General E-Signature Requirements — §11.100

General Requirements for Electronic Signatures. Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else, in accordance with §11.100(a). Before an organization establishes, assigns, certifies, or otherwise sanctions an individual's electronic signature, the organization shall verify the identity of the individual, in accordance with §11.100(b). The organization shall implement the following controls: (a) a formal enrollment process for issuing electronic signature credentials, including verification of the individual's identity through government-issued photo identification or other reliable means; (b) each individual shall be assigned a unique combination of identification code and password (or other authentication components) that cannot be assigned to any other person; (c) electronic signature credentials shall not be transferable, shareable, or usable by any person other than the individual to whom they are assigned; (d) the organization shall certify to the FDA that the electronic signatures it uses are intended to be the legally binding equivalent of traditional handwritten signatures; this certification shall be submitted prior to or at the time of first use of electronic signatures in records submitted to the FDA, in accordance with §11.100(c); (e) the certification shall be submitted in paper form, signed with a traditional handwritten signature, to the FDA Office of Regional Operations; and (f) records of all electronic signature enrollments, identity verifications, and the FDA certification letter shall be maintained for the life of the electronic record system or as otherwise required by applicable predicate rules.