Meet every requirement
PandaDoc empowers you to satisfy every standard set by 21 CFR Part 11, including signature intent, unique user IDs, and more.
21 CFR PART 11 COMPLIANCE
E-signatures that meet the highest standard
PandaDoc e-signatures empower your company to comply with Part 11 of Title 21 of the Code of Federal Regulations, so any document your business submits to the FDA can be sent with complete confidence.
CFR compliance that doesn’t slow you down
Make verification easy
Choose which ID verification methods to offer recipients, including passcode verification, KBA, ID Check, Text (SMS), and others.
Authenticate automatically
Once recipients sign, PandaDoc provides a unique signature stamp that visibly shows the signer name, timestamp, and intent.
An enterprise-grade solution for teams of any size
eIDAS compliant
PandaDoc works with Trust Service Providers to ensure all signatures are verified, secure, and compliant. Safely send documents knowing recipients are who they say they are, while protecting sensitive data and legal viability.
Physical security
PandaDoc data centers (handled by Amazon AWS) utilize innovative architectural and engineering approaches. Amazon remains a leader in designing, constructing, and operating large-scale data centers that are trusted around the world.
SOC 2 certified
PandaDoc is SOC 2 Type II certified and can provide an SSAE 18 SOC 2 report and attestations of compliance, upon request. This report details how we leverage the state-of-the-art Amazon AWS platform to provide superior security for our customers.
Servers and networking
All servers that run PandaDoc software are recent, continuously patched Linux systems. Additional hosted services we use, such as Amazon RDS, S3, and others, are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.
Service levels and backups
PandaDoc infrastructure utilizes multiple, layered techniques for reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We also conduct full, automated, encrypted backups of our databases daily.
Application architecture
Our web application is multi-tiered into logical segments (front-end, mid-tier, and database), each independently separated from each other in a DMZ configuration. This guarantees maximum protection and independence between layers.
Frequently asked questions
Part 11 of Title 21 of the Code of Federal Regulations establishes regulations that govern electronic records and signatures on documents created, maintained, retrieved, transferred, or submitted pursuant to any United States Food and Drug Administration (“FDA”) regulations or submitted to the FDA.
Relevant Industries include
Pharmaceutical manufacturers
Biotechnology companies
Medical device manufacturers
Clinical research organizations (CROs)
Healthcare providers and hospitals
Laboratories and research institutions
Food and beverage manufacturers
Cosmetics manufacturers
PandaDoc provides 21 CFR part 11 compliance for electronic signatures by requiring signers to meet security standards set by this regulation and then properly documenting the signatures with required data for all parties to verify.
Electronic signatures that are 21 CFR Part 11 compliant must satisfy a number of different requirements. These include:
The printed name of the signer
The date and time the signature was executed
The meaning of the signature (such as review, or approval)
A unique user ID
Digitally adopted signature
Yes, PandaDoc can provide the ID verification, the unique user ID, and all other required information on an electronic signature to ensure that it meets CFR Part 11 compliance. For a closer look at how 21 CFR Part 11 compliance works with PandaDoc, request a software demo with our team today.
The US and EU versions of PandaDoc are similar and equally secure. However, the versions are independent and isolated installations of the application. This means that if you have a PandaDoc account within the US, PandaDoc EU would not know about this account and would not have any information.
We keep the environments isolated in order to provide data residency to our customers. The following information is stored and processed in bounds of chosen region:
PandaDoc Account’s Configuration
Documents (PandaDocs, Templates and PDF copies of signed documents)
Images Assets
Document’s Texts, Attachments and Metadata
In-document communication (Comments)
Billing Information (Billing Addresses, Account Names, Subscription Details)
PandaDoc Contacts
Forms (including information your customers enter)
Content Library Items
Catalog Items
PandaDoc Inboxes (you account members and your customers)
Reporting and Document’s Analytics
Yes. The following information, regardless of which version of PandaDoc is chosen, is stored (and transferred to the US):
Your communication with PandaDoc representatives, specifically our Customer Support team and all interactions with this team. In order to provide best in class support for our customers PandaDoc remains to be a global company, this means that our representatives are hosted across the globe and would be happy to help as soon as possible. Unfortunately, we can’t isolate our communications in one particular region. This means that information such as video calls, account information, customer ticket information can be accessed and transferred to the US.
The transactional analytical information about your account that helps us to make PandaDoc a better application for you.
3rd Party integrations that our customers enable within their account could transfer data outside of your chosen PandaDoc application location. This is dependent on the specific integration and the 3rd party provider. If you have questions on your specific integrations, let us know and we will help you.
Interactions with our Sales team, basic sales contact information, and the initial contractual sales documentation.
Unfortunately, for security purposes, this is not possible. You cannot transfer data from PandaDoc one data center to another. If you’ve chosen the US server, you will be able to have a separate account in the EU with the same email address of the account owner, but it would be a second account that does not share neither license, nor any information with the first one — you’ll need to set up and maintain it separately, which gives you full control over your data residency.
Start collecting secure signatures with PandaDoc
We’re ready to show you why we’ve stayed a leading e-sign solution with a free, no-commitment software demo.
See how features work on a live call.
Get answers from our product experts.
Discover how your business benefits.
