Spira 5.0 Preview - Digital Signatures

When developing software, systems and hardware for use in medical devices, healthcare IT systems or pharmaceutical processes, you need to follow a requirements and quality management process that complies with the FDA Title 21 CFR Part 11 set of Federal Regulations. Part 11 (as it's more commonly called) defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.

One of the new features in Spira 5.0 is support for digital signatures as described in part 11. This article gives a glimpse into the new functionality coming in Spira 5.0 and how it will help customers in the healthcare and medical fields adopt the system.

Specify Signature Required in Workflow

In Spira 5.0 you can specify which transition in a requirements, test case, release, defect or task workflow needs a digital signature:

For example you might require a signature when requirements are approved or rejected but not when they are deferred. This gives you flexibility to match your process as defined in accordance with Part 11.

Make Change that needs Signature

When a user executes a transition that requires a signature, it will tell Spira that a digital signature is required:

Dialog Box Pops-Up

When the signature is required, a special dialog box is displayed:

Enter Login/Password and Meaning

The user has to re-enter their login/password and the meaning of the signature, even if they are already logged in:

History is Recorded

If they correctly enter their login/password, a history item is logged that records the change. In addition, the meaning is added as a permanent comment associated with the artifact:

Signature is Hashed and Verified

The ID of the user that made the change, the ID of the artifact and type of artifact as well as the timestamp of the change is combined into a signature that is SHA256 hashed. This hash is then stored with the history change record:

When the history records are displayed, the data is dynamically re-hashed and compared with the stored hash. This prevents someone tampering with the data, so Spira will display a special legend to indicate that the digital signature associated with the change is valid.

digital signatures fda healthcare 21 CFR Part 11

About Inflectra

Our mission to helping our customers - large corporations, small businesses, professional services firms, government agencies and individual developers – with the means to effectively and affordably manage their software development and testing lifecycles, so as to decrease the time to market and increase return on investment.

At Inflectra, we are fully committed to provide our customers with the very best products and customer service. We believe in going the extra mile to ensure that each customer is satisfied with our software products. We have the experience and the commitment to deliver the products customers need to deliver their projects and assure quality every step of the way. (Learn More)

Our Guarantee

We are so confident that you will be fully satisfied with our products that we offer a 30-day, unconditional, money back guarantee! (Learn More)