FDA 21 CFR Part 11 Compliance: Dual Identification for Signoffs
By Anurag Batra on Oct 20, 2008
Here's an extract from the Federal Register that lays out the final ruling of 21 CFR Part 11:
"Section 11.200 provides that electronic signatures not based on biometrics must employ at least two distinct identification components such as an identification code and password".
With Agile 18.104.22.168, we've provided an ability for Administrators to configure specific workflow statuses that require signoff to require an additional form of user authentication along with the usual approval password. The Administrator also has the flexibility of determining what the second form of user authentication should be.
The system preference "Signoff User Dual Identification Type" determines what the second form of authentication would be if it were required on any workflow status. This is a global setting, and its default value (N/A) indicates that only one form of authentication is required on all signoffs. Customers setting up 21 CFR Part 11 compliance may set this value to require the UserId or Login Password to be the second form of authentication, in addition to the Approval Password. It must be kept in mind that if Login Password is selected as the second form of authentication, users won't be able to set "Use Login Password for Approval" to "Yes" in their profiles.
The workflow status setting "Dual Identification Required" can have a value of Yes or No (default). A Yes value causes all signoffs on that status to require the user to enter his UserId or Login Password in addition to the Approval Password at the time of signoff. This parameter is available only for workflow statuses that require signoffs (statuses of type Review or Released) only - with the exception of Declaration objects, which also have this option available on Submit type statuses.