When an individual logs into an electronic system using a username and password, it is
not necessary to re-enter the username when an individual executes a series of signings
during a single, continuous period of controlled system access. After a user has logged
into a system using a unique username and password, all signatures during the period of
controlled system access can be performed using the password alone (see § 11.200(a)).32
The signed document must contain information that clearly indicates the printed name of
the signer, the date and time the signature was executed, and the meaning associated with
the signature (see § 11.50).
In addition, in such cases, the signing should be done under controlled conditions that
prevent another person from impersonating the legitimate signer. Such controlled
conditions may include (1) requiring an individual to remain in close proximity to the
workstation throughout the signing session (2) using measures for automatic inactivity
disconnect that would de-log the first individual if no entries or actions were taken within
a fixed, short time frame and (3) requiring that the single component needed for
subsequent signings be known to and usable only by the authorized individual.33
To make it impractical to falsify records, the electronic signature component executed for
initial signing must be used only by its genuine owner (see § 11.200(a)(2)). The
electronic signatures must be administered and executed to ensure that attempted use by
anyone other than the genuine owners requires collaboration of two or more individuals
(see § 11.200(a)(3)).
