Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Confirm to Read & Understood an SOP within Confluence Cloud for FDA 21 CFR Part 11 Compliance

Why e-signatures are important?

Electronic signatures, or e-signatures, play a crucial role in compliance with FDA Standard 21 CFR Part 11, which sets forth regulations for electronic records and electronic signatures in the pharmaceutical, biotechnology, and medical device industries.

E-signatures are a way to ensure that an employee is authenticated to Read & Understand an SOP and no one else clicked the R&U button on their behalf. For example, let’s say that Sam was assigned to R&U the company’s SOPs as part of his Employee Onboarding Training, but another user (let’s call him John) has access to Sam’s login credentials. John logs in to Confluence as Sam and approves the SOPs by clicking the Read & Understood button. If there is no e-signature in place, we won’t be able to know if the person who confirms the R&U was in fact Sam or John, logged in as Sam.

To help organizations meet these requirements, QC Read & Understood offers a solution that combines security and convenience: QC R&U One-Time Password (OTP) Authentication. In this article, we'll explore how QC R&U OTP Authentication can be used as a way to e-sign a Confluence document and ensure FDA compliance when confirming to have Read & Understood a page.

FDA Standard 21 CFR Part 11 requirements for e-signatures

The FDA has established the requirements for electronic records and signatures. Many organizations require a biometric signature in their training processes, but if that’s not the case for your organization then you will need to follow the below-mentioned rules:

  • Ensure the user's identity. You need to make sure that the person who clicked the R&U button was the person who was assigned/asked to do so. You can do this by requiring an OTP.

  • A two-step verification is needed. 21CFR Part 11 requires that there are two forms of identification for e-signatures.

  • Login credentials must be secure. Creating a Password Policy and training your employees on it, in addition to username and password testing, are needed to ensure the security of the login credentials.

  • Record the e-signatures. 21 CFR Part 11 requires that all e-signatures, the reasoning of the e-signature, the date and time must be recorded.

  • Ensure that training records are safe. You must make sure that all the training records are safe and no user can edit and/or delete them.

Understanding OTP Authentication

OTP Authentication is a robust security mechanism that adds an extra layer of protection to user accounts. It works by generating a unique, time-sensitive password for each login attempt. This means that even if an attacker intercepts a password, it will be useless after a short period, significantly reducing the risk of unauthorized access.

Benefits of OTP Authentication

OTP Authentication offers several benefits in the context of Confluence Cloud:

  • Enhanced Security: OTPs add an extra layer of security, reducing the risk of unauthorized access.

  • User Accountability: Every approval action is tied to a specific user, enhancing accountability.

  • Compliance: OTP Authentication aligns with FDA standard 21 CFR Part 11, making it easier to meet regulatory requirements.

  • Cost Savings: By reducing the risk of data breaches and unauthorized access, organizations can potentially save on compliance-related costs.

The QC R&U OTP Authentication solution

QC Read & Understood simplifies the implementation of OTP Authentication for confirming to have Read & Understood a page. This app streamlines the process and ensures that only authorized users can R&U their assigned SOPs. Let's dive into the steps involved in setting up QC R&U OTP Authentication within Confluence Cloud.

Setting Up QC R&U OTP Authentication

Step 1: Installing the QC Read & Understood App

Begin by installing the QC Read & Understood app to your Confluence site. This app is designed to seamlessly integrate OTP Authentication into your document management process.

Step 2: Enabling QC R&U OTP Authentication from Space Settings

Once the app is installed, navigate to your Space SettingsApp LinksQC R&U and enable OTP Authentication. This step ensures that the OTP requirement is enforced for all R&U confirmations within the space.

Step 3: User Configuration

To strengthen individual responsibility, each user should enable OTP Authentication from their profile settings. This extra layer of protection ensures that even if user credentials are compromised, an OTP is still required for R&U a page.

To enable the QC R&U OTP on your profile settings:

  1. Click on your profile icon and select “Settings”,

  2. Navigate to QC R&U OTP Authentication and follow the steps to enable it.QC R&U OTP Authentication - DISABLED on user profile.png

QC R&U OTP Authentication - ENABLED on user profile.png

The R&U Process

With QC R&U OTP Authentication in place, the R&U process becomes highly secure and compliant with FDA regulations. Here's how it works:

  1. Users are required to use an authenticator app, such as Google Authenticator, to generate OTPs.

  2. When a user is assigned to R&U a Confluence page, they must input the OTP generated by their authenticator app. If the user did not enable the QC R&U OTP Authentication from their profile settings they will see a warning message.R&U Confirmation - Warning! QC R&U OTP Authentication is disabled.png

  3. If QC R&U OTP Authentication is enabled, they will be asked to type the OTP as shown in their authenticator app.R&U Confirmation - QC R&U OTP Authentication is enabled.png
  4. Only if the correct OTP is provided will the page be approved and the R&U confirmation recorded. This ensures that only authorized users can confirm that they have Read & Understood an SOP.R&U Confirmation - OTP provided is correct!.png




Need further assistance?

We are always happy to help you and provide with the necessary support, so don’t hesitate to contact us via any of our available support channels.



Log in or Sign up to comment
AUG Leaders

Atlassian Community Events