CDSCO e-signature guidelines – Clinical Research Made Simple https://www.clinicalstudies.in Trusted Resource for Clinical Trials, Protocols & Progress Thu, 04 Sep 2025 23:30:41 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.1 SOP for Electronic Signatures and Identity Management https://www.clinicalstudies.in/sop-for-electronic-signatures-and-identity-management/ Thu, 04 Sep 2025 23:30:41 +0000 ]]> https://www.clinicalstudies.in/?p=7000 Read More “SOP for Electronic Signatures and Identity Management” »

]]> SOP for Electronic Signatures and Identity Management

{
“@context”: “https://schema.org”,
“@type”: “Article”,
“mainEntityOfPage”: {
“@type”: “WebPage”,
“@id”: “https://www.Clinicalstudies.in/SOP-for-Electronic-Signatures-and-Identity-Management”
},
“headline”: “SOP for Electronic Signatures and Identity Management in Clinical Trials”,
“description”: “This SOP provides standardized instructions for managing electronic signatures and identity management in clinical trials. It ensures compliance with FDA 21 CFR Part 11, ICH GCP, EMA, CDSCO, and WHO guidelines for data integrity, system security, and regulatory inspection readiness.”,
“author”: {
“@type”: “Organization”,
“name”: “ClinicalStudies.in”
},
“publisher”: {
“@type”: “Organization”,
“name”: “ClinicalStudies.in”,
“logo”: {
“@type”: “ImageObject”,
“url”: “https://www.clinicalstudies.in/logo.png”
}
},
“datePublished”: “2025-08-26”,
“dateModified”: “2025-08-26”
}

Standard Operating Procedure for Electronic Signatures and Identity Management

Department Clinical Research
SOP No. CR/SYS/059/2025
Supersedes NA
Page No. 1 of 26
Issue Date 26/08/2025
Effective Date 01/09/2025
Review Date 01/09/2026

Purpose

The purpose of this SOP is to define standardized procedures for the use of electronic signatures and identity management in clinical trials. It ensures that signatures applied to trial documents are attributable, authentic, secure, and compliant with international regulatory requirements including FDA 21 CFR Part 11, ICH GCP (E6 R2), EMA computerized system guidelines, CDSCO, and WHO expectations. Proper identity management prevents unauthorized access, ensures accountability, and supports data integrity principles such as ALCOA+.

Scope

This SOP applies to all individuals involved in clinical trials, including investigators, study coordinators, monitors, data managers, sponsors, CROs, and IT administrators. It covers both system-level and user-level management of credentials, assignment of roles, application of electronic signatures, periodic review of access, revocation of credentials, and archiving of e-signature logs in Trial Master File (TMF) and Investigator Site File (ISF).

Responsibilities

  • Principal Investigator (PI): Ensures proper application of electronic signatures to CRFs, safety reports, and essential documents. Authorizes identity creation for site staff.
  • Study Coordinator: Uses assigned credentials for data entry and document review. Ensures passwords and tokens are not shared.
  • System Owner: Responsible for setting up user accounts, maintaining access controls, and managing revocations.
  • Data Manager: Reviews e-signature audit logs and ensures compliance with role-based access policies.
  • Sponsor/CRO: Provides global oversight of identity management policies and approves critical changes.
  • QA Officer: Conducts audits to verify compliance of identity and e-signature processes with regulatory expectations.

Accountability

The PI is accountable for ensuring site-level compliance with this SOP. The sponsor is accountable for maintaining system-level oversight, and IT administrators are accountable for technical implementation and record maintenance.

Procedure

1. Identity Request and Verification
Each new staff member requiring access must submit an Identity Request Form approved by the PI.
The system owner verifies employment records and ensures training completion before provisioning access.
Identity details are logged in the Identity Assignment Log (Annexure-1).

2. Account Creation and Role Assignment
Unique user IDs must be created for each staff member. Shared accounts are strictly prohibited.
Roles (PI, CRA, Data Entry, QA Reviewer, etc.) are assigned based on job responsibilities.
Access rights must follow the principle of “least privilege.”

3. Credential Management
Passwords must be at least 8 characters, contain letters, numbers, and symbols, and expire every 90 days.
Systems must enforce automatic lockouts after 5 failed login attempts.
Multi-factor authentication (MFA) must be enabled where available.

4. Application of Electronic Signatures
Electronic signatures must include user ID, printed name, date/time stamp, and meaning of the signature (approval, review, submission, etc.).
CRFs and safety reports must be signed electronically by authorized personnel only.
Signature meaning must be predefined and linked to system workflows.

5. Authentication and Re-Authentication
Re-authentication must occur if a session is idle for more than 15 minutes.
High-risk actions (e.g., database lock, SAE reporting) require re-authentication before execution.

6. Audit Trails
All signature applications must be logged automatically with time-stamps and user ID.
Monthly review of audit logs must be performed by Data Manager and documented in E-Signature Audit Log (Annexure-2).

7. Access Reviews
Conduct quarterly reviews of user accounts to confirm only active trial staff have access.
Identify inactive accounts and revoke them immediately.

8. Revocation of Access
Access must be revoked when staff leave the study, change roles, or no longer require access.
Revocation details must be recorded in the Identity Revocation Log (Annexure-3).

9. Training
All users must undergo training on secure use of electronic signatures, password management, and system access protocols.
Refresher training must be completed annually or following any regulatory/system updates.

10. Archiving
All identity logs, signature records, and audit reports must be archived in TMF and ISF.
Retention period: minimum 15 years or as per applicable regulatory requirements.

Abbreviations

  • SOP: Standard Operating Procedure
  • PI: Principal Investigator
  • CRA: Clinical Research Associate
  • CRO: Clinical Research Organization
  • QA: Quality Assurance
  • TMF: Trial Master File
  • ISF: Investigator Site File
  • EDC: Electronic Data Capture
  • CDMS: Clinical Data Management System
  • MFA: Multi-Factor Authentication
  • 21 CFR Part 11: FDA regulations on electronic records and signatures

Documents

  1. Identity Assignment Log (Annexure-1)
  2. E-Signature Audit Log (Annexure-2)
  3. Identity Revocation Log (Annexure-3)

References

Version: 1.0

Approval Section

Prepared By Rajesh Kumar, Data Manager
Checked By Sunita Reddy, QA Officer
Approved By Dr. Anil Sharma, Principal Investigator

Annexures

Annexure-1: Identity Assignment Log

Date User ID Name Role Assigned By
10/09/2025 CT-USER-301 Ravi Kumar Study Coordinator PI
11/09/2025 CT-USER-302 Meena Sharma CRA Sponsor

Annexure-2: E-Signature Audit Log

Date User ID Action Document Verified By
12/09/2025 CT-USER-301 Signed CRF Subject Visit 3 QA Officer
14/09/2025 CT-USER-302 Approved SAE Report SAE Log #21 Data Manager

Annexure-3: Identity Revocation Log

Date User ID Name Reason for Revocation Revoked By
15/09/2025 CT-USER-288 Arun Mehta Staff resignation System Owner
16/09/2025 CT-USER-290 Priya Desai Role change Data Manager

Revision History

Revision Date Revision No. Revision Details Reason for Revision Approved By
26/08/2025 00 Initial version New SOP creation Head, Clinical Research

For more SOPs visit: Pharma SOP

]]>