Enhance Electronic Signature Licitness for Life Sciences in United States

How to eSign a document: electronic signature licitness for Life Sciences in United States

good afternoon everybody welcome to this byy world web Symposium today we will be in talking on the subject of enhancing clinical operations with digital signatures and we are very grateful to ARX for their support of this subject my name is Kevin Davis I'm the editor of Bio it world and the author of the Thousand genome a book that came out just over a year ago which has PR little to do with today's subject but I thought I would mention it anyway today in fact we're here to talk about the adoption of digital signatures in life sciences organizations particularly in the e-clinical trial space where companies are finding more and more that by reducing the use of paper and integrating digital signatures they can produce faster site and study initiation our guest speaker today who I will introduced more fully in just a couple of minutes is Rod schlurf from ARX and uh he will take us through the uh the better part of the hour uh but we will have plenty of time in that window for questions so very brief in uction before I hand the microphone over to Rod digital signatures have been around for the better part of nearly 10 years now but life science companies more recently of late starting to recognize that they provide a valuable means to maintain compliance with the strictest industry regulations while achieving trusted electronic document exchange that spans geographies and organizations digitally insigned documents enable any party to easily validate signer identity and intent and content Integrity without Reliance on proprietary verification technology they allow organizations to automate approval processes and enjoy streamlined operations enhanced efficiency and reduced organizational costs what we hope that you will take away from this web Symposium is how digital signatures can be applied in clinical operations to speed study and site initiation automate site monitoring reporting enhance investigator portals and support regul compliance you'll also hear how digital signatures can enable secure document exchange and electronic submissions uh we're going to have plenty of time for questions at the end indeed I thank many of you who' have already submitted questions at the uh the website where you registered for this Symposium but during the course of Rod's presentation you'll be able to enter questions uh in the chat box that you see on the screen in front of you you can do that at anytime and we will try to get through as many of those questions as we can uh in the next 55 minutes or so our guest speaker today is Rod schlurf who is FDA and USDA markets manager for ARX Rod is based in Baltimore he has more than 20 years of experience in electronic signatures for FDA regulated markets and has really LED ARX to become uh today the largest suppli of digital signatures in FDA regulated Industries as a result life science organizations not just here in the US but around the world are benefiting from reduced costs faster operations regul atory compliance secure document exchange and enhanced electronic submissions to the FDA Rod it's a great pleasure to have you in the webinar today and we're looking forward to you speaking for I think about 30 minutes or so and then we will assuming there are any questions at the end we'll take them from the audience I'll rejoin you to uh to go through those questions so Rod thank you and welcome thanks Kevin and thanks to the attendees to today's webinar as Kevin mentioned uh my name is Raj scherf and just a little disclosure here as Kevin mention I do work for a digital signature vendor ARX we provide a product named cosign however in today's uh webinar I'm not going to be discussing my my company's product but talking more about the use of digital signatures regardless of the technology across various applications in the Life Sciences industry and in the clinical Market uh particularly so the agenda today is we're going to we're going to discuss the three most common applications for digital signatures in gcp bmpi operations including quality audit and compliance documentation documentation used to support an audit site monitoring reports so cras and uh clinical staff that need to sign off on reports and submit them to sponsors as well as certain applications related to e-clinical Technologies e-clinical portals in particular regulatory packet documents that constitute part of the electronic Trial Master file and we'll consider the value of digital signatures from the the perspectives of the major players clinical research organizations the sponsors of the studies but also uh some of the other suppliers SAS vendors and software vendors providing uh these Technologies to the marketplace we'll reference some specific value at um at some of the C in biopharmas before I get started I just wanted to review a few surveys completed by aim the association of Information Management uh related to digital signatures not specific to Life Sciences but in general across all industry so again uh why digital signatures need to go to go paperless you can see in this chart that of the organizations that were pulled the majority of these organizations over 50% estimated that over half of their documents are printed solely for the purpose of adding a signature so the only reason they're printing these documents over half of their documents is because they need one or more signatures why is digital signatures needed to go uh paperless companies have invested in electronic document management workflow Technologies however the poll asked these companies how many of their automated workflows are interrupted uh or PR prematurely stopped because they need a physical sign off on a document and for uh just less than half of these companies that said that half of their workflows are halted because they need a physical sign off and this is obviously is where a a digital signature comes into play so has just pertain to our work world like the life sciences Marketplace and the clinical ecosystem specifically well all the different players that it takes to bring a a drug from preclinical to commercial commercialization um have not only their own internal operations and document requirements but there's many documents that are required to be signed by one party and shared and exchange with other parties so with digital signatures we're going to concentrate on the value within an organization but also start to extend this out and understand how digital signatures are able to bridge trust among multiple organizations working on a clinical study so again we could talk about lots of different applications for digital signatures within the biopharmaceutical and medical device Industries including pre-clinical commercial manufacturing and other operations but we're going to focus today on these three main applications within clinical development since the question inevitably will come up is how does how do digital signatures pertain to the fda's 21 CFR part 11 requirements for electronic records and electronic signatures many different types of electronic signature Solutions can be deployed and used in a part 11 compliant manner however there's certain sections Within part 11 that specifically call for digital signatures in particular in paragraph 11.30 controls for open systems the FDA specifically calls for appropriate digital signatures to be used now the definition of an open system is somewhat open to debate from my perspective an open system would be any system where documentation is signed within one organization it needs to be shared entr trusted and verified by other organizations so any documentation that Bridges across one organization to the other or as part of an electronic submission to a regulatory Authority a little definition of about what a digital signature is so in the electronic signature world there's many variations in Technologies and approaches to electronic signatures however there's only a single standard the standard is known as pki or a digital signature and layman terms and it is a standard form of electronic signature these standards are published and maintained by several parties here in the US it is the National Institutes for standards and Technology nift and these same standards are also embraced by other parties and other governments around the world so the folks listening in in Europe or organizations that have operations in Europe note that uh the electronic signature directive of the EU and the country specific electronic signature legislation all defines qualified or Advanced electronic signatures as needing to be digital signatures so whereas in the US we're a little more Loosey Goosey on What's a what's a valid and leg legally recognized electronic signature in Europe and other countries around the world often time the requirements are for a digital signature only with digital signatures the technology can be used to sign multiple things including documents but also uh data stored in a database or transactions but typically in the Life Sciences Marketplace we're talking about signing of a document an Office document a PDF document or or another file format because of the fda's 21 CFR part 11 there's a few requirements that need to take place before a document can be signed so someone opens up this document on their PC or accesses it through a web browser they're first asked and challenged to present their credentials typically this is a username and password although there's other authentication schemes that could be used to prove who you are before you can sign a document in addition the FDA requires the entry of a reason code why am I signing this doc document with most Technologies you can establish a global list of reasons that the signers can choose from or you could allow the local signer to choose any reason they see fit in order to sign the document once this takes place then the signing ceremony commences and is completed within fractions of a second and this is all conducted within a secure encrypted signing environment sometimes this is a server based solution such as with our cosign product or it could be a smart card or USB that's securely protected regardless what happens is the document contents to be signed are calculated as a mathematical equivalency known as a document hash or a Content hash this is then signed with the unique signing key of the individual who authenticated themselves as well as an ID card known as a digital certificate is embedded and this constitutes the digital signature which is then bound back to the document so the result of the signing operation is you have a fully digitally signed electronic record with one or more digital signatures that can be trusted and verified by any party without any access to the technology that was used to create the signatures in fact even if the company that was that created the signature the technology used to create the signature are completely out of business 50 years from now you can still open up that document and verify who signed a document when they signed a document why they signed a document and you can verify that no changes took place to that document or if so what those changes were as I mentioned before there's multiple parties that support this digital signature standard including the standards body themselves in the US this is the federal pki and nist as well as in Europe the European uh Union's electronic signature directive and other entities there's suppliers that care about this standard so suppliers such as ax and are cosign product and many of the other competitors typically these other vendors are people like veras sign or geotrust or UST or RSA companies that provide digital certificates that you then take and integrate with your uh infrastructure and then there's the isvs the companies that deliver desktop productivity applications or other business systems and they want to be able to support just a single digital signature standard and know that this support will work regardless of the vendor that was chosen for the digital signature Supply this includes PDFs obviously Adobe has had wonderful support for digital signatures for many years and now the PDF standard is an ISO standard so ISO incorporates the digital signature standard and ISO 32000 definition for PDF archive Microsoft Office and other Microsoft applications support digital signatures Tiff in any application that supports Open Standards like Microsoft Cappy PK S11 and others as I mentioned before digital signatures could also be used to assign things other than documents such as data or XML since we're not going to provide a demo demonstration of how to digitally sign a document today I thought I'd give you a quick peek of what a digitally signed document looks like in this case we're taking a look at a digitally signed PDF or at least parts of it so for every digital signature that's embedded in a PDF you'll see visible information about the signer and the signing ceremony including information about the name of the signer the job title the reason code the time date stamp associated with when the signature was applied and perhaps other information like the email address of the signer with certain Technologies you can also include uh automatically include your handwritten signature or other graphical images such as your corporate logo in this case my signature includes my John Hancock my rod schlurf that I registered with my account and then with PDF depending on the version of reader or other PDF uer that you're using you'll see graphical indication of whether the signature should be trusted not trusted or have questionable trust and since a digital signature is an active component of the document itself you can click on the on the signature and see additional metadata about the signature properties and this includes more information about the identity of the signer this case you'll notice that the email address of the signer is included I can drill down and see this ID card this digital certificate of the signer see who issued it why I'm trusting it how long it's valid for and other information again the reason code and Ty date stamp as well as information about the Integrity of the document hasn't been altered now digital signatures are supported in multiple file formats however the PDF format is the most popular format for digital signatures today for one in our Market the FDA and other regulatory authorities prefer PDFs but also the way that PDF or digital signatures is that with every digital signature that's applied to a PDF document version of that document is created and associated with each one of those digital signatures so in other words if I have three digital signatures in a single PDF file I actually have three versions of that document that carry forward with that single file and I can go back take a look at what the contents look like when signature number one was applied in fact I can compare the contents for when that signature was applied to what the contents look like today another reason for digital signatures I talked about is the ability in an open system or a secure document exchange to be able to trust and verify documents so the value of digital signatures is that trust verification can be performed not only by the employees of the signing organization but also by all these exter internal parties customers suppliers Partners the FDA and other Regulators so with digital signatures you're creating electronic records that are fully self-contained portable and sustainable that span geographies organizations Technologies and across time so that's the background on digital signatures and now we'll focus on digital signature use in the three more most common applications in clinical first application I'll talk talk about is quality audit and compliance operations here we're talking about controlled documentation used to support an audit these would be Sops and work instructions training records and other PR project and task specific documentation that would use be used in an audit to show that you're adhering to your Sops all the different players in that clinical ecosystem that I showed before have this application they all have their own internal Sops they need to follow and they're subject to audit often times particularly in large pharmaceutical companies and more and more companies today these type of documents are handled electronically in an electronic document management system such as SharePoint or in a specific quality management system but there's still a lot of companies today that sign documents in paper maybe scan them and store them on a on a shared file drive or sometimes even just leave them with pen and paper stored in file cabinets we look at digital signatures it's often called the third wave of compliance to 21 CFR part 11 so the first wave of compliance started back in April 1997 and even before upon the first release of 21 CFR part 11 and these were companies that perceived some requirements from the FDA and began remediating existing computer systems to comply with their interpretation of what R11 required but almost immediately after this companies like documentum put forth the concept of a huge repository of quality control documents and over time these companies began to introduce proprietary electronic signatures for signing and approving these documents so a proprietary electronic signature means that you're authenticating an enter a reasing code and associating this information with a document stored inside the repository of the quality management system it's part of 11 the client it works if you have a license and access to that document management system but you extract signed documents and share them with other individuals that are not licensed or other entities that aren't part of your own organization or if you ever decided that you wanted to replace that document management system with a new document management system you were stuck with a legacy system so the third wave really started back around year 2201 in our market led by J and Jane fizer who began to deploy digital signatures so with digital signatures you're actually signing the documents the documents have trust independent of the repository so you can take documents send them to part to individuals that don't have a license don't have access to documentum or another another system and you could replace these systems over time without having to concern yourselves about part 11 compliance so today most of the major electronic document management EDM vendors support digital signatures this includes the Microsoft SharePoint and SharePoint based Quality Management Systems companies like NEX dos with every system they sell they include a stand standard digital signature support or the traditional uh document management quality management vendors they're now migrating to support uh SharePoint or embed the technology as part of their standard offering as well as many of the leading workflow vendors that bolt on to these systems companies like NX and K2 the benefit to end user organizations for using digital signatures and quality and audit operations is four-fold this includes increased security in compliance to support audits but more importantly we hear back from these companies is that there's ways they can be they can comply and be secure but the ability to get documentation signed and secured quickly is the major driver for digital signatures as well as obviously reducing all the cost associated with paper documents as I mentioned before by using digital signatures you're severing the electronic records and the signatures from the the document Repository which gives you the flexibility and Agility to migrate to newer and better Technologies in the future going back to an aim study at the three top reasons for using digital signatures again this is across all Industries I would have thought that everyone would have said saving money which obviously is a major driver but the top two reasons are actually Saving Time speeding up approval processes and limiting the downtime it takes of staff to be able to scan copy route sign documents with deployments of digital digal signatures in quality and audit operations you always have to consider how you're ventling a user to be able to digitally sign documents before someone can sign you need to prove who they are quality management systems are a a very closed system not an open system as I described before but digital signatures are used prevalently in this this uh application note that almost all of the signers would be internal employees of the signing organization and for the most part all the verifiers as well so I'm not sending documents quality documents typically to outside parties so identity verification is very easy since they're your own employees these employees have been onboarded they've been ID proofed ing to your HR policies typically they're then given access to the network directory structures active directory or ldap and they authenticate against the network access by using active directory or ldap credentials username and password so this ultimately is known as high Assurance digital signal the highest level of confidence you have that the person that's signing a document has been properly vetted in order to sign the next application I'll talk about is uh related to site monitoring operations so we're talking about documentation that a CRA might have to sign as well as maybe a project manager after visiting a site or closing out a site so this the field uh based CRA typically working out of a home or remote office it needs to complete agree with their project manager what the final uh format of the report is and content and then need to sign and in the case of a cro submit this back to the sponsor within 10 business days sometimes these reports are generated as part of a clinical trial management system but many companies today still use word or PDF or some even still use paper forms with wet s ink signatures that need to be priority mailed and managed so if you look at kind of a visual of what this application looks like you're talking about a homebased CRA out in California who visits a site maybe returns back to a hotel room or to their home office completes the report submits it back to the C's home office where it's reviewed and commented on and there's a bunch of back and forth and then maybe a week later they agree that the reports in the final format and content so then the document is printed signed FedEx to the home office the project manager or the head of kintop signs it again and then submits it to the sponsor obviously this is a very timec consuming costly operation in fact some of the top five uh C that we do business with estimated that they spent between a half a million and a million dollars per year in priority mailing cost alone for paper based documentation looking at the value proposition again for site monitoring operations obviously security and compliance but speed is very important being able to allow the CRA to spend more time on developing highquality reports and the productive activities of monitoring the sites and not spend time on uh finding a printer to print out a document sign it and find a FedEx still open Talking specifically about the cost of the ability to reduce cost associated with paper-based documentation there's a number of sources that we can reference including a study from about 10 years ago that was done by KPMG they estimated that a typical document that's copied about 10 times cost anywhere from $18 to $20 as high as $120 if the documents lost or damaged Dr pitne Bose from about seven years ago did a similar study for a single copy of a paper document from its birth on a printer to its death on a shredder within a simple single location typically cost around $10 and fizer did their own study back about five years ago where they estimated that the cost of a single wet signature and all the things associated with that would cost them about $30 over the lifetime of that document some of the unique considerations for site monitoring operations I talked about the need to Identity proof and authenticate someone before they're allowed to sign now site monitoring is an open system ing to my definition where documents may be signed by employees within an organization but there's outside parties such as is the sponsor the need to trust and verify these signed documents verification of the identity of the signers is still relatively easy and still provides High assurance and this is because the signers whether they be direct employees or contract cras are ID proof during the HR on boarding or upon being contracted for a study and typically added to the organization's user directory structure and again need to authenticate against the network using their ldap or active directory credentials however there's an additional factor of consideration here and that's how do I Bridge trust with these outside parties that I'm sending documents with so how is this trust established well this is a core concept of pki based digital signatures so the relying party party receiving the documents needs to establish Trust of the of the public identity of the signing organization this is typically performed through a one-time signing ceremony so if I'm receiving documents from a business partner I don't need to implicitly trust the identity of each individual and sending me documents I only need to establish trust in the organization's public identity in order to then trust allign documents from any employees from that organization and there's multiple methods to to establish this trust today the most common model is what's known as controlled trust this is a ceremonial one-time process where if I'm signing documents I'm going to put my public my company's public root certificate public identity on a web page and allow any outside party to take that public identity that root certificate and publish and distributed throughout my company there's other trust models Microsoft has a trust model Adobe has a trust model these trust models are less common and there's a constant attle between Microsoft and Adobe about who actually controls these models Microsoft tends to be used for Microsoft documentation only Adobe for Adobe documentation only so there's no uh cross trust established with these um web trust entities there's also another entity within the biopharma market called safe biopharma safe biopharma is a an organization that started about 10 years ago a nonprofit that has their own trust model today it's only used by a handful of of some are larger pharmas and still not used widely but it's an interesting concept for the marketplace now the last application I'll talk about for the use of digital signatures is within e-clinical portals specifically I'll talk about signing of regulatory packet documents that are part of the electronic Trial Master file the study binder these are sponsored generated forms FDA required forms include the IRB approvals but also the investigator sub investigator and coordinator signatures on things like the 1572 informed consents the protocols the trial agreements and other documentation as well as the periodic midstudy updates throughout the course of the of the study and these are mandatory documents documents to sponsor in the crl must have the sites and RB sign before they can uh initiate a site to start scheduling visits today most sites handle these documents either receiving them electronically or in paper format regardless they print them to paper sign them with Inc and the documents back to the sponsor or C looking at our world again we're talking about documents that are generated by the sponsor distributed by the sponsor or the cro out to the sites the sites need to review these documents sign them also have their RB sign them and submit them back to the cro or the sponsor ultimately submitted to the FDA as part the E sub Mission value proposition for digital signatures here is uh manyfold but the main driver here for the pharmaceutical companies and the cro is speed it takes quite some time to initiate a site and having a bottleneck being just the signatures on required documents is something that you want to eliminate to be able to focus on other activities where you can speed up the site initiation process so graphically showing this uh with site initiation you're eliminating the bottlenecks we are simply stopped at a stop sign waiting for a a digital signature or an approval and instead you want to be on the autobond or very least using an easy pass to uh cruise through the toll booths at 60 miles an hour not waiting in line to to pay your $5 do there's many approaches to uh delivering e-clinical portals and most of these approaches today support digital signatures this include software vendors that provide the Eco iCal portals companies like nexs montam Pharma Solutions perceptive informatics Etc and the SAS vendors so pay to use their software as well as some of the traditional clinical trial management vendors entering this uh this market so trying to extend debly clinical or perceptive informatics impact out to include document management as well as document signing and obviously custom applications so particular some large Farmers like to build their own so they can customize it to their own needs un like the first two examples with uh quality management and audit support as well as trip reports identity proofing authentication is a different set of rules here with e-clinical so these are purely open systems and a high percentage of the signers as well as the ver verifiers are non-employees of the company that's hosting the digital signature service idty verification identity proofing is much more challenging now we consult with our clients we usually recommend they start by benchmarking what they're doing today so this benchmarking looks and examines what the needs are today in the paper World typically the regulatory packet documents would be printed the paper FedEx to the site have the site review fill F and then FedEx back and nowhere in this process did anyone actually verify who was applying that ink to that paper document and looking at their driver's license or other government issued ID in order to verify that this person is indeed who they say they are but that's the that's the Benchmark that we're dealing with today it's not to say that we don't want to improve on this low level of assurance when we go Electronics so typically companies are striving for at least a medium Assurance where their signers can be ID proofed Maybe by self-registering themselves but requesting them to enter enough unique information to establish uh themselves including a verifiable email email address perhaps further enhanced by a phone contact or even maybe having a CRA visit them in a face Toof face encounter during the the site kickoff or this can include High Assurance so bolting on additional activities that further verify the identity of the signer this can be the use of uh third-party verification Services there's companies like Lexus Nexus Experian RSA ideology that pull questions from public records and quiz the individual about things like for the following vehicle which the which of the uh following insurance companies have you had insurance with within the past 18 months questions and services we've all dealt with and dealing with web applications today regardless once the identity proofing has taken place then the signers are placed in an existing user directory structure could be the internal ldap and and active directory of the organization or more common like a SQL or or Oracle D database and then the signers are forced to authenticate based on the username and password that they selected when they register with the system so in summary they leading quality management document management clinical trial management and e-clinical Technology suppliers and vendors many of them support digital signatures many large sponsors and C are using today and hundreds Al together including medium and small uh life science organiz ations with our own cosign product I can tell you that today eight of the 10 top Pharma use it five of the top 10 medical device companies and over 40 cro so the use of digital signatures is quite broad well over 20,000 different C and well over 20,000 different sites and irbs are using the technology today now I'm going to open up the floor for questions and I'll also leave my contact details in here in case we run out of time there's a specific question that you'd like to ask me uh by simply emailing FDA AR rx.com roaj thank you very much indeed Kevin Davis from bio it world back with you to run through some questions uh following that excellent presentation and uh how refreshing to have a such a non-promotional presentation as well so I hope you found it very informative we've had well well over 100 people on the on the web Symposium we received a bunch of calls in advance rod and I've had more than a dozen come in while you were speaking I'm going to go through them as quickly as we can keep your answers brief if you could so that we can try and get them all in some you may have covered already in which case it's just make a note of that we had a few people come in late and uh there's no harm in just uh uh reinforcing a particular Point um I've grouped them into four rough categories we've had a bunch of questions on format uh issues many on uh how how widely accepted digital signatures are some about the global um acceptance of digital signatures and then some technical questions um more specific questions and we'll get to those before uh we reach the end of our time so let me uh start at the top and we'll work work through them and where people uh put their questions in during the webinar I'll call out your first name and that'll sure that you hear your question and hopefully the the response if we if Rod doesn't have time to really address the question quite to your liking uh you have this email contact information on the screen and he's he's made it clear he's welcome you're welcome to contact him uh and as you've already seen slides will be made available via link once the recording process is complete that'll be in the next few days so rod on the question of format is there a standard format for electronic signatures among federal agencies yes at the US federal government level that's where assume this is being driven by this question US federal government has standardized on digital signatures so you won't see electronic signatures used although perhaps there's some Rogue departments or agencies that may use it to sign uh lowlevel things like um expense reports for time sheets but in general the US Departments and agencies all use digital signatures we obviously do a lot of business with the with the US federal government likewise in Europe in Europe the governments throughout all of the EU all have standardized on digital signatures some of the uh governments in Europe are a little more Loosey Goosey on allowing things other than digital signatures to be used uh other countries like Spain Italy Germany Etc are very rigid and uh only allowing the use of digital signatures okay are there any differences in electronic signatures between word and PDF documents again I'll address this from a digital signature perspective so a standard electronic signature or digital signature um ultimately the resultant signature is the same and that uh you're able to sign a document and the recipient of that sign document can verify who signed it when they signed it why they signed it and what was signed um because the file formats are slightly different the features of digital signatures are are a little bit different with a digital signature applied to a PDF they're always signing the entire PDF however you can make changes to that PDF for example if it's a fillable PDF and resign it as I mentioned before you always get this versioning concept so you can go back and compare how the changes took place over time so there's an audit audit Trail and revision history inside of the PDF with office it's slightly different with office um you don't get a revision history you get the ability to sign all or part of a word or Excel document and as long as no one modifies the content that's been signed then the signatures are valid now I know that Microsoft only supports the signing of the entire file and locks the file but vendors like ARX uh have developed additional support to be a little bit more granular and what can be signed Within A Word and Excel document what types of digital signatures are used um is it just Adobe Acrobat or scans permissible other programs a digital signature is uh is a standard which includes the two main components of a digital signature are a unique mathematical cryptographic key that's issued to a signer and secured by that signer that no one can ever access and it's protected by a centralized server like in our cosign product or a smart card a USB and some it approaches as well as an ID card for the signer uh the ID card is the digital certificate so with these two items you can you can sign documents you can include the digitized graphical signature you can acquire these digital certificates and these signing keys in multiple ways but the the similarity is is the same regardless of the vendor Jennifer wants to know for the new 1572 in PDF format the digital signature option is not compatible with the cosign software her organization has what can she do if you go to the fda's website um the FDA has actually started to uh you know they've always published um sample forms like the 1572 in word time in HTML and PDF a few years ago the FDA for for um a few other documents began to include additional logic to make the the fillable forms uh easier to follow and complete correctly as well as uh once the been the the form's been filled it reveals a button you can click to then digitally sign the document this is a usable feature if you're signing with Adobe Acrobat it's not so useful if you're you're signing with other techniques including the way our our cosign supports it but there's no requirement to use these forms so you can take your own own 1572 other document and uh configure it with the logic in the signature fields that you want in order to assign this properly well to talk a little bit about Fe structure is and this question came from Cindy is the typical fee structure by the volume of signatures the number of users or is it a set fee per month or per year depends on the vendor vendors charge purely by user some charge purely by volume uh vendors like uh like my company we have two models one per signer one based on number of signers one based on number of signatures so the number of signers model would work well with employees whereas the number of signatures model would work well with outside parties like the investigators who may only sign a handful of times okay excellent I've got a group of questions now talking about sort of how widely accepted digital signatures are and what some of the exceptions might be um the first two questions are sort of flip sides of the same coin one is are there any submissions to federal agencies that require ink signatures or as Cindy put it are there any regulatory or government bodies that do not accept e signatures answer the first part first and then maybe if you can trigger me to answer the second ask the second question again I think the first one might be driven by uh the use of the electronic submissions Gateway the ESG that the FDA has um if you toggle around I know it's a little confusing to go through that website but it explains where and when digital signatures might be required to use the electronic submissions Gateway the dirty truth is that the FDA really could care less what the format is of the signatures on the documents that are part of the submission it could be a digital signature it could be an electronic signature it could be a paper document that's scanned into electronic format they really don't care in fact even with digital signature sometimes they prefer that you flatten that PDF so that the digital signature itself is no longer an active component when the FDA ESG talks about digital signatures in my in my mind they're actually talking about a digital certificate used for authentication so they want you to either acquire a digital certificate or create your own self sign certificate in order to identify yourself as part of the submission so that they know that the submission is coming from person X and all the associated documents will accept in just about any format C's question regulatory bodies that do not accept e signatures you read federal and state of electronic signature directives so the federal e sign passed in 20099 whatever it was and the state uas the state uas Echo the federal guidelines and 46 States all use the same language four states use modified variations there's a few few uh document types or application types that they say you can't use electronic signature with and this includes like bills um utility turnoff notices I think there's one other document that that strangely ended up in this this language um I'm not that familiar with the electronic signature directive in Europe to say if any country specifically does not allow electronic signatures for certain applications but it's it's very small all right let's uh take the next two questions what are the requirements for electronic signatures on archive ecrfs case report forms or Michael wanted to know can the digital signature process be integrated with various ctms or EDC systems used across the industry so just take those uh specific example ecrfs ctms and EDC okay so ecrfs first I do a lot of business with uh with EDC companies and they're using our product for internal use to to sign quality control documents to support audits this includes you know all the all the largest players in this Marketplace to dat we don't have any of those vendors using our co-sign product as part of their their product or service offering to sign the ecrfs and honestly the uh the FDA really doesn't care um about the the format of those electronic approvals within the system so uh in general digital signatures aren't being used for that that said we do have some cro customers that have developed their own edcs and want to use cosign to uh to sign the ecrf so so in these cases our our customers are just saying hey you know it's a signature is a signature we use we use a digital signature even though it may not be required but it it suits our needs right um the second part of the question ctms or EDC systems ctms or what was the second part EDC electronic data capture systems EDC yeah so I talked about EDC ctms digital signatures obviously are commonly used in any type of collaborative um ecosystem where trust needs to be bridged across multiple organizations and so this has been a target for us over the past eight years as we've we've targeted the life sciences Marketplace and I originally thought that ctms would be the perfect market for us to uh to go after but we found found out is that over the past five years is these investigator portals these e-clinical portals that are very document Centric and providing the ability to visualize and sign and manage study binder documentation regulatory packets and ETFs this is where digital signatures are being used whereas the ctms is are really just a dashboard uh pulling information from different databases now that that's that's the rule the exception is now some of these cpms vendors are starting to pay attention to the to the document world and and considering adding digital signatures uh R early on in your presentation you showed a certificate and Jennifer wanted to know uh she asked the certificate shows an expiration date in the background while the key does not truly expire she writes so how do we explain that to an auditor again it depends on the technology chosen whether you you went with a vendor or build it yourself or use our cosign product I'll talk about our cosign product since this is this is what I know with cosign um keys are generated and certificates generated for an individual as soon as someone adds them to active directory or whatever the network user directory structure is likewise if you pull someone out of active directory or the user directory structure instantaneously that key is deleted and certificate revoked or if you modify information about an individual um that will be automatically refresh in their certificate or at the end of each year if that user is still a valid user in the Directory Group for cosign it's going to go ahead and renew that certificate so this is the way we manage certificates if you're using like a smart card-based approach then it's a different story and um you would have to ask those vendors but the bottom line is you have employees wandering around with smart cards with certificates that may or may not be valid so it's much more challenging to have to retrieve those those smart cards in order to revoke the certificates and signing Keys okay next question the verification of sign doc is concerned Uh Kevin as far as the verification is concerned you don't have to worry about what happens if you have a document you're verifying it past the expiration period of the certificate of the signer because the applications only look to see if that that signer had a valid certificate at the time of signing what happened after that is irrelevant all as you're looking for it to see was this a valid valid user valid signer at the time the signature was applied okay this question came in the web yesterday has there been resistance from clinical trial sites in using this technology dcri I'm not sure what that stands for but dcri the question goes on is getting ready to use an e doent management system to facilitate and manage Regulatory and contract documents for participating sites it does not it does involve digital signatures so has there been any resistance from the sites that you know of for the person who asked that question at DCI I happen to know uh what's what's going on there so they can contact me directly but I'll talk about the macro view your sites are resistant against technology some sites are resist against technology um in many ways with EDC with digital signatures with other with other type of tools what we found the best approach is to give them the ability to use the technology without having to download any software or Hardware they can just access sign documents through the internet and have the user us interface for the signing environment to be very simple and will only require them to be prompted to enter your username enter your password and your reason code and the document signed okay DCI I'm told is the Juke Clinical Research Institute um a question a couple of questions that we'll just roll into one um and we'll have and we'll have to keep the answers nice and and short now Rod to squeeze in as many questions as we can in in the time remaining the global acceptance of electronic signatures um how much are electronic signatures already available to hcps participating in clinical trials uh in the rest of the world how is it applicable in developing countries like India for example and what are the requirements for hcps outside the US to get electronic signature tools can you talk about that talk about Europe a little bit what about India and and uh you know China and places like that well India's unique and that India is one of the few countries in the world that's actually tried to enforce the use of digital signatures by citizens so when you submit your tax uh returns in in India is they're trying to force all the citizens to be have to use a a unique digital signature they acquire from the government to sign their documents so I'm not even familiar with the technology they're they're using but I can only imagine the logistics of managing a billion person digital signature deployment for signing tax tax returns regardless their legislation considers an accepts digital signatures there's there's uh there's bound to be countries in the world that developing countries that don't understand what a digital signature or electronic signature is and have their own unique requirements that said um we do business in just about every country in in um South America and most of the uh the countries in Africa and obviously the major players in Asia as well so for the most part unless you're conducting a study in a in unusual geography which which we can talk about these countries accept digital signatures and electronic signatures by the way squeezing some technical questions now I apologize in advance I we're just never going to get through every question i' I've seldom seen a response from the audience like this so that's good it means ARX will have to sponsor another web Symposium and we'll get you back on the technical side Cindy wanted to know um does this system fulfill socks s Sox e signature requirements once signed can the signature be erased those are two I didn't talk about sock um I think I on one more slides I you know when I was talking about uh FDA audits you know you can any it's any audit it's an internal audit Hippa audit socks audits but yeah sure we have clients that use it exclusively for uh for supporting socks compliance okay once signed can the signature be erased uh it depends on the the file format that you're signing in the application um associated with how you're managing that document for instance in the way we sign uh office documents you can choose whether anyone no one or only the signer can remove signatures likewise PDFs they have their own unique settings and and with either of these you also have the option to you know make read only the documents after they're signed or more importantly um most companies don't care too much about this if they're storing the the resultant signed documents in SharePoint or some document management system where there's a revision history so even if someone can go in and try to remove signatures upon checking back into the repository it's going to version it you'll see hey someone's fing around with the documents Tina asks uh how do you ensure that the PDF signature isn't created by a person who is not actually the person so could somebody create a signature for somebody else yes so I talked about this with the identity verification and you know tying the ability to give someone a credential to sign with to HR onboarding policy and procedure and use a directory structure or through some type of you know outside party of site that you've you know you put them through some exercise to prove who they are that's that's the way this is handled with Adobe specifically you'll notice that adobi allows you to create a self- sign certificate just to play around with the technology and then if you want to use production use for for Adobe they'll point you to ARX or or one of their Partners a selfs signning certificate is like an ID card you created in your basement and it may get you in your kid's uh treehouse in the backyard but it's not going to get you to get a a cash a check cashed at the local bank or get you through security at the airport you know you can you can always create your own certificate but the ability for someone to trusted is a different story unless it's uh unless it's an organizational trust as opposed to an individual user trust uh few more questions before we close Susan wanted to know how does the electronic signature last through time when looking at new technology 10 years ago for example we were using entirely different electronic media again why I mentioned the PDF is used more commonly so in case you're not aware the iso 32000 standard for the pdfa the PDF archive standard includes digital signatures and its definition what this standard tries to do is to come up with a standard that's published and maintained over time for how you can uh create a viewer to make PDFs human readable in the future and obviously verifiable from a digital signature perspective so even if adobi goes out of business or whatever vendor takes over that market out of business is you can still you can still have access to a verifier and um a viewer to verify these PDFs Microsoft that's your decision Microsoft hasn't had the best track record as far as backwards compatibility they're getting better but if the retention period of documents you're signing is a short period of time then perhaps signing them into word or Excel or some other format is fine okay uh Cindy again asks do e signatures work with Mobile Security software such as mobile iron the for signing purposes uh we're talking about mobile Computing devices we're about we're talking about the ability to sign documents from iPhones from iPads from other smartphones etc for document signing there's other uses of the technology not to be confused with things like signing of web servers and things like that which is a completely different technology but as far as is is you making the technology usable this is talking about the clinical sites adopt this I can tell you that accessing filling and signing a document and an iPad is convenient I've done the same thing on an iPhone and you know doing lots of things on an iPhone or any smartphone is a little more challenging with the limited real estate you have on the display I think we'll make this final question uh Rod um this is from Eve who asked how can a small company providing clinical Staffing and healthc care services do digital signatures can we integrate your digital signature system into our homebuilt application are there some standards that we can use to build our own if we can't afford your own your ARX system yeah I would suggest that uh you contact me we we deliver our cosign product and cosign is a product it's not a service to a lot of small entities we have C of less than 20 employees as an example you can build your own I mean you can use Microsoft CA Microsoft certificate Authority and then glue together a bunch of things to make your own digital signature infrastructure but um uh again the reason to contact me is that the cost of the certificate and the signing key is inconsequential to the cost of managing your own digital signature infrastructure and many companies including J&J and fizer who are the early Pioneers in this market found out that managing a homegrown digital signature infrastructure can be very painful from an ongoing support perspective Ro thank you very much the presentation was great and the uh the Q&A uh I think very uh instructive for our audience we've crept over the hour mark and I think we should draw this to a close and let the audience get on with their other other chores um thanks uh to everybody who sat in on the uh webinar today the byy world web Symposium on enhancing clinical operations with digital signatures our thanks to ARX for sponsoring the web Symposium and of course our guest speaker Rod schleff who handled the presentation on his own which is rare but I think the the the value of the information was exceptional so many thanks to you and to all the questions and on behalf of my colleagues who this symposia series together and did it flawlessly as usual I'm Kevin Davis for Bio it world thank you again and for those of you who didn't get your question answered again I apologize we ran out of time but you can contact Rod directly and I have no doubt he will gladly take your questions offline and be as responsive as he can so thank you to irx and thank you all for listening Kevin Davis goodbye for now