21 CFR Part 11 compliance

When CFR 11 mode is enabled in project settings, SignOff enforces electronic signature requirements defined by 21 CFR Part 11:

Signer name is mandatory and the signing meaning must be selected (review, approval, responsibility, authorship, or acknowledgment).
Tamper-evident hash chain — Each signature includes a SHA-256 record hash computed from the signature data, signer identity, timestamp, and the previous signature's hash, forming an unbroken chain.
Audit trail — Every significant action (signature created, deleted, request made, request cancelled, groups changed, pending cleared) is logged with timestamp, actor, and detail. The audit trail is append-only.
PDF audit log — The export includes a dedicated page listing every audit entry with full hash values.

The status of the issue at the moment of signing is captured and displayed in the PDF, ensuring an accurate record even if the issue transitions afterward.

PDF audit trail with tamper-evident hash chain