“We operate in a regulated environment and are subject to compliance with numerous US government regulations governed by the FDA and USDA. CoSign ensures we stay in compliance while helping improve efficiency in all aspects of animal health records.”
- Kevin Maher, CEO, GlobalVetLink
CoSign computer system validation is supported in the following manner:
Because of CoSign’s “black box” appliance architecture, most CoSign installations require only a minimal validation effort. Still, some customers have undergone more extensive efforts including Vendor Audits, use of ARX documentation to support IQ validation records, and/or executing test scripts.
The CoSign User manual and Installation manual may serve as additional documentation supporting a client’s validation and IQ/OQ.
Finally, ARX also has multiple partners that can deliver standard validation scripts and custom validation services for CoSign installations. Please contact us for more information.
It is a common practice for clients to set up a new SOP for the use of electronic signatures in their organization, including alerting the FDA (as required under Title 21 CFR Part 11 Sec. 11.100c). In addition, most ARX clients modify this template for use in informing employees, partners and suppliers, and potential auditors of the use of electronic/digital signatures, CFR Part 11 compliance, digital signatures in general, CoSign specifically, and the corporate policies surrounding the use of electronic signatures and records in their organization.
When custom integration work is done with the CoSign SDK, clients will need to follow their normal SDLC software development lifecycle procedures to support validation, and the CoSign SDK (SAPI, a Signature API) programmer’s guide would be part of this documentation set as well. This is typical in applications where CoSign is integrated with an electronic document management system (EDM); the overall integrated system goes through extensive validation but no additional effort for Cosign is required, other than including the CoSign SAPI Programmer’s Guide with the documentation set and the client’s integration Quality Plan. CoSign has been integrated with many EDM solutions, and in some cases there is a standard integration connector which also aids in reducing the validation efforts as would be required for a custom integration. Contact ARX for information about integration with various EDM solutions and other business applications.
The 21 CFR Part 11 areas covered by CoSign include:
(d) Limiting system access to authorized individuals – CoSign provides Active Directory integration for identity proofing, credentialing, user management and authentication for use.
(e) Audit trails – CoSign for signing PDFs includes revision history associated with each signature/version. If integrated with an EDM, signed files have a full audit trail and revision history provided by these applications. CoSign also includes an internal audit log of all signature operations.
(f) Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate – CoSign forces entry of a Reason Code at time of signing as required. If integrated with an EDM and workflow application, additional enforcement of approval steps are provided.
Authenticity & integrity of electronic records from the point of their creation to the point of their receipt – All documents signed with CoSign provide for verification of signer identity, intent, time/date stamp, and proof of data integrity.
Signed electronic records shall clearly indicate printed name of signer, date & time and reason for signing – CoSign provides visible signer name, time/date, reason and data integrity status for all signed file formats, and also optionally the signer’s graphical signature in PDF, Word, Excel, and InfoPath files.
(a) Unique electronic signatures for each user – CoSign provides a unique, individual signature key pair and ID certificate for every signer.
Employ at least two distinct identification components; Continuous sessions – CoSign most commonly provides Active Directory integration including forced authentication via Username + Password at time of signing.
CoSign has been installed in hundreds of validated production environments, and has been used on thousands of FDA and EMA GxP regulated applications that are 21 CFR Part 11 compliant and validated. Our staff is well-versed in FDA requirements including 21 CFR Part 11, GxP, and computer system validation. Perhaps most importantly, digitally signed electronic records created by CoSign have been used to support thousands of FDA, EMA, ISO, HACCP, HIPPA and SOX audits and e-submissions.
To date, CoSign has been integrated with a wide variety of third party document-centric applications including Microsoft Sharepoint, NextDocs, Oracle Fusion Middleware, IBM Score, IBM/FileNet, OpenText LiveLink, OpenText Hummingbird ECM, Adobe LiveCycle, Cardiff LiquidOffice, Docuware, Verity LiquidOffice, Laserfiche, Interwoven, Documentum as well as custom-developed applications.