Hamilton Services AG confirms to offer a digital signature solution for its employees and the employees of the companies Hamilton Medical AG, Hamilton Bonaduz AG and all its subsidiaries, which complies with the requirements of the Food and Drug Administration (CFR 21 Part 11) and fulfills all requirements of the corresponding law.
Details on the application of Part 11
To meet FDA Part 11 requirements, digital signatures must be able to authenticate, verify and validate electronic records and signatures of electronic records to ensure the integrity and confidentiality of the recorded data and signatures. Our digital signature solution enables this through the use of strong cryptography, secure signature creation systems and certificates. The PKI used was set up by Hamilton together with external specialists and secured according to the appropriate standards.
The solution used at Hamilton is a closed system as defined in § 11.3 b) (4), which complies with all requirements under Sections § 11.10 and § 11.70. The manifestation of the signatures complies with the requirements of Section § 11.50. The general requirements of Section § 11.100 are met, in particular the training of the users and the personal identity verification. The solution is not based on biometrics, so access control to the certificate is secured according to the requirements of Section § 11.200 a). The regulations for securing access to password-based certificates in accordance with Section 11.300 are implemented without any gaps.
Proof that the signature complies with the above specifications is possible at any time to authorized persons. This is done in accordance with Section § 11.1 e) of Part 11.
CFR - Code of Federal Regulations Title 21 (fda.gov)
Details on the verification of the validity of a signature
The advanced signature is based on a local infrastructure for issuing the certificates, a so-called Public Key Infrastructure. The infrastructure for issuing certificates for signatures is under the sole control of Hamilton and uses up-to-date security standards (ISO 27'001 certified).
In principle, signed documents cannot be reliably verified outside this infrastructure without providing the associated certificate of origin (the so-called root certificate). The certificate and the instructions for verifying the signature are published on the https://pki.hamilton.ch website. Users outside Hamilton are advised to carry out the measures listed in the instructions so that certificates can be verified.
The instructions will be adapted if necessary (e.g. if the signature process is modified).