Digital Signatures for SharePoint

Digital Signatures for SharePoint

Rodd Schlerf

ARx - FDA Markets Manager

Jonathan Schreiber ARx - SE Manager



I work for a digital signature vendor



I will not be speaking about my company’s product, instead I will

be referencing best practices and strategies being used in the

industry as a whole

Rodd Schlerf

Life Science Practice Manager

ARx, Inc.

[email protected]



ARx: the world’s largest supplier of standard digital signatures. CoSign: used by more organizations than all alternatives combined.



ARx has domain expertise and CoSign has a dominant market share in

highly regulated and security minded industries, and government.

ARx Company Overview…

Life Sciences Architectural, Engineering & Construction US Federal, State and & Local Gov’t Finance, Legal & Insurance Healthcare Payers & Providers Labs, Research & Education EU & Other Global Gov’t Energy & Petrochem

ARx CoSign in Life Sciences…

9 of the top 10 BioPharmas

>50% of the top 25

And hundreds altogether

10 of the top 20 Medical

Device Companies

7 of the top 10 Clinical Research Organizations

> 40 CROs all together + the in-house clinical operations of many sponsors And many of the leading Academic Research Organizations

US Department of Health &

Human Services

And many other US, EU and ROW government agencies and departments

20,000+ Investigators Sites, IRBs,

Labs & Clinical Research Associates

Leading Clinical Technology Vendors

And the world’s largest…

Retail Pharmacy Chain Food Manufacturer



Why use Digital Signatures?



Where are they being used?



How are they being used?



Q&A

Digital Signatures are standard electronic signatures. In the US these standards are known as FIPS PUB 186-3, FIPS PUB 180-3, and ITU-T X.509v3. These same standards are recognized, endorsed and adopted by governments, industries, and software vendors globally under NIST, ETSI, ISO, OASIS, IETF, and W3C.

Signer / ID Verification

Signer / ID Verification

Digital Signature(s) embedded

in Electronic Record

=

 Digitally Signed Electronic Records that can be fully trusted – independent

of the vendor, the vendor’s technology, the signer(s) and the signer’s

organization.

 Self-contained, Portable and Sustainable signature record that is verifiable across Geographies, Organizations, Technologies and Time.

Verification – the 3 “I”s

Intent Integrity IdentityIdentity Visible Signature: Embedded Metadata:

Where are digital signatures relevant?

Enterprises and

Government

SaaS Services

And Clouds

Software

ISVs and VARs

An ever-present, secure, and consistent

signature service for employees to sign anytime / anywhere

Add value to your technology investments

and seamlessly complete your business

process automation

A robust, scalable, and easy-to-integrate

signature engine for

signing from any mobile computing device

An ever-present, secure, and consistent signature service for employees to sign anytime / anywhere…

Relevance for Enterprises & Government

Digital signatures are being used throughout enterprises in both FDA GxP regulated and non-regulated operations. Many organizations use digital signatures extensively in integrated with SharePoint for highly regulated applications including their core Quality Management Systems.

GCP

QMS

_ELN

SOPs

GxP

Site Visit Reports

EDM

MES

Electronic Batch Records

GLP

cGMP

Recipes LIMS Lab Reports R&D eTMF CTMS Chain of Custody Regulatory Packets 1572 Certificates of Analysis Patent Documents

Contracts & Agreements

CLM

Training Records Work Instructions Validation Documents

IP

ERP Service Reports C o m m o n E n t e r p r i s e A p p l i c a t i o n s Informed Consents Test Plans ECOs Drawings

CAD

EMR / EHR Product Samples Approvals

A robust, scalable, and easy-to-integrate signature engine for signing from any mobile computing device.

Relevance for SaaS Services & Clouds

Many large (private) cloud applications and (public) SaaS services in the life sciences market use digital signatures as required by the FDA for “open systems”.

Many of these clouds use SharePoint as the collaborative web application and signing interface.

C o m m o n C l o u d A p p l i c a t i o n s

QMS

Patient Assistance & Reimbursements

Shared Services

HR

eTMF

Drug Samples Contracts & Agreements

CLM

Capital Purchase Requests

Virtual Pharma

Investigator Portals

M&A Secure Workspace eClinical CTMS

SharePoint

EMR / EHR

i9

Collaboration

Add value to your technology investments and seamlessly complete your business process automation…

Relevance for Software ISVs & VARs

Many leading SaaS and independent software vendors (ISV) already support digital signatures, and more and more are layering their applications on top of SharePoint.

Most any eForm, workflow, EDM/ECM or other business application can be integrated with digital signatures.

e F o r m s E D M / E C M & W o r k f l o w

SCORE

Components of a Proper Digital Signature

The (3) C’s of a Proper Digital Signature…

1. Compliance

2. Choice

1. Compliance

 Compliance with Digital Signature Standards

CoSign is standard digital signature implementation. These standards include ITU-T X.509v3, and the US designation published by NIST - FIPS PUB 186-3, FIPS PUB 180-3.  Compliance with FDA Requirements

§ 11.30 Controls for Open Systems: Persons who use open systems to create, modify,

maintain, or transmit electronic records shall employ procedures and controls designed to ensure the authenticity, integrity, and, as appropriate, the confidentiality of electronic records from the point of their creation to the point of their receipt. Such procedures and controls

shall includethose identified in 11.10, as appropriate, and additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality.

http://www.arx.com/industries/digital-signature-for-life-sciences-legal-compliance

 Compliance with EU Directive

 Compliance with other Global Standards

These same digital signature standards are recognized, endorsed and adopted by other governments and industries, as well independent standards bodies and software vendors under ISO, ETSI, OASIS, IETF, and W3C.

Digital Signatures are the 3rd _{wave of 21 CFR Part 11}

electronic signature/record compliance strategies

2. Choice

 A proper Digital Signature system should not be: • An eForms solution

• A Workflow solution

• A Document Management solution

 Instead, the Digital Signature system should be a “signature engine”

that easily integrates with an organization’s preferred technologies

Sign directly within common

document authoring tools

Sign directly within

enterprise business systems

Sign within a web application

with a browser from any

3. Control

 You already have ID proofing procedures and strategies – your HR and IT

Security Policies, your Customer & Supplier Screening Policies, and other

supporting technologies and services…

 You already have user-provisioning and user-management systems…

 You already have authentication methods…

It is ourphilosophy that our clients and partners should (must) have the freedom to choose and control the methods, policies, procedures and technologies that best fit their organizational governance and SOPs. You should not be required to re-engineer your business because of the narrow specifications and requirements of some outside party or vendor including ARx. CoSign adapts to your polices, procedures and

June, 1 2007 Issue:

The State of eClinical Technology

“The Value of Digital Signatures in eClinical Applications”

 The price of digital signature solutions has come down dramatically in the past decade as technology advances and more vendors compete.

 However the total cost of ownership (TCO) still varies significantly from one approach to another.

www.actmagazine.com/appliedclinicaltrials/article/articleDetail.jsp?id=431927

1,000 User Analysis



It is not just the price of the software licenses and digital

certificates that make up the total cost of ownership



10 other things to consider:

1. What is the cost to validate and qualify the system? How does vendor support ?

2. How does the system support 21CFR part 11 for MS Office signing?

3. Are licenses from Adobe required to sign PDFs? What PDF viewers are supported?

4. What is the cost/effort to integrate with various business aps? How about validation?

5. Can signing be performed from any PC, MAC or any mobile computing device?

6. Are licenses transferrable? Is there any restriction on # signatures? Any applications?

7. How are digital certificates/keys generated, renewed, refreshed and revoked?

8. How are users managed, and what is the associated system administration cost?

9. How long does the system take to deploy and be operational? Is the system a shared

service or a dedicated product?

 Digital Signatures are not just a replacement for paper. Each digitally signed electronic records contains the (3) I’s. Signer Identity/Intent, Document Integrity

 Trust can be established simply by accepting one-time trust in the public root certificate (public ID) of the signing organization.

 Digital Signatures are being used extensively throughout life science enterprise and public / private clouds.

 The (3) C’s of a Proper Digital Signature system include:

1. Compliance: with digital signature standards, FDA and other regulatory requirements, US, EU and

other country specific requirements.

2. Choice: choose the best digital signature engine. Choose your preferred eForm(s), workflow

automation system(s), EDM/ECM(s) and other complimentary technologies.

3. Control: govern your business according to your own policy, procedure and enforcement systems. The

vendor / system should adopt to you, not vice versa.

And the 4th_{“C” - Cost-Effective. Consider the total cost of ownership (TCO) including 3}rd _{party products}

and services.

Thank You!

Rodd Schlerf

Life Science Practice Manager

ARx, Inc.