21 CFR §11.200
Verified against eCFR.gov as of June 20, 2026View official text on eCFR.gov ↗
- (a)Electronic signatures that are not based upon biometrics shall:
- (1)Employ at least two distinct identification components such as an identification code and password.
- (i)When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
- (ii)When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.
- (2)Be used only by their genuine owners; and
- (3)Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.
- (1)Employ at least two distinct identification components such as an identification code and password.
- (b)Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.