TrustCloud strengthens its project with a new certificate on electronic signature

In its endeavour to surpass the most demanding compliance audits and offer more robust services, TrustCloud has completed the necessary steps to obtain the CFR 21 Part 11 certification (CFR, Code of Federal Regulations).

T

he CFR 21 Part 11 has been designed to be a driver for the adoption of digital technologies in the management of records and signatures. By doing so, it establishes a framework of requirements aimed at ensuring that electronic data is treated with the same level of integrity, authenticity, and reliability as one would expect in a paper-based environment. This regulation holds significance in the realm of digital transaction management, where the accuracy and reliability of records are paramount. By adhering to the guidelines set by CFR 21 Part 11, companies ensure that their electronic signature services are stable and dependable. This not only enhances efficiency and speed in document handling but also provides a level of security and certainty that is essential in an increasingly digitized business world. 

Guarantees of Identification and Custody 

These regulations facilitate a seamless transition to electronic operations without compromising the authenticity and legal validity of records, thereby strengthening the trust of both businesses and customers in adopting advanced technological solutions. 

To prevent any possibility of corruption or falsification, the CFR 21 Part 11 regulation outlines clear guidelines on how electronic records should be stored, tracked, and maintained. It defines strict protocols and controls to ensure that only duly authorized individuals have access to the information. This rigorous approach ensures that records remain intact and free from manipulation. 

A crucial aspect of this regulation is the validation of records through electronic signatures further supported by established security modalities. This measure not only adds an additional layer of authentication but also ensures that the signer’s identity is properly verified. The CFR 21 Part 11 regulation follows a data management approach that encompasses its entire lifecycle. This means it not only applies to the initial phase of creating or capturing information but also extends to the subsequent monitoring and maintenance of these digital records. In this context, it establishes the need for regular audits and monitoring. 

These recurring evaluations verify that systems and processes are operating to the highest standards and that no deviations or irregularities have taken place. 

The regulation stipulates that once an electronic record has been created and signed, it cannot be altered or deleted without the corresponding authorization. This aspect ensures the integrity and authenticity of the information over time, providing a solid foundation of trust in the stored data.  

The CFR 21 Part 11 regulation emphasizes the need to retain accurate copies of all files. By maintaining backup copies, it is ensured that, in the event of any contingency, information can be effectively retrieved and restored, ensuring the continuity of operations and the availability of data when needed. 

The globally most certified platform 

TrustCloud aims to have all its systems backed by a strong structure of certifications. Here are some of the latest standards achieved: 

• ISO 17068. Trusted third-party repository for electronic documents. This standard sets the requirements for a Third-Party Trust Repository (TCT) with the purpose of supporting authorized custody service. For TrustCloud, being deserving of this certificate is vital in supporting its functions as a protector of the integrity and authenticity of its clients’ digital records. ISO 17068 is a key component in the dynamics of a Qualified Trust Service Provider. 
• ISO 22301. Business continuity management system. ISO 22301 helps organizations prepare and respond to crises, emergencies, or disasters that may affect their operational continuity. It provides a framework for identifying risks, creating response and recovery plans, and encourages preventive measures. 
• ISO 27018. Code of practice for protection of personally identifiable information (PII). One of the crucial certifications for cloud service providers. ISO 27018 provides a set of controls and measures for these providers to properly protect their users’ personal information. Topics like consent, transparency in data processing, restriction of access to sensitive information, or notification of security breaches, so important in the core of TrustCloud, are the basis of this standard. 
• ISO 27001. Information security. Establishes requirements for an Information Security Management System (ISMS). Its goal is to protect the confidentiality, integrity, and availability of information in an organization. By following this standard, companies can assess risks, develop controls, and enhance customer trust. 
• ISO 27017. Information security controls applicable to the use of cloud services. This standard proposes specific controls linked to the management and provision of secure cloud services and requires having passed the ISO 27001 certification audit, as is the case with TrustCloud. The main objective is to securely manage the data stored by customers, thereby increasing confidence in the handling of information. For this, ISO 27017 is built on guidelines of confidentiality, integrity, and availability of information. The aim is for customers to understand their rights regarding protection or deletion of their data. 

A foundation for the most advanced electronic signature solutions 

The CFR 21 Part 11 certification not only strengthens TrustCloud’s position in the market but also ensures transparency, customer trust, and the company’s ability to address regulatory challenges both nationally and internationally. TrustCloud becomes a valuable partner for companies seeking reliable and compliant electronic signature solutions in an ever-evolving digital environment.