Apex Code Development You need to sign in to do that
Don't have an account?
textual Anyone 21 CFR Part 11 compliant?
We have a project to move some of our paper processes to electronic processes
We've gotten the Salesforce white paper on the topic and still have some questions
Namely, how did you enforce the e-signature?
Do you have users re-authenticate when approving?
Do you use a component or third party to process e-signatures?
What kind of timeline and cost was associated with deploying that?
There are other interpretation questions, but the big hurdle (as I see it) is the electronic signature
anyone have any feedback or experience with this?
Hi,
Did you find answers to your questions?
We are in the process of evaluating Force.com and DocuSign is the tool we are looking at for signatures. (That has extra cost)
Also, as far as validation, we will be doing a one time platform validation (OQ level) and then specific configuration validation (PQ level).
Does that help? Sorry, just so your post.
Plarent
Were still trying to get information from Salesforce regarding electronic record storage and e-signature.
The thing thats driving our Quality group crazy is the absence of re-authentication in any of their processes
If the Approval Process built into Salesforce would force a user to confirm their password, we'd pretty much be done
But trying to recreate the approval process just to get this one feature implemented might be a deal breaker
Docusign was their original response as far as electronic document approval
That whole solution just seemed like overkill for storing electronic records
Hi,
Were you able to get anywhere with this?
I did some investigation on my side and there is a way to do electronic signatures and full audit trail (without the 20 field limit).
Here is what I found:
Audit Trail: Create an Audit Trail Custom Object. In the other objects, write a quick 2 lines of code function that captures the Audit Trail and stores it into the Audit Trail object. This way you get out of the 20 field and 18 month limit restrictions on Audit Trails
Electronic Signatures: Integrate this into the Workflow. When a Workflow Step is run, call an outsite function stored somewhere else (HEROKU?) that all it does is authenticate against Force.com credentials.
Let me know what you found.
Plarent
i actually wasnt aware of the audit trail restrictions, so thanks for mentioning that
i fear creating a custom object as im sure that will ballon our our data storage over time
if its a real requirement, then i guess we'll have to go that route
As far as the electronic signature, we were able to use a custom visualforce page that makes user reauthenticate
The custom page pops up a modal window and has a username password box
it just reauthenticates and ensures its the same user thats logged in
im a little worried about having to tell quality about the 18 month limit on audit trails / field history...
Ha! Sorry to open a can of worms for you :)
It is really cool that you have solved the e-signature issue.
Plarent,
would you be willing to post the 2 lines of code that need to be added. I am very new at this and have also been tasked with using SF for 21 CFR 11 Compliance. Our regulatory group doesn't like the 18 month data history restriction. Sounds like your solution would appease that concern. Thanks in advance for anything you can provide.
I too would really appreciate the code for the two solutions mentioned here, namely storing audit trail in a custom object to get around the 18 month limitations and also the re-authentication prior to signing a record. After the user authenticates do you create a document and attach it to the record? I am oretty new to apex and visualforce. Any help is appreciated!
I am looking at apps like Docusign and Echosign but they really do seem like overkill for this use case. I don't need to send documents out to customers (yet) - these are all internal documents where we just want to get rid of the paper.
Hi stacyeileen,
So, the code for creating the custom object to store audit trails is this:
1st is MyObject
2nd is MyObjectAudit [Tracks Audit records for MyObject].
trigger auditTrail on MyObject__c ( after insert, after update ) {
MyObject__c newV = Trigger.New[0]; // New Values
MyObject__c oldV = Trigger.Old[0]; // Old Values
// Loop this for all Fields you wish to track over
if( oldV.MyField__c != newV.MyField__c ) {
AuditTrail__c a = new AuditTrail__c(); // Audit Trail
a.Message__c = 'Changed MyField From ' + oldV.MyField__c + ' to ' + newV.MyField__c;
a.MyObject__c = newV.Id;
insert a;
}
}
As for the modal popup that asks for authentication on approvals (e-signatures), textual has that. Hopefully he will post that in this forum.
What industry are you, if I may ask? I am in the Pharma and medical device space.
Thanks,
Plarent
Sorry, I completely missed your request. See in the message above for the code regarding audit trail.
Plarent
Thank you! We do medical device and biologics.
I know this topic is a few years old now, but have an additionnal question. When you developped the modal window for the password. Did you prevent web browsers to remember the input password? If yes, I would like to know how you managed this.
https://www.youtube.com/watch?v=vn3Dk6CEvbM&feature=plcp
- Prompt for 2 components of identification to access the transaction
- Prompt for 1 component of identification at each signature block
- Prompt for signature meaning at each signature tag
- Ability to customize the list of available signature meanings
- Single signature block with compliant signature manifestation (full name, date/time in UTC, and signature meaning)
Of course you still get a system digital signature on all documents to provide a tamper evident seal and a full audit log as you do with everything in DocuSign.More is available here: https://www.docusign.com/whitepapers/using-docusign-to-facilitate-compliance-with-21-cfr-part-11
See below for the modal window that manages password and signature meaning at each signature tag with the DocuSign Part 11 Module. I also added signature manifestation and audit history which are also handled by DocuSign.
@textual
Hi, Do you by any chance have example of Docusign Part 11 PQ? We ordered the Part 11 modile for our company and I need to run only PQ to document part 11 compliance. We can not refer to their white paper. I am the only one on this project and there is support or SME.
I appreciate it.
"As far as the electronic signature, we were able to use a custom visualforce page that makes user reauthenticate
The custom page pops up a modal window and has a username password box
it just reauthenticates and ensures its the same user thats logged in"
Hopefully @textual you will see this .. I wanted to know if you were able to implement this and if I caould get more info on the re login part thats what we need too
You can check Validify on the AppExchange (https://appexchange.salesforce.com/appxListingDetail?listingId=a0N3A00000FR5sVUAT).