CoSign Digital Signatures Empower NextDocs SharePoint-based Solution

Partner NextDocs Country United States Industry Life Sciences Manufacturing Healthcare Applications DM/Quality Management

Overview

Business Requirement
NextDocs, a leading provider of Microsoft SharePoint-based regulatory document and quality management software, needed a digital signature capability to help their customers fully realize the benefits of an electronic process. The benefits of a completely electronic workflow include streamlining business processes and saving on costs, while meeting regulatory requirements.

Solution
Integration of CoSign into NextDocs products using CoSign's SAPI (Signature API). The solution allows the users to digitally sign documents within NextDocs Document and Quality Management software suite.

Benefits
The solution enables the electronic documents to be created, approved, and digitally signed in most common document file formats, directly from the NextDocs workflows. This capability considerably reduces the time and cost of workflow processes and enables a completely electronic process. Utilizing standards-based technology for digital signatures on electronic records fulfills common needs, including use as electronic evidence for vendor/ FDA / SOX audits; exchanging secure documentation with external business partners / suppliers / clients; or electronically submitting to the USPTO / FDA / and other government entities for patents or new product applications and approvals.

Case Study

Introduction
NextDocs is a leading document and quality management software provider for life sciences, manufacturing, healthcare, and other regulatory environments. Its products include a web-based enterprise document and quality management solution, designed specifically for companies operating with significant compliance burden and regulatory overview. NextDocs products are based on SharePoint technology, allowing access to shared workspaces and documents.

A typical shortcoming in the document management system marketplace is the propensity for electronic records to be locked in the proprietary container of the system they were created for. This means that for the lifespan of the document, it is completely dependant on the specific system that created it for validation. Moreover, external parties that do not have the same document management system are unable to verify the document. A significant point of value for NextDocs is that unlike its marketplace competitors, its electronic records are not locked in the proprietary container.

By using digital signatures, recipients can simply verify the identity and intent (non-repudiation) of a document's signer(s) and validate the integrity of the data using standard desktop applications such as Microsoft Word, Excel, InfoPath, Adobe Acrobat, AutoCAD and many others, ensuring the document has not been altered. The capacity to internally and externally route and share documentation that is sealed with a digital signature is a tremendous asset, because it assures the adherence to compliance by verifying that the document isn't intentionally or unintentionally altered during the workflow. Moreover, a digitally signed electronic record, unlike other proprietary electronic signature solutions, is guaranteed to be a readable and verifiable format for decades into the future.

Business Need
During the strategic planning of their product vision, NextDocs recognized that existing products in the marketplace were limited by their ability to only verify electronic records in a proprietary manner. Essentially, only a small group of internal employees that had a software license for the document management system were able to access or validate records. To address the lack of ability to validate records, many of NextDocs' prospective clients were forced to convert electronic documents back into paper whenever a signature was required. By reintroducing paper into the workflow, these potential customers were also increasing costs and delays in the process, not to mention increasing the workload involved with maintaining paper-based source records and electronic-based reproductions.

In order to deal with this limitation, NextDocs needed to create source records that were electronic from the initial introduction of the document, through signing, routing, verification, and retention. This need could be met by integrating Public Key Infrastructure (PKI)-based digital signatures with the NextDocs solution. Since digital signatures are based on a standard technology, which is already supported by common file formats such as Microsoft Word, Excel, InfoPath and PDF, documents can be signed in a way that verification in the future does not require any additional software download. Digital signatures with NextDocs DM would also eliminate the need to ever reintroduce paper back into the process.

Key Challenges
For all the promised value that PKI-based digital signatures offered NextDocs and the clients using their document management solution, finding a solution that satisfied the technical and commercial needs proved challenging. Traditionally, digital signatures have been time consuming and complex to deploy, and integration with business applications has been limited and required cryptographic expertise. The result is an expensive investment in development, infrastructure, and ultimately ongoing support and system maintenance. In addition, NextDocs needed a digital signature solution that fit into existing PKI infrastructures that some of their clients, such as larger pharmaceutical companies, already have deployed.

Solution
NextDocs integrated the CoSign digital signature technology provided by ARX. CoSign's proven technology is being used extensively in FDA and HIPAA regulated markets, eliminating the risks of working with an unproven technology. The core CoSign architecture is an appliance that is FIPS 140-2 Level 3 certified (often required under US and EU regulations), satisfying the stringent security standard established by the US government for cryptographic modules. The CoSign centralized approach also minimizes or eliminates any client-side footprint on the signer’s desktop.

The deployment effort for NextDocs was minimized by CoSign’s out-of-the-box integration with the company’s user management system (typically Microsoft Active Directory) and the CoSign high-level API, designed for digital signature integration with business applications. On-going support was minimized by the CoSign appliance's built-in Certificate Authority (CA), which centrally generates, manages, and stores user signature keys and certificates. The CA can also be setup in a subordinate capacity for clients with existing PKI infrastructure.

Results
NextDocs has capitalized on the huge impact that Microsoft SharePoint 2007 and ARX CoSign digital signatures have made in the document management market. As such, NextDocs has positioned itself as the leading solution for electronic source document authoring, approving, signing, and routing in the regulated life science and healthcare markets. 

By integrating digital signatures, NextDocs provides its clients with the capability to internally or externally verify electronic records (today or decades into the future) independently of any specific technology. This is an ideal solution for companies collaborating with other organizations, partners or suppliers, or looking to electronically submit documents to agencies. By completely eliminating paper from the records creation process, end users significantly reduce costs and lags from existing workflows and business processes.

By using CoSign for their digital signature solution, NextDocs was able to expedite their development process and provide a more advanced integration of digital signature technology within their solution. With CoSign, the overall cost of the solution has been reduced, and the reduction in complexity requires less ongoing support requirements for NextDocs clients. The CoSign certified and centrally deployed appliance approach fits the thin or zero client side footprint needs of NextDocs client installations. The system has also proven to be quickly adopted by users, existing PKI security policies, FDA regulations including 21 CFR Part 11, and HIPAA regulations.

Lessons Learned
NextDocs' implementation of CoSign highlighted several important aspects of a digital signature solution, including the importance of an intuitive installation, sectional signing and editing capability, and simplicity of use. A more detailed explanation is presented below.