Implementing Digital Signatures in an

FDA-Regulated Environment

Michelle Engler, Senior Application Architect, Life Sciences, Perficient

with support from

Sally Miranker, Computer System Validation, Life Sciences, Perficient

Tina Howard, Quality Assurance-Compliance, Life Sciences, Perficient

facebook.com/perficient twitter.com/Perficient_LSlinkedin.com/company/perficient

2

Perficient is a leading information technology consulting firm serving clients throughout

North America and Europe.

We help clients implement business-driven technology solutions that integrate business

processes, improve worker productivity, increase customer loyalty and create a more agile

enterprise to better respond to new business opportunities.

About Perficient

3

• Founded in 1997

• Public, NASDAQ: PRFT

• 2013 revenue $373 million

• Major market locations:

• Allentown, Atlanta, Boston, Charlotte, Chicago, Cincinnati,

Columbus, Dallas, Denver, Detroit, Fairfax, Houston,

Indianapolis, Minneapolis, New York City, Northern

California, Oxford (UK), Philadelphia, Southern California,

St. Louis, Toronto, Washington, D.C.

• Global delivery centers in China and India

• >2,200 colleagues

• Dedicated solution practices

• ~90% repeat business rate

• Alliance partnerships with major technology vendors

• Multiple vendor/industry technology and growth awards

Perficient Profile

Business Process Management

Customer Relationship Management

Enterprise Performance Management

Enterprise Information Solutions

Enterprise Resource Planning

Experience Design

Portal / Collaboration

Content Management

Information Management

Mobile

BU

SINESS SO

LUTIO

NS

50

+ PAR

TNER

S

Safety / PV

Clinical Data Management

Electronic Data Capture

Medical Coding

Clinical Data Warehousing

Clinical Data Analytics

Clinical Trial Management

Healthcare Data Warehousing

Healthcare Analytics

CLIN

ICA

L / HEA

LTHC

AR

E IT

Consulting

Implementation

Integration

Migration

Upgrade

Managed Services

Private Cloud Hosting

Validation

Study Setup

Project Management

Application Development

Software Licensing

Application Support

Staff Augmentation

Training

SERV

ICES

5

Michelle Engler, Senior Solutions ArchitectLife Sciences, Perficient

(650) 291-4710

Michelle.Engler@perificient.com

Sally Miranker, Head of Computer Systems ValidationLife Sciences, Perficient

(619) 980-7288

Sally.Miranker@perificient.com

Tina Howard, Head of Quality Assurance ComplianceLife Sciences, Perficient

(760) 696-3650

Tina.Howard@perificient.com

Welcome & Introduction

Agenda

• Digital Signature Technology Overview

• Requirements for a dSignature Solution

• Available dSignature Solutions

• dSignature Solution and 21 CFR Part 11 Compliance

• Implementing, Validating, and Releasing the dSignature Solution

• Demonstration

• Future Plans

• Questions

• Contact Information

6

Digital Signature Technology Overview

Electronic Signatures and Digital Signatures

• Definitions

FDA 21 CFR 11.3 (7) - Electronic Signature

The term 'electronic signature' means an electronic sound, symbol, or process, attached

to or logically associated with a contract or other record and executed or adopted by a

person with the intent to sign the record

• FDA 21 CFR 11.3 (5) - Digital Signature

Digital signature means an electronic signature based upon cryptographic methods of

originator authentication, computed by using a set of rules and a set of parameters such

that the identity of the signer and the integrity of the data can be verified

A digital signature falls into a sub-group of electronic signatures that provides the

highest levels of security and universal acceptance. Digital signatures are based on

Public Key Infrastructure (PKI) technology, and guarantee signer identity and intent,

data integrity, and the non-repudiation of signed documents.1

1. http://www.arx.com/learn/about-digital-signature/digital-signature-faq

7

Digital Signature Technology Overview

What is a digital signature?

• A digital signature takes the concept of traditional paper-based signing and turns it

into an electronic “fingerprint.” This “fingerprint,” or coded message, is unique to

both the document and the signer and binds them together.

• Digital signatures ensure the authenticity of the signer.

• Any changes made to the document after it has been signed invalidate the

signature, thereby protecting against signature forgery and information tampering.

Is a digital signature legally enforceable?

• Yes. In 1999, the EU passed the “EU Directive for Electronic Signatures” and on

June 30, 2000, President Clinton signed the Electronic Signatures in Global and

National Commerce Act (“ESIGN”), which made signed electronic contracts and

documents as legally binding as a paper-based contract. Today, digital signature

(standard electronic signature) solutions carry recognized legal significance,

enabling organizations to comply with regulations worldwide.

8

Business Case for Digital Signatures -

Survey Compliance and Assumptions

9

• Survey Monkey was utilized to create a survey to assess the business need and

results were able to be compiled from 53 respondents

• Perficient-Life Sciences processes approximately 856 signatures for the 53

• Time to print, sign, scan, upload, and mail original document to headquarters for

each signatory was estimated and calculated company-wide

• Time to execute a digital signature was estimated at 5 minutes per signature

• Anticipated time/resource savings is approximately 75% or 314 hours/month

Unaccounted for variables: signer’s location (for mailing), equipment limitations, cost

of materials (e.g. paper, printer ink), and management of hard copies of documents

Business Case for Digital Signatures -

Department Signatures Per Month

10

Business Case for Digital Signatures –

Types of Documents

11

Perficient-Life Sciences Requirements

for a Digital Signature Solution

12

• Support third-party Applications (Word, Excel, PDF)

• Allow for multiple signatures per document

• Allows for sectional signing (MS Word)

• Has audit trail and secured time stamps

• Allows for sequential and parallel signing workflow

• Receives instant alerts when someone signs

• Integrates with our EDMS (Alfresco)*

• Compliant with 21 CFR Part 11

• Integrates with Active Directory and requires username/password for signing

• Provides phone/email support

• System is easy and intuitive to use

• System has trial period

• System is available in the cloud**

* No solutions were able to integrate directly out-of-the-box with our Alfresco environment; hence, this requirement was adjusted to require the ability to integrate systems via a development API

** Later, we determined that having a system in the cloud introduced more risk than having a local installation of the solution based oncontrol of the environment

Digital Signature Solutions

Researched and Reviewed

13

DocuSign*

• Cloud-based only

• Cost determined on number of signatures executed

• Extensive full routing and signing certificates

available

• Utilized in many other industries

• Several configuration options available

• Only signs PDF

• Adequate support available

• Electronic Signatures

• Full Web API for EDMS integration available

AssureSign*

• Client or cloud-based solution available

• Cost determined by number of signers

• Full routing available

• Uses templates for signing

• Only signs PDFs

• Adequate support available

• Digital Signatures

• Full Web API for EDM Integration available

Signadura*

• Least expensive solution

• Not fully translated to English

• Support was provided from Spain

• Only signs PDFs

• Digital Signatures

• Integrated with Alfresco

ARX CoSign*

• Client or cloud-based solution available

• Cost determined by number of signers

• Routing available when integrated with EDMS

• Signs PDFs, MS Word, or MS Excel documents

• Experienced with Life Sciences and 21 CFR Part 11 Compliance

• Cost was competitive with other solutions

• Adequate support available

• Digital Signatures

• Full Web API for EDMS integration available

Adobe EchoSign

• Most expensive solution available

• Ruled out based on existence of lower cost options

* Demonstration completed by vendor for solution

Digital Signature Solution –

Selection of ARX CoSign

• ARX CoSign Selected

– Client based installation with installed, unconfigured appliance

provided by ARX

– Allows for signing of all types of documents

– Integration with SharePoint available and full Web Developers API

available

– Provides for client software or signing via a web browser

– Allows prepping of documents for signature

– Adequate support available and provided

– Cost-effective solution that provides Perficient-Life Sciences

employees/consultants with the ability to sign documents

– Opportunity for Perficient–Life Sciences to become an

implementation expert for digital signature solutions for our clients

14

ARX CoSign and 21 CFR Part 11 (1 of 3)

15

ARX CoSign and 21 CFR Part 11 (2 of 3)

16

ARX CoSign and 21 CFR Part 11 (3 of 3)

17

Implementing and Validating the Digital

Signature Solution

• Receive, install, and configure CoSign Appliance

• Install and configure CoSign Web Application (separate web server)

• Add CoSign User and Administrator Groups to Active Directory

• Determine how the system can be used for existing documents

– Updated signature block of document templates

– Meaning of signature added to signature block of document templates

• Prepare and execute full validation for the system:

– Validation Plan

– User Requirements Specification (URS)

– User Requirements to Performance Qualification Traceability Matrix

– Installation Qualification (IQ) Protocol

– Installation Log

– IQ Test Suite

– IQ Summary Report

– Performance Qualification (PQ) Protocol

– PQ Test Suite

– PQ Summary Report

– Validation Summary Report with Statement of Validation

18

Implementing and Validating the Digital

Signature Solution (continued)

• Create Supplemental Guidelines and Guides

– CoSign Client User Guideline

– CoSign Web Application User Guideline

– CoSign Administrator Guide

• Create New Application Roles

– CoSign Super User Role

– CoSign User Role

• Create Training Materials

– CoSign Overview

– Training on CoSign Client (video and presentation)

– Training on CoSign Web Application (video and presentation)

• Update existing SOP-001 Controlled Documents procedure to allow for

digital signatures

• Send letter of non-repudiation to FDA to inform them of our use of digital

signatures

19

Releasing the Digital Signature Solution

• Perficient-Life Sciences Support Representative trained on Tier 1 support

• Internal bug tracking system updated to accept issues/questions with the

implementation of CoSign

• Controlled Document Required Training Notification sent

• Supplemental training provided as video, live session, and with

presentations

• Rolling release implemented for users that have completed required

training

• Installation support provided to those users that have completed training

and require the CoSign Client

• Solution Released in August 2014

20

Future Plans

• Use ARX CoSign MS Word “Sectional Signing” to allow completion of

test cases electronically

• Create a connector between ARX CoSign and the Perficient-LS EDMS,

Alfresco Community Edition

• Provide implementation and validation services for Life Sciences

companies wishing to implement ARX CoSign

21

Demonstration

22

23

www.facebook.com/perficient

www.perficient.com

www.twitter.com/perficient_LS

Thank You!

For more information, please contact:

Michelle.Engler@perficient.com

LifeSciencesInfo@perficient.com (Sales)

+44 (0) 1865 910200 (U.K. Sales)

+1 303 570 8464 (U.S. Sales)