E-SignM – The Electronic Signature Management Software

ESignM by goPLIMS is a fully integrated Electronic Signature Management module that combines document management, control copy generation, and two-factor electronic signatures within a single unified platform — purpose-built for regulated industries. Unlike standalone e-signature tools such as DocuSign or Adobe Sign, ESignM does not require organisations to manage a separate, disconnected system for document signing. Because ESignM is natively integrated within the goPLIMS project and work execution platform, the documents being signed, the control copies generated, and the signed records produced all exist within the same governed, access-controlled environment as the rest of the project’s quality and execution data. Unlike wet ink signatures — which create paper records that are difficult to track, easy to misplace, and impossible to search — ESignM provides a fully digital, tamper-evident, and instantly retrievable signing record for every document approval. The platform meets 21 CFR Part 11 Electronic Records and Electronic Signatures (ERES) compliance requirements out of the box, meaning organisations in FDA-regulated environments do not need to retrofit a separate tool for compliance — ESignM is compliant by design. 

ESignM is built around three core pillars that reflect the complete, compliant lifecycle of electronic document approval. Secure: a dedicated, access-restricted workspace is created for control copies and e-signatures within each workstream. Two-level authentication is applied for all platform users and all external signers — ensuring that every signing action is performed by a verified, authenticated individual. Signed documents and control copies are stored in access-restricted folders, and a tamper-evident audit trail is maintained for every signature, access event, and action taken within the module. Control: unique watermarked control copies are generated on selected or all pages of a document — with the initiator’s identity embedded in each copy — making it immediately clear which document is the official, controlled version. The routing and sequencing of approvals is managed entirely within the platform, and the live status of all signatures, approvals, and control copies is tracked centrally in real time. E-Sign: documents are routed electronically to internal and external stakeholders for signature. Internal users authenticate via their username and password combined with a goPLIMS app-based one-time passcode. External signers authenticate via a secure email link combined with a custom one-time passcode — enabling compliant signing without requiring external parties to have a goPLIMS account. The full signature sequence is configured, routed, and monitored online from initiation to completion. 

21 CFR Part 11 is the FDA regulation that defines the criteria under which electronic records and electronic signatures are considered equivalent to paper records and handwritten signatures in regulated pharmaceutical environments. ESignM is purpose-built to meet these requirements across all key provisions. Identity verification: every signer is authenticated through a two-level process — username and password combined with a one-time passcode — ensuring that the individual applying the signature is the authorised signatory and cannot be impersonated. Signature meaning: each electronic signature is linked to its meaning within the specific document context — reviewer, approver, author — ensuring that signatures are not interchangeable and that their purpose is documented. Audit trail: every action within ESignM — document access, signature application, approval routing, control copy generation — is logged with a timestamp and user identity in a tamper-evident, continuously updated audit trail that cannot be retroactively altered. Record integrity: signed documents and control copies are protected in access-restricted folders and cannot be modified after signing. Sequence enforcement: approval sequences are configured and enforced digitally — signatures must be applied in the defined order, and no step in the sequence can be bypassed. For pharmaceutical organisations subject to FDA inspection, ESignM provides the technical and procedural infrastructure to demonstrate 21 CFR Part 11 compliance for electronically signed records without reliance on a separate, unintegrated tool. 

ESignM enforces two-level authentication for every signing action — applied differently but equivalently for internal platform users and external signatories, ensuring that all signatures are verifiable and compliant regardless of whether the signer is inside or outside the organisation. For internal users — employees, managers, and quality personnel who are registered on the goPLIMS platform — authentication is performed through their standard username and password, combined with a one-time passcode generated by the goPLIMS app on their mobile device. This app-based OTP model provides a robust second authentication factor without requiring a separate authenticator app or hardware token. For external signatories — vendors, contractors, regulatory consultants, or any party outside the organisation who must sign a controlled document — ESignM provides a secure email link that grants access to the specific document requiring their signature, combined with a custom one-time passcode delivered to their registered email address. This means external signers can complete a fully compliant, two-factor authenticated signing action without needing a goPLIMS account, without downloading any software, and without any risk of accessing other documents in the platform outside their specific scope. In both cases, the authenticated signature event is logged with the signer’s identity, timestamp, and OTP verification status in the tamper-evident audit trail. 

A control copy is a formally issued version of a document that has been designated as the authorised copy for use — the document that operators, engineers, or quality personnel are permitted to reference and work from. In traditional paper-based systems, control copies are typically printed with a stamp, a coloured header, or a hand-applied label identifying them as controlled. This approach is easily circumvented, inconsistently applied, and creates uncontrolled copies the moment the document is photocopied or emailed. ESignM resolves this by generating uniquely watermarked control copies digitally. The watermark is embedded into the document at the time of control copy generation, carrying the initiator’s identity and a unique reference that makes each control copy individually identifiable and traceable. The watermark position, colour, and font are customisable to match the organisation’s document control standards. Control copies can be generated on selected pages or all pages of a document, and are immediately stored in access-restricted folders within EDocM — preventing uncontrolled copies from circulating and ensuring that only the watermarked, version-confirmed document is accessible to authorised team members. This digital control copy model eliminates the uncontrolled distribution of document copies that is one of the most common findings during FDA and EMA document control inspections. 

In regulated environments, the order in which signatures are obtained on a controlled document matters — a reviewer must sign before an approver, an author must confirm before a quality director endorses, and so on. ESignM allows organisations to configure the required signature sequence for each document type, with signatures routed automatically to each party in the defined order. Once a signature sequence is initiated, each signatory is automatically notified by email when it is their turn to review and sign — removing the need for manual chasing, email follow-ups, or phone calls to collect approvals. The live signature status of every document in the workflow is visible centrally within the platform — showing who has signed, whose signature is pending, and at which stage each document currently sits — giving Document Controllers and Quality Managers a real-time picture of all outstanding approvals across all workstreams and programmes simultaneously. Automated email notifications keep the process moving and create a documented record of when each notification was sent. Individual users from each team can be selected as signatories, enabling precise control over who is included in each approval chain. For programmes managing signature workflows across multiple workstreams — a large CQV programme, a multi-site validation campaign, or a global tech transfer — this centralised, real-time visibility of all signature statuses is an operational and compliance capability that manual approval processes cannot replicate. 

ESignM is designed to support the full range of electronically signed document types that pharma projects and operations generate. For Commissioning, Qualification and Validation programmes, ESignM manages the approval of validation protocols prior to execution — routing the document through the required pre-approval signature sequence (typically Author, Reviewer, QA Approver) before the protocol is released for use. Post-execution, completed protocols and summary reports are routed through a post-approval sequence, with signed records stored as permanent qualification documentation. For Standard Operating Procedures (SOPs) and controlled procedures, ESignM manages the controlled review and approval cycle — author drafting, subject matter expert review, QA approval, and distribution of the watermarked control copy to authorised users. For any document requiring a signature from an external party — a supplier quality agreement, a vendor qualification document, a contract research organisation protocol — ESignM’s external signing capability collects the compliant, two-factor authenticated signature without requiring the external party to join the platform. 

ESignM is designed so that every electronic signature event, access action, and document status change generates a permanent, tamper-evident log entry — automatically, without any manual action required from the user. Each log entry captures the identity of the user who performed the action, the timestamp of the action, the nature of the action (access, signature application, approval routing, control copy generation), and the status of the signature sequence at that point. This continuously updated audit trail cannot be retroactively altered, deleted, or manipulated — ensuring that the record of every approval is as reliable as the approval itself. At any point — whether for an internal quality review, a supplier audit, or a regulatory inspection by the FDA, EMA, or HPRA — a complete, chronological record of every signing event for every document can be retrieved in full. For pharmaceutical organisations where the integrity of electronic records is one of the most scrutinised areas of a 21 CFR Part 11 inspection, ESignM provides the confident, structured audit evidence that a fully compliant signing process has been followed — every time, for every document, without exception. 

One of the most significant practical challenges for pharma organisations implementing electronic signatures is the proliferation of disconnected tools — a document management system in one platform, a control copy process managed in a separate procedure, and an e-signature tool from a third-party vendor — each with its own user management, its own audit trail, and its own compliance validation burden. ESignM addresses this directly by consolidating all three functions within a single integrated module on the goPLIMS platform. Documents are managed and version-controlled in EDocM, part of the same platform. Control copies are generated directly from those documents within ESignM, with watermarks applied and the controlled version stored back in EDocM’s access-restricted folders. Electronic signatures are collected for those same documents within ESignM, with the signed record stored in the same platform and linked to the same project record. The result is a single, unified system of record for document management, document control, and document approval — with a single audit trail, a single user access model, and a single compliance validation scope. For organisations managing the 21 CFR Part 11 computer system validation of their electronic signature tool, this consolidation dramatically reduces the validation effort compared to maintaining and validating three separate systems. 

ESignM is the electronic signature backbone of the goPLIMS Integrated Project Execution Platform, and it is designed to provide compliant, traceable signing capability across every module where formal approval is required. Validation protocols, qualification reports, and summary documents managed across the goPLIMS platform are approved through ESignM before execution and archived as signed records after completion. Forms created in FormM can be configured for electronic signature collection through ESignM. For any document in EDocM that requires a controlled, signed approval — a procedure, a specification, a supplier agreement, a regulatory submission document — ESignM provides the compliant signing infrastructure. This end-to-end integration means that electronic signatures are not a separate, disconnected step in the workflow — they are embedded within the same governed process as the event, the document, and the quality record they are approving, creating the most complete and defensible audit trail available to pharma organisations operating under regulatory scrutiny. 

Yes, ESignM supports the digitalisation of deviation and exception management by enabling secure, compliant electronic approvals and sign-offs for deviation-related workflows.

In pharmaceutical and regulated industries, deviations and exceptions require formal review, approval, and documentation. ESignM ensures that all such approvals are executed digitally with secure, traceable electronic signatures, eliminating the need for paper-based sign-offs.

With ESignM, organisations can:

• Digitally approve deviation reports, investigations, and closures
• Maintain a complete audit trail of who signed, when, and why
• Ensure compliance with regulatory requirements such as 21 CFR Part 11
• Integrate approvals across workflows (ActionR, ChangeM, EDocM, etc.)

Each electronic signature is:

• Secure and user-authenticated
• Time-stamped and tamper-evident
• Linked to specific records and workflows

By digitising approvals, ESignM ensures that deviation and exception processes are faster, compliant, and fully audit-ready, reducing delays and eliminating manual documentation risks.

Yes, ESignM supports knowledge management by capturing verified approvals, decisions, and authorisations as part of a structured and traceable digital record.

In pharma environments, approvals and sign-offs represent critical knowledge—confirming decisions, validating actions, and documenting accountability. ESignM ensures that this information is securely stored and linked to relevant records across projects and operations.

This enables organisations to:

• Maintain a reliable history of decisions and approvals
• Provide clear accountability for audits and reviews
• Support traceability across documents, actions, and changes
• Strengthen governance and compliance frameworks

By integrating with other modules, ESignM ensures that every approval becomes part of a connected knowledge ecosystem, rather than an isolated event.

With secure storage, audit trails, and role-based access, ESignM transforms electronic signatures into a valuable knowledge layer—supporting compliance, transparency, and continuous improvement in regulated industries.