a very busy person and simply has no time for this task. Maybe the Signer is located somewhere else through work, travelling, vacation or other reasons. Or perhaps the previous Signer did not pass on the document to the next Signer in line. Or maybe a formal signature sequence (order) is forced by the document process in question, where a Signer that actually is available, is prevented to carry out the task since some Signer further up the signing sequence has not fulfilled hers. Or it might be that the document in question cannot be signed before some other related document has been released (i.e. signed).
Thus, there can be formal reasons but also trivial reasons why a signature does not get timely collected.
The most trivial is of course that it is just hard to physically get the document in front of the Signer (or the other way around) for some reason or another. Once you get that far, the literary "stroke of the pen" is usually a quick affair. This is the perceived major efficiency benefit of Electronic Signatures. You do not have to physically get the document in front of the Signer. The document does not need to get passed around. The Signer can pull it up (from an E-Signing System) whenever he wants, from wherever he is. This allows a quasi-parallel execution of signatures. Two people on different sides of the planet can sign the same document at the same time (almost)! Costs associated with printing, sending, scanning and storing the paper copy are eliminated. E-Signatures also entail increased measures of security, enhanced authenticity, resisting tampering and also provide accurate signature audit trails.
Before explaining how to introduce an E-Signing System, let me say a few words about Digital and Electronic Signatures.
Digital and Electronic Signatures
Even though the terms are often used interchangeably, there are some notable differences between the two concepts.
According to FDA, Electronic Signatures are "Compilation of data (user name / password, dongles, biometric)", which is unique for a person. This can be used to sign documents and is as legally binding as a “wet signature”. The signature and the association with the signed entity (document) is stored in a database of the Signature System. Furthermore, not all E-Signing Systems leave a visual mark on the signed document that indicates that it has actually been signed.
Digital Signatures on the other hand, require a Digital Certificate that ensures the identity of the signer. A part of that Digital Certificate gets embedded in the signed document during the signing process. As a result, the validity of the signature can be checked independently of the E-Signing System.
So, someone needs to guarantee the identity of the signer.
For Electronic Signatures, the organisation (the manufacturer) does this by using the validates E-Signing System.
For Digital Signatures, it is the issuer of the Digital Certificate that ensures the identity of the signer. Digitally signed documents often also contain a visible signature.
Obviously, there seem to be several advantages using Digital Signatures. The validity of the signed document can be inspected independently of the E-Signing System, which is an advantage if the E-Signing System goes down, is corrupted or the system vendor goes bankrupt.
Any drawbacks?
Yes, a few. Obtaining a Digital Certificate from a third-party vendor is expensive and requires an administrative effort. There is the obvious question of where and how to store these certificates as well as associate them with the user. They also have the nuisance to expire after a while and therefore need to get regularly renewed. People also have a tendency to marry and change their names etc. which also leads to renewals. Furthermore, it is not guaranteed that the validity shows up correctly in third party viewers (like Acrobat PDF Reader), for technical reasons having to do with root certificates.
An organisation can circumvent all this by issuing their own Digital Certificates. This is somewhat of an IT "adventure" but it can be done. Costs can then be lowered somewhat but there is still a significant administrative effort. Moreover, internally generated Digital Certificates can of course not be validated by third party viewers (like Acrobat PDF Reader).
So, there are pros and cons with both options.
However, they have several similarities and most important of all, both methods are recognized by the FDA.
Let's do E-SIgning!
Let's say we want to engage in eSigning (Electronic or Digital). What kind of effort can we expect to get this up and running?
Here is a short list of some of the steps:
- Assess the E-Signing System for Part 11 / Annex 11 compliance
- Qualify the E-Signing System Vendor as Supplier according to your QMS
- Assign responsible roles and people for the E-Signing System
- Install and configure the E-Signing System
- Make or buy the Digital Certificates (if used)
- Adapt your QMS to recognize E-Signatures and describe how they are intended to work
- Prepare all the Document Templates to be used for eSigning (the system needs to know where in the document the signature shall be placed. Page nr, location on page, margins and spaces etc).
- Validate the E-Signing System
- Create E-Signature User Guidelines and train all users in how to use it
- Notify the FDA (which is compulsory)
There is thus a non-neglectable initial effort to set up the E-Signing System, and also an effort to keep it maintained, both from a process as well as from an IT perspective.
There are also several other things to consider before you decide to go down the Electronic Signature path:
Document Life Cycle
All documents have a life cycle and the signing is only a very small part of this process. You need to consider how the document gets into the E-Signing System, how it interfaces with other systems such as Document Management Systems, workflow engines or e-Forms of which the document may be a part.
You also need to pay attention on how you plan to archive the electronic documents. This might seem like a trivial question but it is more depth here than you think.
External Users
If external users (as in external to your organisation) are going to use the system, you need to prepare a process where they get access to the E-Signing System, including setting up a corresponding user in the system with the appropriate Digital Certificate if applicable. These external users also need to get trained in how to use the system.
Hybrid Signature Situations
Are you going to end up with documents that are partly signed electronically and partly with traditional "wet signatures"? If so, you need a described process for this as well.
Ownership
Last but not least you need to establish who has the ownership of the E-Signing System. Is it the IT Department that usually acquire and maintain IT systems? Or is it the R&D department that probably is the most frequent user of the system? Or is it the HR department that is concerned with the identity of the people working in the organisation? This needs to be clarified before you start.
Predicted Outcome
As mentioned, an E-Signing System will decrease the effort of placing the document in front of the Signer. It will reduce costs associated with transporting the paper copy of the document. It will also potentially increase security and authenticity of the documents.
But there are things an E-Signing System cannot do. Regardless of how deep you entrench E-Signatures as a paradigm in your organisation, you will almost inevitable have a residual number of documents that are signed with ink. Thus, no matter how much you push E-Signatures you will end up with a hybrid system, composed by documents signed electronically and documents signed with ink. Be prepared for this.
Then, a Signature System is per se an IT system with all the work it entails. It needs to be validated and maintained, people will repeatedly forget their credentials if they do not use the system frequently and there will be the ubiquitous bugs and errors. This all means increased costs that need to be compared and contrasted with the costs by using a manual system.
Finally, an E-Signature System does not make bad processes good just by digitizing them. Overloaded employees will still remain overloaded regardless.
For which situations does E-Signatures make sense?
E-Signatures make sense when signing is a routine operation i.e. when a user makes several signings per week. E-signing for the occasional (or maybe even singular) CEO signature on a Product Requirements Document does not warrant the effort.
Document types that are well suited for E-Signatures are those that exist in many instances and that are comparably small amount of actual content (as in quick to read). Examples of such document types are time reports, expense reports, purchasing approvals and test case documents.
Last but not least, maintenance is of course made easier if all Signers are part of the organisation (as opposed to involving multiple external users).
Efficient with and without E-signatures
If you find it cumbersome to collect signatures today, there are several ways you can scrutinize your organisation for efficiency improvements.
Analyse current signing process
Are all these signatures really necessary? Ask yourself why they were added ("It is required by our process" is not a valid answer) and most importantly, what does the particular signature mean? In what way does a particular signature make the document "better"?
Don’t get dependent on busy Signers
The overloaded Project Manager or CTO that never has time for signing is a common bottleneck in many organisations. Appoint deputies to all signing functions (the deputies shall also have deputies). Try to avoid sequentially forced signature sequences. They cost more than they bring. Finally, simply planning the signing occasion like a regular meeting (set up a meeting in the calendar) might yield you some good results.
I hope this post has highlighted some of the pros and cons of employing Electronic Signatures. If there is anything I want you to take home it is probably this:
- Signature efficiency stands and falls with the process, not the system
- Analyse and improve the process first!!
- E-signatures can be very beneficial in specific situations
- E-signatures gains (i.e. speed gains) must be weighed against costs
Aligned Elements supports electronic as well as digital signatures of documents with automatic relaying to external Document Management Systems.
If you would like to get a demonstration of e-Signatures in Aligned Elements, just let us know.
