2 Replies Latest reply on May 3, 2013 1:38 PM by JP Hackworth

    Best Practice for certificate management for security


      We have been working on moving toward future implementation of document encryption and electronic signatures using Adobe Acrobat 9 Standard.  I have read 21 CFR 11, and accompanying guidances.  Are there any best practice recommendations for how to meet these standards using this technology? 

      There are some requirements that I am unsure of how to best implement.

      1. How should we document that we have verified the identity of the individual?
      2. How should we periodically force revision of passwords, or document that this is done since no one knows each other’s passwords?
      3. How should we manage certifications so that we can show we deactivate obsolete ones?
      4. How do we monitor to detect attempts at unauthorized access/use of electronic signatures?
      5. If our organization wants to become our own certification authority, what documentation do we need or process should we use to validate our certificates?
        • 1. Re: Best Practice for certificate management for security
          Steven.Madwin Adobe Employee

          Hi Shadya10,


          Those are some pretty big questions! I'm not saying that your company can't become a CA because obviously there are companies that have, but this is almost something that happens at the state level if your not already intimate with PKI. Just from the tenor of your questions I'd suggest you contract with a reputable, existing CA to provide your PKI infrastructure. I could explain key management and how revocation checking works, but really if you're asking in an Adobe forum this is way more than you want to be dealing with.


          If you're really interested you need to start with reading RFC 5280.



          • 2. Re: Best Practice for certificate management for security
            JP Hackworth Level 1

            Since you mentioned Part 11, have you looked at using SAFE-BioPharma credentials for signing?  That would resolve most of your questions, and may save you a good deal of effort.