21 CFR Part 11 Compliance

Feathery meets the following requirements for 21 CFR Part 11 Compliance with Electronic Signatures:

• Each electronic signature must include the printed name of the signer

  • This can be set as a text field in the document or associated form

• Each electronic signature must include the date and time the signature was executed

  • We track this automatically through our document and form timestamps and document audit log

• Each electronic signature must include a unique user ID

  • Users are assigned unique IDs by Feathery which is tied to the documents and forms they complete

• Each electronic signature must include digital adopted signature

  • This can be done through a signature field on a digital form or a document. You can configure the parameters of the signature as well (ex: to only include hand written signatures, typed signatures or booth)

• Each electronic signature must include the meaning of the signature (labeled “signing reason”)

  • This is set in your document or form as a text field

• Each electronic signature must be unique to one individual and not reused by, or reassigned to, anyone else. Subsection 11.100(a)

  • You can set the signature fields to "draw only" to meet this requirement

• The identity of the individual must be verified before establishing, assigning, certifying or otherwise sanctioning the individual’s electronic signature, or any element of such electronic signature.

  • Feathery supports SMS and Email Authentication, as well as social logins.

• Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be legally binding equivalent of traditional handwritten signatures.

  • This can be defined in the text of your form or document. Feathery also shows a popup in all documents and e-signatures that asserts this as well

• Persons using electronic signatures must, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer’s handwritten signature.

  • This can be defined in the text of your form or document. Feathery also shows a popup in all documents and e-signatures that asserts this as well

• Electronic signatures that are not based upon biometrics must employ at least two distinct identification components, such as an identification code and password.

  • Feathery supports SMS and Email Authentication, as well as social logins.

• When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing must be executed using all electronic signature components. Subsequent signings must be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

  • Feathery requires signatures on all requested areas of the document or form. If the user opts in to using the same signature in a session multiple times, they need to still acknowledge the terms each time. This resets on subsequent logins to ensure compliance.

• When an individual executes one or more signings not performed during a single period of controlled system access, each signing must be executed using all of the electronic signature components.

  • Any caching of signatures is reset on subsequent forms to ensure compliance.

• The uniqueness of each combined identification code and password must be maintained such that no two individuals have the same combination of identification code and password.

  • Feathery supports SMS and Email Authentication, as well as social logins.

• Identification code and password issuances must be periodically checked, recalled or revised (e.g., to cover such events as password aging).

  • Feathery supports SMS and Email Authentication, as well as social logins. These verifications can be set to automatically re-run for each signature collected.

• Loss management procedures must be followed to electronically deauthorize lost, stolen, missing or otherwise potentially compromised tokens, cards and other devices that bear or generate identification code or password information. The system must issue temporary or permanent replacements using suitable, rigorous controls.

  • Feathery is SOC2 Type 2 compliant and has rigorous controls to prevent and handle compromised credentials. We also leverage two factor authentication (via SMS and Email Authentication) to minimize risk

• The system must use transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use.

  • Feathery is SOC2 Type 2 compliant and has rigorous controls to prevent and handle compromised credentials. We also leverage two factor authentication (via SMS and Email Authentication) to minimize risk. We have advanced logging and monitoring (using AWS CloudWatch) to monitor for unauthorized access or suspicious behavior.

• A procedure must be in place for initial and periodic testing of devices such as tokens or cards that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

  • Feathery is SOC2 Type 2 compliant and has rigorous controls to prevent and handle compromised credentials. We also leverage two factor authentication (via SMS and Email Authentication) to minimize risk. We have advanced logging and monitoring (using AWS CloudWatch) to monitor for unauthorized access or suspicious behavior.