We have been working on moving toward future implementation of document encryption and electronic signatures using Adobe Acrobat 9 Standard. I have read 21 CFR 11, and accompanying guidances. Are there any best practice recommendations for how to meet these standards using this technology?
There are some requirements that I am unsure of how to best implement.
- How should we document that we have verified the identity of the individual?
- How should we periodically force revision of passwords, or document that this is done since no one knows each other’s passwords?
- How should we manage certifications so that we can show we deactivate obsolete ones?
- How do we monitor to detect attempts at unauthorized access/use of electronic signatures?
- If our organization wants to become our own certification authority, what documentation do we need or process should we use to validate our certificates?