Electronic signatures need the same control, if not more, than written signatures.
If you use electronic signatures in your business, or have plans to do so, it is worth bearing in mind the following:
- Each signature should be unique to an individually authorised person
- Signatures should not be reused by, or reassigned, to anyone else.
- The identity of the person holding each assigned signature should be verified before assigning, establishing, certifying or otherwise sanctioning signatures
Don’t forget to add electronic signatures to your Signatories List, which you should have for all persons authorising critical quality system processes, policies, procedures. These will include all signatures required for quality management systems such as ISO9001:2008 (to be reissued as ISO9001:2015).
Include the Signatories List in your regular internal audits.
As an extra precaution, I would identify authorised electronic signatories during contract negotiation. This could save last-minute changes when contract processes are underway, and allow you to keep an eye on staff changes, vacations (holidays) and other times when the signatories might not be available.