Electronic signatures, or e-signatures, play a crucial role in compliance with FDA Standard 21 CFR Part 11, which sets forth regulations for electronic records and electronic signatures in the pharmaceutical, biotechnology, and medical device industries.
E-signatures are a way to ensure that an employee is authenticated to Read & Understand an SOP and no one else clicked the R&U button on their behalf. For example, let’s say that Sam was assigned to R&U the company’s SOPs as part of his Employee Onboarding Training, but another user (let’s call him John) has access to Sam’s login credentials. John logs in to Confluence as Sam and approves the SOPs by clicking the Read & Understood button. If there is no e-signature in place, we won’t be able to know if the person who confirms the R&U was in fact Sam or John, logged in as Sam.
To help organizations meet these requirements, QC Read & Understood offers a solution that combines security and convenience: QC R&U One-Time Password (OTP) Authentication. In this article, we'll explore how QC R&U OTP Authentication can be used as a way to e-sign a Confluence document and ensure FDA compliance when confirming to have Read & Understood a page.
The FDA has established the requirements for electronic records and signatures. Many organizations require a biometric signature in their training processes, but if that’s not the case for your organization then you will need to follow the below-mentioned rules:
Ensure the user's identity. You need to make sure that the person who clicked the R&U button was the person who was assigned/asked to do so. You can do this by requiring an OTP.
A two-step verification is needed. 21CFR Part 11 requires that there are two forms of identification for e-signatures.
Login credentials must be secure. Creating a Password Policy and training your employees on it, in addition to username and password testing, are needed to ensure the security of the login credentials.
Record the e-signatures. 21 CFR Part 11 requires that all e-signatures, the reasoning of the e-signature, the date and time must be recorded.
Ensure that training records are safe. You must make sure that all the training records are safe and no user can edit and/or delete them.
OTP Authentication is a robust security mechanism that adds an extra layer of protection to user accounts. It works by generating a unique, time-sensitive password for each login attempt. This means that even if an attacker intercepts a password, it will be useless after a short period, significantly reducing the risk of unauthorized access.
OTP Authentication offers several benefits in the context of Confluence Cloud:
Enhanced Security: OTPs add an extra layer of security, reducing the risk of unauthorized access.
User Accountability: Every approval action is tied to a specific user, enhancing accountability.
Compliance: OTP Authentication aligns with FDA standard 21 CFR Part 11, making it easier to meet regulatory requirements.
Cost Savings: By reducing the risk of data breaches and unauthorized access, organizations can potentially save on compliance-related costs.
QC Read & Understood simplifies the implementation of OTP Authentication for confirming to have Read & Understood a page. This app streamlines the process and ensures that only authorized users can R&U their assigned SOPs. Let's dive into the steps involved in setting up QC R&U OTP Authentication within Confluence Cloud.
Begin by installing the QC Read & Understood app to your Confluence site. This app is designed to seamlessly integrate OTP Authentication into your document management process.
Once the app is installed, navigate to your Space Settings → App Links → QC R&U and enable OTP Authentication. This step ensures that the OTP requirement is enforced for all R&U confirmations within the space.
To strengthen individual responsibility, each user should enable OTP Authentication from their profile settings. This extra layer of protection ensures that even if user credentials are compromised, an OTP is still required for R&U a page.
To enable the QC R&U OTP on your profile settings:
Click on your profile icon and select “Settings”,
Navigate to QC R&U OTP Authentication and follow the steps to enable it.
With QC R&U OTP Authentication in place, the R&U process becomes highly secure and compliant with FDA regulations. Here's how it works:
Users are required to use an authenticator app, such as Google Authenticator, to generate OTPs.
When a user is assigned to R&U a Confluence page, they must input the OTP generated by their authenticator app. If the user did not enable the QC R&U OTP Authentication from their profile settings they will see a warning message.
We are always happy to help you and provide with the necessary support, so don’t hesitate to contact us via any of our available support channels.
Sofia Kargioti _QC Analytics_
Business Developer
QC Analytics PC
Thessaloniki, Greece
0 comments