(A Javascript-enabled browser is required to email me.)

Electronic signatures and the US Food and Drug Administration
from TBTF for 1999-07-26

July 21, 1999

Some years back TBTF Irregular Gary Stock <gstock at ingetech dot com> worked in the world of pharmaceuticals. He sends this note on the history of acceptance of electronic signatures by that industry and the FDA. He concludes with the following moneymaking idea, which anyone is free to adopt:

<$MM idea>
Companies now provide source code escrow, but are they promoting it to VC's with proper packaging for VC's special needs and general lack of technical perspective? What about a "source box," ready to accept an IP number and get back to work the same day? (Someone else can think this through and solve all the obvious and irritating problems.)
</$MM idea>

This material is Copyright © 1999 by Gary Stock <gstock at ingetech dot com>.

FDA approved the use of electronic signatures in the most highly sensitive applications at least as early as 20 Mar 97 (Electronic Signatures Final Rule, 21 CFR 11, issued in Federal Register Volume 62 Number 54; effective 20 Aug 97). A concurrent abstract is concise:


The US FDA's Final Rule on Electronic Signatures and Electronic Records has just become law. This new regulation has profound implications for designers and implementors of systems used in regulated scientific and technical environments. This changes the rules of the game and causes evolution far beyond the simple knowledge, data, information or document management that automation systems do today, to an entirely new breed of systems for recordkeeping that emphasize security, audit trailing, and very long-term archiving.

This approval applied to many processes, from automated manufacturing of sterile injectables and potent drugs, to safety testing of potentially lethal medical devices (e.g. nuclear medical applications).

I worked in Computer Validation for a major pharmaceutical manufacturer in the late 1980's, and this was a highly contentious issue, which took years to resolve. However, it became obvious to many of us that, properly implemented, the electronic record could equal or be superior to pen on paper, the then-standard for decades. Such things as electronic passwords were not entirely accepted in the compliance community.

Good, detailed Q&A from a workshop earlier this year will bring home several of these points:


Also, appreciate the nicely formed high points of the CFR at:


Note that the other most contentious issue at the time was availability of source code. Firmware and software developers were loathe to provide source code to pharma-clients, who were required by FDA to be able to test such code prior to use; produce it in the event of production mishap or patient injury; and patch it when necessary even after the developer was out of business.

The answer, of course, was third-party escrow (after anguished months/years of resistance from all quarters). This principle has implications today for VC's who invest millions in unproven (or unwritten! :-) applications, with no idea how to acquire a copy of the source code underlying their investment. Some technology firms will request it of potential partners (believe me, we've been asked), but no developer would willingly hand it over, for obvious reasons.

Gary Stock                                      gstock@ingetech.com
Change Monitoring Made Easy                 http://www.ingetech.com
4,000 Fresh Page Changes Daily            http://www.dailydiffs.com

[ TBTF for 1999-07-26 ]


Copyright © 1995-2000 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.

Created 1999-07-26