Why are digital signatures indispensable?
In the highly regulated pharmaceutical industry, the integrity of measurement data is the highest asset. Paper-based protocols are increasingly giving way to digital systems, but this also increases the requirements for protection against manipulation. A simple PDF file does not provide sufficient security, as it could be altered without visible traces. Cryptographic signatures act as a digital security seal: they ensure that a document has not been modified after creation and can be unequivocally assigned to an authorized person. This is the basic requirement to prove the trustworthiness of the data in audits.
Highest Compliance: ALCOA++, GMP, and 21 CFR Part 11
Moqlero was developed to meet the strictest regulatory requirements 'out-of-the-box'. Our signature solutions are based on the principles of ALCOA++:
- Attributable: Each signature process is clearly assigned to a user.
- Legible: Data must remain readable throughout its entire lifecycle.
- Contemporaneous: Results are recorded immutably at the time of measurement.
- Original: The signature protects the original state of the raw data.
- Accurate: Measurement values are archived precisely and tamper-proof.
- Complete: The entire report, including the audit trail, is sealed as a unit.
- Consistent: All data follows a logical and traceable chronological sequence.
- Enduring: Data is stored securely and unchanged on long-lasting media.
- Available: Reports are immediately accessible for audits and inspections at any time.
- Traceable: Every data point is fully traceable from its creation to its archiving.
Furthermore, we meet all requirements of FDA 21 CFR Part 11, particularly regarding the linking of the signature with the electronic record and the non-repudiation of actions.
Technical Implementation: RSA & x.509 Certificates
The technical basis of our signatures is the proven combination of RSA encryption and x.509 certificates (PKI):
- RSA Method (Asymmetric Cryptography): When signing, a hash value of the document is encrypted with the user's private key. Any reviewer can verify with the public key whether the document is unchanged.
- X.509 Certificates & PKI: Digital identities are secured by x.509 standard certificates. Moqlero manages these certificates in a secure Public Key Infrastructure (PKI), ensuring that only validated certificates are used for the approval process.
Through this defense-in-depth approach, Moqlero creates an incorruptible chain of documentation that withstands any inspection.