Digital Signatures
NirmIQ provides FDA 21 CFR Part 11 compliant digital signatures for electronic records, enabling regulated industries to maintain legally binding approval workflows.
Overview
Digital signatures in NirmIQ:
- Authenticate the signer's identity
- Capture the meaning of the signature
- Ensure content integrity with cryptographic hashing
- Provide complete audit trails
- Support multi-signature approval workflows
Regulatory Compliance
FDA 21 CFR Part 11
NirmIQ's digital signatures comply with:
| Section | Requirement | How NirmIQ Complies |
|---|---|---|
| 11.50 | Signature manifestations | Captures signer name, date/time, and meaning |
| 11.70 | Signature/record linking | SHA-256 hash binds signature to content |
| 11.100 | General requirements | Unique user ID, password verification |
| 11.200 | Electronic signature components | Password re-authentication required |
Other Standards
Digital signatures also support:
- ISO 13485 - Medical device quality management
- IEC 62304 - Medical device software lifecycle
- DO-178C - Aerospace software certification
- ISO 26262 - Automotive functional safety
Signature Types
Approval
Used when formally approving a document or requirement for the next phase.
Example meanings:
- "I approve this requirement as technically correct and complete"
- "Approved for implementation"
Review
Used when completing a formal review without final approval authority.
Example meanings:
- "I have reviewed this requirement for accuracy"
- "Technical review completed"
Release
Used when authorizing release to production or external parties.
Example meanings:
- "I authorize the release of this artifact"
- "Approved for customer delivery"
Verification
Used when confirming test completion or verification activities.
Example meanings:
- "I verify that testing has been completed per requirements"
- "Verification activities completed successfully"
Acknowledgment
Used when confirming receipt or understanding.
Example meanings:
- "I acknowledge receipt and understanding of this document"
- "Training completed"
Signing a Document
Step 1: Open the Item
Navigate to the requirement, FMEA analysis, or document you want to sign.
Step 2: Click Sign
Click the Sign button in the toolbar or detail panel.
Step 3: Select Signature Type
Choose the appropriate signature type (Approval, Review, etc.).
Step 4: Enter Meaning
Select from predefined meanings or enter a custom statement describing what your signature represents.
Step 5: Re-authenticate
Enter your password to confirm your identity. This is required for every signature per FDA 21 CFR Part 11.
Step 6: Confirm
Click Sign to apply your digital signature.
Viewing Signatures
On an Item
Open any signed item to see:
- List of all signatures
- Signer name and role
- Date and time
- Signature meaning
- Verification status
Signature History
View the complete signature audit trail:
- Open the item
- Click Signatures tab or icon
- Review chronological list
Verifying Signatures
NirmIQ automatically verifies signature integrity:
Verification Checks
- Content unchanged: Hash comparison confirms no modifications
- Signature valid: Signature has not been invalidated
- Signer authenticated: Original authentication was successful
Verification Status
- ✅ Valid: Content unchanged since signing
- ⚠️ Modified: Content has changed - signature may not apply to current version
- ❌ Invalid: Signature has been administratively invalidated
Manual Verification
To manually verify a signature:
- Open the signed item
- Click Verify Signatures
- Review verification results
Multi-Signature Workflows
For items requiring multiple approvals:
Sequential Signatures
Signatures must be applied in order (e.g., Engineer → Lead → Manager).
Parallel Signatures
Multiple signers can sign independently.
Workflow Status
Track approval progress:
- Pending: Waiting for signatures
- In Progress: Some signatures collected
- Complete: All required signatures obtained
Administrator Functions
Invalidating Signatures
Administrators can invalidate signatures when necessary:
- Navigate to the signed item
- Click Manage Signatures
- Select the signature to invalidate
- Enter reason for invalidation
- Confirm
Note: Invalidation is logged and the signature record is preserved for audit purposes.
Signature Templates
Create organization-wide signature meanings:
- Go to Admin → Signature Settings
- Click Add Meaning Template
- Enter:
- Template name
- Meaning text
- Applicable signature type
- Entity types (requirement, FMEA, etc.)
- Save
Best Practices
1. Use Consistent Meanings
Use predefined signature meanings for consistency across the organization.
2. Sign Promptly
Sign items when review is complete to maintain accurate records.
3. Verify Before Signing
Ensure you've thoroughly reviewed content before applying your signature.
4. Document Changes
If content must change after signing, document why and obtain new signatures.
5. Regular Audits
Periodically review signature compliance and completeness.
Integration with Workflows
Digital signatures integrate with:
- Requirements approval - Sign off on requirement baselines
- FMEA reviews - Approve failure mode analyses
- Design reviews - Capture design approval decisions
- Test completion - Verify test execution
Audit Reports
Generate signature audit reports:
- Go to Analytics → Compliance Reports
- Select Signature Audit
- Choose date range and scope
- Export as PDF
Reports include:
- All signatures applied
- Verification status
- Any invalidations
- Unsigned items requiring signatures