What is an “Electronic Signature”?
Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. (21 CFR 11.3)
In other words, to Electronically Sign a document means to execute of a series of actions that are secret and unique to each user. Excluding biometric methods, this is typically achieved with a unique ID and a “secret” (e.g. username and password or token.)
Is it ok to use the Confluence password as secret?
Not ideal, especially if the accounts are managed. An admin could potentially impersonate another user and apply electronic signatures on its behalf. In addition, Atlassian accounts password need to be set to have an expiry date (not a default option).
e-Signature apps in Confluence
Confluence itself has no such feature as electronic signature. In order for you to sign your documents in Confluence, you will require a Confluence app to do so. With a long list of e-signature apps available on Atlassian Marketplace, we provide you with a list of requirements you should look for when choosing one that is compliant with 21 CFR 11. We also provide a comparison of 18 e-signature apps on Confluence Cloud.
What should I check when looking for an App with compliant e-signatures?
When you and your team are choosing an e-signature app, you can use this checklist below at the product demos to ensure your chosen app is compliant. All the listed questions must have a positive response for the e-signature app to demonstrate that it is 21 CFR 11 compliant.
Requirement | Y/N | Comment |
---|---|---|
1. Does signing require the user to enter a “secret” such as a password or token? | ||
2. Is this secret unique to each user? | ||
3. Does the app record the name of the signer? | ||
4. Does the app record the date and time when the signature was executed? | ||
5. Does the App record the meaning (such as review, approval, responsibility, or authorship) associated with the signature? | ||
6. Is it possible to automatically add the above information to a page or somehow export this information? | ||
7. Can a user apply a signature only when they are logged in with their own account? (i.e. a user should not be able to sign for another user even when knowing the secret, nor be able to sign anything if not logged in) | ||
8. Does this secret “expire” or requires to be changed when certain conditions are met? | ||
9. Can an Admin (or equivalent super-user) remove the ability to sign from users? (e.g. unpair an authenticator or reset a password) | ||
10. Are admins / super-users prevented from impersonating other users? | ||
11. Are signatures univocally linked to a page(s)? (i.e. signatures cannot be transferred to other pages, if a page is copied the signature should always remain only with the original page) |
Comparison of e-Signature Apps on Confluence Cloud
This is a comparison of the 18 most popular e-signature apps on the Atlassian Marketplace and there may be others available. Please note that for some Apps the assessment was made using the App manual.
App Name | Vendor Name | 21 CFR 11 Compliant? | Comment |
---|---|---|---|
SoftComply Document Manager | SoftComply | ✅ | Ok, it’s our own App… but it was designed from the beginning to be 21 CFR 11 compliant. |
Comala Document Management | Appfire | ⚠️ | Mostly compliant, but there is no built-in way to add the signatures to a page, unless you use other Apps such as SoftComply Change History | Atlassian Marketplace |
eSign Electronic Signatures for Confluence | Digital Rose | ✅ | None |
eSign Document Management and Training for Confluence | Digital Rose | ✅ | None |
Document Control for Confluence Cloud | Phase Locked Software | ✅ | None |
Workflows for Confluence – Document Management & Approvals | AppFox | ✅ | None |
Contract Signatures for Confluence | Warsaw Dynamics | ⚠️ | Not all required information is rendered in the page when using the appropriate macro. |
Comala Document Control | Appfire | ⚠️ | Mostly compliant, but there is no built-in way to add the signatures to a page. |
Real Signature for Confluence (In-Person Signing) | BDQ | ❌ | Based on digitalization of handwritten signatures. Not all information are reported in the page. |
Comala Document Approval | Appfire | ❌ | No secret required to sign a page. |
Page Approval for Confluence | Appfire | ❌ | No secret required to sign a page. |
Approval for Confluence (Workflow, Slack, Email, Expiry) | Capable | ❌ | No secret required to sign a page. |
Capable for Confluence (All-in-One Collaboration Toolbox) | Capable | ❌ | No secret required to sign a page. |
Breeze – Document Management, Review & Approval Workflows | B1NARY | ❌ | No secret required to sign a page. |
Approval Path for Confluence | Warsaw Dynamics | ❌ | No secret required to sign a page. |
Approvals for Confluence | AppFox | ❌ | No secret required to sign a page. |
Gears Approval for Confluence | hktx.cn | ❌ | No secret required to sign a page. It is VERY similar to AppFox’s Approvals for Confluence. |
STAGIL Workflows and Fields (Documents Management & Search) | STAGIL by catworkx | ❌ | No secret required to sign a page as it is controlled by Jira workflows. It may require a signature App from the Jira side. |
To learn more about the 21 CFR 11 requirements and compliant e-signatures, please check out our blog post about it here.
To check out the compliant document management app from SoftComply, feel free to book a live demo call with our team. Or try it out for free for 30 days on Confluence Cloud.