Support & Downloads

Izymes builds easy-to-use apps for Atlassian applications that boost your productivity, free you from performing repetitive tasks inside Confluence, Jira and Bitbucket and enable you to use your time for what you do best – YOUR job.

Book a Demo

Interested in a 1-on-1 demonstration of Izymes’s products?
Here we will walk you through;

• All features and benefits of the product you are interested in trying.
• How to set up the account and configure the settings.
• Other tips, tricks and best practices.

It will also give us time to answer any questions you may have, or perhaps you just want to have a chat, we love a good chat.
You can schedule a time on the Calendly link below. Talk soon!

Contact Info
HQ Southport
Queensland, Australia
[email protected]
Follow Us
Workzone

Unlocking Trust in the Digital Era: Navigating FDA and ISO Compliance with Digital Signatures and Signing Intent

In FDA (U.S. Food and Drug Administration) and ISO 27002 compliant processes, digital signatures play a crucial role in ensuring the integrity, authenticity, and security of electronic records and signatures. The use of digital signatures is outlined in the FDA’s regulations, particularly in the context of electronic records and electronic signatures, as specified in Title 21 of the Code of Federal Regulations (CFR) Part 11 and ISO/IEC 27002:2013 respectively.

Digital signatures are not just for PDF documents though. Most FDA/ISO compliant processes require digital signature approvals for changes to software as well, also known as Pull Requests. Essentially files containing code are documents that need to undergo a strict review and approval process, just like any other controlled documents that are part of the change management.

Here are the key elements related to digital signatures, signing intent, and the role of the signee in an FDA/ISO compliant process:

  1. Digital Signatures:
    • Authentication: Digital signatures serve as a means of electronic authentication, confirming the identity of the person associated with the signature. Approving a pull request and signing the approval with a signature token ensures the approver uniquely identified.
    • Data Integrity: The unique approval signature in combination with the git commit hash of the pull request commit help ensure the integrity of the pull request approval as both signature and the commit hash cannot be changed or tampered with.
    • Non-repudiation: Digital signatures provide non-repudiation, meaning the signer cannot later deny their involvement in the signing process.
  1. Signing Intent:
    • Explicit Intent: The signing process should involve explicit intent from the individual to sign. This means the person signing understands and intends to authenticate the information. The pull request reviewer must pro-actively select a reason for the their signature approval.
  1. Role of the Signee:
    • Designated Roles: Compliance regulations emphasize the importance of defining and assigning specific roles to individuals involved in the electronic signature process. In Atlassian Bitbucket the pull request reviewers group membership(s) can serve as a role. When a reviewer signs a pull request can simply select the group they are signing for to assume their role.
    • Responsibilities: Each role or reviewer group should have defined responsibilities. Naturally Bitbucket comes with easy to use access controls ensuring that only authorized individuals can perform specific actions, including signing. Reviewers are only added to pull requests if they are a member of a nominated signature-reviewer group.

You are one step away from signed pull request approvals with Bitbucket (cloud) and Workzone

Workzone for Bitbucket allows to configure signature reviewer groups

When reviewers approve a pull request they are asked to sign their approval with a personal token and select a role/intent.

All signatures, git commit hash and role/intent are safely recorded in the pull request’s history.

Visit Workzone for Bitbucket today!

As always,

Happy coding.

Sean

Izymes

Like
Share

Related Posts

Workzone

Workzone

Merge Control Workzone

Post a Comment