Biometrics means “a method of verifying an individual’s identity based on measurements
of the individual’s physical features or repeatable actions where those features and/or
actions are both unique to that individual and measurable.”34 Examples of biometric
methods may include fingerprints, hand geometry (i.e., finger lengths and palm size), iris
patterns, retinal patterns, or voice prints.
Electronic signatures based on biometrics must be designed to ensure that they cannot be
used by anyone other than their genuine owners (§ 11.200(b)). Therefore, suitable
biometrics should be uniquely identified with the individual and should not change over
time.
FDA does not specify any particular biometric method upon which an electronic
signature may be based. Electronic signatures based on biometrics are accepted if they
meet the requirements found in the part 11 regulations, as stated earlier in this section
(i.e., the signed electronic record must contain pertinent information associated with the
signing (see § 11.50), the electronic signatures are subject to the same controls as the
electronic records and must be included as part of any human readable form of the
electronic record (see § 11.50(b), and the electronic signature must be linked to its
respective electronic records (§ 11.70)). In addition, biometrics should be performed
based on government and industry standards. For example, the various government
agencies and standards development organizations that develop biometric standards
include the following:
• National Institute of Standards and Technology
• International Committee for Information Technology Standards
• International Organization for Standardization/International Electrotechnical
Commission (ISO/IEC) Joint Technical Committee 1/Subcommittee 37
• Organization for the Advancement of Structured Information Standards
• American National Standards Institute.