Adobe offers a package of validation document templates to assist Adobe Sign customers in documenting compliance with FDA’s 21 CFR Part 11 regulatory requirements pertaining to electronic signatures. These templates are designed to be adapted and executed by customers according to their internal compliance validation strategy procedures and governance as well as assist in establishing documented evidence that their system is fit for its intended use.

Within the validation package, the following typical use cases are considered:

  1. Send to internal signers - signing a document by multiple internal signers (no external signers)
  2. Self-signing - signing a document by a single internal signer who is also the sender (no external signers)
  3. Send to external signers - signing a document by one or more external signers (no internal signers)
  4. Send to both internal and external signers - the signing of a document by internal and external signers

Contents of the validation package include:

  1. Validation plan which describes the approach, roles and responsibilities, and deliverables that comprise the Adobe Sign validation effort.
  2. Regulatory impact assessment which is used to assess the regulatory impact of using Adobe Sign for the application of electronic signatures to electronic records. This document also identifies the technical and procedural controls required for system conformance with 21 CFR Part 11 regulations.
  3. System requirements specification which includes:
    1. Requirement specifications that outline business (end-user), functional, security, and regulatory requirements
    2. Functional specifications, that describe system functions and features needed to meet the specified requirements
    3. Configuration specifications that describe how the system must be configured to meet the specified requirements
  4. Validation test protocol (including test scripts) which provides a framework that governs the verification and testing to produce documented and objective evidence that Adobe Sign has been configured correctly and operates as intended, in accordance with specified requirements. The protocol oversees the execution of test scripts, which include detailed instructions to verify the configuration of the Adobe Sign account and to perform functional testing.
  5. Work instruction which describes Adobe Sign account administration activities and establishes a process for the application of electronic signatures.
  6. Requirements traceability matrix which captures the relationship between specified requirements and the testing activities and/or procedures that demonstrate and ensure each requirement is satisfied.
  7. Validation summary report which provides a summary of the overall validation exercise, capturing the list of deliverables produced and reporting on the test results, and concludes with a statement of fitness for the intended use.

Validation package activities are intended to be executed using a configured Adobe Sign Enterprise plan service with SAML settings that are enabled for internal users to authenticate using their network credentials. The Adobe Sign 21 CFR Part 11 validation package is available in English only and was prepared through a collaboration between Adobe and Montrium Inc.

Download the Adobe Sign 21 CFR Part 11 validation pack from Montrium