1. Purpose
This Electronic Signature Agreement ("Agreement") establishes the legal equivalence of electronic signatures applied within the Praxara platform to handwritten signatures, in accordance with 21 CFR Part 11 §11.100(c) and EudraLex Volume 4 Annex 11 §14.
2. Acknowledgement of intent (21 CFR §11.100(c))
By accepting this Agreement on first sign-in, you certify to Praxara Ltd and to the United States Food and Drug Administration that the electronic signatures executed in your name on the Praxara platform are the legally binding equivalent of your handwritten signatures, and that you intend to be bound by them as such.
3. Components of an electronic signature (Part 11 §11.200)
Every Praxara electronic signature comprises:
- Identification component — your unique user account.
- Authentication component — your password, re-entered at the moment of signing.
- Reason code — a controlled-vocabulary reason for the signed action (Approved / Rejected / Reviewed / Released for submission / etc.) plus optional free-text comment.
- Timestamp — server-side time, recorded to milliseconds.
- Hash chain — SHA-256 chained to the previous signature for the same resource, providing tamper-evidence (ALCOA+ aligned).
4. Authentication controls
- Passwords meet NIST 800-63B Authenticator Assurance Level 2.
- Multi-factor authentication is enforced for ADMIN-role users by default; tenants may extend MFA enforcement to all users.
- Sessions auto-expire after 15 minutes of inactivity for active e-signature flows.
- Five consecutive failed signature attempts lock the account pending administrator unlock.
5. Audit trail (Part 11 §11.10(e))
Every electronic signature creates an entry in the tenant's tamper-evident audit chain capturing:
- Signer identity (user id, email, role).
- Authentication evidence (auth method, IP address, user-agent).
- Action and resource being signed.
- Reason code and any free-text comment.
- Server timestamp.
- SHA-256 chain hash.
The audit log cannot be modified or deleted. Customers can verify chain integrity on demand via the Audit Trail page.
6. Annex 11 alignment
Praxara's electronic-signature implementation also satisfies the requirements of EudraLex Annex 11 §14 (electronic signatures must be permanently linked to their respective record, include time/date, follow the same controls as paper-based signatures).
7. Your obligations
- Keep your password and MFA seed confidential. Sharing credentials voids the legal weight of subsequent signatures.
- Re-enter your password whenever a signature is requested. Do not bypass or automate this prompt.
- Notify [email protected] immediately of any suspected credential compromise.
- Acknowledge that your electronic signature is the legally binding equivalent of your handwritten signature for all FDA, EMA, MHRA and other relevant regulatory submissions.
8. Praxara's obligations
- Maintain the technical controls described above without weakening them during the term of your account.
- Provide audit-trail export in human-readable form on request.
- Notify Customer of any security event affecting signature integrity within 24 hours.
- Maintain regulatory documentation supporting the Praxara signing controls (URS, FRS, IQ/OQ/PQ scaffolds; see Trust portal).
9. Withdrawal
If you wish to withdraw this acknowledgement, you must do so in writing to [email protected]. Withdrawal will revoke your ability to apply electronic signatures within Praxara but does not invalidate signatures previously applied.
10. Governing law
This Agreement is governed by the laws of England and Wales for Customer-Praxara contractual purposes. Recognition of the electronic signatures by US, EU and UK regulators is governed by the respective jurisdictions' rules (21 CFR Part 11 — FDA; Annex 11 — EU member states / MHRA).