94-21468. Electronic Signatures; Electronic Records; Proposed Rule DEPARTMENT OF HEALTH AND HUMAN SERVICES  

  • [Federal Register Volume 59, Number 168 (Wednesday, August 31, 1994)]
    [Unknown Section]
    [Page 0]
    From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
    [FR Doc No: 94-21468]
    
    
    [[Page Unknown]]
    
    [Federal Register: August 31, 1994]
    
    
    _______________________________________________________________________
    
    Part VII
    
    
    
    
    
    Department of Health and Human Services
    
    
    
    
    
    _______________________________________________________________________
    
    
    
    Food and Drug Administration
    
    
    
    _______________________________________________________________________
    
    
    
    21 CFR Part 11
    
    
    
    
    Electronic Signatures; Electronic Records; Proposed Rule
    DEPARTMENT OF HEALTH AND HUMAN SERVICES
    
    Food and Drug Administration
    
    21 CFR Part 11
    
    [Docket No. 92N-0251]
    
     
    Electronic Signatures; Electronic Records
    
    AGENCY: Food and Drug Administration, HHS.
    
    ACTION: Proposed rule.
    
    -----------------------------------------------------------------------
    
    SUMMARY: The Food and Drug Administration (FDA) is proposing 
    regulations that would, under certain circumstances, permit the agency 
    to accept electronic records, electronic signatures, and handwritten 
    signatures executed to electronic records as generally equivalent to 
    paper records and handwritten signatures executed on paper. These 
    proposed regulations would apply to records when submitted in 
    electronic form that are called for in Title 21 of the Code of Federal 
    Regulations (CFR). The use of electronic forms of recordkeeping and 
    submissions to FDA remains voluntary. This proposed rule is a followup 
    to the agency's July 21, 1992, advance notice of proposed rulemaking 
    (ANPRM). The intended effect of this proposed rule is to permit use of 
    electronic technologies in a manner that is consistent with FDA's 
    overall mission and that preserves the integrity of the agency's 
    enforcement activities. This proposed rule is also intended to assist 
    in achieving the objectives of the Vice President's National 
    Performance Review.
    
    DATES: Written comments by November 29, 1994. FDA proposes that any 
    final rule based on this proposal be effective 90 days after its 
    publication in the Federal Register.
    
    ADDRESSES: Submit written comments to the Dockets Management Branch 
    (HFA-305), Food and Drug Administration, rm. 1-23, 12420 Parklawn Dr., 
    Rockville, MD 20857.
        FDA encourages interested persons who elect to send their comments 
    by e-mail to also send two paper copies of their comments to the 
    Dockets Management Branch (address above).
        The INTERNET ([email protected]) address is only for this 
    docket and will be disabled after the comment period closes. However, 
    based upon the outcome of this proposed rule, FDA may extend acceptance 
    of comments by e-mail to other dockets in the future.
        This proposed rule is available via INTERNET and BITNET by sending 
    an e-mail message to [email protected] The sole purpose of this 
    electronic address is to automatically distribute the proposed rule by 
    return e-mail. Therefore, no other correspondence should be sent to 
    this electronic address, and there is no need to include text in the 
    body or subject of the electronic request message. However, to permit 
    any necessary followup, persons may include their names, postal 
    addresses, and phone numbers in the body of the messages.
    
    FOR FURTHER INFORMATION CONTACT: 
        Paul J. Motise, Center for Drug Evaluation and Research (HFD-323), 
    Food and Drug Administration, 7520 Standish Pl., Rockville, MD 20855, 
    301-594-1089.
    E-mail address via MCI Mail:
        Name: Paul J. Motise, EMS: FDA, MBX: MOTISE, MBX: A1, MBX: FDACD.
    (For help in addressing format contact the MCI# Mail Customer Support 
    Line (1-800-444-6245)); or
        Tom M. Chin, Division of Compliance Policy (HFC-230),Food and Drug 
    Administration, 5600 Fishers Lane, Rockville, MD 20857, 301-443-1500.
    
    SUPPLEMENTARY INFORMATION: 
    
    I. Background
    
        In the Federal Register of July 21, 1992 (57 FR 32185), FDA 
    published an ANPRM on whether the agency should propose regulations 
    that would, under certain circumstances, permit the agency to accept 
    electronic identification or electronic signatures in place of 
    handwritten signatures where signatures are required in 21 CFR, and 
    where the electronic form of the signature bearing record is allowable 
    by the regulations. The ANPRM requested comments on current and future 
    electronic records maintained by industry and subject to FDA 
    inspection, submitted to FDA for review and approval, and FDA's own 
    records and industry notifications. The ANPRM also identified and 
    sought specific comment on the following issues: (1) Regulatory 
    acceptance; (2) enforcement integrity; (3) security; (4) validation; 
    (5) standards; and (6) freedom of information (FOI). In the Federal 
    Register of October 21, 1992 (57 FR 48008), FDA published an extension 
    of the comment period regarding the ANPRM. Interested persons were 
    given until December 18, 1992, to comment on the ANPRM.
        FDA received 53 comments from trade associations, pharmaceutical 
    and medical device manufacturers, computer systems developers, private 
    organizations, a Federal agency, a university, and consumers. The 
    comments generally support the ANPRM's objectives. A number of the 
    comments made suggestions. As appropriate, comments will be responded 
    to in this document in the discussion of the proposed regulation set 
    forth below.
    
    II. Summary and Analysis of Comments to the ANPRM
    
    A. Analysis of Comments
    
        The agency received a total of 53 comments to the July 21, 1992, 
    ANPRM. Comments came from a variety of sources including: 6 trade 
    associations, 27 pharmaceutical manufacturers, 2 medical device 
    manufacturers, 1 contract laboratory, 8 computer systems developers, 1 
    law firm on behalf of a computer systems developer, 1 law firm on 
    behalf of a consortium of industrial research companies, 1 agency of 
    the Federal Government, 1 drug sample distribution establishment, one 
    medical center, 1 university food sciences unit, 1 express mail 
    delivery service, and 2 individuals.
        Comments generally supported the agency's efforts relative to 
    electronic signatures and electronic records. One comment suggested 
    that FDA's actions may provide a model for other Federal agencies. 
    Several comments found the agency's electronic identification issues to 
    be among the most important and immediate concerns currently facing the 
    pharmaceutical industry.
        One comment expressed concern that the ANPRM did not address 
    medical devices and urged the agency to adopt uniform agency-wide 
    policies regarding electronic signatures.
        In general, comments addressed the advantages of electronic records 
    in enhancing product quality, control, production efficiency, and the 
    conduct of nonclinical laboratory studies. Comments urged the agency to 
    follow a course of action that would not impede technological 
    innovation. Comments also called for expedited resolution of the issues 
    in order to facilitate industry's plans for implementing new 
    technologies.
        One comment commended the agency for making the February 24, 1992, 
    progress report of the FDA Electronic Identification/ Signature Working 
    Group available via e-mail and encouraged FDA to continue electronic 
    distribution of agency documents. One comment submitted a 58-page paper 
    which addressed legal considerations and a detailed stratification 
    scheme based upon security risks.
        Although the ANPRM stated that the scope of FDA's considerations 
    extends to all articles that it regulates, and to all portions of 21 
    CFR under its jurisdiction, very few comments were received from 
    sources outside the pharmaceutical industry. One medical device trade 
    association mistakenly commented that medical devices were not covered. 
    The agency emphasizes that all regulated articles are covered. The 
    agency agrees that it is important to accommodate new technologies in a 
    responsible manner. The agency also agrees with the comment that 
    encouraged FDA to continue electronic distribution of agency documents. 
    FDA will be implementing this form of distribution increasingly in the 
    future.
        The decision to propose these rules is based upon: (1) The 
    information and comments submitted in response to the July 21, 1992, 
    ANPRM; (2) the recommendations and findings of the agency's Task Force 
    on Electronic Identification/Signatures, which was reported in the 
    progress report of FDA's Electronic Identification/Signature Working 
    Group on February 24, 1992 (Ref. 1); and (3) the agency's experience 
    with alternatives to conventional handwritten signatures and electronic 
    records.
        The agency is aware that automated systems are being used more 
    extensively in the various industries that it regulates. Use of such 
    systems is also expanding within the agency itself. Implementing 
    paperless electronic records and attendant methods of ``signing'' such 
    records is an emerging objective of the use of automation. Signatures 
    are a key aspect of many records. The transition from paper records 
    containing traditional handwritten signatures to paperless electronic 
    records raises issues relating to FDA's acceptance of alternatives to 
    handwritten signatures and their underlying trustworthiness.
        FDA recognizes the importance of electronic records and their 
    integration into a variety of automation efforts, such as manufacturing 
    process controls, materials resources controls, laboratory information 
    systems, clinical trial information systems, and electronic data 
    interchange activities. The agency is aware that some new technologies 
    and manufacturing methods require use of electronic records. For 
    example, in certain highly controlled manufacturing environments, the 
    presence of paper itself can pose a source of product contamination, 
    and (for highly toxic compounds) paper can be a vehicle for exposing 
    workers to dangerous compounds.
        FDA is aware of the benefits of conducting official electronic 
    communication with regulated industries and the public. However, the 
    agency is also aware that legal, regulatory, and administrative 
    concerns have delayed full use of electronic communication. FDA expects 
    that promulgation of the regulations proposed in this document will 
    begin to address the agency's concerns and facilitate the agency's 
    modernization efforts.
        Although most comments to the ANPRM addressed electronic records 
    within the context of closed systems, where access is limited to people 
    who are part of the organization that operates the system, the agency 
    expects that near-term development and implementation of appropriate 
    controls for open systems, where access extends to people outside of 
    the operating organization, will facilitate secure, authoritative 
    electronic communication between FDA and the regulated industries.
        The Vice President's Report of the National Performance Review has 
    as a stated objective the expanded use of new technologies and 
    telecommunications to create an ``electronic government.'' (September 
    7, 1993, Report of the Vice President's National Performance Review 
    (pp. 113 through 117) (Ref. 2)). This proposal would be a first step by 
    FDA in implementing this objective, by, for example, allowing 
    electronic filings of regulatory documents and expanded use of e-mail. 
    This will result in significant benefits to the public, the regulated 
    industry, and the agency. These benefits could include faster review 
    and approval of new products, and rapid availability of a variety of 
    agency documents around the clock.
        FDA encourages the use of new technologies that will enhance the 
    quality, safety, and efficacy of products it regulates, but is mindful 
    of the need to maintain the ability to fulfill its consumer protection 
    mandate. The agency believes that these proposed rules will accomplish 
    both objectives.
    
    B. Comments on Record Types
    
        The ANPRM requested examples of records that: (1) Are maintained by 
    industry and inspected by FDA, (2) are submitted to FDA, and (3) are 
    created and maintained by FDA that may be amenable to electronic 
    identification/signatures. Most respondents confined their comments to 
    the first record type. However, a few comments provided the following 
    examples of records in each category:
        Records maintained by industry and inspected by FDA that may be in 
    electronic form include:
        1. Master and batch production and control records,
        2. Logs,
        3. Standard operating procedures,
        4. Laboratory notebooks,
        5. Complaint records,
        6. Validation protocols and data summaries,
        7. Laboratory data summaries, and
        8. Drug sample records under the Prescription Drug Marketing Act 
    (the PDMA) (Pub. L. 102-353).
        Although most comments addressed pharmaceutical records, the agency 
    believes that it is necessary to recognize that records maintained by 
    industry and inspected by FDA extend to other articles and include 
    records such as:
        1. Medical device history records, and medical device master 
    records,
        2. Master record files,
        3. Blood bank donor records,
        4. Thermally processed low-acid foods records, and
        5. Hazard analysis critical control points
        Records submitted to FDA that may be in electronic form include:
        1. New drug or new animal drug applications,
        2. Product license applications,
        3. Establishment license applications, and
        4. Drug or veterinary drug master files.
        Most comments focused on pharmaceutical documents. However, the 
    agency recognizes that submissions for other FDA-regulated products 
    would be applicable. Such records include, but are not limited to:
        1. Medical device premarket approval applications,
        2. Medical device premarket notifications,
        3. Medicated feed applications,
        4. Food additive petitions,
        5. Color additive petitions,
        6. Infant formula notifications,
        7. Low acid canned food and acidified food firm, registration and 
    scheduled process filing, and
        8. Generally recognized as safe (GRAS) petitions.
        One comment addressed records maintained by the agency and 
    suggested that signatures recorded electronically (SRE's), as 
    identified in the ANPRM, should be an acceptable alternative to 
    signatures recorded on paper. The comment asserted that SRE's have 
    sufficient uniqueness, are difficult to forge (especially when 
    accompanied by the date and time the SRE was made), and would realize 
    legal acceptance.
        Two comments suggested that whatever policies are adopted for 
    electronic records maintained by the industry, or records submitted to 
    the agency, apply equally to FDA's own records.
        Although the proposed rule focuses primarily on records maintained 
    by industries inspected by FDA, and submissions to the agency, FDA will 
    apply the principles in the new rule to its own electronic documents.
    
    III. Definitions/Stratified Acceptance Approach
    
    A. Definitions
    
        One comment agreed with FDA's working definitions. The comment 
    noted that electronic identification should suffice for all of the 
    agency's applications and called for common codified definitions for 
    the following words and phrases.
    1. Signature
        Several comments agreed with FDA's working definition of the term 
    ``signature.'' One categorized conventional signatures as ``wet 
    signatures'' and one submission suggested renaming the term 
    ``handwritten signatures'' for clarification.
    2. Signatures Recorded Electronically
        One comment suggested that the term ``signatures recorded 
    electronically'' be defined as an electronically captured image of a 
    handwritten signature on optical, magnetic or other electronic media. 
    One comment agreed with the working definition.
    3. Electronic Signature
        Several comments called the working definition of the term 
    ``electronic signature'' as acceptable and useful. However, some 
    comments claimed that the term is imprecise and potentially confusing 
    to the extent that the word ``signature'' also appears in other working 
    definitions. Several comments suggested the alternative phrases: 
    ``Biometric/behavioral identification'' and ``biologically-based 
    electronic identification.''
        One comment referred to its security code number assignment system 
    as an electronic signature, used by physicians to phone in requests for 
    additional drug samples previously reserved under the physicians' 
    names. Telephone requests are followed up by confirmatory signed paper 
    forms.
    4. Electronic Identification
        Many comments suggested that FDA define only two terms, 
    ``signatures'' (meaning conventional handwritten signatures) and 
    ``electronic identification'' (to encompass signatures recorded 
    electronically, electronic signatures, and all other forms of 
    electronic identification). Comments suggested that definitions should 
    not imply superiority of one type of endorsement over another and 
    offered the following definition of electronic identification: ``any 
    method for identifying an individual where the act of providing a 
    personal mark (signing) is recognized and/or recorded electronically.''
        Comments asserted that secure, validated computer systems that use 
    electronic identification provide better, or at least equivalent, 
    authentication than systems using handwritten signatures.
        One comment suggested that a more precise term would be 
    ``administratively controlled electronic identification.'' One comment 
    said that its digital signature encryption technology, a system using 
    encrypted ``keys'' and proprietary algorithms, would meet the agency's 
    working definition of electronic identification, but could be coupled 
    with hardware and software that utilize biometric links to meet the 
    definition of electronic signature.
    5. Other Definitions
        Two comments offered the following additional defined terms: 
    ``Signature Alternative''--an electronically recorded mark from any 
    type of electronic identification, not involving a signature recorded 
    electronically, including electronic signature (biometric/behavioral 
    identification) and, administratively controlled electronic 
    identification.
        ``Signing''--the act of providing a personal recorded mark that 
    serves as identification. The mark can be, but is not necessarily, 
    provided by handwriting. The mark may also be provided by a stamp, 
    seal, or electronic device. The last example typically records the mark 
    in magnetic or optical media rather than on paper.
        The agency believes that the diversity of comments on definitions 
    reflects the variety of signature technologies that are available, and 
    the need for a simple codified definition of as few terms as possible. 
    The agency is persuaded by the general premise, expressed in many 
    comments, that FDA should establish only two definitions based broadly 
    on whether or not the ``signature'' is handwritten. Therefore, the 
    agency is proposing to codify two definitions, one for ``handwritten 
    signature'' and one for ``electronic signature.'' Electronic signature 
    would include electronic identification; handwritten signatures would 
    include signatures recorded electronically.
        FDA disagrees with the assertion that ``electronic 
    identification,'' rather than ``electronic signature'' should be one of 
    the two broad terms, for several reasons. The agency believes the 
    appearance of the word ``signature'' in both ``electronic signature'' 
    and ``handwritten signature'' will not be confusing to the average 
    person, especially where the codified definitions are clear.
        More importantly, the agency believes that there are overriding 
    advantages to maintaining the word ``signature'' in the term 
    ``electronic signature.'' The legal, regulatory, and psychological 
    importance that the average person has come to associate with 
    conventionally signing a paper document is more likely to be carried 
    over and equally applied to technological alternatives if the word 
    signature is preserved. On the other hand, substitution of the word 
    ``identification'' for ``signature'' may, on its face, imply that the 
    alternative is something quite different and perhaps less significant. 
    Thus, terminology can help to establish the functional equivalency of 
    different technologies.
        In addition, the term ``electronic identification'' can be too 
    limiting in scope because signatures do more than merely identify the 
    person who signed something that could be done by a person who did not 
    perform the action. However, retention of the word ``signature'' in the 
    term ``electronic signature'' conveys by direct inference all of the 
    purposes of a handwritten signature, including identification, 
    authentication, and affirmation.
        Accordingly, FDA is proposing in Sec. 11.3 to define ``Handwritten 
    signature'' as the name of an individual, handwritten in script by that 
    individual, executed or adopted with the present intention to 
    authenticate a writing in a permanent form. The act of signing with a 
    writing or marking instrument such as a pen, or stylus is preserved. 
    However, the scripted name, while conventionally applied to paper, may 
    also be applied to other devices which capture the written name.
        ``Electronic Signature'' is defined in proposed Sec. 11.3 as the 
    entry in the form of a magnetic impulse or other form of computer data 
    compilation of any symbol or series of symbols, executed, adopted, or 
    authorized by a person to be the legally binding equivalent of the 
    person's handwritten signature.
    
    B. Biometric/Behavioral Links as Part of the Electronic Signature
    
        Systems which utilize biometric/behavioral links as part of the 
    electronic signature verify a person's identity based on measurement of 
    an individual's physical feature(s) or repeatable action.
        One comment addressed the behavioral link incorporated in a 
    software product designed for use in pen-based computers; it described 
    how the system provides reliability and trustworthiness by calibrating 
    and recognizing a set of characteristics attendant to the act of 
    signing (pen strokes, speed, acceleration, etc.).
        One comment provided a paper in support of a signature verification 
    system that characterizes the act of signing to establish a behavioral 
    link between the signer and the signature, noting the system's low 
    error rate (0.19 percent false rejects and 0.56 percent false accepts), 
    security, social acceptance, performance, low cost, and computer 
    portability. The paper describes how the system could be used on 
    networks or over phone lines, in conjunction with a microprocessor-
    based encryption card, to prevent transmission of a prerecorded (and 
    possibly false) signature by requiring the generation of a signature 
    for each endorsement.
        One submission asserted that stable technologies exist to provide 
    reliable and repeatable electronic verification of individuals based 
    upon a biometric/behavioral link. The comment furnished a report 
    summarizing testing on several such systems that use fingerprints, hand 
    geometry, the act of signing, retinal scans and voiceprints; the 
    comment cited access control as the primary type of application for 
    such systems.
        Several comments argued against technologies that incorporate 
    biometric/behavioral links on the grounds of excessive cost; two 
    comments said biometric based devices cost about $1,800 to $4,000 per 
    unit and behavioral based devices cost $600 to $1,500 each.
        Most comments argued against the premise that biometric/behavioral 
    links are necessary or beneficial to electronic signatures. However, 
    two comments asserted that appropriate application of electronic 
    signatures requires a biometric or direct behavioral link to an 
    individual, and one comment acknowledged that such links are less 
    susceptible to procedural deviations than other authentication methods. 
    One comment said biometric/behavioral links are appropriate to systems 
    which control physical access to a facility.
        Many comments urged FDA to refrain from requiring use of systems 
    based on biometric/behavioral links (particularly where the drug 
    current good manufacturing practice (CGMP) regulations require 
    signatures) on the grounds that:
        1. Such a requirement would be contrary to the objectives of the 
    CGMP regulations;
        2. Electronic signature systems are not routinely used in non-FDA 
    regulated industry;
        3. Electronic signature technology is relatively immature and 
    unreliable;
        4. The technology is relatively expensive; and
        5. Electronic signature devices are impractical for pharmaceutical 
    applications in which operators are garbed so as to obscure anatomical 
    interaction with detection devices (e.g., hand or voiceprints would be 
    difficult to manage where workers wear masks or gloves).
        FDA believes it is important to allow firms to take advantage of a 
    variety of new technologies. It is not the agency's intent to mandate 
    use of systems that use biometric/behavioral links, although the agency 
    recognizes the potential advantages of such systems and encourages 
    their development and adoption. Comments generally indicate that 
    biometric/behavioral link technologies have been developed, may have 
    high levels of reliability, but have not yet been incorporated into 
    manufacturing environments to any appreciable degree. Accordingly, the 
    agency's proposed regulations do not, at this time, specify the type of 
    electronic signature technologies that are required.
        However, because FDA recognizes the benefits of those electronic 
    signatures which are inherently less vulnerable to falsification, and 
    because the agency wishes to encourage the development of such 
    technologies, the proposed regulations reflect the position that the 
    robustness of biometric/behavioral based systems permits less stringent 
    administrative controls to be used.
        In addition, FDA considers that biometric/behavioral based systems 
    may have greater application in open environments, which pose a greater 
    challenge to signature integrity than closed environments.
    
    C. Purpose of Signatures
    
        One comment identified the following functions of a signature: To 
    identify someone; to declare, to witness, to acknowledge or disclaim, 
    to agree or disagree, and to exhibit responsibility or authorship, as a 
    formalized personal act such that subsequent disavowal or disclaimer is 
    highly unlikely. The comment added that good practice suggests that the 
    signature be properly ascertained, clearly indicated, and appropriately 
    exhibited in a prominent place, and that bilateral mechanisms can 
    further this purpose, and focus the individual's attention on the 
    gravity, solemnity, and formality of the event. The comment also noted 
    that because the purpose of a signature is not always apparent, some 
    documents include clarifying phrases such as ``in witness thereof,'' or 
    ``agreed to by.'' The comment further stated that in the typical 
    manufacturing environment custom governs the meaning of a signature 
    (e.g., to acknowledge performance of a procedure, responsibility for 
    proper performance of the procedure, or to show that the person was 
    merely present).
        The agency believes the comment has identified an important aspect 
    of a signed writing, namely the meaning ascribed to the signature. 
    Accordingly, the regulations proposed at Sec. 11.50(b) require the 
    document being signed to clearly indicate the purpose of the electronic 
    signature. FDA also agrees with the comment's view that bilateral 
    mechanisms can help to establish the seriousness of the electronic 
    endorsement, and the agency is proposing at Sec. 11.200(a)(1) to 
    require certain electronic signatures to be composed of at least two 
    elements.
        Respondents also commented on how signature alternatives might 
    fulfill the following traditional purposes of a signature:
        1. To identify the actor and show his/her authority to act.
        Many comments disagreed that presence of a signature shows the 
    signer's authority to act, noting that such authority is generally 
    determined by the individual's organization. However, several comments 
    acknowledged that electronic identification systems can be programmed 
    to confirm an individual's authority to act.
        One comment said authority to act could be met by the use of 
    identification codes/passwords for intra-establishment records and by 
    public key encryption standards such as the Rivest-Shamir-Adleman (RSA) 
    standard for inter-establishment records.
        The agency agrees that the presence of a signature, per se, does 
    not necessarily guarantee that the signer has the authority indicated. 
    However, in general, the presence of the signature, in combination with 
    the signer's title, is by custom a reasonable indication that the 
    person does have the organization's authority to endorse the subject 
    document. FDA believes that in most cases people will not sign a 
    document if they lack the authority called for by the action of 
    signing. In the kinds of electronic environments addressed by the 
    comments, systems can check a cross-referenced authorization roster to 
    see that an individual who attempts to sign a document has, in fact, 
    the requisite authority.
        2. To document the action in a way that is legally binding and 
    cannot be repudiated.
        Comments generally asserted that properly validated and secure 
    electronic identification systems would be legally binding.
        The agency agrees with the comments regarding the importance of 
    validation and security and the proposed rule places appropriate 
    emphasis on these controls.
        One comment suggested that documentation of the action, not the 
    individual, should be of prime importance because FDA is concerned more 
    with the actions of a company than with individuals within a company, 
    and that concern with actions of individuals is the concern of the 
    company itself. The comment added that the RSA encryption standard 
    could be used in this area for inter-establishment electronic records.
        FDA disagrees with the premise that FDA should be concerned more 
    with corporate than individual actions. In FDA's enforcement 
    activities, there is equal emphasis on the responsibility of both 
    individuals and corporations. Furthermore, section 201(e) of the 
    Federal Food, Drug, and Cosmetic Act (21 U.S.C. 321(e)) defines a 
    person to include an individual, partnership, corporation, and 
    association.
        3. To create a record that would be admissible in court.
        One comment suggested that a record should be admissible in court 
    if it is shown that the record was generated by the responsible 
    company, regardless of whether or not the record was signed; the RSA 
    encryption standard was again cited as applicable for inter-
    establishment records. One submission said that electronic records 
    would be admissible when authenticated by appropriate corporate 
    officials under appropriate procedures relative to electronic 
    identification.
        The agency has found that court acceptance of records generally 
    hinges on their reliability and trustworthiness. Although FDA agrees 
    that a given unsigned record may be strictly admissible in a 
    proceeding, establishing reliability and trustworthiness may well 
    require that specific documents bear signatures of responsible 
    individuals. In addition, as stated above, it is frequently important 
    for FDA to establish individual, as well as corporate responsibility in 
    pursuing regulatory actions, thus making it vital that evidentiary 
    documents are signed by key individuals. The weight given to a piece of 
    evidence may also depend upon the presence or absence of a verifiable 
    signature.
    
    D. Stratification
    
        The ANPRM suggested that FDA might stratify acceptance of signature 
    alternatives based upon the regulatory significance of the electronic 
    record. Comments generally held that regulatory significance should not 
    be the basis of stratification. Two comments argued against any 
    regulatory stratification at all, one asserting that because 
    conventional signatures are accepted in all situations, any alternative 
    that provides security, identity, legibility and enforceability equal 
    to or better than a handwritten signature should, likewise, be accepted 
    for any application.
        Two comments agreed with the concept of developing a stratified 
    system whereby the regulatory significance of a record would determine 
    the level of security needed for the signature alternative, but 
    indicated that companies should individually define the various 
    security categories and develop appropriate security procedures.
        One comment said that electronic authorizations of high importance 
    might require use of secondary passwords or codes to further augment 
    security and verify data integrity.
        Although most comments disagreed with the stratification approach 
    suggested in the ANPRM, many comments suggested stratification along 
    other lines, as follows:
    1. Open Versus Closed Systems
        Many comments suggested that stratification of signature 
    alternatives be limited to security measures applied to inter versus 
    intra company records. The distinction was stated in terms of 
    ``closed,'' versus ``open'' environments. Comments said that closed 
    systems are typical in the pharmaceutical industry, and include 
    administrative and physical controls to enhance reliability of the 
    electronic endorsements.
        Several comments described a typical CGMP closed system as: (1) 
    Having controlled physical access; (2) having professionally written 
    and approved procedures with employees and supervisors trained to 
    follow them; (3) having records systems designed to facilitate quality 
    assurance investigations when abnormalities may have occurred; and (4) 
    being under legal obligation to the organization responsible for 
    operating the system.
        The following examples of documents in closed systems were given: 
    CGMP records, GLP (good laboratory practice) and GCP (good clinical 
    practice) records including clinical case reports, such submissions to 
    FDA as new drug applications and adverse experience reports, and FDA 
    internal records.
        Comments generally characterized open systems as: (1) Having 
    potentially greater exposure by outsiders; (2) entailing communication 
    among multiple parties (e.g., communication by modem); and (3) 
    extending system access to people who are not legally obligated to 
    system managers.
        Comments gave examples of open system documents including: Requests 
    for drug samples, institutional review board (IRB) reviews of clinical 
    protocols, GLP records, and Freedom of Information submissions to FDA.
    2. Security Baseline Stratification for Open Systems
        One comment presented a paper which addresses security 
    stratification parameters based upon the risks of disclosure, where 
    electronic messages are communicated in an ``open'' system. 
    Stratification involves three security baselines, each of which 
    considers the following message attributes: (1) Content sensitivity; 
    (2) monetary value; (3) time sensitivity; (4) statutory security 
    mandates; and (5) authentication certification requirements.
        Message attributes, under the baseline system, determine the 
    necessity and extent of the following security and reliability 
    measures: (1) Noncryptographic identification and authentication; (2) 
    systems controls to ensure authenticity, integrity, and availability; 
    (3) audit trails; (4) message authentication codes (MAC's); (5) digital 
    signatures/encryption; and (6) electronic notarization.
        Message attributes combined with appropriate security and 
    reliability measures then determine the electronic document's legal 
    effect: The degree to which the documents are considered to be legal 
    signed writings that are authentic and enforceable to the same extent 
    as comparable documents prepared using conventional paper-based 
    mechanisms.
        The agency has carefully considered the divergent comments on 
    acceptance stratification and is persuaded that the regulatory 
    significance of a document need not be the basis of such 
    stratification. However, the comments reflected a general premise that 
    the nature and extent of security measures necessary to reasonably 
    establish the reliability, authenticity, and confidentiality of an 
    electronic signed writing will vary to the extent that the writings are 
    vulnerable to unauthorized alteration or loss.
        The agency agrees with comments that a fundamental two tier 
    stratification based upon open and closed systems, as comments 
    described, is warranted. FDA anticipates that most electronic documents 
    which are maintained by industry and inspected by the agency would be 
    considered as falling within ``closed'' systems. Electronic records 
    that are submitted to the agency, however, as indicated by the 
    comments, may be considered to be within either ``closed'' or ``open'' 
    systems depending on how they are delivered (i.e., via ``open'' e-mail, 
    or ``closed'' hand-delivery by submitters or postal services). 
    Likewise, FDA's own electronic records may be stratified as existing in 
    either open or closed systems depending on how they are originated and, 
    for certain records, transmitted to correspondents.
        The proposed regulations place primary emphasis on electronic 
    records in closed systems, because that approach would cover most of 
    the emerging electronic records and would respond to the most urgent of 
    industry's needs in developing electronic record systems. FDA considers 
    ``open'' systems to be nonetheless important because correspondence and 
    regulatory submissions conveyed by public electronic networks are 
    gaining wider implementation. Therefore, FDA may, in the future, 
    propose more specific requirements relating to open systems, as the 
    agency gains additional information and experience with open systems 
    and the controls that may be necessary to maintain the integrity and 
    authenticity of electronic documents in that environment.
    
    IV. Legal Acceptance
    
        Several comments said that electronic records would, in fact, be 
    admissible in court, provided that there are controls in place to make 
    the records reasonably reliable and trustworthy. One comment cited 
    several recent court cases in support of this acceptability.
        The agency notes that although the ANPRM did not specifically 
    request comments on legal acceptability of electronic records and 
    signatures, the gist of most of the comments is that legal acceptance 
    will not be hindered, provided that the records are shown to be 
    reliable and trustworthy. The case transcript cited by the comment 
    included testimony from computer system operators which outlined key 
    good computing practices that many of the comments also identified.
    
    V. Regulatory Acceptance
    
    A. General Considerations
    
        One comment suggested that the disparity among FDA regulations 
    regarding acceptance of signature alternatives was based upon 
    definitions that are either too weak or restrictive, and called for 
    common regulatory definitions.
        The agency believes that any regulatory disparity derives from a 
    number of factors, including the degree to which various regulations 
    anticipate use of electronic records in place of paper records, and 
    specific program needs of different FDA centers. FDA believes that 
    differences can be dispelled by promulgation of these uniform broad 
    based regulations on electronic records/signatures. The agency agrees 
    that common definitions in such regulations would help to harmonize 
    policy across different parts of FDA.
        One comment recommended that FDA issue a broad policy statement or 
    inspectional guideline that would broadly accept electronic 
    identification/signatures and that would at least establish criteria 
    for the degree of security required for electronic identification/
    signature systems. The comment urged that no new regulations be issued.
        The agency has determined that a policy statement, inspectional 
    guide, or other guideline would be an inappropriate vehicle for 
    accepting electronic signatures because such documents do not have the 
    same legal significance as substantive regulations that require 
    signatures. Guidance documents may be appropriate, however, to 
    elaborate upon acceptance regulations.
    
    B. Program Areas
    
    1. Drug CGMP Regulations
        Although the ANPRM applied to all FDA regulations in 21 CFR, most 
    comments focused primarily on the CGMP regulations for drugs (parts 210 
    and 211 (21 CFR parts 210 and 211)). Some comments suggested that 
    resolution of the issues in the CGMP context could be applied to 
    resolve similar issues in the context of other FDA regulations.
        Many comments argued that the existing CGMP regulations permit the 
    use of electronic identification wherever documents are required to be 
    signed, initialed, endorsed or approved, with the singular exception of 
    Sec. 211.186 (master production and control records) which explicitly 
    requires full handwritten signatures. Comments supported their 
    assertions by citing preamble comment paragraphs 186, 282, and 447 in 
    the final rule on CGMP's in the Federal Register of September 29, 1978 
    (43 FR 45014), FDA's Compliance Policy Guide (CPG) 7132a.08, and 
    (unspecified) tacit acceptance by FDA field investigators who encounter 
    electronic identification.
        One comment identified several sections of the CGMP regulations as 
    requiring signatures, including Sec. 211.188(b)(11) (batch production 
    and control records), even though the word signature, per se, does not 
    appear (``Identification of the persons performing and directly 
    supervising or checking each significant step in the operation'').
        Comments urged the agency to issue a policy statement (such as a 
    CPG), in the near term, that would condone use of electronic 
    identification for all applications of signatures in the regulations, 
    except Sec. 211.186. Comments requested that in the long term, 
    Sec. 211.186 be amended to delete reference to handwritten signatures 
    and accept electronic identification.
        The agency does not agree with the assertions that, except for 
    Sec. 211.186, the CGMP regulations currently permit alternatives to 
    handwritten signatures or initials. (See findings of the Electronic 
    Identification/Signatures Working Group in its February 24, 1992, 
    progress report.) The Center for Drug Evaluation and Research, in 
    consultation with the Office of the General Counsel, considered and 
    rejected as inappropriate the issuance of a CPG that would accept 
    ``electronic identification'' or other signature alternatives, even 
    before the working group was formed.
        The agency's conclusion regarding what the CGMP's allow was 
    conveyed to the Pharmaceutical Manufacturers Association in a letter of 
    December 5, 1991 (Ref. 3). Furthermore, the compliance policy guide 
    cited by comments is not directly relevant because it addresses second 
    check endorsements for operations executed by machine, rather than the 
    form that human endorsements take. In addition, although comments cite 
    several paragraphs of the 1978 Federal Register notice as supportive of 
    their assertions, they overlook a key paragraph in which the agency 
    clearly rejected substitution of employee numbers or codes for 
    signatures or initials, on the basis of psychological differences from 
    the act of signing and because of ease of falsification (43 FR 45068, 
    September 29, 1978 (comment 433)).
        The agency advises that some sections of the CGMP regulations, 
    while not using the words sign, signature, or initials, nonetheless 
    implicitly require endorsements to be in the form of handwritten 
    signatures or initials. For example, the provisions of Sec. 211.188 
    require batch production and control records to contain the 
    ``[i]dentification of the persons performing and directly supervising 
    or checking each significant step in the operation.'' FDA investigators 
    have historically encountered and expect to find the identification to 
    take the form of a signature. Some developers of automation systems 
    also recognize that ``identification'' means ``signature.''
        Accordingly, the agency is not issuing the suggested CPG, but is, 
    instead, proposing these acceptance regulations, that would cover 
    records required by most FDA regulations, including the CGMP 
    regulations. However, the agency may issue clarifying guidance 
    documents, as needed, after such regulations are in effect.
    2. Regulatory Submissions
        Two comments said that regulations that require signatures on new 
    drug applications necessitate substantial additional handling to 
    furnish paper based signatures where the basic submissions are in 
    electronic form. Comments suggested that the agency require submissions 
    to contain, in lieu of the additional paper, a statement that 
    signatures (handwritten or otherwise) are ``on file.'' The comment 
    added that FDA could verify those endorsements during its inspections. 
    The comments observed further that when electronic submissions are 
    copied or converted among various computer file formats, electronic 
    endorsements might be omitted.
        One comment stated that resolution of issues associated with 
    electronic identification and the transfer or conversion of electronic 
    data will be necessary if the benefits of electronic submissions are to 
    be achieved.
        The agency believes that codified acceptance of electronic 
    signatures in lieu of handwritten signatures will address the issues 
    relating to regulatory submissions. Acceptance of electronic signatures 
    would, in most cases, obviate the need to have paper based handwritten 
    signatures on file as a reference. However, the agency notes, from the 
    comments, the importance of having the electronic records include the 
    printed name of the signer so as to clearly identify the signer.
    3. Prescription Drug Marketing Act
        Several comments cited the signature requirements (for requesting 
    and receiving samples of prescription drugs) in the PDMA provisions of 
    the Federal Food, Drug, and Cosmetic Act, and based on the increasing 
    use of computer technology to transact the handling of such requests, 
    urged the agency to accept electronic identification in lieu of 
    handwritten paper based signatures. Another comment echoed the same 
    suggestion, recommending that biometric/behavioral links not be 
    required, but noting also that physician requests for drug samples are 
    generally made in ``open'' environments such that use of certain 
    alternatives for full electronic or handwritten signatures needs 
    review.
        One comment requested that, for purposes of the PDMA, FDA accept 
    SRE's based upon their uniqueness and reliability, and that such 
    acceptance be codified in regulations. Another comment described its 
    SRE pen-computer based system, emphasizing the nonalterability of 
    signed electronic records to merit regulatory acceptance.
        One comment assumed that the ANPRM did not pertain to the PDMA.
        One comment asked that FDA issue implementing regulations under the 
    PDMA that accept electronic signatures and that such issuance not be 
    delayed pending the agency's broader consideration of electronic 
    records and endorsements.
        The proposed rule to implement certain parts of the PDMA and the 
    Prescription Drug Amendments of 1992 was published in the Federal 
    Register of March 14, 1994 (59 FR 11842). That proposed rule would 
    prohibit the imprinting or automatic reproduction of a signature by a 
    device or machine such as a stamp, copier, or autopen at 21 CFR 
    203.61(a). The agency recognizes that the PDMA proposal is not in total 
    accord with this general proposed rule on electronic records and 
    electronic signatures. As discussed in the preamble to the PDMA 
    proposed rule (59 FR 11860), FDA will consider the comments concerning 
    electronic signatures and other signature substitutes received in 
    response to both proposed rules before final rules are published.
    4. Good Laboratory Practices
        One comment suggested that a uniform definition of electronic 
    identification would facilitate application of computer based automated 
    systems in the area of GLP's.
        One comment cited the language of 21 CFR 58.130(e) (of the GLP 
    regulations) as calling for handwritten signatures of paper-based 
    records, but allowing dated electronic identification for electronic 
    systems.
        FDA believes that, here again, broad acceptance regulations should 
    resolve the issues related to GLP's.
    
    VI. Acceptance Regulations
    
        Several comments asserted that a general rule with a broad preamble 
    and specific targeted subsection changes would be the most efficient 
    means of accepting electronic signatures throughout the applicable 
    regulations. Other comments also supported new regulations that would 
    accept electronic identification/signatures throughout existing FDA 
    regulations.
        One comment suggested that FDA define the term electronic 
    identification in the CFR in order to sanction use of those 
    alternatives in place of handwritten signatures. Another comment said 
    FDA's codified definition of signature should be clear yet general 
    enough to allow industry the flexibility to use the most suitable 
    technology. One comment said the agency should codify the terms 
    signature, electronic signature, and electronic identification, provide 
    examples of each term, and determine if there are substantive reasons 
    for requiring handwritten signatures.
        One comment suggested that to enhance the move from paper to 
    electronic records, the agency should develop standards for the 
    generation of portable electronic copies of records, copies that FDA 
    may need in its enforcement activities. The comment also suggested that 
    the agency require that systems be capable of generating such portable 
    copies.
        One comment suggested that regulations should consider an 
    electronic record as ``signed and final,'' once an operator endorses 
    the record by entering a password.
        One comment suggested that FDA's regulations would have to address 
    both electronic integrity and administrative security.
        One comment urged that FDA's final publication resolve several 
    specific issues regarding: (1) Elimination of paper documents when they 
    are converted to electronic form, and distinguishing originals from 
    copies; (2) establishing the ``legal original'' between secure 
    electronic copies of conventionally signed paper documents; and (3) 
    whether or not an operation can be based upon a combination of 
    electronic and paper records.
        One comment suggested that, until legal and security issues are 
    resolved, the agency should accept electronic submissions, encourage 
    development of electronic records systems, but require supplementary or 
    accompanying handwritten, paper based signatures. The comment added 
    that such auxiliary endorsements would parallel the approach taken by 
    the Internal Revenue Service regarding filing of electronic tax returns 
    (based upon a conventionally signed paper form 8453) and would be 
    relatively easy to implement. The same comment suggested that once 
    electronic signatures are proven to be legally viable, FDA should not 
    require them to be embodied in the electronic documents, but rather 
    incorporated in supplementary documents so as to facilitate software 
    modification. (As discussed in section VIII. of this document, one 
    comment took the opposite view, stressing the importance of having the 
    electronic signature securely bound to the signed document.)
        One submission urged FDA to promulgate regulations regarding use of 
    electronic signatures in the manufacture of blood components and 
    subsequent testing and transfusion service laboratories.
        FDA agrees with the comments that called for broad regulations that 
    would clearly define the terms handwritten signature and electronic 
    signature (and do so in a manner that affords industry the greatest 
    latitude in adopting appropriate technologies), and set conditions 
    under which the agency would accept alternatives to handwritten 
    signatures. The proposed regulations apply to all FDA program areas, 
    including blood components, which are regulated as either drugs or 
    medical devices.
        The agency does not believe it necessary to define the term 
    ``electronic identification'' because the general meaning of the term, 
    as suggested by comments, would be contained in the proposed definition 
    of electronic signature.
        The agency agrees that it is vital for FDA to be able to obtain 
    copies of electronic documents and that systems should have the 
    capability of generating such copies--a provision that is in proposed 
    Sec. 11.10(b). However, the agency does not, at this time, agree that 
    FDA needs to develop specific performance standards for the 
    ``portability'' suggested. FDA may develop appropriate guidelines in 
    the future to address portability attributes.
        Regarding the suggestion that FDA require parallel paper records to 
    bear mandated signatures pending resolution of legal issues, the agency 
    believes that such a provision need not be codified because there are 
    no indications that legal acceptance of electronic records/signatures 
    (per se) remains an issue, where the trustworthiness/reliability of 
    such records/signatures has been established. The proposed acceptance 
    regulations address measures to establish such trustworthiness and 
    reliability. However, until the regulations are in effect, firms must 
    supplement electronic records with paper documents for purposes of 
    having required signatures in conventional form.
        The agency does not understand the basis for one comment's concern 
    that electronic signatures not be required to be contained within the 
    electronic records that are signed. The key factors in acceptability of 
    electronic records/signatures have to do with establishing 
    trustworthiness and reliability rather than facilitating software 
    modification. Linking the electronic signature with the electronic 
    document is an important attribute in establishing the authenticity of 
    the endorsement, just as it is important to ``affix'' one's handwritten 
    signature to a paper document. FDA believes that electronic signatures 
    which are separate from their associated writings are less reliable and 
    trustworthy than electronic signatures which are incorporated in their 
    respective documents, to the extent that authors can more easily 
    repudiate the authenticity of the separated signature.
    
    VII. Enforcement Integrity
    
        Most comments asserted that, based in part upon the provisions of 
    Title 18 of the U.S. Code, use of signature alternatives should not 
    adversely affect the agency's enforcement integrity. Comments asserted 
    that laws against falsification of paper records apply equally to 
    falsification of electronic records, and that FDA should have no 
    difficulty in affixing individual responsibility when working with 
    electronic records.
        Comments also maintained that electronic record systems must, and 
    can under current technology, be designed for reliable storage and 
    retrieval, thus meeting industry and FDA audit needs. Comments added 
    that electronic record systems can be validated and are at least as 
    reliable, and more efficient than, paper-based records.
        One comment asserted that copies of electronic records containing 
    signature alternatives will be admissible evidence, in regulatory 
    actions, to demonstrate individual responsibility when FDA informs the 
    industry that signature alternatives are as binding as conventional 
    signatures.
        One comment asserted that within the context of the PDMA, 
    electronic signatures would be admissible in court when combined with 
    other system controls, such as phoned requests.
        The agency recognizes that the ability to collect electronic 
    records that are admissible as evidence, depends in large measure on 
    whether or not the systems used to generate those records have been 
    designed for reliable storage and retrieval. Accordingly, the proposed 
    regulations, at proposed Sec. 11.10(c), require that systems that 
    generate and maintain electronic records be designed so that the 
    records can be reliably stored and retrieved. The storage/retrieval 
    requirement should be coupled with the requirement that such systems be 
    capable of generating accurate electronic copies that can readily be 
    converted to human readable form. (See remarks on records 
    ``portability'' in section VI. of this document.)
    
    VIII. Security
    
        Many comments contended that handwritten signatures are not 
    intrinsically secure forms of identification because falsification can 
    easily be executed unilaterally. Comments emphasized furthermore that 
    properly validated and administered identification/password systems, 
    which lack biometric links to individuals being identified, are more 
    secure than handwritten signatures to the extent that falsification 
    generally necessitates a bilateral action (i.e., two individuals must 
    purposefully accomplish falsification). Comments asserted that security 
    is fundamentally derived, not from the form of the identification, per 
    se, but rather from the attendant system controls.
        One comment argued against placing too high an emphasis on security 
    and control measures for signature alternatives, noting that FDA has 
    not instituted corresponding controls for conventional handwritten 
    signatures on paper records. The comment elaborated that isolated 
    forgeries are more apt to go unnoticed than repetitive forgeries of a 
    manual signature, and that security of habitual signing derives more 
    from the meaning attached to the signing process than the technical 
    strength of the process itself. The comment concluded that the 
    effectiveness of electronic signature alternatives should also derive 
    less from technical security and more from the meaning attached to the 
    signing process.
        The agency finds merit in the comments' premise that the integrity 
    of an electronic signature is derived more from the systems controls 
    used to generate it than from the technology used to apply it. The 
    emphasis on systems controls is justified and reflected in the 
    provisions of the proposed regulations. However, FDA recognizes that 
    electronic signatures based upon biometric/behavioral links can be more 
    secure than others to the extent they are more difficult to falsify. 
    Whereas the agency agrees that the meaning attached to the signing 
    process is important, (e.g., in establishing individual responsibility 
    for an endorsed act such as approving a master production record), FDA 
    does not agree that the meaning determines the security of the signing.
        Regarding the comment that FDA has not instituted controls for the 
    generation of handwritten signatures, the agency notes that specific 
    FDA guidance on the matter has not been needed because conventional 
    paper controls are well established in our culture and because 
    falsification of paper documents can be readily investigated and 
    documented by a long-standing body of forensic evidence (e.g., 
    handwriting analysis, ink composition and dating, imprints on stacks of 
    paper, erasure marks, etc.). On the other hand, a comparable body of 
    evidence has yet to be established to pursue falsification of 
    electronic documents and signatures.
        The agency finds convincing the argument that electronic signatures 
    based on user identification codes combined with passwords can be 
    adequately secured in that the signature consists of multiple parts 
    which require the collaborative efforts of two individuals to execute a 
    falsification. FDA wishes to clarify, however, that contemporaneous use 
    of both electronic signature elements must be executed for each 
    signing. For example, if a person, having logged onto a system by 
    entering both a password and a scanned employee badge containing an 
    identification code, need only scan the badge to execute subsequent 
    electronic signatures, then the safeguard of having multiple parts to 
    the signature would be lost for those endorsements to the extent that 
    another person could, unbeknownst to the badge owner, scan the badge 
    and falsify the electronic signature. Should the owner carelessly leave 
    the badge unattended, the required collaboration would be absent. On 
    the other hand, if an ``impersonator'' needs to know the badge owner's 
    secret password in addition to physically possessing the badge in order 
    to execute a signing, then collaborative efforts would be necessary to 
    falsify the electronic signature; the badge owner would have to reveal 
    the password to the would-be-imposter, as well as make the badge 
    available. Accordingly, proposed Sec. 11.200(a)(1) requires electronic 
    signatures that are not based on biometric/behavioral links to employ 
    at least two distinct parts, all of which are contemporaneously 
    executed at each signing. In addition, proposed Sec. 11.200(a)(3) 
    requires that attempts at signature falsifications necessitate 
    collaboration of at least two people.
        The agency believes that the acceptance regulations need not 
    require at least two distinct elements where the electronic signature 
    employs a biometric/behavioral link (e.g., retinal scan, voiceprint) to 
    the signer. The bilateral security measure would not be necessary in 
    such systems because only the genuine owner of the electronic signature 
    would be capable of using it. The owner could not lose, lend, give away 
    or otherwise transfer the signature in the first place.
        One comment expressed the hope that security for alternatives to 
    handwritten signatures will not result in lesser confidentiality.
        FDA agrees that confidentiality of data in electronic records is as 
    important as it is in paper records. Systems controls, for both paper 
    and electronic documents, will determine the level of confidentiality.
        One comment stated that signatures recorded electronically, if not 
    somehow inalterably bound to the electronic document, are insecure to 
    the extent the digitally recorded signature could be excised and 
    superimposed upon other documents to falsify an endorsement. Another 
    comment supported signatures recorded electronically when they are 
    captured to inalterable media, such as optical disks, provided further, 
    that access to such media is limited, thus reducing chances of 
    alteration.
        The agency agrees that binding an electronic signature to the 
    signed electronic document is a vital systems control that helps to 
    establish the authenticity of an electronically signed document. 
    Accordingly, proposed Sec. 11.70 includes a ``signature to document'' 
    binding provision. FDA notes that such a binding is usually inherent 
    for handwritten signatures that are applied to paper documents.
        As noted above regarding stratification, many comments made a 
    distinction between the security needed for signature alternatives 
    affixed to electronic documents contained within the administrative 
    control of a given firm (closed system) and signature alternatives 
    affixed to records (such as e-mail and submissions to FDA) that are 
    transmitted from one establishment to another (open systems). Comments 
    suggested that open systems require a higher level of security than 
    closed systems, and that a combination of user identification codes and 
    passwords, under suitable administrative controls, is sufficient for 
    closed systems.
        The agency agrees that because open systems are inherently more 
    vulnerable to message compromise, additional security measures may be 
    necessary to ensure electronic document integrity and authenticity. 
    Such measures may include electronic document encryption and use of 
    digital signatures. However, FDA believes that because such measures 
    are still evolving, it would be premature to specifically require their 
    use in documents submitted electronically to the agency. Instead, the 
    proposed rule requires additional security measures, stated in general 
    terms, that are designed to ensure document integrity, confidentiality, 
    and authentication from point of creation to point of receipt.
        One comment suggested that computer systems used within the CGMP 
    and GLP regulations attain the security level of C2 within the 
    Department of Defense Trusted Computer System Evaluation Criteria (DoD 
    5200.28--STD), also known as the ``Orange Book.''
        One comment concluded that, per the ANPRM working definitions, 
    signatures recorded electronically (scripted signatures applied to 
    devices other than paper) and conventional signatures applied to paper 
    offer the greatest security.
        FDA does not believe it necessary at this time to codify adherence 
    to a specific security level that is stated in a standard. The agency 
    believes that records under CGMP's and GLP's will have sufficient 
    security when the provisions of the proposed rule are followed. 
    However, should additional specific criteria be necessary to attain 
    adequate levels of security, the agency may consider incorporating 
    specific security standards such as the one suggested.
        Many comments identified various administrative security controls 
    attendant to the use of (what the ANPRM called) electronic 
    identification (identification codes (ID)/passwords), and argued that 
    appropriate use of such controls should make ID/password systems 
    acceptable to FDA for use in closed systems. Comments generally 
    emphasized the need to utilize such controls and not rely upon a single 
    form of signature alternative in isolation. Suggested controls included 
    the following:
        1. Establish and follow employee policies which hold people 
    accountable and liable for actions initiated under their (computer ID) 
    accounts to deter forgery of electronic signatures. Comments suggested 
    that employees who violate such policies would be subject to 
    disciplinary action including termination.
        2. Limit computer access to authorized individuals.
        3. Execute carefully written and controlled operational procedures.
        4. Train employees in the use of operational procedures.
        5. Use fully documented production and control procedures.
        6. Validate systems.
        7. Use identity checks; cross-checking to establish that machine 
    readable codes on tokens and a personal identification number (PIN) are 
    assigned to the same individual.
        8. Use password checks; checking an independently entered password.
        9. Change passwords periodically.
        10. Use authority checks to determine if the identified individual 
    has been authorized (or trained) to use the system, access, or 
    operational device, or perform the operation at hand.
        11. Use time stamped audit trails to document changes, record all 
    write-to-file operations, and independently record the date and time of 
    the operator's action or entry. Concerning audit trail integrity, 
    comments emphasized the importance of creating back up files to re-
    create documentation and deter inappropriate records alterations.
        12. Use operational checks to enforce permitted operational 
    parameters such as functional sequencing or time.
        13. Use records revision and change control procedures to maintain 
    an electronic audit trail that documents time-sequenced development and 
    modification of records.
        14. Maintain control over the distribution, access, and usage of 
    documentation required for various operations.
        15. Encrypt records to provide secure, nonchangeable versions.
        16. Use location (terminal) checks to determine that the physical 
    source of the endorsement is valid.
        17. Use intentions checks by providing confirming dialog that the 
    signer understands precisely the intentions of a signature.
        18. Use ``time-outs'' of under-utilized terminals to prevent their 
    unauthorized use while unattended.
        19. Use security against natural system failures.
        20. Print the individual's name, along with time of ``signing,'' on 
    the electronic record to help reenforce the psychological link between 
    the author and the endorsement.
        The agency considers that most of the above systems controls have 
    merit and they have been incorporated in the proposed regulations.
        One comment identified the following steps to regulate and control 
    the issuance of tokens, cards, PIN's, and other machine readable 
    indicia of identity:
        1. Chronological logging of each issuance;
        2. Certifying the identity of each individual;
        3. Noting and controlling the empowerment or authority of issuance;
        4. Testing each token, card, or other indicia to make sure it 
    works;
        5. Keeping each issuance unique;
        6. Assuring that issuances are periodically checked, recalled, or 
    reissued;
        7. Following loss management procedures to electronically de-
    authorize lost tokens, cards, etc, and to issue temporary or permanent 
    replacements using suitable, rigorous controls for substitutes; and,
        8. Using reasonable transactional safeguards to prevent 
    unauthorized use and detect and emergently report (with unmistakable 
    notoriety) any unauthorized attempts.
        The agency agrees that all of the above controls are reasonable and 
    necessary measures to maintain password integrity. However, some of 
    these controls may be more amenable to incorporation in guidelines 
    rather than regulations, and therefore do not appear in the proposed 
    rule.
        In response to the ANPRM's request that comments identify any types 
    of signature alternatives that would be too insecure to be acceptable, 
    comments cited the use of unilateral methods, such as a user 
    identification that is readily determined from a publication, or 
    alternatives used in environments in which employees are motivated to 
    falsify identifications. One comment stressed the importance of using 
    bilateral systems, but urged the agency to permit industry to choose 
    the exact methods (such as use of identification codes combined with 
    passwords or tokens).
        As explained above, the agency agrees that single entity signature 
    alternatives that may be compromised are not acceptable. Where 
    bilateral signatures are used, both portions of the signature should be 
    recorded contemporaneously with each ``signing.'' Absent that duality, 
    FDA would consider the signature to be unilateral and therefore, if 
    capable of being compromised, unacceptable. The agency wishes to 
    clarify, however, that single entity signatures based on biometric/
    behavioral links that cannot be implemented by people other than their 
    genuine owners would be acceptable.
    
    IX. Validation
    
        Comments generally acknowledged the importance of validating 
    signature alternative systems and said that there should be no 
    difference between validation of signature alternatives and validation 
    of other processes or systems. Most comments claimed that there already 
    exists sufficient guidance, published by FDA and the industry, thus 
    making it unnecessary for FDA to publish additional guidance on 
    validation of signature alternatives.
        Several comments acknowledged FDA's concerns about the adequacy of 
    computer systems validation, but indicated that the primary issue 
    concerns what constitutes adequate systems specifications, a matter 
    comments claimed is still developing.
        Comments identified the following elements of signature alternative 
    validation:
        1. Correct specification;
        2. Correct engineering;
        3. Correct testing;
        4. Correct operation;
        5. System definition: functional requirements, software 
    requirements, the physical system and its operating environment;
        6. Assurance of software quality: structural and functional;
        7. System documentation that is well organized and that includes 
    policies, procedures and master plans defining the philosophy and 
    approach to system validation, and defined meanings for approval 
    signatures;
        8. Security;
        9. Verification of critical data entries;
        10. Installation, operational, and performance qualification;
        11. Change control and system maintenance;
        12. Employee training;
        13. A records retrieval system that protects records and enables 
    their accurate and efficient retrieval throughout their retention 
    period; and
        14. Periodic system review and revalidation.
        The agency is persuaded by the comments that although validation of 
    electronic signature systems is important enough to be codified as a 
    general requirement, publication of specifics as to what constitutes 
    acceptable validation of such systems should be deferred at this time. 
    Specific information on electronic signature validation may need to be 
    provided in either future regulations and/or guidelines.
    
    X. Standards
    
    A. Standards in General
    
        Several comments acknowledged the general utility of standards 
    (e.g., for electronic signatures which use biometric/behavioral links), 
    but suggested that the issue should be addressed separately on the 
    basis that standards are not relevant to the forms of electronic 
    identification anticipated for use in the pharmaceutical industry, and 
    because they are seldom used in FDA-regulated industries generally.
        Several comments said FDA should assess existing standards and 
    provide input into development of new standards, but should not seek a 
    lead role in their development. One comment suggested that FDA 
    collaborate with industry in developing standards should they be 
    warranted in the future.
        Two comments argued that the absence of standards should not 
    inhibit the agency from accepting electronic identification and that 
    standards would not be necessary where there is an emphasis on 
    validation, security, and well designed and enforced procedures.
        One comment urged the agency to avoid adopting any single standard 
    or technology for electronic signatures.
        FDA recognizes the benefits of standards and their relevancy to 
    legal and regulatory acceptance of electronic signatures. FDA 
    regulations could be simplified by predicating acceptance of an 
    electronic signature on adherence to one or more appropriate standards 
    that have been derived from fair evaluation of public comments. 
    Although industries regulated by FDA may not have participated in the 
    development of the two emerging primary digital signature standards, 
    i.e., the National Institute of Standards and Technology Digital 
    Signature Standard (NIST DSS) or the RSA, either because (in the case 
    of the RSA) the standard is proprietary, or because the industry did 
    not anticipate their relevancy, the standards may nonetheless be 
    valuable tools to ensure the authenticity and integrity of electronic 
    records.
        In general, the agency agrees with the premise that adherence to 
    specific standards need not be codified at this time because adequate 
    levels of security may be achieved by adherence to the controls 
    contained in the proposed rule. However, the agency may need to address 
    or adopt such standards in the future, as the industries become more 
    familiar with them and their practical applications. The agency 
    anticipates that its role will be that of a proactive participant in 
    standards development. Absent the immediate application of such 
    standards, the proposed rule emphasizes, as comments suggest, system 
    security/integrity controls, and validation.
    
    B. National Institute of Standards and Technology Digital Signature 
    Standard
    
        One comment suggested, without elaboration, that FDA obtain and 
    consider three cited articles on digital signature standards.
        Many comments cited the controversial nature, per published 
    articles, of the NIST DSS and suggested that FDA not adopt the 
    standard. Several comments inferred that FDA should favor the RSA over 
    the NIST DSS on the basis that RSA is currently the de facto standard 
    for commercial and some military applications.
        One comment urged the agency to adopt a public, rather than 
    proprietary standard, but noted the difficulty of modifying systems 
    that are essentially completely developed to incorporate the NIST 
    standard.
        One comment encouraged FDA to adopt the NIST draft digital 
    signature standard, on the grounds that the NIST DSS is a highly secure 
    method of identification that will become mandatory for Federal 
    agencies where a public-key based digital signature technique is needed 
    and is to be the single standard for Government communication with the 
    private sector. The comment further supported the standard by noting 
    its acceptance by the General Accounting Office as legal endorsement 
    for Federal obligations. In addition, the comment asserted the 
    nonrepudiation property of the NIST DSS. One comment acknowledged that 
    the NIST standard offers the benefit, over handwritten signatures, of 
    assuring that the document was not altered after being signed by the 
    author.
        The agency notes that subsequent to the working group's February 
    1992 progress report, several criticisms of the NIST DSS, specifically 
    the absence of a ``hash algorithm'' and limited size of ``keys,'' have 
    been addressed. FDA has also become aware of several commercial 
    products available to implement the standard, and the agency 
    acknowledges that it may have direct applicability to FDA electronic 
    communication with the agency's regulated industries. However, the 
    standard is not yet finalized, and it has not yet achieved sufficiently 
    wide utilization, in the agency's opinion, to merit mandatory use, at 
    least in closed systems. The standard may have future applicability, 
    though, in open systems, where documents are submitted to FDA via 
    public electronic carriers, in which case adherence to a limited number 
    of standards would be desirable to maintain practical communications. 
    Accordingly, the agency is deferring a codified reference to the NIST 
    DSS in particular. However, the agency is proposing in Sec. 11.30 to 
    use established digital signature standards that are acceptable to FDA, 
    as a system control that may be warranted to maintain record 
    authenticity, integrity, and confidentiality in open systems.
    
    XI. Freedom of Information
    
        Several comments asserted that because matters relating to FOI are 
    not relevant to the fundamental issues of electronic identification, 
    such issues should be handled separately. However, comments expressed 
    concern about the reliability of computer methods FDA might use to 
    delete proprietary information from electronic records released under 
    the FOI Act.
        Two comments said that FDA should realize FOI processing cost 
    savings when records are submitted electronically if the agency sets 
    guidelines on such submissions.
        Comments held diverse opinions about what form (electronic or 
    otherwise) documents released under FOI should take. Several comments 
    said FDA should establish standards to avoid having to copy and purge 
    original records that exist in many different formats. Some comments 
    said they would likely provide paper printouts of electronic records 
    requested by FDA field investigators, and by so doing, the agency would 
    not need to acquire specific software and hardware to handle 
    proprietary formats. Likewise, two comments recommended that FDA 
    respond to FOI requests by providing only paper copies of documents, 
    regardless of the format requested. On the other hand, two comments 
    encouraged the agency to develop systems whereby requesters could 
    submit FOI requests by e-mail, or directly access an FDA data base to 
    conduct on-line text searches. One of the comments suggested that 
    resulting documents from such searches be mailed to requesters in a 
    manner similar to the procedure used by the National Library of 
    Medicine's Medline. The respondent suggested that modest connect time 
    fees would be appropriate to such systems.
        The agency disagrees with the assertion that FOI matters are 
    irrelevant to electronic signature issues. When FOI requests are 
    received electronically the agency must ensure that the requests are 
    authoritative and genuine such that they may be processed and 
    appropriate fees collected. In addition, as more firms implement 
    electronic records, the agency will likely collect and store them 
    electronically in the regular course of its investigational and 
    inspectional activities. The consequent move from paper to electronic 
    documents will necessitate use of appropriate purging technologies, as 
    many of the comments have noted.
        FDA finds the comment's suggestions that FOI records be handled 
    strictly as paper documents inconsistent with the implementation of 
    electronic records systems. The agency believes the suggestion that FDA 
    accept FOI requests by e-mail has merit, and it is exploring ways of 
    implementing the suggestion within the context of electronic 
    submissions in general. A data base of all available documents may not 
    be practical at this time considering the scope of potential documents 
    that may be in the data base. However, a publicly accessible on-line 
    electronic data base of FOI-released documents may be in the public 
    interest, and this suggestion may also be explored. The agency agrees 
    that it should set technical standards for submission of electronic 
    documents so as to allow the electronic handling of relevant FOI 
    requests; this suggestion is also being explored within the context of 
    electronic submissions in general.
    
    XII. The Proposed Regulation for Electronic Signatures and Records
    
        Proposed part 11 is made up of the following subparts: subpart A--
    General provisions; subpart B--Electronic records; and subpart C--
    Electronic signatures:
    
    A. General Provisions (Subpart A)
    
    1. Scope (Sec. 11.1)
        Although most of the comments to the ANPRM represented the 
    pharmaceutical industry, the agency wishes to emphasize that the 
    proposed rule applies to use of electronic records and signatures in 
    the context of all FDA program areas and all industries regulated by 
    FDA. Accordingly, proposed Sec. 11.1 states the extent of the 
    regulation's scope to all parts of 21 CFR chapter I.
        The agency recognizes, however, that in some instances records 
    required by selected sections of chapter I may need to be retained in 
    paper form and their associated conventional methods of signing may 
    need to be preserved. In such instances, the agency would, by 
    regulation, specify that electronic versions of those records would not 
    be permitted. FDA does not anticipate many such situations, but is 
    providing for them in proposed Sec. 11.1. The agency welcomes comments 
    on any existing FDA regulations that address records where electronic 
    versions of those records should not be permitted.
        Under proposed Sec. 11.1, absent specific exemption by regulation, 
    records required throughout chapter I could be created, modified, 
    maintained, or transmitted in electronic form provided they meet the 
    requirements of proposed part 11. Likewise, electronic signatures would 
    be considered to be equivalent to full handwritten signatures, 
    initials, and other general signings required throughout chapter I 
    provided the electronic signatures and associated electronic records 
    meet the requirements of the proposed part 11.
    2. Implementation (Sec. 11.2)
        The agency recognizes that the pace and extent of converting from 
    paper to electronic records will vary significantly in industry and, in 
    fact, within FDA itself. Adoption of electronic records technologies 
    generally depends upon a number of factors, including systems 
    availability, costs, integration into existing paper based records 
    systems, and the need to train employees in developing and maintaining 
    electronic systems. In order to implement the new rule in a fair and 
    practical manner, the agency is dividing the types of records to be 
    covered into two broad categories, namely records required by 
    regulation to be maintained but not submitted to FDA (such as batch 
    production records), and records submitted to FDA (such as food 
    additive petitions and comments to proposed rules).
        This approach is being taken for two reasons. First, the agency 
    believes it is important to enable regulated industries to implement 
    electronic records/signatures for records that are required by 
    regulation to be maintained, but not submitted to the agency, as 
    rapidly as possible. Some firms have already taken major steps toward 
    implementing electronic production records and the agency does not wish 
    to delay the appropriate adoption of new technologies.
        Second, FDA is not yet prepared to accept and manage all 
    submissions in electronic form. However, FDA believes it vital to 
    enable those agency units that are prepared to receive and manage 
    submissions in electronic form to do so as rapidly as practical. There 
    are many different types of submissions to the agency. (A July 1991 FDA 
    report entitled, ``Basic Inventory of Submissions to the FDA,'' (Office 
    of Planning and Evaluation) identified 87 different types of 
    submissions (Ref. 4)). The agency is reviewing all of the various 
    submissions to identify which documents it can accept and manage in 
    electronic form (in whole or in part), and the corresponding 
    capabilities of the receiving agency units. The agency is committed to 
    accepting as many submissions in electronic form as possible, 
    consistent with available resources, but realizes that the goal of 
    accepting all submissions in electronic form will be achieved in phases 
    over a period of time.
        The agency intends to publish a public docket on electronic 
    submissions. FDA proposes that this public docket will be established 
    at the time that a final rule becomes effective. The docket would 
    identify those submissions that may be made (in whole or in part) in 
    electronic form, and the corresponding agency receiving units. 
    Receiving units may also publish appropriate technical guidance 
    documents on how submissions are to be made relative to the units' 
    capabilities. In addition, FDA encourages submitters to work with the 
    agency to develop appropriate pilot programs to implement electronic 
    submissions that may be more complex in nature. The agency is committed 
    to the goal of eventually accepting most submissions in electronic form 
    because it recognizes the attendant benefits of using electronic 
    records, benefits such as speedier document review times, cost savings 
    in not having to store and manage paper, and the improved 
    responsiveness to the general public and regulated industries that 
    generally derives from electronic systems.
        Therefore, proposed Sec. 11.2(a) enables persons to use electronic 
    records/signatures in lieu of paper records/conventional signatures, in 
    whole or in part, for records which are required by FDA regulation to 
    be maintained, but not submitted to FDA. Proposed Sec. 11.2(b) enables 
    persons to use electronic records/signatures in lieu of paper records/
    conventional signatures, in whole or in part, for records that are 
    submitted to FDA, provided the type of submission has been identified 
    in a public docket as one which FDA accepts in electronic form. The 
    agency intends to announce changes to that public docket, on a periodic 
    basis, by a variety of means. For example, a notice announcing changes 
    may be published in the Federal Register.
        FDA wishes to clarify that the requirements in proposed part 11 
    would apply to both types of electronic records (submissions FDA 
    accepts in electronic form and records required by regulation to be 
    maintained) unless, as stated above, a regulation specifically 
    prohibits the record from being in electronic form.
    3. Definitions (Sec. 11.3)
        Proposed Sec. 11.3 sets forth definitions of key terms, including 
    ``biometric/behavioral links,'' ``closed system,'' ``open system,'' 
    ``electronic record,'' ``electronic signature,'' and ``handwritten 
    signature.''
        A ``biometric/behavioral link'' (proposed Sec. 11.3(b)(3)) is a 
    method of verifying a person's identity based on measurement of the 
    person's physical feature(s) or repeatable action. The agency believes 
    that biometric/behavioral links would be utilized in technologies that 
    use, for example, voiceprints, handprints, and retinal scans to 
    identify individuals. A system that characterizes the act of signing 
    one's name, as a function of unique behavior (parameters of physical 
    signing such as speed of stylus movement, pressure, pauses, etc.) is 
    another example. A fundamental premise of biometric/behavioral link 
    technologies is that the resulting electronic signatures are inherently 
    unique to an individual and cannot, by ordinary means, be falsified.
        A ``closed system'' (proposed Sec. 11.3(b)(4)) is an environment in 
    which there is communication among multiple persons, where 71 system 
    access is restricted to people who are part of the organization that 
    operates the system. FDA believes that electronic documents within a 
    closed system are less likely to be compromised than those in an ``open 
    system'' because they are not as vulnerable to disclosure to, and 
    corruption by, unintended outsiders to the organization. Where a firm 
    hand delivers to FDA a magnetic disk containing an electronic document, 
    the agency would consider such communication to have been made in a 
    closed system.
        An ``open system'' (proposed Sec. 11.3(b)(8)) is an environment in 
    which there is communication among multiple persons, where system 
    access extends to people who are not part of the organization that 
    operates the system. FDA believes electronic documents in open systems 
    merit additional protection from unauthorized disclosure and 
    corruption. Where a firm sends FDA an electronic document by electronic 
    mail, the agency would consider such submission to have been made in an 
    open system.
        An ``electronic record'' (proposed Sec. 11.3(b)(5)) is a document 
    or writing comprised of any combination of text, graphic 
    representation, data, audio information, or video information, that is 
    created, modified, maintained, or transmitted in digital form by a 
    computer or related system. The agency is proposing a broadly based 
    definition of this term in order to accommodate digital technologies 
    that may incorporate pictures and sound, in addition to text and data.
        Although, as discussed above, the ANPRM discussed four possible 
    terms relating to different kinds of signatures, FDA is proposing two 
    definitions based broadly on whether or not the ``signature'' is 
    handwritten. Two definitions are proposed, one for ``electronic 
    signature'' (Sec. 11.3(b)(6)) and one for ``handwritten signature'' 
    (Sec. 11.3(b)(7)). The term electronic signature would include the 
    meaning comments ascribed to electronic identification. Handwritten 
    signatures would include signatures recorded electronically.
        Proposed Sec. 11.3(b)(6) defines the term ``electronic signature'' 
    as the entry in the form of a magnetic impulse or other form of 
    computer data compilation of any symbol or series of symbols executed, 
    adopted, or authorized by a person to be the legally binding equivalent 
    of the person's handwritten signature. The fundamental premise is that 
    an electronic signature is some combination of what a person possesses 
    (such as an identification card), knows (such as a secret password), or 
    is (the unique characteristic embodied in a biometric/behavioral link 
    such as a voiceprint).
        Proposed Sec. 11.3(b)(7) defines the term ``handwritten signature'' 
    as the name of an individual, handwritten in script by that individual, 
    executed or adopted with the present intention to authenticate a 
    writing in a permanent form. An important aspect of a handwritten 
    signature is that the act of signing with a writing or marking 
    instrument such as a pen, or stylus is preserved. The agency is aware 
    of electronic records systems which capture the image of a signature as 
    a person applies a handwritten signature to a ``screen'' or sensing 
    device. Because the traditional action of signing is preserved, the 
    agency regards such a signature to be a handwritten signature even 
    though it is written to an electronic document. The proposed definition 
    includes wording to clarify this intent.
    
    B. Electronic Records (Subpart B)
    
        As discussed above, the agency has accepted the comments on the 
    ANPRM that suggested that adequate system controls should be the basis 
    for establishing the regulatory and legal acceptance of electronic 
    records. The agency appreciates the extent of the suggested controls 
    which are intended to ensure the authenticity, integrity, and 
    confidentiality of electronic records and to ensure that signers cannot 
    readily repudiate the electronic records as not genuine. FDA has 
    incorporated most of the controls in the proposed regulations. Controls 
    not adopted at this time may be incorporated in subsequent revisions to 
    these regulations, or addressed in agency guidelines. In addition, FDA 
    accepts the premise that some stratification of those controls should 
    be codified based upon whether the electronic records are within closed 
    or open systems. Therefore, this subpart includes separate controls for 
    records in closed and open systems.
    1. Controls for Closed Systems (Sec. 11.10)
        Proposed Sec. 11.10 includes a general requirement that there be 
    procedures and controls designed to ensure the authenticity, integrity, 
    and confidentiality of electronic records, and to ensure that the 
    signer cannot readily repudiate the signed record as not genuine. In 
    addition, the agency is proposing 11 specific controls.
        FDA wishes to emphasize that the proposed list of system controls 
    is not intended to be all inclusive of what may be needed for a given 
    electronic records system, and that some controls may not be necessary 
    in all types of systems. The wording of the proposal is intended to 
    clarify which controls are generally applicable and which are germane 
    to certain types of systems depending upon their intended use. For 
    example, operational checks to enforce permitted sequencing of events 
    would not be appropriate to systems in which proper sequencing was not 
    relevant to the events being recorded. Examples of system controls that 
    would be applicable in all cases include validation and protection of 
    records to ensure that records remain accurate and retrievable 
    throughout their retention period.
        Some of the proposed system controls (e.g., inspection and copying 
    of records) are necessary to ensure that the agency can fulfill its 
    enforcement responsibilities. The subject of enforcement integrity was 
    extensively addressed in the ANPRM and by comments, most of whom 
    asserted that properly validated and secured systems should not hamper 
    the agency's enforcement activities.
        As discussed above, many ANPRM comments asserted that enforcement 
    integrity would not be hampered because, under Title 18 of the U.S. 
    Code, falsification of electronic records would be equivalent to 
    falsification of paper records.
        The agency agrees that certain controls, such as system validation, 
    are necessary to maintain the integrity of electronic documents it 
    reviews and collects as part of its enforcement activities. It is also 
    necessary for FDA to be able to review and copy electronic records in 
    the same manner as paper records. Accordingly, the proposed rule 
    contains several provisions designed to ensure that the agency's 
    enforcement responsibilities are not impeded. For example, proposed 
    Sec. 11.10(b), regarding the ability to generate true copies of 
    electronic records that FDA can inspect, review, and copy, is intended 
    to ensure that the agency will retain the ability to review electronic 
    records on site and review copies of such records off site, in the same 
    manner as is currently the case for paper records. Likewise, proposed 
    Sec. 11.10(e), regarding time stamped audit trails to document record 
    changes, is intended to ensure that changes to electronic records are 
    evident and reviewable by the agency, to the same extent as paper 
    records.
        The agency encourages persons to consult with FDA prior to 
    implementing electronic records systems if there are any questions 
    regarding the ability of the agency to review and copy the electronic 
    records. The proposed rule includes wording to that effect.
    2. Controls for Open Systems (Sec. 11.30)
        As discussed above, many comments to the ANPRM acknowledged that 
    additional security measures, above and beyond those used for closed 
    systems, may be needed to ensure the integrity, authenticity, and 
    confidentiality of electronic records within open systems.
        The agency agrees. FDA is aware that two kinds of additional 
    systems controls can be effective in this regard--use of document 
    encryption, and use of digital signature standards. Digital signature 
    standards use established mathematical algorithms and public and 
    private signer numerical codes (called keys) to both authenticate an 
    electronic record and establish its integrity. Several comments 
    addressed these additional measures.
        Accordingly, proposed Sec. 11.30 requires use of those controls 
    identified in proposed Sec. 11.10 for closed systems (as appropriate to 
    the nature of the records at issue) plus such additional measures as 
    document encryption and use of digital signature standards acceptable 
    to FDA as necessary to maintain record confidentiality and integrity 
    under the circumstances. The agency intends to publish future guidance 
    documents which identify acceptable digital signature standards.
    3. Signature Manifestations (Sec. 11.50)
        Proposed Sec. 11.50 requires several of the system controls 
    suggested by comments to the ANPRM. This section requires 
    electronically signed records to display the printed name of the signer 
    and the date and time when the document was signed. The presence of the 
    printed name, date, and time will assist the agency by clearly 
    identifying the signing individual. In addition, the printed 
    information will help firms to maintain an unambiguous method of 
    readily and directly documenting the signer's identity and date of 
    signing for as long as the electronic record is retained. Another 
    benefit to having the name of the signer appear on the electronic 
    document is to reinforce the solemnity and personal commitment 
    associated with the act of signing.
        Proposed Sec. 11.50 also requires that the meaning associated with 
    the act of signing the electronic document be clearly indicated. As 
    discussed in the ANPRM, the purpose of a signature can be varied (e.g., 
    to affirm, review, approve, or indicate a person's presence or action). 
    Many traditional paper records already contain statements that indicate 
    the purpose of a signature, such as ``material added by * * *,'' ``in 
    witness thereof,'' and ``approved by * * *.'' The agency believes it is 
    vital, for purposes of accurate documentation and establishment of 
    individual responsibility, to include such statements in electronic 
    records as well.
    4. Signature/Record Binding (Sec. 11.70)
        Signatures appearing on conventional paper documents cannot be 
    readily excised, copied, or transferred to other documents so as to 
    falsify another document. Attempts at such misdeeds can generally be 
    revealed by available forensic methods. Such is not typically the case, 
    however, with electronic signatures and handwritten signatures executed 
    to electronic records (the image of the signature may be electronically 
    ``copied'' from one location and ``pasted'' to another without evidence 
    of the action.) In such cases, falsification of electronic documents 
    would be relatively easy to achieve, yet difficult to detect. This 
    problem could be solved by using available technologies to bind the 
    signature to the electronic document in a secure manner analogous to 
    the way conventional signatures are affixed to paper records.
        As discussed above, two ANPRM comments specifically addressed 
    signature to record binding. One comment stated that signatures 
    recorded electronically, if not somehow inalterably bound to the 
    electronic document, are insecure to the extent the digitally recorded 
    signature could be excised and superimposed upon other documents to 
    falsify an endorsement. Another comment supported signatures recorded 
    electronically when they are captured to inalterable media, such as 
    optical disks, provided, further, that access to such media is limited, 
    thus reducing chances of alteration.
        The agency agrees with the ANPRM comments and believes it is vital 
    to verifiably bind a signed electronic record to its electronic or 
    handwritten signature. Accordingly, proposed Sec. 11.70 includes a 
    ``signature to document'' binding requirement to ensure that the 
    signatures cannot be excised, copied or otherwise transferred so as to 
    falsify another record. The agency believes that such binding is 
    readily achievable under current technology. For example, the concept 
    of such binding is part of digital signature standards to the extent 
    that a message authentication operation will fail for a falsified 
    document if the document's digital signature had been copied from a 
    different document.
    
    C. Electronic Signatures (Subpart C)
    
        Proposed subpart C includes requirements for system controls that 
    are relevant to electronic signatures. Here, as elsewhere throughout 
    the proposed rule, the controls reflect suggestions made by the ANPRM 
    comments. In addition, the agency is including a requirement for 
    providing certification to the agency that the electronic signature 
    systems and, if necessary, specific electronic signatures are 
    authentic, valid, and binding.
    1. General Requirements (Sec. 11.100)
        Proposed Sec. 11.100 requires each electronic signature to be 
    unique to one individual and requires the issuing authority (for 
    example, a systems security unit within a firm) to verify a person's 
    identity before issuing an electronic signature. FDA considers these 
    controls to be fundamental to the basic integrity of an electronic 
    signature. Uniqueness is important because, if two or more people are 
    assigned the same electronic signature (such as a combination of 
    identification code and password) then the true identity of the signer 
    could be in doubt and either of the two individuals could conceivably 
    readily repudiate the recorded signature as not being his/her own. It 
    is important for the assigning authority to verify a person's identity 
    before issuing an electronic signature to prevent that person from 
    wrongfully assuming someone else's identity and the privileges/
    authorizations that may be associated with that identity.
        The agency is including a proposed requirement for providing 
    certification to the agency that the electronic signature system 
    guarantees the authenticity, validity, and binding of any electronic 
    signature. Furthermore, upon agency request, additional certification 
    or testimony that a specific electronic signature is authentic, valid, 
    and binding shall be provided. The certification should be submitted to 
    the agency district office in which territory the electronic signature 
    system is in use.
    2. Identification Mechanisms and Controls (Sec. 11.200)
        As noted above, electronic signatures are broadly based upon 
    various combinations of what a person knows (such as a secret 
    password), what a person possesses (such as an employee badge), and 
    what a person is. The third element, what a person is, relates to what 
    the agency is defining as a ``biometric/behavioral link'' to an 
    individual--a method of verifying a person's identity based on 
    measurement of the person's physical feature(s) or repeatable actions. 
    Examples of such features or actions include voiceprints, handprints, 
    retinal scans, and the act of signing one's name in script. The most 
    important attribute of an electronic signature that incorporates a 
    biometric/behavioral link is that the measured feature or action is 
    inherently unique to, and remains with, that individual. Unlike what a 
    person knows or possesses, what a person ``is'' cannot be compromised 
    by being lost, stolen, forgotten, loaned, re-assigned, or otherwise 
    compromised by ordinary means.
        Accordingly the agency is establishing two broad categories of 
    electronic signatures, those based on biometric/behavioral links to 
    individuals, and those that lack such links, as reflected in proposed 
    Sec. 11.200.
        Many of the ANPRM comments argued persuasively that FDA should not 
    require biometric/behavioral links, but should accept electronic 
    signatures that lack such links provided the electronic signatures are 
    validated, secure, and administered under adequate system controls. 
    Among those controls, comments emphasized the importance of maintaining 
    electronic signatures that are made of multiple identification 
    mechanisms (such as a combined identification code and password) and 
    administrative measures to ensure that attempted use of an individual's 
    electronic signature by anyone other than its genuine owner requires 
    collaboration of two or more individuals. Such collaboration would 
    prevent signature falsification by casual mishap--a falsification that 
    might result, for example, if someone acquired another person's 
    unattended identification card or token. The provision would also help 
    to impress people with the significance and solemnity of the electronic 
    signature.
        The agency agrees that biometric/behavioral links should not be a 
    required feature of electronic signatures, at this time. The agency 
    also agrees that electronic signatures that lack biometric/behavioral 
    links should be acceptable when certain system controls are used. 
    Accordingly, the agency has incorporated system controls for electronic 
    signatures that lack such links, including multiple identification 
    mechanisms and multiple party collaboration in proposed Sec. 11.200(a).
        Although FDA is not, at this time, mandating use of biometric/
    behavioral links in electronic signatures, it is allowing for them and 
    encourages their development and use. The premise behind the technology 
    for electronic signatures based upon biometric/behavioral links is that 
    the links are inherently secure such that a person's electronic 
    signature could not be lost, stolen, loaned, or otherwise used by 
    anyone other than the rightful owner. The agency is proposing to codify 
    that premise at Sec. 11.200(b), to ensure that electronic signatures 
    based on such links are designed so that they cannot be used by anyone 
    other than their genuine owners.
    3. Controls for Identification Codes/Passwords (Sec. 11.300)
        The agency is aware that many electronic signatures are based upon 
    combined identification codes and passwords. FDA believes that because 
    of the relative ease with which such electronic signatures may be 
    compromised, and because of their wide adoption, system controls to 
    ensure their security and integrity merit specific coverage in these 
    regulations.
        Many of the ANPRM comments addressed specific administrative 
    controls to ensure the security and integrity of electronic signatures 
    that are based upon a combined identification code and password. One 
    comment suggested eight controls specific to identification codes. The 
    agency appreciates the various suggestions and agrees that five of them 
    merit codification at this time. Proposed Sec. 11.300 includes those 
    controls. Suggested controls that were not included in the proposed 
    rule may be added in the future or addressed in future agency 
    guidelines.
        The agency wishes to emphasize that the controls listed in proposed 
    Sec. 11.300 are not intended to be all inclusive of what may be needed 
    to ensure the security and integrity of electronic signatures based on 
    identification codes/passwords.
    
    XIII. Analysis of Impacts
    
        FDA has examined the impacts of the proposed rule under Executive 
    Order 12866 and the Regulatory Flexibility Act (Pub. L. 96-354). 
    Executive Order 12866 directs agencies to assess all costs and benefits 
    of available regulatory alternatives and, when regulation is necessary, 
    to select regulatory approaches that maximize net benefits (including 
    potential economic, environmental, public health and safety, and other 
    advantages; distribute impacts; and equity). The agency believes that 
    this proposed rule is consistent with the regulatory philosophy and 
    principles identified in the Executive Order. In addition, the proposed 
    rule is not a significant regulatory action as defined by the Executive 
    Order and so is not subject to review under the Executive Order.
        The Regulatory Flexibility Act requires agencies to analyze 
    regulatory options that would minimize any significant impact of a rule 
    on small entities. Because this action will permit industry to maintain 
    records in electronic form, and thus reduce their paperwork costs, the 
    agency certifies that the proposed rule will not have a significant 
    economic impact on a substantial number of small entities. Therefore, 
    under the Regulatory Flexibility Act, no further analysis is required.
    
    XIV. Paperwork Reduction Act of 1980
    
        This proposed rule contains information collections which are 
    subject to review by the Office of Management and Budget (OMB) under 
    the Paperwork Reduction Act of 1980. The title, description, and 
    recordkeepers of the information collections are shown below with an 
    estimate of the recordkeeping burden.
        Title: Electronic Records; Electronic Signatures; Title 21 Code of 
    Federal Regulations; Proposed Rule.
        Description: The Food and Drug Administration (FDA) is proposing 
    rules to provide criteria for acceptance of electronic records, 
    electronic signatures, and handwritten signatures onto electronic 
    records useable in place of paper records. Rules apply to any 21 CFR 
    records retention requirement unless specifically exempt by future 
    regulation. Records required to be submitted to FDA may be submitted 
    electronically provided the agency has stated its ability to accept the 
    records electronically in an agency established public docket.
        Description of Recordkeepers: State or local governments, 
    businesses and other for-profit organizations, Federal agencies, and 
    non-profit institutions. 
    
    ----------------------------------------------------------------------------------------------------------------
                                        Estimated Annual Burden for Recordkeeping                                   
    -----------------------------------------------------------------------------------------------------------------
       21 CFR Section       Number of recordkeepers         Hours per recordkeeper           Total burden hours     
    ----------------------------------------------------------------------------------------------------------------
    11.10                                          50                             40                          2,000 
    11.30                                          50                             40                          2,000 
    11.50                                          50                             40                          2,000 
    11.300                                         50                             40                          2,000 
    ----------------------------------------------------------------------------------------------------------------
          Total annual                                                                                              
           burden hours                                                                                       8,000 
    ----------------------------------------------------------------------------------------------------------------
    
        As required by section 3504(h) of the Paperwork Reduction Act, FDA 
    is submitting to OMB a request that it approve these information 
    collection requirements. Organizations or individuals desiring to 
    submit comments for consideration by OMB on these information 
    collection requirements should address them to FDA's Dockets Management 
    Branch (address above) and to the Office of Information and Regulatory 
    Affairs, OMB, rm. 3208, New Executive Office Building, Washington, DC 
    20503, Attn: Desk Officer for FDA.
    
    XV. Environmental Impact
    
        The agency has determined under 21 CFR 25.24(a)(8) that this action 
    is of a type that does not individually or cumulatively have a 
    significant effect on the human environment. Therefore, neither an 
    environmental assessment nor an environmental impact statement is 
    required.
    
    XVI. References
    
        The following references have been placed on display in the Dockets 
    Management Branch (address above) and may be seen by interested persons 
    between 9 a.m. and 4 p.m., Monday through Friday.
        1. FDA, Task Force on Electronic Identification/Signatures, 
    Electronic Identification/Signature Working Group Progress Report, 
    February 24, 1992.
        2. National Performance Review, Report of the Vice President pp. 
    113-117, September 7, 1993.
        3. FDA, Letter to Pharmaceutical Manufactures Association, 
    December 5, 1991.
        4. FDA, Office of Planning and Evaluation, ``Basic Inventory of 
    Submissions to FDA,'' July 1991.
    
    XVII. Comments
    
        Interested persons may, on or before November 29, 1994, submit to 
    the Dockets Management Branch (address above) written comments 
    regarding this proposal. Two copies of any comments are to be 
    submitted, except that individuals may submit one copy. Comments are to 
    be identified with the docket number found in brackets in the heading 
    of this document. Received comments may be seen in the office above 
    between 9 a.m. and 4 p.m., Monday through Friday. As an FDA experiment 
    in accepting public comments by electronic mail (e-mail), interested 
    persons may also submit comments via INTERNET (address above). Comments 
    must be in ASCII format. Any exhibits or other attachments submitted 
    must also be in ASCII format and must be part of the e-mail itself. The 
    agency has limited experience with receiving e-mail via INTERNET, and 
    is aware that it is possible for some messages not to arrive at their 
    intended destinations, or to arrive with incomplete or otherwise 
    inaccurate contents. FDA is concerned that all comments it receives on 
    this proposal are intact, accurate and complete, as intended by 
    respondents. Therefore, for this experiment, FDA encourages interested 
    persons who elect to send their comments by e-mail to also send two 
    paper copies of their comments to the Dockets Management Branch 
    (address above).
    
    List of Subjects in 21 CFR Part 11
    
        Administrative practice and procedure, Electronic records, 
    Electronic signatures, Reporting and recordkeeping requirements.
        Therefore under the Federal Food, Drug, and Cosmetic Act, and under 
    authority delegated to the Commissioner of Food and Drugs, it is 
    proposed that 21 CFR part 11 be added to read as follows:
    
    PART 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES
    
    Subpart A--General Provisions
    
    Sec.
    11.1    Scope.
    11.2    Implementation.
    11.3    Definitions.
    
    Subpart B--Electronic Records
    
    11.10    Controls for closed systems.
    11.30    Controls for open systems.
    11.50    Signature manifestations.
    11.70    Signature/record binding.
    
    Subpart C--Electronic Signatures
    
    11.100    General requirements.
    11.200    Identification mechanisms and controls.
    11.300    Controls for identification codes/passwords.
    
        Authority: Secs. 201-902 of the Federal Food, Drug, and Cosmetic 
    Act, 52 Stat. 1040 et seq., as amended (21 U.S.C. 301-392).
    
    Subpart A--General Provisions
    
    
    Sec. 11.1  Scope.
    
        (a) The regulations in this part set forth the criteria under which 
    the Food and Drug Administration considers electronic records, 
    electronic signatures, and handwritten signatures executed to 
    electronic records, to be trustworthy, reliable, and generally 
    equivalent to paper records and handwritten signatures executed on 
    paper.
        (b) These regulations apply to records in electronic form that are 
    created, modified, maintained, or transmitted, pursuant to any records 
    requirements set forth in chapter I of this title.
        (c) Where electronic signatures and their associated electronic 
    records meet the requirements of this part, the agency will consider 
    the electronic signatures to be equivalent to full handwritten 
    signatures, initials, and other general signings as required throughout 
    this chapter, unless specifically exempted by regulation that is 
    effective on or after the effective date of this part.
        (d) Electronic records that meet the requirements of this part may 
    be used in lieu of paper based records, in accordance with Sec. 11.2, 
    unless paper based records are specifically required.
        (e) Computer systems (including hardware and software), controls, 
    and attendant documentation maintained pursuant to this part shall be 
    readily available for, and subject to, FDA inspection.
    
    
    Sec. 11.2  Implementation.
    
        (a) For records required by chapter I of this title to be 
    maintained, but not submitted to the agency, persons may use electronic 
    records/signatures in lieu of paper records/conventional signatures, in 
    whole or in part, provided that the requirements of this part are met.
        (b) For records submitted to the agency, persons may use electronic 
    records/signatures in lieu of paper records/conventional signatures, in 
    whole or in part, provided that:
        (1) The requirements of this part are met; and
        (2) The document or parts(s) of a document to be submitted has/have 
    been identified in a public docket as being the type of submission the 
    agency accepts in electronic form. This docket will identify 
    specifically what types of documents or parts of documents are 
    acceptable for submission in electronic format without paper records 
    and to which specific receiving unit(s) of the agency (e.g., specific 
    center, office, division, branch) such submissions may be made. 
    Documents to agency receiving unit(s) not specified in the public 
    docket will not be considered as official if they are submitted in 
    electronic form; paper forms of such documents will be considered as 
    official and must accompany any electronic records. Persons should 
    consult with the intended agency receiving unit for details on how and 
    if to proceed with the electronic submission.
    
    
    Sec. 11.3  Definitions.
    
        (a) The definitions and interpretations of terms contained in 
    section 201 of the act apply to those terms when used in this part.
        (b) The following definitions of terms also apply to this part:
        (1) Act means the Federal Food, Drug, and Cosmetic Act (secs. 201-
    902, 52 Stat. 1040 et seq., as amended (21 U.S.C. 301-392).
        (2) Agency means the Food and Drug Administration.
        (3) Biometric/behavioral links means a method of verifying a 
    person's identity based on measurement of the person's physical 
    feature(s) or repeatable action(s).
        (4) Closed system means an environment in which there is 
    communication among multiple persons, where system access is restricted 
    to people who are part of the organization that operates the system.
        (5) Electronic record means a document or writing comprised of any 
    combination of text, graphic representation, data, audio information, 
    or video information, that is created, modified, maintained, or 
    transmitted in digital form by a computer or related system.
        (6) Electronic signature means the entry in the form of a magnetic 
    impulse or other form of computer data compilation of any symbol or 
    series of symbols, executed, adopted or authorized by a person to be 
    the legally binding equivalent of the person's handwritten signature.
        (7) Handwritten signature means the name of an individual, 
    handwritten in script by that individual, executed or adopted with the 
    present intention to authenticate a writing in a permanent form. The 
    act of signing with a writing or marking instrument such as a pen, or 
    stylus is preserved. However, the scripted name, while conventionally 
    applied to paper, may also be applied to other devices which capture 
    the written name.
        (8) Open system means an environment in which there is electronic 
    communication among multiple persons, where system access extends to 
    people who are not part of the organization that operates the system.
    
    Subpart B--Electronic Records
    
    
    Sec. 11.10  Controls for closed systems.
    
        Closed systems used to create, modify, maintain, or transmit 
    electronic records shall employ procedures and controls designed to 
    ensure the authenticity, integrity, and confidentiality of electronic 
    records, and to ensure that the signer cannot readily repudiate the 
    signed record as not genuine. Such procedures and controls shall 
    include the following:
        (a) Validation of systems to ensure accuracy, reliability, 
    consistent intended performance, and the ability to conclusively 
    discern invalid or altered records.
        (b) The ability to generate true copies of records in both human 
    readable and electronic form suitable for inspection, review, and 
    copying by the agency. Persons should contact the agency if there are 
    any questions regarding the ability of the agency to perform such 
    review and copying of the electronic records.
        (c) Protection of records to enable their accurate and ready 
    retrieval throughout the records retention period.
        (d) Limiting system access to authorized individuals.
        (e) Use of time stamped audit trails to document record changes, 
    all write to file operations, and to independently record the date and 
    time of operator entries and actions. Record changes shall not obscure 
    previously recorded information. Such audit trail documentation shall 
    be retained for a period at least as long as required for the subject 
    electronic documents and shall be available for agency review and 
    copying.
        (f) Use of operational checks to enforce permitted sequencing of 
    events, as appropriate.
        (g) Use of authority checks to ensure that only those individuals 
    who have been so authorized can use the system, electronically sign a 
    record, access the operation or device, alter a record, or perform the 
    operation at hand.
        (h) Use of device (e.g., terminal) location checks to determine, as 
    appropriate, the validity of the source of data input or operational 
    instruction.
        (i) Confirmation that persons who develop, maintain, or use 
    electronic record/electronic signature systems have the education, 
    training, and experience to perform their assigned tasks.
        (j) The establishment of, and adherence to, written policies which 
    hold individuals accountable and liable for actions initiated under 
    their electronic signatures, so as to deter record and signature 
    falsification.
        (k) Use of appropriate systems documentation controls including:
        (i) Adequate controls over the distribution, access to, and use of 
    documentation for system operation and maintenance.
        (ii) Records revision and change control procedures to maintain an 
    electronic audit trail that documents time-sequenced development and 
    modification of records.
    
    
    Sec. 11.30  Controls for open systems.
    
        Open systems used to create, modify, maintain, or transmit 
    electronic records shall employ procedures and controls designed to 
    ensure the authenticity,integrity and confidentiality of electronic 
    records from the point of their creation to the point of their receipt. 
    Such procedures and controls shall include those identified in 
    Sec. 11.10, as appropriate, and such additional measures as document 
    encryption and use of established digital signature standards 
    acceptable to the agency, to ensure, as necessary under the 
    circumstances; record authenticity, integrity, and confidentiality.
    
    
    Sec. 11.50  Signature manifestations.
    
        (a) Electronic records which are electronically signed shall 
    display, in clear text, the printed name of the signer and the date and 
    time when the electronic signature was executed.
        (b) Electronic records shall clearly indicate the meaning (such as 
    review, approval, responsibility, and authorship) associated with their 
    attendant signatures.
    
    
    Sec. 11.70  Signature/record binding.
    
        Electronic signatures and handwritten signatures executed to 
    electronic records shall be verifiably bound to their respective 
    electronic records to ensure that the signatures cannot be excised, 
    copied or otherwise transferred so as to falsify another electronic 
    record.
    
    Subpart C--Electronic Signatures
    
    
    Sec. 11.100  General requirements.
    
        (a) Each electronic signature shall be unique to one individual and 
    shall not be reused or reassigned to anyone else.
        (b) Before an electronic signature is assigned to a person, the 
    identity of the individual shall be verified by the assigning 
    authority.
        (c) Persons utilizing electronic signatures shall certify to the 
    agency that their electronic signature system guarantees the 
    authenticity, validity, and binding of any electronic signature. 
    Persons utilizing electronic signatures shall, upon agency request, 
    provide additional certification or testimony that a specific 
    electronic signature is authentic, valid, and binding. The 
    certification should be submitted to the agency district office in 
    which territory the electronic signature system is in use.
    
    
    Sec. 11.200  Identification mechanisms and controls.
    
        (a) Electronic signatures which are not based uponbiometric/
    behavioral links shall:
        (1) Employ at least two distinct identification mechanisms (such as 
    an identification code and password), each of which is 
    contemporaneously executed at each signing;
        (2) Be used only by their genuine owners; and
        (3) Be administered and executed to ensure that attempted use of an 
    individual's electronic signature by anyone other than it's genuine 
    owner requires collaboration of two or more individuals.
        (b) Electronic signatures based upon biometric/behavioral links 
    shall be designed to ensure that they cannot be used by anyone other 
    than their genuine owners.
    
    
    Sec. 11.300  Controls for identification codes/passwords.
    
        Electronic signatures based upon use of identification codes in 
    combination with passwords shall employ controls to ensure their 
    security and integrity. Such controls shall include:
        (a) Maintaining the uniqueness of each issuance of identification 
    code and password.
        (b) Ensuring that identification code/password issuances are 
    periodically checked, recalled, or revised.
        (c) Following loss management procedures to electronically 
    deauthorize lost tokens, cards, etc., and to issue temporary or 
    permanent replacements using suitable, rigorous controls for 
    substitutes.
        (d) Use of transaction safeguards to prevent unauthorized use of 
    passwords and/or identification codes, and detect and report in an 
    emergent manner any attempts at their unauthorized use to the system 
    security unit, and to organizational management.
        (e) Initial and periodic testing of devices, such as tokens or 
    cards, bearing the identifying information, for proper function.
    
        Dated: August 23, 1994.
    William K. Hubbard,
    Interim Deputy Commissioner for Policy.
    [FR Doc. 94-21468 Filed 8-30-94; 8:45 am]
    BILLING CODE 4160-01-F
    
    
    

Document Information

Published:
08/31/1994
Entry Type:
Uncategorized Document
Action:
Proposed rule.
Document Number:
94-21468
Dates:
Written comments by November 29, 1994. FDA proposes that any final rule based on this proposal be effective 90 days after its publication in the Federal Register.
Pages:
0-0 (1 pages)
Docket Numbers:
Federal Register: August 31, 1994
CFR: (12)
21 CFR 11.10(b)
21 CFR 11.1
21 CFR 11.2
21 CFR 11.3
21 CFR 11.10
More ...