For hundreds, if not thousands, of years, the definition of a signature barely changed. Individuals used a paintbrush, a pen or similar implement to uniquely apply their names to tablets, works of art or documents to confirm their identities and the object’s authenticity.
The shortcomings of manual signatures become more pronounced as transactions increase in complexity and involve more parties that are more geographically dispersed. Documents must be printed and distributed, which takes time and costs money. During the process, a lot can go wrong, from documents being lost or falling into the wrong hands to signatures being forged.
What’s amazing is that much of the life sciences industry – a vertical market that relies extensively on technology to produce amazing medical research breakthroughs – still lives in the signature Dark Ages. In fact, it’s estimated that nearly 80 percent of signatures associated with clinical trials transactions are still handwritten.
In the past decade, the signature landscape has changed dramatically, and the advances are poised to infiltrate life sciences in a big way. Electronic signatures arrived first, bringing automation, consistency and speed to bear. E-signatures neatly fit into a workflow process, with individuals being prompted to type their names, enter passwords or pins, or otherwise acknowledge their desire to place their John Hancock onto a document. E-signatures appear on a document, but they are not embedded within a document, and this is a critical distinction from a security perspective.
Where the life sciences industry has moved away from manual signatures, e-signatures have been the technology of choice, supporting a wide variety of regulatory and non-regulatory use cases. Learning management and other training and education systems leverage e-signatures. E-signatures often represent the final step to execute a training action, with signoff reflecting course completion and validation that will be recognized industry-wide.
As the sensitivity of information in a document rises, so does the need for security measures to protect that information, which in turn affects the verification strength desired for the signature. Consider the training scenario where individuals must confirm receipt of materials such as medical device engineering drawings and other technical documents, contracts, protocols, or investigation reports. In these instances, e-signatures may no longer be sufficient to conduct the transaction. The requirement for enhanced security in circumstances like these led to the introduction of digital signatures.
Digital signatures provide more stringent security than e-signatures, without sacrificing any of the latter’s benefits. With digital signatures, the signed transaction gets applied to the document, which is then locked, encrypted, and stored for everlasting nonrepudiation. In other words, the digital signature has more permanence than its e-signature counterpart, which is crucial for auditing, accountability and risk and fraud mitigation.
Another distinction of digital signatures is the stronger credential (beyond a basic password or pin) typically required to apply them. Initially, digital signature form factors leveraged public key infrastructure (PKI) technology, where individuals had to attach a USB PKI token to their computers or download a PKI software certificate to their computers to verify their identities as part of the digital signature process.
Recently, a new alternative has emerged – the cloud-based certificate, which allows the digital signature to be stored in the cloud. This approach maintains security while offering the flexibility and convenience necessary for today’s digital business environments. Individuals no longer must carry a token or their laptop to apply their digital signature to a document they are reviewing. Instead, they can request access to their pre-vetted cloud-based signatures via identity verification methods including one-time passwords delivered to their mobile devices by text message.
Digital signatures have been viewed as the wave of the future in life sciences, representing a logical next step along the progression from manual and e-signatures. The rate of adoption is about to accelerate, and the future is about to be now. As of July 2016, the European Medicines Agency (EMA) will require all documents to have digital signatures. Those signatures must be supported by Qualified Certificates, which are issued by Certification Authority Services Providers (CSPs). CSPs are accredited by an EU state’s supervisory body or trust scheme operator, which publishes a list of accredited CSPs so all other EU member states know to trust the Qualified Certificates and associated digital signatures.
The EMA’s mandate is going to change how life sciences organizations operate and collaborate with one another, from how they identify and exchange information with partners to how they conduct training and clinical trials. With the EMA’s deadline for compliance just a few months away, life sciences organizations with a global partner footprint need to take immediate action to find a solution from a supervised and accredited CSP to help them address these critical digital signature requirements. After what seems like an eternity of knowing what a signature is, the definition is about to change again.
Tom Johnson is senior director of life science solutions for Exostar. Email Tom at tom.johnson@exostar.com.
