Electronic signatures in MedQdoc – compliant and audit-proof

By Therese Albinsson

Senior Quality and Regulatory Advisor, Founder and CEO of MedQdoc

ISO13485:2016
Certified

21 CFR Part 11
Compliant

Getting started with MedQdoc – a practical onboarding series for medical device and IVD companies.

This article is Part 3 of 4 in a short onboarding series that shows how to move from file-based document management to a structured, audit-ready eQMS using MedQdoc.

Part 3 – Getting started with MedQdoc series

Why electronic signatures matter in a regulated QMS

In regulated environments, signatures are not just a formality. They are evidence that documents have been reviewed, approved, and released in a controlled way. Using email confirmations or signed PDFs stored in folders often fails to meet regulatory expectations.

Electronic approvals play an important role in any ISO 13485-compliant Quality Management System.

Auditors expect electronic signatures to be secure, traceable, and clearly linked to the approved version of a document.

Electronic signatures are a core requirement in regulated QMS environments, where auditors expect secure identity verification, full traceability, and a complete audit trail.

How electronic signatures work in MedQdoc

MedQdoc provides built-in electronic signatures as part of the document approval workflow. Signatures are applied directly in the system and automatically linked to the correct document version.

Role-based approvals based on defined responsibilities and workflows
Secure user authentication for every review and approval signature
Optional two-factor authentication (2FA) for additional security
User permissions and workflows controlling who can create, review, and approve documents
Automatic audit trails showing who signed, when (date and time-stamped), and for which document version

Common challenges with file-based signatures

Unclear approval history when signatures are collected outside the system
Risk of signing the wrong document version due to manual version handling
No complete audit trail linking signatures to document changes
Unsigned electronic copies stored alongside approved documents
Unclear which version is actually approved and valid for use
Updates made to non-approved versions instead of the latest released document
Manual administration to archive, withdraw, and publish documents on the correct dates
Multiple uncontrolled copies of the same document stored in different folders

Aligned with regulatory expectations

Electronic signatures in MedQdoc support regulatory expectations from ISO 13485, FDA QSR, MDSAP, EU MDR, IVDR, and 21 CFR Part 11. This helps ensure that approvals are both compliant and easy to demonstrate during audits.

Each electronic signature is permanently linked to the approved document version, eliminating the risk of uncontrolled changes after approval.

Faster approvals, stronger control

With electronic signatures built into daily workflows, approvals become faster without compromising control. Teams always work with the latest approved documents, and audit evidence is available at any time.

Faster review and approval cycles
Reduced manual administration
Always audit-ready approvals

Get onboarded faster with the MedQdoc team

The MedQdoc team supports companies in setting up traceable workflows from the start. With experience from medical device and IVD audits, the team helps ensure your system is structured for long-term compliance.

Next in the series: Electronic signatures in MedQdoc – compliant and audit-proof

Next step: start with confidence

If you want to move away from folders and spreadsheets and toward a structured, audit-ready QMS, MedQdoc helps you get there – step by step.

Internal references

External references

Frequently asked questions

Are electronic signatures in MedQdoc compliant with 21 CFR Part 11?

Electronic signatures in MedQdoc are designed to support regulatory expectations from 21 CFR Part 11, as well as ISO 13485, FDA QSR, MDSAP, EU MDR, and IVDR.

Can we control who is allowed to sign documents?

Yes. MedQdoc uses role-based permissions and workflows to control who can create, review, and approve documents. Only authorized users can apply electronic signatures.

Is two-factor authentication required for electronic signatures?

Two-factor authentication is optional and can be enabled to provide additional security, depending on your organization’s policies and regulatory requirements.

What happens if a document is changed after it has been signed?

A signed document cannot be changed. If updates are required, a new document version must be created.

The existing approval remains valid while the new version is in draft status. Only after the new version has completed the review and approval workflow does it become published, and the previous version is automatically archived.

This ensures that every electronic signature is always linked to the correct and approved document version.

Can auditors see the full signature history during an audit?

Yes. MedQdoc provides a complete audit trail showing who signed, when the signature was applied, and which document version was approved.