[Federal Register Volume 59, Number 168 (Wednesday, August 31, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-21468]


[[Page Unknown]]

[Federal Register: August 31, 1994]


_______________________________________________________________________

Part VII





Department of Health and Human Services





_______________________________________________________________________



Food and Drug Administration



_______________________________________________________________________



21 CFR Part 11




Electronic Signatures; Electronic Records; Proposed Rule
DEPARTMENT OF HEALTH AND HUMAN SERVICES

Food and Drug Administration

21 CFR Part 11

[Docket No. 92N-0251]

 
Electronic Signatures; Electronic Records

AGENCY: Food and Drug Administration, HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Food and Drug Administration (FDA) is proposing 
regulations that would, under certain circumstances, permit the agency 
to accept electronic records, electronic signatures, and handwritten 
signatures executed to electronic records as generally equivalent to 
paper records and handwritten signatures executed on paper. These 
proposed regulations would apply to records when submitted in 
electronic form that are called for in Title 21 of the Code of Federal 
Regulations (CFR). The use of electronic forms of recordkeeping and 
submissions to FDA remains voluntary. This proposed rule is a followup 
to the agency's July 21, 1992, advance notice of proposed rulemaking 
(ANPRM). The intended effect of this proposed rule is to permit use of 
electronic technologies in a manner that is consistent with FDA's 
overall mission and that preserves the integrity of the agency's 
enforcement activities. This proposed rule is also intended to assist 
in achieving the objectives of the Vice President's National 
Performance Review.

DATES: Written comments by November 29, 1994. FDA proposes that any 
final rule based on this proposal be effective 90 days after its 
publication in the Federal Register.

ADDRESSES: Submit written comments to the Dockets Management Branch 
(HFA-305), Food and Drug Administration, rm. 1-23, 12420 Parklawn Dr., 
Rockville, MD 20857.
    FDA encourages interested persons who elect to send their comments 
by e-mail to also send two paper copies of their comments to the 
Dockets Management Branch (address above).
    The INTERNET ([email protected]) address is only for this 
docket and will be disabled after the comment period closes. However, 
based upon the outcome of this proposed rule, FDA may extend acceptance 
of comments by e-mail to other dockets in the future.
    This proposed rule is available via INTERNET and BITNET by sending 
an e-mail message to [email protected] The sole purpose of this 
electronic address is to automatically distribute the proposed rule by 
return e-mail. Therefore, no other correspondence should be sent to 
this electronic address, and there is no need to include text in the 
body or subject of the electronic request message. However, to permit 
any necessary followup, persons may include their names, postal 
addresses, and phone numbers in the body of the messages.

FOR FURTHER INFORMATION CONTACT: 
    Paul J. Motise, Center for Drug Evaluation and Research (HFD-323), 
Food and Drug Administration, 7520 Standish Pl., Rockville, MD 20855, 
301-594-1089.
E-mail address via MCI Mail:
    Name: Paul J. Motise, EMS: FDA, MBX: MOTISE, MBX: A1, MBX: FDACD.
(For help in addressing format contact the MCI# Mail Customer Support 
Line (1-800-444-6245)); or
    Tom M. Chin, Division of Compliance Policy (HFC-230),Food and Drug 
Administration, 5600 Fishers Lane, Rockville, MD 20857, 301-443-1500.

SUPPLEMENTARY INFORMATION: 

I. Background

    In the Federal Register of July 21, 1992 (57 FR 32185), FDA 
published an ANPRM on whether the agency should propose regulations 
that would, under certain circumstances, permit the agency to accept 
electronic identification or electronic signatures in place of 
handwritten signatures where signatures are required in 21 CFR, and 
where the electronic form of the signature bearing record is allowable 
by the regulations. The ANPRM requested comments on current and future 
electronic records maintained by industry and subject to FDA 
inspection, submitted to FDA for review and approval, and FDA's own 
records and industry notifications. The ANPRM also identified and 
sought specific comment on the following issues: (1) Regulatory 
acceptance; (2) enforcement integrity; (3) security; (4) validation; 
(5) standards; and (6) freedom of information (FOI). In the Federal 
Register of October 21, 1992 (57 FR 48008), FDA published an extension 
of the comment period regarding the ANPRM. Interested persons were 
given until December 18, 1992, to comment on the ANPRM.
    FDA received 53 comments from trade associations, pharmaceutical 
and medical device manufacturers, computer systems developers, private 
organizations, a Federal agency, a university, and consumers. The 
comments generally support the ANPRM's objectives. A number of the 
comments made suggestions. As appropriate, comments will be responded 
to in this document in the discussion of the proposed regulation set 
forth below.

II. Summary and Analysis of Comments to the ANPRM

A. Analysis of Comments

    The agency received a total of 53 comments to the July 21, 1992, 
ANPRM. Comments came from a variety of sources including: 6 trade 
associations, 27 pharmaceutical manufacturers, 2 medical device 
manufacturers, 1 contract laboratory, 8 computer systems developers, 1 
law firm on behalf of a computer systems developer, 1 law firm on 
behalf of a consortium of industrial research companies, 1 agency of 
the Federal Government, 1 drug sample distribution establishment, one 
medical center, 1 university food sciences unit, 1 express mail 
delivery service, and 2 individuals.
    Comments generally supported the agency's efforts relative to 
electronic signatures and electronic records. One comment suggested 
that FDA's actions may provide a model for other Federal agencies. 
Several comments found the agency's electronic identification issues to 
be among the most important and immediate concerns currently facing the 
pharmaceutical industry.
    One comment expressed concern that the ANPRM did not address 
medical devices and urged the agency to adopt uniform agency-wide 
policies regarding electronic signatures.
    In general, comments addressed the advantages of electronic records 
in enhancing product quality, control, production efficiency, and the 
conduct of nonclinical laboratory studies. Comments urged the agency to 
follow a course of action that would not impede technological 
innovation. Comments also called for expedited resolution of the issues 
in order to facilitate industry's plans for implementing new 
technologies.
    One comment commended the agency for making the February 24, 1992, 
progress report of the FDA Electronic Identification/ Signature Working 
Group available via e-mail and encouraged FDA to continue electronic 
distribution of agency documents. One comment submitted a 58-page paper 
which addressed legal considerations and a detailed stratification 
scheme based upon security risks.
    Although the ANPRM stated that the scope of FDA's considerations 
extends to all articles that it regulates, and to all portions of 21 
CFR under its jurisdiction, very few comments were received from 
sources outside the pharmaceutical industry. One medical device trade 
association mistakenly commented that medical devices were not covered. 
The agency emphasizes that all regulated articles are covered. The 
agency agrees that it is important to accommodate new technologies in a 
responsible manner. The agency also agrees with the comment that 
encouraged FDA to continue electronic distribution of agency documents. 
FDA will be implementing this form of distribution increasingly in the 
future.
    The decision to propose these rules is based upon: (1) The 
information and comments submitted in response to the July 21, 1992, 
ANPRM; (2) the recommendations and findings of the agency's Task Force 
on Electronic Identification/Signatures, which was reported in the 
progress report of FDA's Electronic Identification/Signature Working 
Group on February 24, 1992 (Ref. 1); and (3) the agency's experience 
with alternatives to conventional handwritten signatures and electronic 
records.
    The agency is aware that automated systems are being used more 
extensively in the various industries that it regulates. Use of such 
systems is also expanding within the agency itself. Implementing 
paperless electronic records and attendant methods of ``signing'' such 
records is an emerging objective of the use of automation. Signatures 
are a key aspect of many records. The transition from paper records 
containing traditional handwritten signatures to paperless electronic 
records raises issues relating to FDA's acceptance of alternatives to 
handwritten signatures and their underlying trustworthiness.
    FDA recognizes the importance of electronic records and their 
integration into a variety of automation efforts, such as manufacturing 
process controls, materials resources controls, laboratory information 
systems, clinical trial information systems, and electronic data 
interchange activities. The agency is aware that some new technologies 
and manufacturing methods require use of electronic records. For 
example, in certain highly controlled manufacturing environments, the 
presence of paper itself can pose a source of product contamination, 
and (for highly toxic compounds) paper can be a vehicle for exposing 
workers to dangerous compounds.
    FDA is aware of the benefits of conducting official electronic 
communication with regulated industries and the public. However, the 
agency is also aware that legal, regulatory, and administrative 
concerns have delayed full use of electronic communication. FDA expects 
that promulgation of the regulations proposed in this document will 
begin to address the agency's concerns and facilitate the agency's 
modernization efforts.
    Although most comments to the ANPRM addressed electronic records 
within the context of closed systems, where access is limited to people 
who are part of the organization that operates the system, the agency 
expects that near-term development and implementation of appropriate 
controls for open systems, where access extends to people outside of 
the operating organization, will facilitate secure, authoritative 
electronic communication between FDA and the regulated industries.
    The Vice President's Report of the National Performance Review has 
as a stated objective the expanded use of new technologies and 
telecommunications to create an ``electronic government.'' (September 
7, 1993, Report of the Vice President's National Performance Review 
(pp. 113 through 117) (Ref. 2)). This proposal would be a first step by 
FDA in implementing this objective, by, for example, allowing 
electronic filings of regulatory documents and expanded use of e-mail. 
This will result in significant benefits to the public, the regulated 
industry, and the agency. These benefits could include faster review 
and approval of new products, and rapid availability of a variety of 
agency documents around the clock.
    FDA encourages the use of new technologies that will enhance the 
quality, safety, and efficacy of products it regulates, but is mindful 
of the need to maintain the ability to fulfill its consumer protection 
mandate. The agency believes that these proposed rules will accomplish 
both objectives.

B. Comments on Record Types

    The ANPRM requested examples of records that: (1) Are maintained by 
industry and inspected by FDA, (2) are submitted to FDA, and (3) are 
created and maintained by FDA that may be amenable to electronic 
identification/signatures. Most respondents confined their comments to 
the first record type. However, a few comments provided the following 
examples of records in each category:
    Records maintained by industry and inspected by FDA that may be in 
electronic form include:
    1. Master and batch production and control records,
    2. Logs,
    3. Standard operating procedures,
    4. Laboratory notebooks,
    5. Complaint records,
    6. Validation protocols and data summaries,
    7. Laboratory data summaries, and
    8. Drug sample records under the Prescription Drug Marketing Act 
(the PDMA) (Pub. L. 102-353).
    Although most comments addressed pharmaceutical records, the agency 
believes that it is necessary to recognize that records maintained by 
industry and inspected by FDA extend to other articles and include 
records such as:
    1. Medical device history records, and medical device master 
records,
    2. Master record files,
    3. Blood bank donor records,
    4. Thermally processed low-acid foods records, and
    5. Hazard analysis critical control points
    Records submitted to FDA that may be in electronic form include:
    1. New drug or new animal drug applications,
    2. Product license applications,
    3. Establishment license applications, and
    4. Drug or veterinary drug master files.
    Most comments focused on pharmaceutical documents. However, the 
agency recognizes that submissions for other FDA-regulated products 
would be applicable. Such records include, but are not limited to:
    1. Medical device premarket approval applications,
    2. Medical device premarket notifications,
    3. Medicated feed applications,
    4. Food additive petitions,
    5. Color additive petitions,
    6. Infant formula notifications,
    7. Low acid canned food and acidified food firm, registration and 
scheduled process filing, and
    8. Generally recognized as safe (GRAS) petitions.
    One comment addressed records maintained by the agency and 
suggested that signatures recorded electronically (SRE's), as 
identified in the ANPRM, should be an acceptable alternative to 
signatures recorded on paper. The comment asserted that SRE's have 
sufficient uniqueness, are difficult to forge (especially when 
accompanied by the date and time the SRE was made), and would realize 
legal acceptance.
    Two comments suggested that whatever policies are adopted for 
electronic records maintained by the industry, or records submitted to 
the agency, apply equally to FDA's own records.
    Although the proposed rule focuses primarily on records maintained 
by industries inspected by FDA, and submissions to the agency, FDA will 
apply the principles in the new rule to its own electronic documents.

III. Definitions/Stratified Acceptance Approach

A. Definitions

    One comment agreed with FDA's working definitions. The comment 
noted that electronic identification should suffice for all of the 
agency's applications and called for common codified definitions for 
the following words and phrases.
1. Signature
    Several comments agreed with FDA's working definition of the term 
``signature.'' One categorized conventional signatures as ``wet 
signatures'' and one submission suggested renaming the term 
``handwritten signatures'' for clarification.
2. Signatures Recorded Electronically
    One comment suggested that the term ``signatures recorded 
electronically'' be defined as an electronically captured image of a 
handwritten signature on optical, magnetic or other electronic media. 
One comment agreed with the working definition.
3. Electronic Signature
    Several comments called the working definition of the term 
``electronic signature'' as acceptable and useful. However, some 
comments claimed that the term is imprecise and potentially confusing 
to the extent that the word ``signature'' also appears in other working 
definitions. Several comments suggested the alternative phrases: 
``Biometric/behavioral identification'' and ``biologically-based 
electronic identification.''
    One comment referred to its security code number assignment system 
as an electronic signature, used by physicians to phone in requests for 
additional drug samples previously reserved under the physicians' 
names. Telephone requests are followed up by confirmatory signed paper 
forms.
4. Electronic Identification
    Many comments suggested that FDA define only two terms, 
``signatures'' (meaning conventional handwritten signatures) and 
``electronic identification'' (to encompass signatures recorded 
electronically, electronic signatures, and all other forms of 
electronic identification). Comments suggested that definitions should 
not imply superiority of one type of endorsement over another and 
offered the following definition of electronic identification: ``any 
method for identifying an individual where the act of providing a 
personal mark (signing) is recognized and/or recorded electronically.''
    Comments asserted that secure, validated computer systems that use 
electronic identification provide better, or at least equivalent, 
authentication than systems using handwritten signatures.
    One comment suggested that a more precise term would be 
``administratively controlled electronic identification.'' One comment 
said that its digital signature encryption technology, a system using 
encrypted ``keys'' and proprietary algorithms, would meet the agency's 
working definition of electronic identification, but could be coupled 
with hardware and software that utilize biometric links to meet the 
definition of electronic signature.
5. Other Definitions
    Two comments offered the following additional defined terms: 
``Signature Alternative''--an electronically recorded mark from any 
type of electronic identification, not involving a signature recorded 
electronically, including electronic signature (biometric/behavioral 
identification) and, administratively controlled electronic 
identification.
    ``Signing''--the act of providing a personal recorded mark that 
serves as identification. The mark can be, but is not necessarily, 
provided by handwriting. The mark may also be provided by a stamp, 
seal, or electronic device. The last example typically records the mark 
in magnetic or optical media rather than on paper.
    The agency believes that the diversity of comments on definitions 
reflects the variety of signature technologies that are available, and 
the need for a simple codified definition of as few terms as possible. 
The agency is persuaded by the general premise, expressed in many 
comments, that FDA should establish only two definitions based broadly 
on whether or not the ``signature'' is handwritten. Therefore, the 
agency is proposing to codify two definitions, one for ``handwritten 
signature'' and one for ``electronic signature.'' Electronic signature 
would include electronic identification; handwritten signatures would 
include signatures recorded electronically.
    FDA disagrees with the assertion that ``electronic 
identification,'' rather than ``electronic signature'' should be one of 
the two broad terms, for several reasons. The agency believes the 
appearance of the word ``signature'' in both ``electronic signature'' 
and ``handwritten signature'' will not be confusing to the average 
person, especially where the codified definitions are clear.
    More importantly, the agency believes that there are overriding 
advantages to maintaining the word ``signature'' in the term 
``electronic signature.'' The legal, regulatory, and psychological 
importance that the average person has come to associate with 
conventionally signing a paper document is more likely to be carried 
over and equally applied to technological alternatives if the word 
signature is preserved. On the other hand, substitution of the word 
``identification'' for ``signature'' may, on its face, imply that the 
alternative is something quite different and perhaps less significant. 
Thus, terminology can help to establish the functional equivalency of 
different technologies.
    In addition, the term ``electronic identification'' can be too 
limiting in scope because signatures do more than merely identify the 
person who signed something that could be done by a person who did not 
perform the action. However, retention of the word ``signature'' in the 
term ``electronic signature'' conveys by direct inference all of the 
purposes of a handwritten signature, including identification, 
authentication, and affirmation.
    Accordingly, FDA is proposing in Sec. 11.3 to define ``Handwritten 
signature'' as the name of an individual, handwritten in script by that 
individual, executed or adopted with the present intention to 
authenticate a writing in a permanent form. The act of signing with a 
writing or marking instrument such as a pen, or stylus is preserved. 
However, the scripted name, while conventionally applied to paper, may 
also be applied to other devices which capture the written name.
    ``Electronic Signature'' is defined in proposed Sec. 11.3 as the 
entry in the form of a magnetic impulse or other form of computer data 
compilation of any symbol or series of symbols, executed, adopted, or 
authorized by a person to be the legally binding equivalent of the 
person's handwritten signature.

B. Biometric/Behavioral Links as Part of the Electronic Signature

    Systems which utilize biometric/behavioral links as part of the 
electronic signature verify a person's identity based on measurement of 
an individual's physical feature(s) or repeatable action.
    One comment addressed the behavioral link incorporated in a 
software product designed for use in pen-based computers; it described 
how the system provides reliability and trustworthiness by calibrating 
and recognizing a set of characteristics attendant to the act of 
signing (pen strokes, speed, acceleration, etc.).
    One comment provided a paper in support of a signature verification 
system that characterizes the act of signing to establish a behavioral 
link between the signer and the signature, noting the system's low 
error rate (0.19 percent false rejects and 0.56 percent false accepts), 
security, social acceptance, performance, low cost, and computer 
portability. The paper describes how the system could be used on 
networks or over phone lines, in conjunction with a microprocessor-
based encryption card, to prevent transmission of a prerecorded (and 
possibly false) signature by requiring the generation of a signature 
for each endorsement.
    One submission asserted that stable technologies exist to provide 
reliable and repeatable electronic verification of individuals based 
upon a biometric/behavioral link. The comment furnished a report 
summarizing testing on several such systems that use fingerprints, hand 
geometry, the act of signing, retinal scans and voiceprints; the 
comment cited access control as the primary type of application for 
such systems.
    Several comments argued against technologies that incorporate 
biometric/behavioral links on the grounds of excessive cost; two 
comments said biometric based devices cost about $1,800 to $4,000 per 
unit and behavioral based devices cost $600 to $1,500 each.
    Most comments argued against the premise that biometric/behavioral 
links are necessary or beneficial to electronic signatures. However, 
two comments asserted that appropriate application of electronic 
signatures requires a biometric or direct behavioral link to an 
individual, and one comment acknowledged that such links are less 
susceptible to procedural deviations than other authentication methods. 
One comment said biometric/behavioral links are appropriate to systems 
which control physical access to a facility.
    Many comments urged FDA to refrain from requiring use of systems 
based on biometric/behavioral links (particularly where the drug 
current good manufacturing practice (CGMP) regulations require 
signatures) on the grounds that:
    1. Such a requirement would be contrary to the objectives of the 
CGMP regulations;
    2. Electronic signature systems are not routinely used in non-FDA 
regulated industry;
    3. Electronic signature technology is relatively immature and 
unreliable;
    4. The technology is relatively expensive; and
    5. Electronic signature devices are impractical for pharmaceutical 
applications in which operators are garbed so as to obscure anatomical 
interaction with detection devices (e.g., hand or voiceprints would be 
difficult to manage where workers wear masks or gloves).
    FDA believes it is important to allow firms to take advantage of a 
variety of new technologies. It is not the agency's intent to mandate 
use of systems that use biometric/behavioral links, although the agency 
recognizes the potential advantages of such systems and encourages 
their development and adoption. Comments generally indicate that 
biometric/behavioral link technologies have been developed, may have 
high levels of reliability, but have not yet been incorporated into 
manufacturing environments to any appreciable degree. Accordingly, the 
agency's proposed regulations do not, at this time, specify the type of 
electronic signature technologies that are required.
    However, because FDA recognizes the benefits of those electronic 
signatures which are inherently less vulnerable to falsification, and 
because the agency wishes to encourage the development of such 
technologies, the proposed regulations reflect the position that the 
robustness of biometric/behavioral based systems permits less stringent 
administrative controls to be used.
    In addition, FDA considers that biometric/behavioral based systems 
may have greater application in open environments, which pose a greater 
challenge to signature integrity than closed environments.

C. Purpose of Signatures

    One comment identified the following functions of a signature: To 
identify someone; to declare, to witness, to acknowledge or disclaim, 
to agree or disagree, and to exhibit responsibility or authorship, as a 
formalized personal act such that subsequent disavowal or disclaimer is 
highly unlikely. The comment added that good practice suggests that the 
signature be properly ascertained, clearly indicated, and appropriately 
exhibited in a prominent place, and that bilateral mechanisms can 
further this purpose, and focus the individual's attention on the 
gravity, solemnity, and formality of the event. The comment also noted 
that because the purpose of a signature is not always apparent, some 
documents include clarifying phrases such as ``in witness thereof,'' or 
``agreed to by.'' The comment further stated that in the typical 
manufacturing environment custom governs the meaning of a signature 
(e.g., to acknowledge performance of a procedure, responsibility for 
proper performance of the procedure, or to show that the person was 
merely present).
    The agency believes the comment has identified an important aspect 
of a signed writing, namely the meaning ascribed to the signature. 
Accordingly, the regulations proposed at Sec. 11.50(b) require the 
document being signed to clearly indicate the purpose of the electronic 
signature. FDA also agrees with the comment's view that bilateral 
mechanisms can help to establish the seriousness of the electronic 
endorsement, and the agency is proposing at Sec. 11.200(a)(1) to 
require certain electronic signatures to be composed of at least two 
elements.
    Respondents also commented on how signature alternatives might 
fulfill the following traditional purposes of a signature:
    1. To identify the actor and show his/her authority to act.
    Many comments disagreed that presence of a signature shows the 
signer's authority to act, noting that such authority is generally 
determined by the individual's organization. However, several comments 
acknowledged that electronic identification systems can be programmed 
to confirm an individual's authority to act.
    One comment said authority to act could be met by the use of 
identification codes/passwords for intra-establishment records and by 
public key encryption standards such as the Rivest-Shamir-Adleman (RSA) 
standard for inter-establishment records.
    The agency agrees that the presence of a signature, per se, does 
not necessarily guarantee that the signer has the authority indicated. 
However, in general, the presence of the signature, in combination with 
the signer's title, is by custom a reasonable indication that the 
person does have the organization's authority to endorse the subject 
document. FDA believes that in most cases people will not sign a 
document if they lack the authority called for by the action of 
signing. In the kinds of electronic environments addressed by the 
comments, systems can check a cross-referenced authorization roster to 
see that an individual who attempts to sign a document has, in fact, 
the requisite authority.
    2. To document the action in a way that is legally binding and 
cannot be repudiated.
    Comments generally asserted that properly validated and secure 
electronic identification systems would be legally binding.
    The agency agrees with the comments regarding the importance of 
validation and security and the proposed rule places appropriate 
emphasis on these controls.
    One comment suggested that documentation of the action, not the 
individual, should be of prime importance because FDA is concerned more 
with the actions of a company than with individuals within a company, 
and that concern with actions of individuals is the concern of the 
company itself. The comment added that the RSA encryption standard 
could be used in this area for inter-establishment electronic records.
    FDA disagrees with the premise that FDA should be concerned more 
with corporate than individual actions. In FDA's enforcement 
activities, there is equal emphasis on the responsibility of both 
individuals and corporations. Furthermore, section 201(e) of the 
Federal Food, Drug, and Cosmetic Act (21 U.S.C. 321(e)) defines a 
person to include an individual, partnership, corporation, and 
association.
    3. To create a record that would be admissible in court.
    One comment suggested that a record should be admissible in court 
if it is shown that the record was generated by the responsible 
company, regardless of whether or not the record was signed; the RSA 
encryption standard was again cited as applicable for inter-
establishment records. One submission said that electronic records 
would be admissible when authenticated by appropriate corporate 
officials under appropriate procedures relative to electronic 
identification.
    The agency has found that court acceptance of records generally 
hinges on their reliability and trustworthiness. Although FDA agrees 
that a given unsigned record may be strictly admissible in a 
proceeding, establishing reliability and trustworthiness may well 
require that specific documents bear signatures of responsible 
individuals. In addition, as stated above, it is frequently important 
for FDA to establish individual, as well as corporate responsibility in 
pursuing regulatory actions, thus making it vital that evidentiary 
documents are signed by key individuals. The weight given to a piece of 
evidence may also depend upon the presence or absence of a verifiable 
signature.

D. Stratification

    The ANPRM suggested that FDA might stratify acceptance of signature 
alternatives based upon the regulatory significance of the electronic 
record. Comments generally held that regulatory significance should not 
be the basis of stratification. Two comments argued against any 
regulatory stratification at all, one asserting that because 
conventional signatures are accepted in all situations, any alternative 
that provides security, identity, legibility and enforceability equal 
to or better than a handwritten signature should, likewise, be accepted 
for any application.
    Two comments agreed with the concept of developing a stratified 
system whereby the regulatory significance of a record would determine 
the level of security needed for the signature alternative, but 
indicated that companies should individually define the various 
security categories and develop appropriate security procedures.
    One comment said that electronic authorizations of high importance 
might require use of secondary passwords or codes to further augment 
security and verify data integrity.
    Although most comments disagreed with the stratification approach 
suggested in the ANPRM, many comments suggested stratification along 
other lines, as follows:
1. Open Versus Closed Systems
    Many comments suggested that stratification of signature 
alternatives be limited to security measures applied to inter versus 
intra company records. The distinction was stated in terms of 
``closed,'' versus ``open'' environments. Comments said that closed 
systems are typical in the pharmaceutical industry, and include 
administrative and physical controls to enhance reliability of the 
electronic endorsements.
    Several comments described a typical CGMP closed system as: (1) 
Having controlled physical access; (2) having professionally written 
and approved procedures with employees and supervisors trained to 
follow them; (3) having records systems designed to facilitate quality 
assurance investigations when abnormalities may have occurred; and (4) 
being under legal obligation to the organization responsible for 
operating the system.
    The following examples of documents in closed systems were given: 
CGMP records, GLP (good laboratory practice) and GCP (good clinical 
practice) records including clinical case reports, such submissions to 
FDA as new drug applications and adverse experience reports, and FDA 
internal records.
    Comments generally characterized open systems as: (1) Having 
potentially greater exposure by outsiders; (2) entailing communication 
among multiple parties (e.g., communication by modem); and (3) 
extending system access to people who are not legally obligated to 
system managers.
    Comments gave examples of open system documents including: Requests 
for drug samples, institutional review board (IRB) reviews of clinical 
protocols, GLP records, and Freedom of Information submissions to FDA.
2. Security Baseline Stratification for Open Systems
    One comment presented a paper which addresses security 
stratification parameters based upon the risks of disclosure, where 
electronic messages are communicated in an ``open'' system. 
Stratification involves three security baselines, each of which 
considers the following message attributes: (1) Content sensitivity; 
(2) monetary value; (3) time sensitivity; (4) statutory security 
mandates; and (5) authentication certification requirements.
    Message attributes, under the baseline system, determine the 
necessity and extent of the following security and reliability 
measures: (1) Noncryptographic identification and authentication; (2) 
systems controls to ensure authenticity, integrity, and availability; 
(3) audit trails; (4) message authentication codes (MAC's); (5) digital 
signatures/encryption; and (6) electronic notarization.
    Message attributes combined with appropriate security and 
reliability measures then determine the electronic document's legal 
effect: The degree to which the documents are considered to be legal 
signed writings that are authentic and enforceable to the same extent 
as comparable documents prepared using conventional paper-based 
mechanisms.
    The agency has carefully considered the divergent comments on 
acceptance stratification and is persuaded that the regulatory 
significance of a document need not be the basis of such 
stratification. However, the comments reflected a general premise that 
the nature and extent of security measures necessary to reasonably 
establish the reliability, authenticity, and confidentiality of an 
electronic signed writing will vary to the extent that the writings are 
vulnerable to unauthorized alteration or loss.
    The agency agrees with comments that a fundamental two tier 
stratification based upon open and closed systems, as comments 
described, is warranted. FDA anticipates that most electronic documents 
which are maintained by industry and inspected by the agency would be 
considered as falling within ``closed'' systems. Electronic records 
that are submitted to the agency, however, as indicated by the 
comments, may be considered to be within either ``closed'' or ``open'' 
systems depending on how they are delivered (i.e., via ``open'' e-mail, 
or ``closed'' hand-delivery by submitters or postal services). 
Likewise, FDA's own electronic records may be stratified as existing in 
either open or closed systems depending on how they are originated and, 
for certain records, transmitted to correspondents.
    The proposed regulations place primary emphasis on electronic 
records in closed systems, because that approach would cover most of 
the emerging electronic records and would respond to the most urgent of 
industry's needs in developing electronic record systems. FDA considers 
``open'' systems to be nonetheless important because correspondence and 
regulatory submissions conveyed by public electronic networks are 
gaining wider implementation. Therefore, FDA may, in the future, 
propose more specific requirements relating to open systems, as the 
agency gains additional information and experience with open systems 
and the controls that may be necessary to maintain the integrity and 
authenticity of electronic documents in that environment.

IV. Legal Acceptance

    Several comments said that electronic records would, in fact, be 
admissible in court, provided that there are controls in place to make 
the records reasonably reliable and trustworthy. One comment cited 
several recent court cases in support of this acceptability.
    The agency notes that although the ANPRM did not specifically 
request comments on legal acceptability of electronic records and 
signatures, the gist of most of the comments is that legal acceptance 
will not be hindered, provided that the records are shown to be 
reliable and trustworthy. The case transcript cited by the comment 
included testimony from computer system operators which outlined key 
good computing practices that many of the comments also identified.

V. Regulatory Acceptance

A. General Considerations

    One comment suggested that the disparity among FDA regulations 
regarding acceptance of signature alternatives was based upon 
definitions that are either too weak or restrictive, and called for 
common regulatory definitions.
    The agency believes that any regulatory disparity derives from a 
number of factors, including the degree to which various regulations 
anticipate use of electronic records in place of paper records, and 
specific program needs of different FDA centers. FDA believes that 
differences can be dispelled by promulgation of these uniform broad 
based regulations on electronic records/signatures. The agency agrees 
that common definitions in such regulations would help to harmonize 
policy across different parts of FDA.
    One comment recommended that FDA issue a broad policy statement or 
inspectional guideline that would broadly accept electronic 
identification/signatures and that would at least establish criteria 
for the degree of security required for electronic identification/
signature systems. The comment urged that no new regulations be issued.
    The agency has determined that a policy statement, inspectional 
guide, or other guideline would be an inappropriate vehicle for 
accepting electronic signatures because such documents do not have the 
same legal significance as substantive regulations that require 
signatures. Guidance documents may be appropriate, however, to 
elaborate upon acceptance regulations.

B. Program Areas

1. Drug CGMP Regulations
    Although the ANPRM applied to all FDA regulations in 21 CFR, most 
comments focused primarily on the CGMP regulations for drugs (parts 210 
and 211 (21 CFR parts 210 and 211)). Some comments suggested that 
resolution of the issues in the CGMP context could be applied to 
resolve similar issues in the context of other FDA regulations.
    Many comments argued that the existing CGMP regulations permit the 
use of electronic identification wherever documents are required to be 
signed, initialed, endorsed or approved, with the singular exception of 
Sec. 211.186 (master production and control records) which explicitly 
requires full handwritten signatures. Comments supported their 
assertions by citing preamble comment paragraphs 186, 282, and 447 in 
the final rule on CGMP's in the Federal Register of September 29, 1978 
(43 FR 45014), FDA's Compliance Policy Guide (CPG) 7132a.08, and 
(unspecified) tacit acceptance by FDA field investigators who encounter 
electronic identification.
    One comment identified several sections of the CGMP regulations as 
requiring signatures, including Sec. 211.188(b)(11) (batch production 
and control records), even though the word signature, per se, does not 
appear (``Identification of the persons performing and directly 
supervising or checking each significant step in the operation'').
    Comments urged the agency to issue a policy statement (such as a 
CPG), in the near term, that would condone use of electronic 
identification for all applications of signatures in the regulations, 
except Sec. 211.186. Comments requested that in the long term, 
Sec. 211.186 be amended to delete reference to handwritten signatures 
and accept electronic identification.
    The agency does not agree with the assertions that, except for 
Sec. 211.186, the CGMP regulations currently permit alternatives to 
handwritten signatures or initials. (See findings of the Electronic 
Identification/Signatures Working Group in its February 24, 1992, 
progress report.) The Center for Drug Evaluation and Research, in 
consultation with the Office of the General Counsel, considered and 
rejected as inappropriate the issuance of a CPG that would accept 
``electronic identification'' or other signature alternatives, even 
before the working group was formed.
    The agency's conclusion regarding what the CGMP's allow was 
conveyed to the Pharmaceutical Manufacturers Association in a letter of 
December 5, 1991 (Ref. 3). Furthermore, the compliance policy guide 
cited by comments is not directly relevant because it addresses second 
check endorsements for operations executed by machine, rather than the 
form that human endorsements take. In addition, although comments cite 
several paragraphs of the 1978 Federal Register notice as supportive of 
their assertions, they overlook a key paragraph in which the agency 
clearly rejected substitution of employee numbers or codes for 
signatures or initials, on the basis of psychological differences from 
the act of signing and because of ease of falsification (43 FR 45068, 
September 29, 1978 (comment 433)).
    The agency advises that some sections of the CGMP regulations, 
while not using the words sign, signature, or initials, nonetheless 
implicitly require endorsements to be in the form of handwritten 
signatures or initials. For example, the provisions of Sec. 211.188 
require batch production and control records to contain the 
``[i]dentification of the persons performing and directly supervising 
or checking each significant step in the operation.'' FDA investigators 
have historically encountered and expect to find the identification to 
take the form of a signature. Some developers of automation systems 
also recognize that ``identification'' means ``signature.''
    Accordingly, the agency is not issuing the suggested CPG, but is, 
instead, proposing these acceptance regulations, that would cover 
records required by most FDA regulations, including the CGMP 
regulations. However, the agency may issue clarifying guidance 
documents, as needed, after such regulations are in effect.
2. Regulatory Submissions
    Two comments said that regulations that require signatures on new 
drug applications necessitate substantial additional handling to 
furnish paper based signatures where the basic submissions are in 
electronic form. Comments suggested that the agency require submissions 
to contain, in lieu of the additional paper, a statement that 
signatures (handwritten or otherwise) are ``on file.'' The comment 
added that FDA could verify those endorsements during its inspections. 
The comments observed further that when electronic submissions are 
copied or converted among various computer file formats, electronic 
endorsements might be omitted.
    One comment stated that resolution of issues associated with 
electronic identification and the transfer or conversion of electronic 
data will be necessary if the benefits of electronic submissions are to 
be achieved.
    The agency believes that codified acceptance of electronic 
signatures in lieu of handwritten signatures will address the issues 
relating to regulatory submissions. Acceptance of electronic signatures 
would, in most cases, obviate the need to have paper based handwritten 
signatures on file as a reference. However, the agency notes, from the 
comments, the importance of having the electronic records include the 
printed name of the signer so as to clearly identify the signer.
3. Prescription Drug Marketing Act
    Several comments cited the signature requirements (for requesting 
and receiving samples of prescription drugs) in the PDMA provisions of 
the Federal Food, Drug, and Cosmetic Act, and based on the increasing 
use of computer technology to transact the handling of such requests, 
urged the agency to accept electronic identification in lieu of 
handwritten paper based signatures. Another comment echoed the same 
suggestion, recommending that biometric/behavioral links not be 
required, but noting also that physician requests for drug samples are 
generally made in ``open'' environments such that use of certain 
alternatives for full electronic or handwritten signatures needs 
review.
    One comment requested that, for purposes of the PDMA, FDA accept 
SRE's based upon their uniqueness and reliability, and that such 
acceptance be codified in regulations. Another comment described its 
SRE pen-computer based system, emphasizing the nonalterability of 
signed electronic records to merit regulatory acceptance.
    One comment assumed that the ANPRM did not pertain to the PDMA.
    One comment asked that FDA issue implementing regulations under the 
PDMA that accept electronic signatures and that such issuance not be 
delayed pending the agency's broader consideration of electronic 
records and endorsements.
    The proposed rule to implement certain parts of the PDMA and the 
Prescription Drug Amendments of 1992 was published in the Federal 
Register of March 14, 1994 (59 FR 11842). That proposed rule would 
prohibit the imprinting or automatic reproduction of a signature by a 
device or machine such as a stamp, copier, or autopen at 21 CFR 
203.61(a). The agency recognizes that the PDMA proposal is not in total 
accord with this general proposed rule on electronic records and 
electronic signatures. As discussed in the preamble to the PDMA 
proposed rule (59 FR 11860), FDA will consider the comments concerning 
electronic signatures and other signature substitutes received in 
response to both proposed rules before final rules are published.
4. Good Laboratory Practices
    One comment suggested that a uniform definition of electronic 
identification would facilitate application of computer based automated 
systems in the area of GLP's.
    One comment cited the language of 21 CFR 58.130(e) (of the GLP 
regulations) as calling for handwritten signatures of paper-based 
records, but allowing dated electronic identification for electronic 
systems.
    FDA believes that, here again, broad acceptance regulations should 
resolve the issues related to GLP's.

VI. Acceptance Regulations

    Several comments asserted that a general rule with a broad preamble 
and specific targeted subsection changes would be the most efficient 
means of accepting electronic signatures throughout the applicable 
regulations. Other comments also supported new regulations that would 
accept electronic identification/signatures throughout existing FDA 
regulations.
    One comment suggested that FDA define the term electronic 
identification in the CFR in order to sanction use of those 
alternatives in place of handwritten signatures. Another comment said 
FDA's codified definition of signature should be clear yet general 
enough to allow industry the flexibility to use the most suitable 
technology. One comment said the agency should codify the terms 
signature, electronic signature, and electronic identification, provide 
examples of each term, and determine if there are substantive reasons 
for requiring handwritten signatures.
    One comment suggested that to enhance the move from paper to 
electronic records, the agency should develop standards for the 
generation of portable electronic copies of records, copies that FDA 
may need in its enforcement activities. The comment also suggested that 
the agency require that systems be capable of generating such portable 
copies.
    One comment suggested that regulations should consider an 
electronic record as ``signed and final,'' once an operator endorses 
the record by entering a password.
    One comment suggested that FDA's regulations would have to address 
both electronic integrity and administrative security.
    One comment urged that FDA's final publication resolve several 
specific issues regarding: (1) Elimination of paper documents when they 
are converted to electronic form, and distinguishing originals from 
copies; (2) establishing the ``legal original'' between secure 
electronic copies of conventionally signed paper documents; and (3) 
whether or not an operation can be based upon a combination of 
electronic and paper records.
    One comment suggested that, until legal and security issues are 
resolved, the agency should accept electronic submissions, encourage 
development of electronic records systems, but require supplementary or 
accompanying handwritten, paper based signatures. The comment added 
that such auxiliary endorsements would parallel the approach taken by 
the Internal Revenue Service regarding filing of electronic tax returns 
(based upon a conventionally signed paper form 8453) and would be 
relatively easy to implement. The same comment suggested that once 
electronic signatures are proven to be legally viable, FDA should not 
require them to be embodied in the electronic documents, but rather 
incorporated in supplementary documents so as to facilitate software 
modification. (As discussed in section VIII. of this document, one 
comment took the opposite view, stressing the importance of having the 
electronic signature securely bound to the signed document.)
    One submission urged FDA to promulgate regulations regarding use of 
electronic signatures in the manufacture of blood components and 
subsequent testing and transfusion service laboratories.
    FDA agrees with the comments that called for broad regulations that 
would clearly define the terms handwritten signature and electronic 
signature (and do so in a manner that affords industry the greatest 
latitude in adopting appropriate technologies), and set conditions 
under which the agency would accept alternatives to handwritten 
signatures. The proposed regulations apply to all FDA program areas, 
including blood components, which are regulated as either drugs or 
medical devices.
    The agency does not believe it necessary to define the term 
``electronic identification'' because the general meaning of the term, 
as suggested by comments, would be contained in the proposed definition 
of electronic signature.
    The agency agrees that it is vital for FDA to be able to obtain 
copies of electronic documents and that systems should have the 
capability of generating such copies--a provision that is in proposed 
Sec. 11.10(b). However, the agency does not, at this time, agree that 
FDA needs to develop specific performance standards for the 
``portability'' suggested. FDA may develop appropriate guidelines in 
the future to address portability attributes.
    Regarding the suggestion that FDA require parallel paper records to 
bear mandated signatures pending resolution of legal issues, the agency 
believes that such a provision need not be codified because there are 
no indications that legal acceptance of electronic records/signatures 
(per se) remains an issue, where the trustworthiness/reliability of 
such records/signatures has been established. The proposed acceptance 
regulations address measures to establish such trustworthiness and 
reliability. However, until the regulations are in effect, firms must 
supplement electronic records with paper documents for purposes of 
having required signatures in conventional form.
    The agency does not understand the basis for one comment's concern 
that electronic signatures not be required to be contained within the 
electronic records that are signed. The key factors in acceptability of 
electronic records/signatures have to do with establishing 
trustworthiness and reliability rather than facilitating software 
modification. Linking the electronic signature with the electronic 
document is an important attribute in establishing the authenticity of 
the endorsement, just as it is important to ``affix'' one's handwritten 
signature to a paper document. FDA believes that electronic signatures 
which are separate from their associated writings are less reliable and 
trustworthy than electronic signatures which are incorporated in their 
respective documents, to the extent that authors can more easily 
repudiate the authenticity of the separated signature.

VII. Enforcement Integrity

    Most comments asserted that, based in part upon the provisions of 
Title 18 of the U.S. Code, use of signature alternatives should not 
adversely affect the agency's enforcement integrity. Comments asserted 
that laws against falsification of paper records apply equally to 
falsification of electronic records, and that FDA should have no 
difficulty in affixing individual responsibility when working with 
electronic records.
    Comments also maintained that electronic record systems must, and 
can under current technology, be designed for reliable storage and 
retrieval, thus meeting industry and FDA audit needs. Comments added 
that electronic record systems can be validated and are at least as 
reliable, and more efficient than, paper-based records.
    One comment asserted that copies of electronic records containing 
signature alternatives will be admissible evidence, in regulatory 
actions, to demonstrate individual responsibility when FDA informs the 
industry that signature alternatives are as binding as conventional 
signatures.
    One comment asserted that within the context of the PDMA, 
electronic signatures would be admissible in court when combined with 
other system controls, such as phoned requests.
    The agency recognizes that the ability to collect electronic 
records that are admissible as evidence, depends in large measure on 
whether or not the systems used to generate those records have been 
designed for reliable storage and retrieval. Accordingly, the proposed 
regulations, at proposed Sec. 11.10(c), require that systems that 
generate and maintain electronic records be designed so that the 
records can be reliably stored and retrieved. The storage/retrieval 
requirement should be coupled with the requirement that such systems be 
capable of generating accurate electronic copies that can readily be 
converted to human readable form. (See remarks on records 
``portability'' in section VI. of this document.)

VIII. Security

    Many comments contended that handwritten signatures are not 
intrinsically secure forms of identification because falsification can 
easily be executed unilaterally. Comments emphasized furthermore that 
properly validated and administered identification/password systems, 
which lack biometric links to individuals being identified, are more 
secure than handwritten signatures to the extent that falsification 
generally necessitates a bilateral action (i.e., two individuals must 
purposefully accomplish falsification). Comments asserted that security 
is fundamentally derived, not from the form of the identification, per 
se, but rather from the attendant system controls.
    One comment argued against placing too high an emphasis on security 
and control measures for signature alternatives, noting that FDA has 
not instituted corresponding controls for conventional handwritten 
signatures on paper records. The comment elaborated that isolated 
forgeries are more apt to go unnoticed than repetitive forgeries of a 
manual signature, and that security of habitual signing derives more 
from the meaning attached to the signing process than the technical 
strength of the process itself. The comment concluded that the 
effectiveness of electronic signature alternatives should also derive 
less from technical security and more from the meaning attached to the 
signing process.
    The agency finds merit in the comments' premise that the integrity 
of an electronic signature is derived more from the systems controls 
used to generate it than from the technology used to apply it. The 
emphasis on systems controls is justified and reflected in the 
provisions of the proposed regulations. However, FDA recognizes that 
electronic signatures based upon biometric/behavioral links can be more 
secure than others to the extent they are more difficult to falsify. 
Whereas the agency agrees that the meaning attached to the signing 
process is important, (e.g., in establishing individual responsibility 
for an endorsed act such as approving a master production record), FDA 
does not agree that the meaning determines the security of the signing.
    Regarding the comment that FDA has not instituted controls for the 
generation of handwritten signatures, the agency notes that specific 
FDA guidance on the matter has not been needed because conventional 
paper controls are well established in our culture and because 
falsification of paper documents can be readily investigated and 
documented by a long-standing body of forensic evidence (e.g., 
handwriting analysis, ink composition and dating, imprints on stacks of 
paper, erasure marks, etc.). On the other hand, a comparable body of 
evidence has yet to be established to pursue falsification of 
electronic documents and signatures.
    The agency finds convincing the argument that electronic signatures 
based on user identification codes combined with passwords can be 
adequately secured in that the signature consists of multiple parts 
which require the collaborative efforts of two individuals to execute a 
falsification. FDA wishes to clarify, however, that contemporaneous use 
of both electronic signature elements must be executed for each 
signing. For example, if a person, having logged onto a system by 
entering both a password and a scanned employee badge containing an 
identification code, need only scan the badge to execute subsequent 
electronic signatures, then the safeguard of having multiple parts to 
the signature would be lost for those endorsements to the extent that 
another person could, unbeknownst to the badge owner, scan the badge 
and falsify the electronic signature. Should the owner carelessly leave 
the badge unattended, the required collaboration would be absent. On 
the other hand, if an ``impersonator'' needs to know the badge owner's 
secret password in addition to physically possessing the badge in order 
to execute a signing, then collaborative efforts would be necessary to 
falsify the electronic signature; the badge owner would have to reveal 
the password to the would-be-imposter, as well as make the badge 
available. Accordingly, proposed Sec. 11.200(a)(1) requires electronic 
signatures that are not based on biometric/behavioral links to employ 
at least two distinct parts, all of which are contemporaneously 
executed at each signing. In addition, proposed Sec. 11.200(a)(3) 
requires that attempts at signature falsifications necessitate 
collaboration of at least two people.
    The agency believes that the acceptance regulations need not 
require at least two distinct elements where the electronic signature 
employs a biometric/behavioral link (e.g., retinal scan, voiceprint) to 
the signer. The bilateral security measure would not be necessary in 
such systems because only the genuine owner of the electronic signature 
would be capable of using it. The owner could not lose, lend, give away 
or otherwise transfer the signature in the first place.
    One comment expressed the hope that security for alternatives to 
handwritten signatures will not result in lesser confidentiality.
    FDA agrees that confidentiality of data in electronic records is as 
important as it is in paper records. Systems controls, for both paper 
and electronic documents, will determine the level of confidentiality.
    One comment stated that signatures recorded electronically, if not 
somehow inalterably bound to the electronic document, are insecure to 
the extent the digitally recorded signature could be excised and 
superimposed upon other documents to falsify an endorsement. Another 
comment supported signatures recorded electronically when they are 
captured to inalterable media, such as optical disks, provided further, 
that access to such media is limited, thus reducing chances of 
alteration.
    The agency agrees that binding an electronic signature to the 
signed electronic document is a vital systems control that helps to 
establish the authenticity of an electronically signed document. 
Accordingly, proposed Sec. 11.70 includes a ``signature to document'' 
binding provision. FDA notes that such a binding is usually inherent 
for handwritten signatures that are applied to paper documents.
    As noted above regarding stratification, many comments made a 
distinction between the security needed for signature alternatives 
affixed to electronic documents contained within the administrative 
control of a given firm (closed system) and signature alternatives 
affixed to records (such as e-mail and submissions to FDA) that are 
transmitted from one establishment to another (open systems). Comments 
suggested that open systems require a higher level of security than 
closed systems, and that a combination of user identification codes and 
passwords, under suitable administrative controls, is sufficient for 
closed systems.
    The agency agrees that because open systems are inherently more 
vulnerable to message compromise, additional security measures may be 
necessary to ensure electronic document integrity and authenticity. 
Such measures may include electronic document encryption and use of 
digital signatures. However, FDA believes that because such measures 
are still evolving, it would be premature to specifically require their 
use in documents submitted electronically to the agency. Instead, the 
proposed rule requires additional security measures, stated in general 
terms, that are designed to ensure document integrity, confidentiality, 
and authentication from point of creation to point of receipt.
    One comment suggested that computer systems used within the CGMP 
and GLP regulations attain the security level of C2 within the 
Department of Defense Trusted Computer System Evaluation Criteria (DoD 
5200.28--STD), also known as the ``Orange Book.''
    One comment concluded that, per the ANPRM working definitions, 
signatures recorded electronically (scripted signatures applied to 
devices other than paper) and conventional signatures applied to paper 
offer the greatest security.
    FDA does not believe it necessary at this time to codify adherence 
to a specific security level that is stated in a standard. The agency 
believes that records under CGMP's and GLP's will have sufficient 
security when the provisions of the proposed rule are followed. 
However, should additional specific criteria be necessary to attain 
adequate levels of security, the agency may consider incorporating 
specific security standards such as the one suggested.
    Many comments identified various administrative security controls 
attendant to the use of (what the ANPRM called) electronic 
identification (identification codes (ID)/passwords), and argued that 
appropriate use of such controls should make ID/password systems 
acceptable to FDA for use in closed systems. Comments generally 
emphasized the need to utilize such controls and not rely upon a single 
form of signature alternative in isolation. Suggested controls included 
the following:
    1. Establish and follow employee policies which hold people 
accountable and liable for actions initiated under their (computer ID) 
accounts to deter forgery of electronic signatures. Comments suggested 
that employees who violate such policies would be subject to 
disciplinary action including termination.
    2. Limit computer access to authorized individuals.
    3. Execute carefully written and controlled operational procedures.
    4. Train employees in the use of operational procedures.
    5. Use fully documented production and control procedures.
    6. Validate systems.
    7. Use identity checks; cross-checking to establish that machine 
readable codes on tokens and a personal identification number (PIN) are 
assigned to the same individual.
    8. Use password checks; checking an independently entered password.
    9. Change passwords periodically.
    10. Use authority checks to determine if the identified individual 
has been authorized (or trained) to use the system, access, or 
operational device, or perform the operation at hand.
    11. Use time stamped audit trails to document changes, record all 
write-to-file operations, and independently record the date and time of 
the operator's action or entry. Concerning audit trail integrity, 
comments emphasized the importance of creating back up files to re-
create documentation and deter inappropriate records alterations.
    12. Use operational checks to enforce permitted operational 
parameters such as functional sequencing or time.
    13. Use records revision and change control procedures to maintain 
an electronic audit trail that documents time-sequenced development and 
modification of records.
    14. Maintain control over the distribution, access, and usage of 
documentation required for various operations.
    15. Encrypt records to provide secure, nonchangeable versions.
    16. Use location (terminal) checks to determine that the physical 
source of the endorsement is valid.
    17. Use intentions checks by providing confirming dialog that the 
signer understands precisely the intentions of a signature.
    18. Use ``time-outs'' of under-utilized terminals to prevent their 
unauthorized use while unattended.
    19. Use security against natural system failures.
    20. Print the individual's name, along with time of ``signing,'' on 
the electronic record to help reenforce the psychological link between 
the author and the endorsement.
    The agency considers that most of the above systems controls have 
merit and they have been incorporated in the proposed regulations.
    One comment identified the following steps to regulate and control 
the issuance of tokens, cards, PIN's, and other machine readable 
indicia of identity:
    1. Chronological logging of each issuance;
    2. Certifying the identity of each individual;
    3. Noting and controlling the empowerment or authority of issuance;
    4. Testing each token, card, or other indicia to make sure it 
works;
    5. Keeping each issuance unique;
    6. Assuring that issuances are periodically checked, recalled, or 
reissued;
    7. Following loss management procedures to electronically de-
authorize lost tokens, cards, etc, and to issue temporary or permanent 
replacements using suitable, rigorous controls for substitutes; and,
    8. Using reasonable transactional safeguards to prevent 
unauthorized use and detect and emergently report (with unmistakable 
notoriety) any unauthorized attempts.
    The agency agrees that all of the above controls are reasonable and 
necessary measures to maintain password integrity. However, some of 
these controls may be more amenable to incorporation in guidelines 
rather than regulations, and therefore do not appear in the proposed 
rule.
    In response to the ANPRM's request that comments identify any types 
of signature alternatives that would be too insecure to be acceptable, 
comments cited the use of unilateral methods, such as a user 
identification that is readily determined from a publication, or 
alternatives used in environments in which employees are motivated to 
falsify identifications. One comment stressed the importance of using 
bilateral systems, but urged the agency to permit industry to choose 
the exact methods (such as use of identification codes combined with 
passwords or tokens).
    As explained above, the agency agrees that single entity signature 
alternatives that may be compromised are not acceptable. Where 
bilateral signatures are used, both portions of the signature should be 
recorded contemporaneously with each ``signing.'' Absent that duality, 
FDA would consider the signature to be unilateral and therefore, if 
capable of being compromised, unacceptable. The agency wishes to 
clarify, however, that single entity signatures based on biometric/
behavioral links that cannot be implemented by people other than their 
genuine owners would be acceptable.

IX. Validation

    Comments generally acknowledged the importance of validating 
signature alternative systems and said that there should be no 
difference between validation of signature alternatives and validation 
of other processes or systems. Most comments claimed that there already 
exists sufficient guidance, published by FDA and the industry, thus 
making it unnecessary for FDA to publish additional guidance on 
validation of signature alternatives.
    Several comments acknowledged FDA's concerns about the adequacy of 
computer systems validation, but indicated that the primary issue 
concerns what constitutes adequate systems specifications, a matter 
comments claimed is still developing.
    Comments identified the following elements of signature alternative 
validation:
    1. Correct specification;
    2. Correct engineering;
    3. Correct testing;
    4. Correct operation;
    5. System definition: functional requirements, software 
requirements, the physical system and its operating environment;
    6. Assurance of software quality: structural and functional;
    7. System documentation that is well organized and that includes 
policies, procedures and master plans defining the philosophy and 
approach to system validation, and defined meanings for approval 
signatures;
    8. Security;
    9. Verification of critical data entries;
    10. Installation, operational, and performance qualification;
    11. Change control and system maintenance;
    12. Employee training;
    13. A records retrieval system that protects records and enables 
their accurate and efficient retrieval throughout their retention 
period; and
    14. Periodic system review and revalidation.
    The agency is persuaded by the comments that although validation of 
electronic signature systems is important enough to be codified as a 
general requirement, publication of specifics as to what constitutes 
acceptable validation of such systems should be deferred at this time. 
Specific information on electronic signature validation may need to be 
provided in either future regulations and/or guidelines.

X. Standards

A. Standards in General

    Several comments acknowledged the general utility of standards 
(e.g., for electronic signatures which use biometric/behavioral links), 
but suggested that the issue should be addressed separately on the 
basis that standards are not relevant to the forms of electronic 
identification anticipated for use in the pharmaceutical industry, and 
because they are seldom used in FDA-regulated industries generally.
    Several comments said FDA should assess existing standards and 
provide input into development of new standards, but should not seek a 
lead role in their development. One comment suggested that FDA 
collaborate with industry in developing standards should they be 
warranted in the future.
    Two comments argued that the absence of standards should not 
inhibit the agency from accepting electronic identification and that 
standards would not be necessary where there is an emphasis on 
validation, security, and well designed and enforced procedures.
    One comment urged the agency to avoid adopting any single standard 
or technology for electronic signatures.
    FDA recognizes the benefits of standards and their relevancy to 
legal and regulatory acceptance of electronic signatures. FDA 
regulations could be simplified by predicating acceptance of an 
electronic signature on adherence to one or more appropriate standards 
that have been derived from fair evaluation of public comments. 
Although industries regulated by FDA may not have participated in the 
development of the two emerging primary digital signature standards, 
i.e., the National Institute of Standards and Technology Digital 
Signature Standard (NIST DSS) or the RSA, either because (in the case 
of the RSA) the standard is proprietary, or because the industry did 
not anticipate their relevancy, the standards may nonetheless be 
valuable tools to ensure the authenticity and integrity of electronic 
records.
    In general, the agency agrees with the premise that adherence to 
specific standards need not be codified at this time because adequate 
levels of security may be achieved by adherence to the controls 
contained in the proposed rule. However, the agency may need to address 
or adopt such standards in the future, as the industries become more 
familiar with them and their practical applications. The agency 
anticipates that its role will be that of a proactive participant in 
standards development. Absent the immediate application of such 
standards, the proposed rule emphasizes, as comments suggest, system 
security/integrity controls, and validation.

B. National Institute of Standards and Technology Digital Signature 
Standard

    One comment suggested, without elaboration, that FDA obtain and 
consider three cited articles on digital signature standards.
    Many comments cited the controversial nature, per published 
articles, of the NIST DSS and suggested that FDA not adopt the 
standard. Several comments inferred that FDA should favor the RSA over 
the NIST DSS on the basis that RSA is currently the de facto standard 
for commercial and some military applications.
    One comment urged the agency to adopt a public, rather than 
proprietary standard, but noted the difficulty of modifying systems 
that are essentially completely developed to incorporate the NIST 
standard.
    One comment encouraged FDA to adopt the NIST draft digital 
signature standard, on the grounds that the NIST DSS is a highly secure 
method of identification that will become mandatory for Federal 
agencies where a public-key based digital signature technique is needed 
and is to be the single standard for Government communication with the 
private sector. The comment further supported the standard by noting 
its acceptance by the General Accounting Office as legal endorsement 
for Federal obligations. In addition, the comment asserted the 
nonrepudiation property of the NIST DSS. One comment acknowledged that 
the NIST standard offers the benefit, over handwritten signatures, of 
assuring that the document was not altered after being signed by the 
author.
    The agency notes that subsequent to the working group's February 
1992 progress report, several criticisms of the NIST DSS, specifically 
the absence of a ``hash algorithm'' and limited size of ``keys,'' have 
been addressed. FDA has also become aware of several commercial 
products available to implement the standard, and the agency 
acknowledges that it may have direct applicability to FDA electronic 
communication with the agency's regulated industries. However, the 
standard is not yet finalized, and it has not yet achieved sufficiently 
wide utilization, in the agency's opinion, to merit mandatory use, at 
least in closed systems. The standard may have future applicability, 
though, in open systems, where documents are submitted to FDA via 
public electronic carriers, in which case adherence to a limited number 
of standards would be desirable to maintain practical communications. 
Accordingly, the agency is deferring a codified reference to the NIST 
DSS in particular. However, the agency is proposing in Sec. 11.30 to 
use established digital signature standards that are acceptable to FDA, 
as a system control that may be warranted to maintain record 
authenticity, integrity, and confidentiality in open systems.

XI. Freedom of Information

    Several comments asserted that because matters relating to FOI are 
not relevant to the fundamental issues of electronic identification, 
such issues should be handled separately. However, comments expressed 
concern about the reliability of computer methods FDA might use to 
delete proprietary information from electronic records released under 
the FOI Act.
    Two comments said that FDA should realize FOI processing cost 
savings when records are submitted electronically if the agency sets 
guidelines on such submissions.
    Comments held diverse opinions about what form (electronic or 
otherwise) documents released under FOI should take. Several comments 
said FDA should establish standards to avoid having to copy and purge 
original records that exist in many different formats. Some comments 
said they would likely provide paper printouts of electronic records 
requested by FDA field investigators, and by so doing, the agency would 
not need to acquire specific software and hardware to handle 
proprietary formats. Likewise, two comments recommended that FDA 
respond to FOI requests by providing only paper copies of documents, 
regardless of the format requested. On the other hand, two comments 
encouraged the agency to develop systems whereby requesters could 
submit FOI requests by e-mail, or directly access an FDA data base to 
conduct on-line text searches. One of the comments suggested that 
resulting documents from such searches be mailed to requesters in a 
manner similar to the procedure used by the National Library of 
Medicine's Medline. The respondent suggested that modest connect time 
fees would be appropriate to such systems.
    The agency disagrees with the assertion that FOI matters are 
irrelevant to electronic signature issues. When FOI requests are 
received electronically the agency must ensure that the requests are 
authoritative and genuine such that they may be processed and 
appropriate fees collected. In addition, as more firms implement 
electronic records, the agency will likely collect and store them 
electronically in the regular course of its investigational and 
inspectional activities. The consequent move from paper to electronic 
documents will necessitate use of appropriate purging technologies, as 
many of the comments have noted.
    FDA finds the comment's suggestions that FOI records be handled 
strictly as paper documents inconsistent with the implementation of 
electronic records systems. The agency believes the suggestion that FDA 
accept FOI requests by e-mail has merit, and it is exploring ways of 
implementing the suggestion within the context of electronic 
submissions in general. A data base of all available documents may not 
be practical at this time considering the scope of potential documents 
that may be in the data base. However, a publicly accessible on-line 
electronic data base of FOI-released documents may be in the public 
interest, and this suggestion may also be explored. The agency agrees 
that it should set technical standards for submission of electronic 
documents so as to allow the electronic handling of relevant FOI 
requests; this suggestion is also being explored within the context of 
electronic submissions in general.

XII. The Proposed Regulation for Electronic Signatures and Records

    Proposed part 11 is made up of the following subparts: subpart A--
General provisions; subpart B--Electronic records; and subpart C--
Electronic signatures:

A. General Provisions (Subpart A)

1. Scope (Sec. 11.1)
    Although most of the comments to the ANPRM represented the 
pharmaceutical industry, the agency wishes to emphasize that the 
proposed rule applies to use of electronic records and signatures in 
the context of all FDA program areas and all industries regulated by 
FDA. Accordingly, proposed Sec. 11.1 states the extent of the 
regulation's scope to all parts of 21 CFR chapter I.
    The agency recognizes, however, that in some instances records 
required by selected sections of chapter I may need to be retained in 
paper form and their associated conventional methods of signing may 
need to be preserved. In such instances, the agency would, by 
regulation, specify that electronic versions of those records would not 
be permitted. FDA does not anticipate many such situations, but is 
providing for them in proposed Sec. 11.1. The agency welcomes comments 
on any existing FDA regulations that address records where electronic 
versions of those records should not be permitted.
    Under proposed Sec. 11.1, absent specific exemption by regulation, 
records required throughout chapter I could be created, modified, 
maintained, or transmitted in electronic form provided they meet the 
requirements of proposed part 11. Likewise, electronic signatures would 
be considered to be equivalent to full handwritten signatures, 
initials, and other general signings required throughout chapter I 
provided the electronic signatures and associated electronic records 
meet the requirements of the proposed part 11.
2. Implementation (Sec. 11.2)
    The agency recognizes that the pace and extent of converting from 
paper to electronic records will vary significantly in industry and, in 
fact, within FDA itself. Adoption of electronic records technologies 
generally depends upon a number of factors, including systems 
availability, costs, integration into existing paper based records 
systems, and the need to train employees in developing and maintaining 
electronic systems. In order to implement the new rule in a fair and 
practical manner, the agency is dividing the types of records to be 
covered into two broad categories, namely records required by 
regulation to be maintained but not submitted to FDA (such as batch 
production records), and records submitted to FDA (such as food 
additive petitions and comments to proposed rules).
    This approach is being taken for two reasons. First, the agency 
believes it is important to enable regulated industries to implement 
electronic records/signatures for records that are required by 
regulation to be maintained, but not submitted to the agency, as 
rapidly as possible. Some firms have already taken major steps toward 
implementing electronic production records and the agency does not wish 
to delay the appropriate adoption of new technologies.
    Second, FDA is not yet prepared to accept and manage all 
submissions in electronic form. However, FDA believes it vital to 
enable those agency units that are prepared to receive and manage 
submissions in electronic form to do so as rapidly as practical. There 
are many different types of submissions to the agency. (A July 1991 FDA 
report entitled, ``Basic Inventory of Submissions to the FDA,'' (Office 
of Planning and Evaluation) identified 87 different types of 
submissions (Ref. 4)). The agency is reviewing all of the various 
submissions to identify which documents it can accept and manage in 
electronic form (in whole or in part), and the corresponding 
capabilities of the receiving agency units. The agency is committed to 
accepting as many submissions in electronic form as possible, 
consistent with available resources, but realizes that the goal of 
accepting all submissions in electronic form will be achieved in phases 
over a period of time.
    The agency intends to publish a public docket on electronic 
submissions. FDA proposes that this public docket will be established 
at the time that a final rule becomes effective. The docket would 
identify those submissions that may be made (in whole or in part) in 
electronic form, and the corresponding agency receiving units. 
Receiving units may also publish appropriate technical guidance 
documents on how submissions are to be made relative to the units' 
capabilities. In addition, FDA encourages submitters to work with the 
agency to develop appropriate pilot programs to implement electronic 
submissions that may be more complex in nature. The agency is committed 
to the goal of eventually accepting most submissions in electronic form 
because it recognizes the attendant benefits of using electronic 
records, benefits such as speedier document review times, cost savings 
in not having to store and manage paper, and the improved 
responsiveness to the general public and regulated industries that 
generally derives from electronic systems.
    Therefore, proposed Sec. 11.2(a) enables persons to use electronic 
records/signatures in lieu of paper records/conventional signatures, in 
whole or in part, for records which are required by FDA regulation to 
be maintained, but not submitted to FDA. Proposed Sec. 11.2(b) enables 
persons to use electronic records/signatures in lieu of paper records/
conventional signatures, in whole or in part, for records that are 
submitted to FDA, provided the type of submission has been identified 
in a public docket as one which FDA accepts in electronic form. The 
agency intends to announce changes to that public docket, on a periodic 
basis, by a variety of means. For example, a notice announcing changes 
may be published in the Federal Register.
    FDA wishes to clarify that the requirements in proposed part 11 
would apply to both types of electronic records (submissions FDA 
accepts in electronic form and records required by regulation to be 
maintained) unless, as stated above, a regulation specifically 
prohibits the record from being in electronic form.
3. Definitions (Sec. 11.3)
    Proposed Sec. 11.3 sets forth definitions of key terms, including 
``biometric/behavioral links,'' ``closed system,'' ``open system,'' 
``electronic record,'' ``electronic signature,'' and ``handwritten 
signature.''
    A ``biometric/behavioral link'' (proposed Sec. 11.3(b)(3)) is a 
method of verifying a person's identity based on measurement of the 
person's physical feature(s) or repeatable action. The agency believes 
that biometric/behavioral links would be utilized in technologies that 
use, for example, voiceprints, handprints, and retinal scans to 
identify individuals. A system that characterizes the act of signing 
one's name, as a function of unique behavior (parameters of physical 
signing such as speed of stylus movement, pressure, pauses, etc.) is 
another example. A fundamental premise of biometric/behavioral link 
technologies is that the resulting electronic signatures are inherently 
unique to an individual and cannot, by ordinary means, be falsified.
    A ``closed system'' (proposed Sec. 11.3(b)(4)) is an environment in 
which there is communication among multiple persons, where 71 system 
access is restricted to people who are part of the organization that 
operates the system. FDA believes that electronic documents within a 
closed system are less likely to be compromised than those in an ``open 
system'' because they are not as vulnerable to disclosure to, and 
corruption by, unintended outsiders to the organization. Where a firm 
hand delivers to FDA a magnetic disk containing an electronic document, 
the agency would consider such communication to have been made in a 
closed system.
    An ``open system'' (proposed Sec. 11.3(b)(8)) is an environment in 
which there is communication among multiple persons, where system 
access extends to people who are not part of the organization that 
operates the system. FDA believes electronic documents in open systems 
merit additional protection from unauthorized disclosure and 
corruption. Where a firm sends FDA an electronic document by electronic 
mail, the agency would consider such submission to have been made in an 
open system.
    An ``electronic record'' (proposed Sec. 11.3(b)(5)) is a document 
or writing comprised of any combination of text, graphic 
representation, data, audio information, or video information, that is 
created, modified, maintained, or transmitted in digital form by a 
computer or related system. The agency is proposing a broadly based 
definition of this term in order to accommodate digital technologies 
that may incorporate pictures and sound, in addition to text and data.
    Although, as discussed above, the ANPRM discussed four possible 
terms relating to different kinds of signatures, FDA is proposing two 
definitions based broadly on whether or not the ``signature'' is 
handwritten. Two definitions are proposed, one for ``electronic 
signature'' (Sec. 11.3(b)(6)) and one for ``handwritten signature'' 
(Sec. 11.3(b)(7)). The term electronic signature would include the 
meaning comments ascribed to electronic identification. Handwritten 
signatures would include signatures recorded electronically.
    Proposed Sec. 11.3(b)(6) defines the term ``electronic signature'' 
as the entry in the form of a magnetic impulse or other form of 
computer data compilation of any symbol or series of symbols executed, 
adopted, or authorized by a person to be the legally binding equivalent 
of the person's handwritten signature. The fundamental premise is that 
an electronic signature is some combination of what a person possesses 
(such as an identification card), knows (such as a secret password), or 
is (the unique characteristic embodied in a biometric/behavioral link 
such as a voiceprint).
    Proposed Sec. 11.3(b)(7) defines the term ``handwritten signature'' 
as the name of an individual, handwritten in script by that individual, 
executed or adopted with the present intention to authenticate a 
writing in a permanent form. An important aspect of a handwritten 
signature is that the act of signing with a writing or marking 
instrument such as a pen, or stylus is preserved. The agency is aware 
of electronic records systems which capture the image of a signature as 
a person applies a handwritten signature to a ``screen'' or sensing 
device. Because the traditional action of signing is preserved, the 
agency regards such a signature to be a handwritten signature even 
though it is written to an electronic document. The proposed definition 
includes wording to clarify this intent.

B. Electronic Records (Subpart B)

    As discussed above, the agency has accepted the comments on the 
ANPRM that suggested that adequate system controls should be the basis 
for establishing the regulatory and legal acceptance of electronic 
records. The agency appreciates the extent of the suggested controls 
which are intended to ensure the authenticity, integrity, and 
confidentiality of electronic records and to ensure that signers cannot 
readily repudiate the electronic records as not genuine. FDA has 
incorporated most of the controls in the proposed regulations. Controls 
not adopted at this time may be incorporated in subsequent revisions to 
these regulations, or addressed in agency guidelines. In addition, FDA 
accepts the premise that some stratification of those controls should 
be codified based upon whether the electronic records are within closed 
or open systems. Therefore, this subpart includes separate controls for 
records in closed and open systems.
1. Controls for Closed Systems (Sec. 11.10)
    Proposed Sec. 11.10 includes a general requirement that there be 
procedures and controls designed to ensure the authenticity, integrity, 
and confidentiality of electronic records, and to ensure that the 
signer cannot readily repudiate the signed record as not genuine. In 
addition, the agency is proposing 11 specific controls.
    FDA wishes to emphasize that the proposed list of system controls 
is not intended to be all inclusive of what may be needed for a given 
electronic records system, and that some controls may not be necessary 
in all types of systems. The wording of the proposal is intended to 
clarify which controls are generally applicable and which are germane 
to certain types of systems depending upon their intended use. For 
example, operational checks to enforce permitted sequencing of events 
would not be appropriate to systems in which proper sequencing was not 
relevant to the events being recorded. Examples of system controls that 
would be applicable in all cases include validation and protection of 
records to ensure that records remain accurate and retrievable 
throughout their retention period.
    Some of the proposed system controls (e.g., inspection and copying 
of records) are necessary to ensure that the agency can fulfill its 
enforcement responsibilities. The subject of enforcement integrity was 
extensively addressed in the ANPRM and by comments, most of whom 
asserted that properly validated and secured systems should not hamper 
the agency's enforcement activities.
    As discussed above, many ANPRM comments asserted that enforcement 
integrity would not be hampered because, under Title 18 of the U.S. 
Code, falsification of electronic records would be equivalent to 
falsification of paper records.
    The agency agrees that certain controls, such as system validation, 
are necessary to maintain the integrity of electronic documents it 
reviews and collects as part of its enforcement activities. It is also 
necessary for FDA to be able to review and copy electronic records in 
the same manner as paper records. Accordingly, the proposed rule 
contains several provisions designed to ensure that the agency's 
enforcement responsibilities are not impeded. For example, proposed 
Sec. 11.10(b), regarding the ability to generate true copies of 
electronic records that FDA can inspect, review, and copy, is intended 
to ensure that the agency will retain the ability to review electronic 
records on site and review copies of such records off site, in the same 
manner as is currently the case for paper records. Likewise, proposed 
Sec. 11.10(e), regarding time stamped audit trails to document record 
changes, is intended to ensure that changes to electronic records are 
evident and reviewable by the agency, to the same extent as paper 
records.
    The agency encourages persons to consult with FDA prior to 
implementing electronic records systems if there are any questions 
regarding the ability of the agency to review and copy the electronic 
records. The proposed rule includes wording to that effect.
2. Controls for Open Systems (Sec. 11.30)
    As discussed above, many comments to the ANPRM acknowledged that 
additional security measures, above and beyond those used for closed 
systems, may be needed to ensure the integrity, authenticity, and 
confidentiality of electronic records within open systems.
    The agency agrees. FDA is aware that two kinds of additional 
systems controls can be effective in this regard--use of document 
encryption, and use of digital signature standards. Digital signature 
standards use established mathematical algorithms and public and 
private signer numerical codes (called keys) to both authenticate an 
electronic record and establish its integrity. Several comments 
addressed these additional measures.
    Accordingly, proposed Sec. 11.30 requires use of those controls 
identified in proposed Sec. 11.10 for closed systems (as appropriate to 
the nature of the records at issue) plus such additional measures as 
document encryption and use of digital signature standards acceptable 
to FDA as necessary to maintain record confidentiality and integrity 
under the circumstances. The agency intends to publish future guidance 
documents which identify acceptable digital signature standards.
3. Signature Manifestations (Sec. 11.50)
    Proposed Sec. 11.50 requires several of the system controls 
suggested by comments to the ANPRM. This section requires 
electronically signed records to display the printed name of the signer 
and the date and time when the document was signed. The presence of the 
printed name, date, and time will assist the agency by clearly 
identifying the signing individual. In addition, the printed 
information will help firms to maintain an unambiguous method of 
readily and directly documenting the signer's identity and date of 
signing for as long as the electronic record is retained. Another 
benefit to having the name of the signer appear on the electronic 
document is to reinforce the solemnity and personal commitment 
associated with the act of signing.
    Proposed Sec. 11.50 also requires that the meaning associated with 
the act of signing the electronic document be clearly indicated. As 
discussed in the ANPRM, the purpose of a signature can be varied (e.g., 
to affirm, review, approve, or indicate a person's presence or action). 
Many traditional paper records already contain statements that indicate 
the purpose of a signature, such as ``material added by * * *,'' ``in 
witness thereof,'' and ``approved by * * *.'' The agency believes it is 
vital, for purposes of accurate documentation and establishment of 
individual responsibility, to include such statements in electronic 
records as well.
4. Signature/Record Binding (Sec. 11.70)
    Signatures appearing on conventional paper documents cannot be 
readily excised, copied, or transferred to other documents so as to 
falsify another document. Attempts at such misdeeds can generally be 
revealed by available forensic methods. Such is not typically the case, 
however, with electronic signatures and handwritten signatures executed 
to electronic records (the image of the signature may be electronically 
``copied'' from one location and ``pasted'' to another without evidence 
of the action.) In such cases, falsification of electronic documents 
would be relatively easy to achieve, yet difficult to detect. This 
problem could be solved by using available technologies to bind the 
signature to the electronic document in a secure manner analogous to 
the way conventional signatures are affixed to paper records.
    As discussed above, two ANPRM comments specifically addressed 
signature to record binding. One comment stated that signatures 
recorded electronically, if not somehow inalterably bound to the 
electronic document, are insecure to the extent the digitally recorded 
signature could be excised and superimposed upon other documents to 
falsify an endorsement. Another comment supported signatures recorded 
electronically when they are captured to inalterable media, such as 
optical disks, provided, further, that access to such media is limited, 
thus reducing chances of alteration.
    The agency agrees with the ANPRM comments and believes it is vital 
to verifiably bind a signed electronic record to its electronic or 
handwritten signature. Accordingly, proposed Sec. 11.70 includes a 
``signature to document'' binding requirement to ensure that the 
signatures cannot be excised, copied or otherwise transferred so as to 
falsify another record. The agency believes that such binding is 
readily achievable under current technology. For example, the concept 
of such binding is part of digital signature standards to the extent 
that a message authentication operation will fail for a falsified 
document if the document's digital signature had been copied from a 
different document.

C. Electronic Signatures (Subpart C)

    Proposed subpart C includes requirements for system controls that 
are relevant to electronic signatures. Here, as elsewhere throughout 
the proposed rule, the controls reflect suggestions made by the ANPRM 
comments. In addition, the agency is including a requirement for 
providing certification to the agency that the electronic signature 
systems and, if necessary, specific electronic signatures are 
authentic, valid, and binding.
1. General Requirements (Sec. 11.100)
    Proposed Sec. 11.100 requires each electronic signature to be 
unique to one individual and requires the issuing authority (for 
example, a systems security unit within a firm) to verify a person's 
identity before issuing an electronic signature. FDA considers these 
controls to be fundamental to the basic integrity of an electronic 
signature. Uniqueness is important because, if two or more people are 
assigned the same electronic signature (such as a combination of 
identification code and password) then the true identity of the signer 
could be in doubt and either of the two individuals could conceivably 
readily repudiate the recorded signature as not being his/her own. It 
is important for the assigning authority to verify a person's identity 
before issuing an electronic signature to prevent that person from 
wrongfully assuming someone else's identity and the privileges/
authorizations that may be associated with that identity.
    The agency is including a proposed requirement for providing 
certification to the agency that the electronic signature system 
guarantees the authenticity, validity, and binding of any electronic 
signature. Furthermore, upon agency request, additional certification 
or testimony that a specific electronic signature is authentic, valid, 
and binding shall be provided. The certification should be submitted to 
the agency district office in which territory the electronic signature 
system is in use.
2. Identification Mechanisms and Controls (Sec. 11.200)
    As noted above, electronic signatures are broadly based upon 
various combinations of what a person knows (such as a secret 
password), what a person possesses (such as an employee badge), and 
what a person is. The third element, what a person is, relates to what 
the agency is defining as a ``biometric/behavioral link'' to an 
individual--a method of verifying a person's identity based on 
measurement of the person's physical feature(s) or repeatable actions. 
Examples of such features or actions include voiceprints, handprints, 
retinal scans, and the act of signing one's name in script. The most 
important attribute of an electronic signature that incorporates a 
biometric/behavioral link is that the measured feature or action is 
inherently unique to, and remains with, that individual. Unlike what a 
person knows or possesses, what a person ``is'' cannot be compromised 
by being lost, stolen, forgotten, loaned, re-assigned, or otherwise 
compromised by ordinary means.
    Accordingly the agency is establishing two broad categories of 
electronic signatures, those based on biometric/behavioral links to 
individuals, and those that lack such links, as reflected in proposed 
Sec. 11.200.
    Many of the ANPRM comments argued persuasively that FDA should not 
require biometric/behavioral links, but should accept electronic 
signatures that lack such links provided the electronic signatures are 
validated, secure, and administered under adequate system controls. 
Among those controls, comments emphasized the importance of maintaining 
electronic signatures that are made of multiple identification 
mechanisms (such as a combined identification code and password) and 
administrative measures to ensure that attempted use of an individual's 
electronic signature by anyone other than its genuine owner requires 
collaboration of two or more individuals. Such collaboration would 
prevent signature falsification by casual mishap--a falsification that 
might result, for example, if someone acquired another person's 
unattended identification card or token. The provision would also help 
to impress people with the significance and solemnity of the electronic 
signature.
    The agency agrees that biometric/behavioral links should not be a 
required feature of electronic signatures, at this time. The agency 
also agrees that electronic signatures that lack biometric/behavioral 
links should be acceptable when certain system controls are used. 
Accordingly, the agency has incorporated system controls for electronic 
signatures that lack such links, including multiple identification 
mechanisms and multiple party collaboration in proposed Sec. 11.200(a).
    Although FDA is not, at this time, mandating use of biometric/
behavioral links in electronic signatures, it is allowing for them and 
encourages their development and use. The premise behind the technology 
for electronic signatures based upon biometric/behavioral links is that 
the links are inherently secure such that a person's electronic 
signature could not be lost, stolen, loaned, or otherwise used by 
anyone other than the rightful owner. The agency is proposing to codify 
that premise at Sec. 11.200(b), to ensure that electronic signatures 
based on such links are designed so that they cannot be used by anyone 
other than their genuine owners.
3. Controls for Identification Codes/Passwords (Sec. 11.300)
    The agency is aware that many electronic signatures are based upon 
combined identification codes and passwords. FDA believes that because 
of the relative ease with which such electronic signatures may be 
compromised, and because of their wide adoption, system controls to 
ensure their security and integrity merit specific coverage in these 
regulations.
    Many of the ANPRM comments addressed specific administrative 
controls to ensure the security and integrity of electronic signatures 
that are based upon a combined identification code and password. One 
comment suggested eight controls specific to identification codes. The 
agency appreciates the various suggestions and agrees that five of them 
merit codification at this time. Proposed Sec. 11.300 includes those 
controls. Suggested controls that were not included in the proposed 
rule may be added in the future or addressed in future agency 
guidelines.
    The agency wishes to emphasize that the controls listed in proposed 
Sec. 11.300 are not intended to be all inclusive of what may be needed 
to ensure the security and integrity of electronic signatures based on 
identification codes/passwords.

XIII. Analysis of Impacts

    FDA has examined the impacts of the proposed rule under Executive 
Order 12866 and the Regulatory Flexibility Act (Pub. L. 96-354). 
Executive Order 12866 directs agencies to assess all costs and benefits 
of available regulatory alternatives and, when regulation is necessary, 
to select regulatory approaches that maximize net benefits (including 
potential economic, environmental, public health and safety, and other 
advantages; distribute impacts; and equity). The agency believes that 
this proposed rule is consistent with the regulatory philosophy and 
principles identified in the Executive Order. In addition, the proposed 
rule is not a significant regulatory action as defined by the Executive 
Order and so is not subject to review under the Executive Order.
    The Regulatory Flexibility Act requires agencies to analyze 
regulatory options that would minimize any significant impact of a rule 
on small entities. Because this action will permit industry to maintain 
records in electronic form, and thus reduce their paperwork costs, the 
agency certifies that the proposed rule will not have a significant 
economic impact on a substantial number of small entities. Therefore, 
under the Regulatory Flexibility Act, no further analysis is required.

XIV. Paperwork Reduction Act of 1980

    This proposed rule contains information collections which are 
subject to review by the Office of Management and Budget (OMB) under 
the Paperwork Reduction Act of 1980. The title, description, and 
recordkeepers of the information collections are shown below with an 
estimate of the recordkeeping burden.
    Title: Electronic Records; Electronic Signatures; Title 21 Code of 
Federal Regulations; Proposed Rule.
    Description: The Food and Drug Administration (FDA) is proposing 
rules to provide criteria for acceptance of electronic records, 
electronic signatures, and handwritten signatures onto electronic 
records useable in place of paper records. Rules apply to any 21 CFR 
records retention requirement unless specifically exempt by future 
regulation. Records required to be submitted to FDA may be submitted 
electronically provided the agency has stated its ability to accept the 
records electronically in an agency established public docket.
    Description of Recordkeepers: State or local governments, 
businesses and other for-profit organizations, Federal agencies, and 
non-profit institutions. 

----------------------------------------------------------------------------------------------------------------
                                    Estimated Annual Burden for Recordkeeping                                   
-----------------------------------------------------------------------------------------------------------------
   21 CFR Section       Number of recordkeepers         Hours per recordkeeper           Total burden hours     
----------------------------------------------------------------------------------------------------------------
11.10                                          50                             40                          2,000 
11.30                                          50                             40                          2,000 
11.50                                          50                             40                          2,000 
11.300                                         50                             40                          2,000 
----------------------------------------------------------------------------------------------------------------
      Total annual                                                                                              
       burden hours                                                                                       8,000 
----------------------------------------------------------------------------------------------------------------

    As required by section 3504(h) of the Paperwork Reduction Act, FDA 
is submitting to OMB a request that it approve these information 
collection requirements. Organizations or individuals desiring to 
submit comments for consideration by OMB on these information 
collection requirements should address them to FDA's Dockets Management 
Branch (address above) and to the Office of Information and Regulatory 
Affairs, OMB, rm. 3208, New Executive Office Building, Washington, DC 
20503, Attn: Desk Officer for FDA.

XV. Environmental Impact

    The agency has determined under 21 CFR 25.24(a)(8) that this action 
is of a type that does not individually or cumulatively have a 
significant effect on the human environment. Therefore, neither an 
environmental assessment nor an environmental impact statement is 
required.

XVI. References

    The following references have been placed on display in the Dockets 
Management Branch (address above) and may be seen by interested persons 
between 9 a.m. and 4 p.m., Monday through Friday.
    1. FDA, Task Force on Electronic Identification/Signatures, 
Electronic Identification/Signature Working Group Progress Report, 
February 24, 1992.
    2. National Performance Review, Report of the Vice President pp. 
113-117, September 7, 1993.
    3. FDA, Letter to Pharmaceutical Manufactures Association, 
December 5, 1991.
    4. FDA, Office of Planning and Evaluation, ``Basic Inventory of 
Submissions to FDA,'' July 1991.

XVII. Comments

    Interested persons may, on or before November 29, 1994, submit to 
the Dockets Management Branch (address above) written comments 
regarding this proposal. Two copies of any comments are to be 
submitted, except that individuals may submit one copy. Comments are to 
be identified with the docket number found in brackets in the heading 
of this document. Received comments may be seen in the office above 
between 9 a.m. and 4 p.m., Monday through Friday. As an FDA experiment 
in accepting public comments by electronic mail (e-mail), interested 
persons may also submit comments via INTERNET (address above). Comments 
must be in ASCII format. Any exhibits or other attachments submitted 
must also be in ASCII format and must be part of the e-mail itself. The 
agency has limited experience with receiving e-mail via INTERNET, and 
is aware that it is possible for some messages not to arrive at their 
intended destinations, or to arrive with incomplete or otherwise 
inaccurate contents. FDA is concerned that all comments it receives on 
this proposal are intact, accurate and complete, as intended by 
respondents. Therefore, for this experiment, FDA encourages interested 
persons who elect to send their comments by e-mail to also send two 
paper copies of their comments to the Dockets Management Branch 
(address above).

List of Subjects in 21 CFR Part 11

    Administrative practice and procedure, Electronic records, 
Electronic signatures, Reporting and recordkeeping requirements.
    Therefore under the Federal Food, Drug, and Cosmetic Act, and under 
authority delegated to the Commissioner of Food and Drugs, it is 
proposed that 21 CFR part 11 be added to read as follows:

PART 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES

Subpart A--General Provisions

Sec.
11.1    Scope.
11.2    Implementation.
11.3    Definitions.

Subpart B--Electronic Records

11.10    Controls for closed systems.
11.30    Controls for open systems.
11.50    Signature manifestations.
11.70    Signature/record binding.

Subpart C--Electronic Signatures

11.100    General requirements.
11.200    Identification mechanisms and controls.
11.300    Controls for identification codes/passwords.

    Authority: Secs. 201-902 of the Federal Food, Drug, and Cosmetic 
Act, 52 Stat. 1040 et seq., as amended (21 U.S.C. 301-392).

Subpart A--General Provisions


Sec. 11.1  Scope.

    (a) The regulations in this part set forth the criteria under which 
the Food and Drug Administration considers electronic records, 
electronic signatures, and handwritten signatures executed to 
electronic records, to be trustworthy, reliable, and generally 
equivalent to paper records and handwritten signatures executed on 
paper.
    (b) These regulations apply to records in electronic form that are 
created, modified, maintained, or transmitted, pursuant to any records 
requirements set forth in chapter I of this title.
    (c) Where electronic signatures and their associated electronic 
records meet the requirements of this part, the agency will consider 
the electronic signatures to be equivalent to full handwritten 
signatures, initials, and other general signings as required throughout 
this chapter, unless specifically exempted by regulation that is 
effective on or after the effective date of this part.
    (d) Electronic records that meet the requirements of this part may 
be used in lieu of paper based records, in accordance with Sec. 11.2, 
unless paper based records are specifically required.
    (e) Computer systems (including hardware and software), controls, 
and attendant documentation maintained pursuant to this part shall be 
readily available for, and subject to, FDA inspection.


Sec. 11.2  Implementation.

    (a) For records required by chapter I of this title to be 
maintained, but not submitted to the agency, persons may use electronic 
records/signatures in lieu of paper records/conventional signatures, in 
whole or in part, provided that the requirements of this part are met.
    (b) For records submitted to the agency, persons may use electronic 
records/signatures in lieu of paper records/conventional signatures, in 
whole or in part, provided that:
    (1) The requirements of this part are met; and
    (2) The document or parts(s) of a document to be submitted has/have 
been identified in a public docket as being the type of submission the 
agency accepts in electronic form. This docket will identify 
specifically what types of documents or parts of documents are 
acceptable for submission in electronic format without paper records 
and to which specific receiving unit(s) of the agency (e.g., specific 
center, office, division, branch) such submissions may be made. 
Documents to agency receiving unit(s) not specified in the public 
docket will not be considered as official if they are submitted in 
electronic form; paper forms of such documents will be considered as 
official and must accompany any electronic records. Persons should 
consult with the intended agency receiving unit for details on how and 
if to proceed with the electronic submission.


Sec. 11.3  Definitions.

    (a) The definitions and interpretations of terms contained in 
section 201 of the act apply to those terms when used in this part.
    (b) The following definitions of terms also apply to this part:
    (1) Act means the Federal Food, Drug, and Cosmetic Act (secs. 201-
902, 52 Stat. 1040 et seq., as amended (21 U.S.C. 301-392).
    (2) Agency means the Food and Drug Administration.
    (3) Biometric/behavioral links means a method of verifying a 
person's identity based on measurement of the person's physical 
feature(s) or repeatable action(s).
    (4) Closed system means an environment in which there is 
communication among multiple persons, where system access is restricted 
to people who are part of the organization that operates the system.
    (5) Electronic record means a document or writing comprised of any 
combination of text, graphic representation, data, audio information, 
or video information, that is created, modified, maintained, or 
transmitted in digital form by a computer or related system.
    (6) Electronic signature means the entry in the form of a magnetic 
impulse or other form of computer data compilation of any symbol or 
series of symbols, executed, adopted or authorized by a person to be 
the legally binding equivalent of the person's handwritten signature.
    (7) Handwritten signature means the name of an individual, 
handwritten in script by that individual, executed or adopted with the 
present intention to authenticate a writing in a permanent form. The 
act of signing with a writing or marking instrument such as a pen, or 
stylus is preserved. However, the scripted name, while conventionally 
applied to paper, may also be applied to other devices which capture 
the written name.
    (8) Open system means an environment in which there is electronic 
communication among multiple persons, where system access extends to 
people who are not part of the organization that operates the system.

Subpart B--Electronic Records


Sec. 11.10  Controls for closed systems.

    Closed systems used to create, modify, maintain, or transmit 
electronic records shall employ procedures and controls designed to 
ensure the authenticity, integrity, and confidentiality of electronic 
records, and to ensure that the signer cannot readily repudiate the 
signed record as not genuine. Such procedures and controls shall 
include the following:
    (a) Validation of systems to ensure accuracy, reliability, 
consistent intended performance, and the ability to conclusively 
discern invalid or altered records.
    (b) The ability to generate true copies of records in both human 
readable and electronic form suitable for inspection, review, and 
copying by the agency. Persons should contact the agency if there are 
any questions regarding the ability of the agency to perform such 
review and copying of the electronic records.
    (c) Protection of records to enable their accurate and ready 
retrieval throughout the records retention period.
    (d) Limiting system access to authorized individuals.
    (e) Use of time stamped audit trails to document record changes, 
all write to file operations, and to independently record the date and 
time of operator entries and actions. Record changes shall not obscure 
previously recorded information. Such audit trail documentation shall 
be retained for a period at least as long as required for the subject 
electronic documents and shall be available for agency review and 
copying.
    (f) Use of operational checks to enforce permitted sequencing of 
events, as appropriate.
    (g) Use of authority checks to ensure that only those individuals 
who have been so authorized can use the system, electronically sign a 
record, access the operation or device, alter a record, or perform the 
operation at hand.
    (h) Use of device (e.g., terminal) location checks to determine, as 
appropriate, the validity of the source of data input or operational 
instruction.
    (i) Confirmation that persons who develop, maintain, or use 
electronic record/electronic signature systems have the education, 
training, and experience to perform their assigned tasks.
    (j) The establishment of, and adherence to, written policies which 
hold individuals accountable and liable for actions initiated under 
their electronic signatures, so as to deter record and signature 
falsification.
    (k) Use of appropriate systems documentation controls including:
    (i) Adequate controls over the distribution, access to, and use of 
documentation for system operation and maintenance.
    (ii) Records revision and change control procedures to maintain an 
electronic audit trail that documents time-sequenced development and 
modification of records.


Sec. 11.30  Controls for open systems.

    Open systems used to create, modify, maintain, or transmit 
electronic records shall employ procedures and controls designed to 
ensure the authenticity,integrity and confidentiality of electronic 
records from the point of their creation to the point of their receipt. 
Such procedures and controls shall include those identified in 
Sec. 11.10, as appropriate, and such additional measures as document 
encryption and use of established digital signature standards 
acceptable to the agency, to ensure, as necessary under the 
circumstances; record authenticity, integrity, and confidentiality.


Sec. 11.50  Signature manifestations.

    (a) Electronic records which are electronically signed shall 
display, in clear text, the printed name of the signer and the date and 
time when the electronic signature was executed.
    (b) Electronic records shall clearly indicate the meaning (such as 
review, approval, responsibility, and authorship) associated with their 
attendant signatures.


Sec. 11.70  Signature/record binding.

    Electronic signatures and handwritten signatures executed to 
electronic records shall be verifiably bound to their respective 
electronic records to ensure that the signatures cannot be excised, 
copied or otherwise transferred so as to falsify another electronic 
record.

Subpart C--Electronic Signatures


Sec. 11.100  General requirements.

    (a) Each electronic signature shall be unique to one individual and 
shall not be reused or reassigned to anyone else.
    (b) Before an electronic signature is assigned to a person, the 
identity of the individual shall be verified by the assigning 
authority.
    (c) Persons utilizing electronic signatures shall certify to the 
agency that their electronic signature system guarantees the 
authenticity, validity, and binding of any electronic signature. 
Persons utilizing electronic signatures shall, upon agency request, 
provide additional certification or testimony that a specific 
electronic signature is authentic, valid, and binding. The 
certification should be submitted to the agency district office in 
which territory the electronic signature system is in use.


Sec. 11.200  Identification mechanisms and controls.

    (a) Electronic signatures which are not based uponbiometric/
behavioral links shall:
    (1) Employ at least two distinct identification mechanisms (such as 
an identification code and password), each of which is 
contemporaneously executed at each signing;
    (2) Be used only by their genuine owners; and
    (3) Be administered and executed to ensure that attempted use of an 
individual's electronic signature by anyone other than it's genuine 
owner requires collaboration of two or more individuals.
    (b) Electronic signatures based upon biometric/behavioral links 
shall be designed to ensure that they cannot be used by anyone other 
than their genuine owners.


Sec. 11.300  Controls for identification codes/passwords.

    Electronic signatures based upon use of identification codes in 
combination with passwords shall employ controls to ensure their 
security and integrity. Such controls shall include:
    (a) Maintaining the uniqueness of each issuance of identification 
code and password.
    (b) Ensuring that identification code/password issuances are 
periodically checked, recalled, or revised.
    (c) Following loss management procedures to electronically 
deauthorize lost tokens, cards, etc., and to issue temporary or 
permanent replacements using suitable, rigorous controls for 
substitutes.
    (d) Use of transaction safeguards to prevent unauthorized use of 
passwords and/or identification codes, and detect and report in an 
emergent manner any attempts at their unauthorized use to the system 
security unit, and to organizational management.
    (e) Initial and periodic testing of devices, such as tokens or 
cards, bearing the identifying information, for proper function.

    Dated: August 23, 1994.
William K. Hubbard,
Interim Deputy Commissioner for Policy.
[FR Doc. 94-21468 Filed 8-30-94; 8:45 am]
BILLING CODE 4160-01-F