What is FDA 21 CFR Part 11?

FDA 21 CFR Part 11 regulation (Part 11) is the Food and Drug Administration's regulations that cover document signing and records retention for processes and documents specified by the FDA. Prescribed as an “open system” system solution, as defined in Section 11.3(b)(9), in which there is electronic communication among multiple persons and where system access extends to people who are not part of the organization that operates the system. The controls for an open system are discussed in Section 11.30.

...the system shall employ procedures and controls designed to ensure the authenticity, integrity and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt to ensure record authenticity, integrity and confidentiality.

To help meet the control requirements, DocuSign’s Part 11 module has pre-set account options to add, authenticate and limit envelope access to authorized signers. 

DocuSign's Part 11 Module: Designed for Ensured Compliance

DocuSign sets the global standard for electronic signatures and Digital Transaction Management (DTM) and supports life science organizations’ compliance with the e-signature practices set forth in 21 CFR Part 11 with tailored functionality and packaged service offerings. DocuSign’s open, standards-based approach makes it easy to integrate compliant electronic signatures, even into complex processes and systems.

DocuSign Part 11 Module available with DocuSign Enterprise delivers transactions guaranteed to meet all FDA regulations. It contains capabilities designed specifically for the Life Sciences industry that include:

• Signature-level credentialing
• Signature-level Signature Meaning
• Pre-packaged account configuration
• Signature manifestation (Printed Name, Date/Time, and Signature Meaning)

Automating Compliance Into Your Workflow

For organizations that use Jira to manage their business processes, DocuSign for Jira makes it easy to integrate and automate DocuSign-guaranteed compliance directly into your Jira workflows. For Life Science and other industries that must comply with strict FDA regulations DocuSign for Jira is a must. DocuSign for Jira is specifically designed to work with your existing DocuSign template libraries so you can automate the sending of critical, government-regulated documentation at each stage of your business process that requires official sign-off.

Map Your Recipients to Jira Issue Fields & Roles

In each transition you can specify variables from Jira issue fields, roles or identify static Jira users and email addresses to map to the DocuSign's envelope recipients. This can be done using Template Schemes where Jira Issue Types can be mapped to DocuSign Templates and recipient roles mapped as well. Or Jira administrators can identify specific templates, recipient and field mappings directly into workflow transitions for greater flexibility.

Pre-Fill Your DocuSign Documents with Jira Data

The sign-off process involving official, regulated documentation can be data-entry intensive. Often this is done by manual document creation, then further manual uploads to DocuSign via Word .docx or Adobe .pdf files that are then decorated with initial, signature and other DocuSign tabs.  Though DocuSign provides a robust field definition and configuration capability, this often goes unused beyond capture of necessary inputs for the document itself. Reporting, querying or re-use of the valuable data entered during envelope signing is not possible. DocuSign for Jira allows fields 

Capture Your DocuSign Recipient Data Entry in JIra Fields

DocuSign for Jira supports bidirectional or "two-way" synchronization between DocuSign "Tabs" and your Jira issue fields allowing capture and reportable persistence of all information and corrections gathered during the signing processes. If your recipients are external to your organization and not users in your Jira instance, you can still capture their data inputs from DocuSign envelopes using the "Delegate Edit" feature. This capability is particularly useful in cases where multiple documents are filled/signed in a process where subsequent documents rely on previous 

Manage DocuSign Envelopes from Jira

Your employees who rely heavily on DocuSign and Jira to perform their daily functions and duties will find links and information at their fingertips from within their Jira issues or in DocuSign for Jira's Project Report. Filter by Envelope Title, Sender, Status and sort as well. View recipient-level status as well by expanding the rows. Each issue has a new DocuSign Envelopes pane as well as a DocuSign audit tab for quick, easy access to envelopes and important, audit events.

Automate and Simplify

DocuSign Enterprise CFR Part 11 Module guarantees thorough compliance with FDA regulations. DocuSign for Jira takes that full capability and DocuSign's carrier-grade infrastructure and combines it with Jira's world class business process management application to automate the review, approval and signature processes that require the utmost confidence in security, retention, audit and repeatability. With DocuSign for Jira's unique template-based mapping system, you can capture all your data inputs from the signature process in DocuSign in to Jira for reporting and reuse.

To learn more about DocuSign for Jira, take a look at our demo video or contact Praecipio Consulting to help your organization automate your eSignature process.

According to IDC's 2015 report, The Document Disconnect, 76% of executives and managers in sales, HR, procurement, legal, and other departments estimate that fixing the “document disconnect” can lead to document process issues impact revenue recognition or create auditor issues. As process improvement experts, we at Praecipio Consulting love saving our clients money by mitigating wasted time and helping them do work faster. With that in mind, we've compiled our top 4 tips to get faster approvals leveraging DocuSign for Confluence to integrate your mission critical document tools. 

It’s natural for us to neglect maintenance. It works like this:

• You have a problem that needs to be fixed.
• You neglect the need for awhile because it’s not “bad enough” for you to spend money on it.
• The problem worsens; the need intensifies. Extra work is done to keep things running.
• The need is prioritized. But the solution is too expensive.
• The problem worsens even more. Tons of extra work is done to keep things running.
• The money spent on temporary solutions nears the total cost of a solution.
• You purchase a solution to the problem.

Now, after all that trouble, money, and wasted time, the last thing we want to do when we procure a solution is devote work to maintaining it. It’s true with any solution. When you buy a new car, you don’t want to deal with changing brake pads during your first month of ownership. When you fix a problem, you are physically and emotionally pre-disposed to exalt the solution as ultimate redemption and not think about the problem. The problem is fixed. There are no more problems.

But you can’t do this with software, even though every ounce of yourself inclines you to. Even if your business spends $1 million implementing a new do-it-all software solution. No matter how much you paid, the cost doesn’t mean your maintenance / future planning responsibilities don’t have to exist. If you don’t actively ensure your software is:

• integrating effectively with your business processes,
• integrating effectively with other software / systems,
• adapting to future needs,
• responsibly maintained,
• used properly by employees,
• compliant with industry trends and best practices,
• and kept cost-effective,

…you effectively (and unintentionally) make your software fail. Indeed, in most cases, new software that becomes obsolete to the business within a year of its implementation is often the result of:

• Misuse / lack of proper training. Employees who lack a knowledge of what the software can do, how it works, and how it improves their work, they won’t be able to see the advantage of using it – and more importantly, they won’t be able to use it right. Document management software, for example, can quickly become messy and disorganized if employees don’t understand how it’s supposed to be used. That’s a major setback to progress – and could create a problem worse than the original one.
• Poor adoption rates / internal advocacy. Closely relating to misuse, if the solution isn’t “marketed” internally, employee buy-in could flounder. Preparing employees for a solution is a key part of the implementation process. Few people love change, and businesses can’t expect employees to react well if change is spontaneously legislated from their point of view.
• Lack of integration with business processes. If a software solution doesn’t integrate with business processes, it doesn’t improve an organization. Period. And the more business processes it integrates with, the more valuable it becomes. Great software improves process, and improved process makes the business more profitable by trimming costs.
• Lack of integration with other software / systems. A single software rarely solves every business problem. Multiple softwares are usually leveraged for different purposes. Since business processes throughout an organization impact one another much like those of a living organism, processes are interdependent. They interact with one another across departmental lines. Process management software will therefore interact with other systems – making integration a must for success.
• Lack of compliance with industry trends and best practices. Keeping up with software trends is crucial in this day and age. While it’s costly, it keeps your company marketable and ensures access to support services. Adopting a software that was last updated in 2002, for example, will render you irrelevant to the times, which speaks about your organization. Best practices such as ITIL are derived from industry-leading successes. They pave paths of success for others to follow. Staying on the cutting edge and doing it right are required to remain healthy and progressive. Not doing so can leave you in the dust.

Don’t let your software dictate its own life. Planning is as important the day after “go live” as it is the day before. A software that’s prepared for, well-maintained, well-integrated, and supported with forward-thinking will yield the highest long-term ROI to the business.

In our last Cloud post (Cloud Computing Risks and Rewards) we discussed a number of Cloud risks related to security:

• Data location (Do You Know What Your Data Is Doing When You’re Not Looking?)
• SAS70 and PCI Compliance
• Data protection (IDS, IPS, firewall, etc)

These risks don’t “demonize” the cloud – but rather raise some critical questions regarding the protection of company data that’s migrated to cloud servers. The security of the cloud is still a bit (forgive the pun) cloudy to most – and may integrate well with existing security policies, protocols, and infrastructure.

Christofer Hoff – who offers excellent cloud perspective in his blog Rational Survivability-
claims it’s not the nature of cloud computing businesses should be worried about, but rather how companies implement and manage cloud computing.

“We’re struggling less with security technology solutions (as there really are few) but rather with the operational, organizational, and compliance issues that come with this new unchartered (or pooly chartered) territory,” Hoff wrote in his post Security and the Cloud – What Does That Even Mean?

Hoff’s quote pinpoints the simple source of our worries: we’ve developed a standard for IT security and compliance that’s being disrupted by something new. The question now is not whether companies should migrate to the cloud. The question is how our existing security methodologies will translate and apply to cloud computing. Since no industry standard for cloud security compliance has been adopted, organizations must steer their own ships as they sail toward cloud solutions.

Four ways organizations can retain appropriate data security as they implement elements of the cloud:

1. Policy reviewing. A few thorough reads of your cloud provider’s policy will likely explain the rights they reserve to store and protect your data.
2. SAS70 and PCI Compliance. As we said in our last post, SAS70 and PCI compliance policies may uncover details that aren’t specified in service agreements. They’re standards for cloud peace of mind.
3. Choosing a public, private, or virtual private cloud. Public clouds allow secure employee access to company data from any system anywhere. Private clouds are more costly, granting access from company systems or systems within the company’s LAN network, providing greater control over data resources and security. Virtual private clouds use a public cloud infrastructure in a private /semi-private manner, providing more balance between cost efficiency and security.
4. Leveraging ITIL methodology. ITIL offers a one-size-fits-all starting point for IT methodology. As more business adopt cloud applications, businesses will have opportunities to apply ITIL methodology to a new generation of computing.