P11 Module Enabled - Product Limitation Compliance Gap

As new users of Docusign operating in a regulated GxP environment, and during our review of monthly software release notes and system behavior, we identified a significant compliance gap related to the use of the Docusign Mobile Application when the 21 CFR Part 11 (P11) module is enabled.

Currently, there is no configuration option or administrative control that allows an organization to prevent users from sending and/or signing envelopes using the Docusign mobile application. This limitation is not aligned with the compliance expectations associated with the P11 module and creates a conflict between advertised configuration controls and actual system behavior.

Specifically, not all Part 11, related checks and controls appear to be enforced or configurable within the mobile application to the same extent as the web interface. As a result, mobile usage introduces additional compliance risks related to authentication, procedural controls, and intended use, which must be addressed through compensating measures such as expanded validation scope, additional risk assessments, and enhanced user training. These activities would not be required if appropriate system-level restrictions were available.

From a regulated user perspective, there should be configurable options that allow organizations to:

• Fully restrict the use of the Docusign mobile application for GxP-regulated activities, or

• Limit mobile usage to specific actions (e.g., signing only, sending only), consistent with the organization’s intended use and validation strategy.

At present, none of these controls are available, leaving organizations unable to technically enforce their compliance decisions.

This limitation also raises concerns regarding the purpose and scope of existing compliance artifacts. For example:

• What is the intended role of the monthly Validator Report if mobile application functionality is not included or verified as part of Part 11 compliance?

• What is the practical value of the configuration setting “Allow recipients to sign on a mobile device” if recipients are able to sign via the mobile application regardless of this setting?

These inconsistencies make it difficult for regulated customers to rely on system configuration alone to enforce Part 11 compliant behavior and may lead to unintended noncompliant use.

Enhancement Request:
We formally request that Docusign consider enhancements to:

• Provide administrative controls to disable or restrict Docusign mobile application usage when the Part 11 module is enabled

• Clearly align mobile application behavior with Part 11 configuration settings and validation documentation

• Expand Part 11 validation coverage and documentation to explicitly include mobile application functionality, or clearly state limitations where applicable

Such enhancements would significantly improve Docusign’s usability and credibility in regulated environments and reduce the need for procedural workarounds that increase operational burden and compliance risk.