Hello Forum,

For closed systems, is e-signature based on user authorization in the system (ID, password) sufficient to satisfy 21 CFR Part 11, or are PKI based signatures necessary? Or strongly recommended good practice?

I am referring specifically to the ability of external parties who are provided (limited) access to an eTMF system (which, I believe is a closed system as we control access and content - correct me if I am wrong) to e-sign submission documents. One of our biggest challenges to date has been how to allow CROs, Investigator's to e-sign documents without having to deal with the costly and complicated PKI certification process. A big can of worms, I know...

Thanks for any input