To complete our series on Title 21 CFR Part 11, let’s look at how manufacturers can use Nymi authentication solutions to help ensure compliance but also improve data integrity and user productivity.
Nymi’s solutions reside under subpart C of the title, which focuses on electronic signatures. The general requirements relating to electronic signatures are:
- Each person must have a unique electronic signature that can’t be reused or reassigned to anyone else.
- Before using an electronic signature, the identity of the person signing must be validated.
- Before implementing electronic signatures, an organization must notify the FDA that it intends to consider electronic signatures to be as legally binding as ink signatures (ironically, by completing a paper form that is signed with ink and mailed to the FDA).
- The company must provide any and all additional information the FDA requests as part of being certified to use electronic signatures.
- Electronic signatures based on biometrics can only be used by the individuals to whom they are assigned.
From looking through this framework, you’ll notice that much of the guidance is centered around the use of usernames and passwords. Many of these focus on the need for unique user IDs and passwords that can’t be used for anyone else, as well as what to do when IDs, passwords, or tokens are compromised.
Enter Nymi’s authentication solutions which feature a biometrically authenticated wearable device, the Nymi Band™. The Nymi Band is uniquely positioned among electronic signature options, as it utilizes biometrics to authenticate the wearer. This biometric is unique to that person and can’t be replicated. The Nymi Band ensures the biometric is stored securely, locally on the band. The Nymi Band can communicate with a wide variety of relying parties, such as Manufacturing Execution Systems (MES), Enterprise Resource Planning (ERP), Identity Access Management (IAM) and Single Sign On (SSO) over Bluetooth and NFC.
Unlike user IDs and passwords which can be shared, or cards or tokens that can be dropped or lost but are still active until IT deauthorizes them, the Nymi Band will only work with the user whose biometric profile is enrolled. Also, the Nymi Band’s on-body detection ensures that it only works when worn by its intended user, who has authenticated their identity. This provides non-repudiable intent for any critical task across the manufacturing process.
To provide an electronic signature, all a Nymi-enabled user must do is show intent by bringing the Nymi Band within 3 cm of an NFC reader (herein referred to as “tapping”). The system then logs that the employee has signed in, completed a task, or performed any other function that the company requires to be recorded. However, extending this, Nymi’s solutions can combine NFC and BLE to create a variety of experiences that incorporate the concept of authenticated presence.
By utilizing the Nymi-enabled, companies are shifting from unreliable point-in-time authentication methods to one where their employees are in a continuously authenticated state. This removes barriers and wasted time for users while it increases a company’s security and compliance posture.
In addition to ensuring companies’ compliance with Title 21 CFR Part 11 electronic signatures, the Nymi Band offers several other advantages to users and employers alike:
- Increased productivity across the manufacturing line
- Improved security and compliance posture.
- Helps to avoid costly audits and potential fines.
- Real-time control over who is allowed to do what.
- Biometric data resides only on the Nymi Band and isn’t shared at any point in the process.
When talks began in 1991, the architects of Title 21 CFR Part 11 knew that technology was about to play an increasingly larger role throughout the manufacturing process, and were most likely keenly aware that the authentication, serialization and track and trace methods of the day were not going to scale properly. Part 11 provided the necessary framework for manufacturers to follow for ERES, and thus modernize their processes.
Implementation of Title 21 CFR Part 11 creates a situation where a manufacturer must thoroughly review their policies and procedures and enhance or implement new solutions across their enterprise. Though this may be a challenge, it’s also an opportunity to do away with inefficient and costly ways of managing the manufacturing process and to usher in a marked improvement in data integrity.