Spira 5.0 Preview - Digital Signatures | Inflectra

Spira 5.0 Preview - Digital Signatures

When developing software, systems and hardware for use in medical devices, healthcare IT systems or pharmaceutical processes, you need to follow a requirements and quality management process that complies with the FDA Title 21 CFR Part 11 set of Federal Regulations. Part 11 (as it's more commonly called) defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.

One of the new features in Spira 5.0 is support for digital signatures as described in part 11. This article gives a glimpse into the new functionality coming in Spira 5.0 and how it will help customers in the healthcare and medical fields adopt the system.

Specify Signature Required in Workflow

In Spira 5.0 you can specify which transition in a requirements, test case, release, defect or task workflow needs a digital signature:


For example you might require a signature when requirements are approved or rejected but not when they are deferred. This gives you flexibility to match your process as defined in accordance with Part 11.

Make Change that needs Signature

When a user executes a transition that requires a signature, it will tell Spira that a digital signature is required:


Dialog Box Pops-Up

When the signature is required, a special dialog box is displayed:


Enter Login/Password and Meaning

The user has to re-enter their login/password and the meaning of the signature, even if they are already logged in:


History is Recorded

If they correctly enter their login/password, a history item is logged that records the change. In addition, the meaning is added as a permanent comment associated with the artifact:


Signature is Hashed and Verified

The ID of the user that made the change, the ID of the artifact and type of artifact as well as the timestamp of the change is combined into a signature that is SHA256 hashed. This hash is then stored with the history change record:


When the history records are displayed, the data is dynamically re-hashed and compared with the stored hash. This prevents someone tampering with the data, so Spira will display a special legend to indicate that the digital signature associated with the change is valid.

digital signatures fda healthcare 21 CFR Part 11