Validation of Confluence Cloud

Modern medical device regulations are putting more and more emphasis on the management of software tools. These tools are software packages that are not part of the medical devices themselves, but support the device during its development lifecycle and quality management.

Confluence Cloud is one such software tool that companies can use for their document management system that needs to be validated. But what exactly should you validate in your Confluence Cloud?

For more on which software tools need to be validated, requirements for validation and the best practices – please check out the white paper on validation.

What features of Confluence Cloud should I validate?

The features to be validated in a software tool are determined through the analysis of company’s intended use of the tool and its risk assessment. But there are certain key items that must always be included.

These features are the ones that directly affect data integrity and security, and that are explicitly called out in the medical device regulations such as FDA 21 CFR 11.

For your Confluence Cloud, these functionalities are the following:

1. User access controls: Confluence Cloud allows you to set up user access controls to ensure that only authorized users can access sensitive information. Setting up user access controls helps prevent unintended changes to electronic records and unintended use of old/obsolete documentation.
   You should validate that the user access controls are working as intended and that users can only access the information that they are authorized to access.
2. Data backup and recovery: Confluence Cloud includes data backup and recovery features to ensure that your data is protected in case of a system failure or other disruptions, both at a site level and at a space level.
   You should validate that the data backup and recovery features are working as intended and that you are able to recover your data in case of a system failure.
3. Document management: Confluence Cloud includes document management features that allow you to create, store, and share documents with other users.
   You should validate that the document management features are working as intended and that documents are being stored and shared securely.
4. Compliance with specific regulatory requirements: Confluence Cloud may be subject to regulatory requirements, such as GDPR or HIPAA.
   You should validate that Confluence Cloud complies with the relevant regulatory requirements and that you are able to meet your compliance obligations when using the software.

Other items to consider, according to the specific use in each Company:

1. Integration with other tools: Confluence Cloud integrates with a wide range of other tools, such as Jira, Trello, and Slack.
   You should validate that the integrations are working as intended and that you are able to seamlessly collaborate and share information between different tools.
2. Collaboration and communication: Confluence Cloud provides a range of collaboration and communication features, such as commenting, notifications, and real-time editing.
   You should validate that the collaboration and communication features are working as intended and that users are able to effectively communicate and collaborate with each other.

To summarise the activities you should perform to validate your Confluence Cloud:

1. First, list all the key functionalities of Confluence Cloud which you should include in your validation process.
2. Describe their impact and criticality on the “quality” of the device to scope your validation effort.
3. Perform the validation and compose the documented evidence.
4. To save the time and effort on the validation, use SoftComply Validation for Confluence which helps you to automate your Confluence validation and to generate documented evidence.