Electronic Signature Custom Control

Topics: Developer Forum, Project Management Forum, User Forum
Mar 3, 2014 at 7:12 PM
I work for a company that creates medical device software and is regulated by the FDA. The FDA requires electronic signatures for code and test case sign-offs.

I would really be interested in a control that would present a username, password, and domain input fields to allow for this.
Mar 4, 2014 at 8:00 AM
That's a good idea for a control. Can you elaborate a bit how a control like this should work?

Mathias
Mar 6, 2014 at 3:49 PM
A possible solution is described below. The FDA basically wants the user to confirm it is the person logged into the machine who made the change. Typically this is done by requiring the user to "sign-off" on whatever changes they made via a username and a password. In the corporate environment the username, password (and domain) is sent to a Active Directory type service for authentication of the user. Also, the date is logged.

Some notes from one of the developers on our team about this scenario:
While this is not possible out of the box, you can implement a work item custom control to help enforce your requirement. This requires some writing of code. There are a couple of limitations though with such an approach:
1) It's a client enforcement. That is, there's nothing stopping a determined user from implementing his own client and programmatically using the TFS API to update the work item without the electronic signature. Of course, since TFS work items log all the changes, if they do that, it's fairly easy to spot those types of changes.
2) The custom control needs to be deployed on your VS clients. A client without the custom control will not be able to sign work items.
If the above limitations are OK, then one possible solution is the following:
1) Create a required field that is defined in the work item type definition but not shown on the form (you can call the field “Electronic Signature”). Since the field isn't shown on the form, when a user with a client without the custom control tries to save, he will get:
Save failed.
TF20012: Field 'Electronic Signature' cannot be empty.
2) Create a rule such that whenever an electronic signature is needed, the rule clears that required field.
3) Create a custom control (could be an empty user control with a size of 1x1 pixel) that you can place somewhere on the form (make sure it’s not hidden in a non-active tab as we will only create the control on demand when we render the hidden tab, and we want the control to always be instantiated when the form is displayed).
4) That custom control will hook to the FieldChanged event of the work item object on the electronic signature field. At this point you can bring up your own dialog that will prompt the user for an electronic signature (username/password/other metadata) and only after verification, the custom control will set the hidden “Electronic Signature” to an allowed value. Now the user can save the workitem.

http://social.msdn.microsoft.com/Forums/vstudio/en-US/2cde9653-25d5-4136-b954-18636904a352/tfs-2010-implementing-fda-part-11-electronic-records-electronic-signatures-on-wit-fields?forum=tfsworkitemtracking

Hope that helps.