Active Directory

When signing on electronic record - can a combination of login to a computer using the active directory combined with a pin code (for each signoff) – be considered to fulfill the requirements of an electronic signature?

Is there a requirement for the electronic signature to be recorded together with the record?
The active directory password is changed every quarter.

 

Assuming all other requirements are met, I'd say technically, no; but practically, probably.

The main sticking point I see is compliance with (11.200.a.1.i):

When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.

One could argue that the continuous session could be from the time of initial login but if you had a tech-savvy, picky reviewer, that may not fly. I think, though, if you can show sufficient controls are in place to ensure that that person who originally signed in is, indeed, the person executing the signature electronically, most reviewers would accept it. Again, that's predicated on the assumption that all other requirements are met.

Typically, most tools require a login (to initiate the 'continuous session') and then the (unique) PIN (or password) is provided for each signature.