Skip to main content
rebeccag76048937
rebeccag76048937
Participant
January 8, 2018
Question

License required for ISO/FDA/HIPAA compliance

  • January 8, 2018
  • 1 reply
  • 1064 views

Hi everyone,

Do you need the enterprise version for FDA/ISO/HIPAA etc.? Or is this all covered in the basic signing behind the scenes. I read that you have to do "digital signatures" to be FDA compliant which requires more information than just a signature, e.g. email, name. But Adobe does capture this type of data including IP addresses.

Any guidance appreciated, keen to hear from other organisations requiring these levels of compliance in order to purchase licenses

This topic has been closed for replies.

1 reply

Meenakshi Negi
Meenakshi Negi
Legend
January 18, 2018

Hi Rebeccag,

Sorry for the delay in response.

All the Adobe sign account are FDA/ISO/HIPAA compliant.

You can go through the "Legality and Compliance" section in this help document Adobe Sign FAQs for detailed information.

You may also refer this help link Trust Center: Legal compliance | Adobe Sign for further information.

Let us know if you need any further assistance.

Regards,

Meenakshi

rebeccag76048937
rebeccag76048937Author
Participant
January 22, 2018

Thanks for your reply. I have read all of the documentation and it is still a bit confusing. It says you can configure Adobe sign to make it compliant. Not that it's automatically compliant.

In this document: http://www.adobe.com/content/dam/acom/en/security/pdfs/adobe-sign-compliance-21CFRpt11-wp-ue.pdf in subsection 11.10(d) it discusses limiting access, including to who can sign the document. But this is only possible if you buy a license for all users, otherwise it uses anonymous URL's for users who aren't in your Adobe organisation.

So, it says Adobe sign supports several different forms of identity verification that can be set up by administrators. Can you confirm this will only work for users assigned a license inside your Adobe organisation? Or do some of the verifications work for users outside of the org?

It boils down to, is Adobe sign compliant if you don't force a user to verify their identity before they sign a document? e.g. someone can accidentally forward an email with a sign link and someone else signs it for them.

I also notice there is a difference between open and closed systems and what is required for compliance.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices