Hey, I thought I'd share some of my learnings about setting up a QMS in Jira and Confluence as many companies have asked me about this in the past. It took me quite some time to write this, so I hope it's useful for someone here!
I'm a consultant for medical device compliance and have worked with 150+ companies, quite a few have passed audits with a Confluence and/or Jira - based QMS.
So how would you go about setting up a QMS in Confluence?
Generally speaking, you actually have three options:
Let's go through those in detail!
If you're set on using Jira / Confluence for your QMS (more on that below), this is likely the cheapest option. However, it's also the one which will take the longest and carry the most risk regarding not passing your audit.
Here's how you'd do it: You'd essentially have to go through all the regulatory requirements by yourself. So, for EU MDR medical device compliance, you'd download the ISO 13485 which is a PDF listing the requirements for quality management systems.
(Quick note: There's a small "hack" here of downloading the ISO 13485 through the Estonian website which saves you a lot of money.)
And then you'd go through each section and create custom ticket types for everything. E.g. for customer complaints, the ISO 13485 requires you to classify them as serious or not, so you'd add a dropdown selector for "seriousness" to your ticket type for customer complaints.
With that, I think, you already see the main drawbacks of the approach: Firstly, it's a ton of work, and secondly, there's no guarantee that your interpretation of the ISO 13485 in your Confluence / Jira QMS setup actually matches the interpretation of your auditor. So you might run into the situation that you've actually set up a QMS which doesn't pass an audit.
And, with all the work you have to put it, I guess you have to ask yourself whether it's worth it. In the end, your company probably wants to develop a product and make money, and setting up your QMS is only a tiny part of that.
You second option is to choose to extend Jira / Confluence features with a QMS plugin. The main features you're looking for here are compliant e-signing of documents and requirements and risk management.
For e-signatures, I've had quite a few customers use Komala for that. It seems to work reasonably well. However, I've talked to one auditor who mentioned that one of the companies they audited recently lost all their signature information in Confluence which obviously was a huge problem.
So there's definitely some risk here as you're "bolting on" functionality to Confluence which doesn't exist in its core, and you're essentially at the mercy of the companies which manage the plugins you've purchased.
For requirements and risk management, I've heard of SoftComply being used, but none of our clients chose it so far so I don't have any first-hand experience.
Generally speaking, this approach of Jira / Confluence with plugins works reasonably well. The main drawbacks as mentioned by an auditor recently are these:
Your third and last option is to choose another software entirely outside of Jira and Confluence. Personally, this is my preferred option because, as mentioned above, I've recently heard many negative opinions by auditors about QMS setups in Jira and Confluence. Also. the first approach of setting up everything from scratch is simply not feasible for most startups who can't spend unlimited time tweaking their own custom QMS setup.
The most common options here are OpenRegulatory Formwork, Greenlight Guru and Qualio. Of those, Greenlight Guru and Qualio have very intransparent pricing and lock their customer in quite heavily with year-long contracts, so startups are increasingly avoiding them.
The often-preferred eQMS software for startups is OpenRegulatory Formwork because it has a free tier, unlimited users and a lot of transparency (e.g. monthly cancellation).
The benefits of a separate QMS software outside of Jira / Confluence are:
Additionally, one often-cited idea is that Jira and Confluence might be beneficial due to better integration between software development teams. Integrating regulatory compliance documentation with software development work sounds great on the surface, but in reality, I haven't seen this work out well, even after consulting 150+ companies. Here's an interesting article on the topic.
So yeah.. it's possible, but not always a great idea. Here's another article which is quite critical of Jira QMS setups.
Hope this was helpful and happy to answer any questions!
Interesting, I didn't know about Scroll Documents, thanks!
HI @Oliver Eidel ,
There are a few Apps in Confluence that do electronic signatures but admittedly not many with proper versioning. Scroll Documents is one of the few.
For our customers we initially had to create a dedicated App for Comala to report the Change History Table inside the page, with independent versioning. (see. Change History Table link).
Anyway, eventually we decided to create our own document management system, designed specifically for the MedTech sector (See Document Manager Link), with electronic signatures, versioning and everything else.
At SoftComply we also have Risk Management tools for Jira, while for requirements we heard good feedback on R4J, and Xray for test management.
Your recommendation about the Estonian standardization website is great, we always do the same with our customers and we purchased several standards ourselves there. The fact that you can buy single licenses rather than the whole thing saves a good bit of money.
Disclaimer: yes I'm with SoftComply!
Hello @Oliver Eidel ,
Your article is really interesting and well argumented, thank you very much for that.
I simply regret that you forgot to mention your relation with OpenRegulatory. This disclaimer would have make your article even more transparent.