Skip to content

E-Signatures for Tasks Manager

Overview

Electronic signatures (e-signatures) in Tasks Manager provide secure, legally binding authentication of task completion when the Validated Instance module is enabled. E-signatures ensure that task submissions are officially recorded with the identity, timestamp, and intent of the person completing the task, creating an immutable audit trail entry that satisfies regulatory requirements for clinical trials and FDA-regulated studies.

E-signatures are required when specified by the protocol configuration. When a task requires an e-signature, the system captures multi-factor authentication (MFA), a signature reason, and complete user identification to create a secure, machine-readable record that demonstrates the task was completed by an authorized individual following proper procedures.

E-signature verification allows project managers, auditors, and regulatory reviewers to confirm the authenticity of task submissions, validate that proper procedures were followed, and ensure compliance with 21 CFR Part 11 electronic signature requirements.

E-Signature Components

When you apply an electronic signature to a task, the system captures comprehensive information to ensure authenticity and traceability.

User Credentials Verification

Multi-Factor Authentication (MFA):

  • E-signatures require MFA to be configured on your account
  • You must verify your identity using your MFA code from your authenticator application
  • MFA verification occurs immediately before signature application
  • Without MFA, you cannot submit e-signature tasks

User Identity Capture:

  • Full name as registered in your Flywheel profile
  • User identifier (unique ID in the Flywheel system)
  • Email address
  • Authentication method used (MFA verification)

Timestamp

Signature Time:

  • Precise date and time when the signature was applied
  • Stored in UTC and displayed in local timezone in reports
  • Synchronized with Flywheel server time to ensure accuracy

Signature Reason

Protocol-Defined Reasons:

  • You must select a reason from the list defined in the protocol
  • Common reasons include:
    • "Initial read per protocol"
    • "Adjudication read"
    • "Quality assurance review"
    • "Follow-up assessment"
  • The reason provides context for why the task was signed
  • Reasons are recorded in the audit trail

Signature Context

What Was Signed:

  • Link to the specific task
  • Protocol version used for the task
  • Form responses submitted with the task
  • Annotations created during the task
  • Container (session, acquisition, or file) associated with the task

This context ensures complete traceability of what data was signed and under what protocol requirements.

User Role Information

The e-signature records:

  • Your assigned role(s) in the project or study
  • Your permissions at the time of signature
  • Your relationship to the task (assignee)

Viewing E-Signature Details

E-signature information is accessible in multiple locations within Flywheel.

On Completed Tasks

To view e-signature details for a completed task:

  1. Navigate to the task in the Task Manager
  2. Open the task details
  3. Locate the E-Signature section in the task detail panel
  4. Review the signature information displayed:
  5. Signer name and email
  6. Signature timestamp
  7. Signature reason
  8. Authentication method (MFA verified)

Visual Indicator:

  • Completed tasks with e-signatures display a signature icon or badge
  • The indicator distinguishes e-signed tasks from standard completed tasks
  • Hover over the indicator to see summary signature information

In Audit Trail

To view e-signature events in the audit trail:

  1. Access the audit trail for the project or task
  2. Filter events by type: E-SIGNATURE
  3. Review the audit trail entries for signature events
  4. Expand individual entries to see complete details:
  5. Operation: E-SIGNATURE
  6. User: Signer identity
  7. Timestamp: When the signature was applied
  8. Reason: The signature reason selected
  9. Path: Link to the signed task

See Audit Trail for detailed information about accessing and using the audit trail.

E-Signature Verification Process

Verifying e-signatures confirms the authenticity and integrity of signed tasks.

Confirming Signer Identity

To verify who signed a task:

  1. Open the completed task details
  2. Review the E-Signature section
  3. Confirm the signer name matches the expected assignee
  4. Verify the signer's email address
  5. Check the signer had appropriate permissions at signature time

Cross-Reference with Audit Trail:

  • Compare task details e-signature information with audit trail entries
  • Verify consistency between displayed signature and audit trail records
  • Confirm MFA was used for authentication

Verifying Timestamp

To verify when a task was signed:

  1. Review the signature timestamp in task details
  2. Confirm the timestamp is within the expected timeframe
  3. Check against study timelines or protocol requirements
  4. Verify the signature occurred after all form fields were completed

Timezone Considerations:

  • Timestamps are stored in UTC
  • Displayed timestamps reflect your local timezone
  • Audit trail reports include timezone information for clarity

Checking Signature Reason

To verify the signature reason:

  1. Review the signature reason in task details
  2. Confirm the reason matches protocol requirements for this task type
  3. Verify the reason is appropriate for the study phase or task purpose
  4. Check that the reason was selected from the protocol-defined list (not a custom entry)

E-Signature in Audit Trail

E-signature events are recorded in the Validated Instance audit trail with complete details.

Audit Trail Entry Structure

Each e-signature creates an audit trail entry with:

Standard Fields:

  • Timestamp: Exact date and time of signature
  • User: Signer's full identity (name, email, user ID)
  • Event Type: E-SIGNATURE

E-Signature Specific Fields:

  • Path: Link to the signed task
  • Field: Not applicable (signature applies to entire task)
  • Value: Not applicable
  • Operation: E-SIGNATURE
  • Origin: User identifier (only users can apply e-signatures, not gears or automated processes)
  • Reason: The signature reason selected by the user

Viewing E-Signature Audit Entries

To view e-signature events in the audit trail:

  1. Navigate to Audit Trail in your project
  2. Filter by event type: E-SIGNATURE
  3. Review the list of signature events
  4. Click individual entries to expand and view complete details
  5. Export filtered results for regulatory submissions or reviews

Protocol Configuration

Protocols define whether e-signatures are required:

Protocol E-Signature Settings:

  • esignature_config.required: Boolean flag indicating if signatures are required
  • esignature_config.reasons: Array of valid signature reasons users can select

All tasks using the protocol inherit the e-signature requirement. You cannot override this requirement at the task level.

Example Protocol Configuration:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
  "esignature_config": {
    "required": true,
    "reasons": [
      "Initial read per protocol",
      "Adjudication read",
      "Quality assurance review",
      "Follow-up assessment"
    ]
  }
}

Technical Documentation

For comprehensive technical details on configuring e-signature requirements in protocols, including validation rules, reason ordering (first reason is the default), and best practices, see Protocol E-Signature Technical Reference.

Task Type Considerations

E-signatures are currently supported for:

  • Reader tasks: Image assessment and measurement tasks
  • Form tasks: Data collection tasks (future)

E-signature requirements are defined at the protocol level and apply uniformly to all tasks using that protocol version.

Regulatory Requirements

E-signatures are typically required for:

  • FDA-regulated clinical trials
  • Studies requiring 21 CFR Part 11 compliance
  • Good Clinical Practice (GCP) studies
  • Pivotal trials for drug or device approval
  • Studies involving protected health information (PHI) requiring HIPAA compliance

Your study coordinator or regulatory affairs team determines when e-signatures are needed based on study design and regulatory obligations.

MFA Prerequisite

Before you can complete e-signature tasks:

  1. Configure MFA on your Flywheel account
  2. Access Profile Settings and navigate to Security
  3. Follow the MFA setup wizard
  4. Scan the QR code with your authenticator app (for example, Google Authenticator, Authy)
  5. Enter a verification code to confirm setup
  6. Log out and log back in to verify MFA is working

Without MFA, the system prevents you from accepting or completing e-signature tasks. A warning message appears when you attempt to claim e-signature tasks without MFA configured.

Compliance Standards

Validated Instance 2 e-signatures satisfy key requirements of 21 CFR Part 11 and related regulations.