Electronic Signatures | Test Management Features | SpiraTest

Electronic Signatures

In regulated industries such as healthcare, there is often a requirement for specific actions within the quality management system to be signed by an approver. SpiraTest provides built-in support for electronic signatures (digital signatures) out of the box.

What is an Electronic Signature

An electronic signature (also known as a digital signature) is intended to be the equivalent of a handwritten signature applied to a test case, release, or other document that would traditionally be signed by hand. In software testing, electronic signatures are typically used, for example, to document the fact that certain events or actions occurred in accordance with a prescribed workflow (e.g. approved, reviewed, and verified).

Electronic Signatures in Healthcare

When developing software, systems and hardware for use in medical devices, healthcare IT systems or pharmaceutical processes, you need to follow a requirements and quality management process that complies with the FDA Title 21 CFR Part 11 set of Federal Regulations. Part 11 (as it's more commonly called) defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records.

Specify Signature Required in Workflow

With SpiraTest you can specify which transition in a requirements, test case, release, or defect workflow needs a digital signature:

For example you might require a signature when test cases or requirements are approved or rejected but not when they are deferred. This gives you flexibility to match your process as defined in accordance with Part 11.

Make Change that needs Signature

When a user executes a transition that requires a signature, it will tell SpiraTest that a digital signature is required:

Dialog Box Pops-Up

When the signature is required, a special dialog box is displayed:

Enter Login/Password and Meaning

The user has to re-enter their login/password and the meaning of the signature, even if they are already logged in:

History is Recorded

If they correctly enter their login/password, a history item is logged that records the change. In addition, the meaning is added as a permanent comment associated with the artifact:

Signature is Hashed and Verified

The ID of the user that made the change, the ID of the artifact and type of artifact as well as the timestamp of the change is combined into a signature that is SHA256 hashed. This hash is then stored with the history change record:

When the history records are displayed, the data is dynamically re-hashed and compared with the stored hash. This prevents someone tampering with the data, so SpiraTest will display a special legend to indicate that the digital signature associated with the change is valid.