E-Signatures and Compliance in Confluence Cloud

Recently, we have seen many organizations in regulated industries evaluate Confluence as they look to bring their documentation into the Cloud. These organizations need to meet strict compliance standards from regulatory bodies like the FDA and ISO. One of the requirements found across many different standards is a verified approval for documents, and the most common form is an e-signature. We want to provide the community some guidance around electronic signatures in Confluence Cloud. 

Digital Verification Methods

In Confluence, this means that organizations need to be able to have specific users enter valid credentials when approving documents. For example, if a company wants to receive FDA approval, its quality management system must meet the FDA standard 21 CFR Part 11, which requires teams to show verified reviews and approvals on their documents. There are a number of different ways to show digital verification, including biometric scans and handwriting captured by software, but the simplest method is usually an electric signature. The FDA standard requires two unique pieces of identification for a verification by electronic signature, which could include user names, account passwords, or signing tokens. 

Signing tokens, also referred to as One-Time Passwords (OTP), are an accepted method of electronic signature for compliance. If you've ever entered a validation code when signing up for a service like Netflix or Amazon, then you've used an OTP. One-time passwords or tokens are short, computer-generated codes, and no surprise, expire after one use.

Whatever the method, it's also important that there is a stored electronic record of the verification, that can be used for internal and external compliance audits.

E-Signature Solutions

While there are out-of-the-box software solutions for compliance needs, these tend to be very expensive, and/or require a lot of expertise. Atlassian products like Confluence offer an alternative that is cost-effective, flexible and easy-to-use. However, Confluence does lack some of the fundamental requirements for compliant documentation, like native e-signature functionality. But, with the rights apps, organizations can add e-signatures and other needed features.

Currently, the best way to get e-signatures in Confluence Cloud is with Comala Document Management for Cloud. This Comalatech app allows you to add review and approval workflows to Confluence. The app comes with three workflow templates, including a QMS workflow with e-signatures that is already used by several customers to meet compliance audits. Users can also edit or create custom workflows, building workflows that match their industry requirements, and adding e-signatures where and when they're needed. These e-signatures can use the approver's Confluence username and password, or an OTP token generated with popular third-party apps like Authy, 1Password or Google Authenticator. Comala Document Management also keeps a detailed workflow history with the necessary e-signature audit trail.

For many companies, the combination of Confluence Cloud and Comala Document Management will be all that's needed to meet their industry's signing standards. Comala Document Management has a free 30-day evaluation, so organizations can explore the app to see if it meets their requirements.

Next Steps

For those companies that do need to take further steps to meet compliance standards, there are other add-ons that provide additional guidance and functionality. SoftComply is an example of a vendor that specializes in compliance solutions, with apps like eQMS. This add-on provides a package of QMS resources within Confluence that assist companies with meeting compliance standards like ISO 13485, IEC 62304, ISO 14971 and 21 CFR 820. The app includes manuals that guide the customer to setting up their QMS, document templates, and a complete example QMS.

With apps like Comala Document Management, eQMS and many others, Atlassian products can now provide compliant solutions to meet almost any regulation, bringing new customers into the Atlassian ecosystem.