Electronic signatures should be instituted in a manner that is reasonably likely to prevent
fraudulent use. Therefore, the part 11 regulations require that an organization verify the
identity of an individual before the organization establishes, assigns, or otherwise
sanctions an individual’s electronic signature or any element of such electronic signature
(see § 11.100(b)). The electronic signature should also be implemented in a manner that
prevents repudiation by the signatory and includes safeguards to confirm the identity of
the individual and safeguards to prevent alteration of the electronic signature.
FDA does not specify any particular method for verifying the identity of an individual
and accepts many different methods. For example, verifying someone’s identity can be
done by using information from some form of official identification, such as a birth
certificate, a government-issued passport, or a driver’s license. In addition, use of
security questions to confirm an individual’s identity may also be considered.