It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence for FDA Regulated Document Management

I am a long time user and fan of Confluence and have recently moved to a new role in an FDA regulated environment. One of my primary goals is to help convert the existing paper-based document control system to an electronic system. I have looked into several off-the-shelf systems but they are all charging obsurd amounts of money. Given what I know of Confluence, I think that it could be a very sutiable system given that our organization implements the correct procedures around it. With that said I have the following questions;

  1. Do you know of any existing customers who are using Confluence for Document Management in an FDA regulated environment?
  2. If so, would they be willing to discuss the validation process with us?
  3. Is Atlassian Iscompliant to an international quality standard (for example, ISO 9001)? Would I be able to get a copy of any certifcation documents as we would need these in the event that we are audited.
  4. Would Atlassian be willing to complete and return a vendor audit document to cover our FDA requirements?
  5. Is there any additional information that you might be able to provide?

I greatly appreciate any and all feedback that you could provide!

12 answers

1 accepted

3 votes
Answer accepted

Hi @jtabatabai,

We released a document that describes how some of our customers (Comalatech) achieve compliance with the FDA Title 21 CFR Part 11 regulatory requirements for Electronic Records and Electronic Signatures using Comala Workflows.

You can find it here. Check it out and let us know what do you think. If you are also interested in ISO 9001, please contact us through our support system.

Kind regards,


Hello everybody,

We have recently launched a service to provide a fully 21 CFR 11 compliant turnkey solution based on Atlassian tools. Check this is you are interested.

We can also help you set it up yourself in your own instance if you prefer.



Hi Matteo,

my company is small and we are not in the medical device industry but we are looking towards confluence as a possible DMS.  We primarily need a way to create and index our SOP documents and create Work Instructions and Checklists.  Would Softcomply have a product that we could use in conjunction with Confluence to achieve this goal?  Please contact me.


@Mechelle Barnes ,

Could you please contact us at

I'm not able to find your direct email.

We can then have a call and see what the best solution for you is.


Not at all.  I was able to validate Confluence that was in line with our internal procedures and compliant with FDA regulations.  It is a great application and has been a major improvement for our organization.

Hi, @jebteb. I'm kind of in a similar situation as you are. Long time fan of Confluence, looking to set up an ISO13485 and CFR 21 Part 11 -compliant QMS. The landscape of QMS software looks quite depressing to me, I would be very happy if there was a way we could connect and you'd tell how it worked out for you. 



Like Walco van Loon likes this

Hi @Corvin

We have experience with customers using Confluence and Comala Workflows to comply with FDA Title 21 CFR Part 11. If you need further information or doubts, drop us a line to support at comalatech dot com.


I hate to be the bearer of lots of bad news, but I'm afraid I won't be able to answer questions 1 or 2, as that would violate our privacy policies, but I can say that Atlassian is not certified by any of the Standards organizations. That's not to say that we couldn't pass certification, but we have not actively sought to be audited and cerfied.

We do not complete vendor audit documents as we don't have the resources to dedicate to such a task, but for more general queries, I would suggest contacting us at

@jtabatabai -

This is a very valid / good use case.

I think I could help you on this, to further your discovery/explore.

Our team has done some work in this area - and also understand the different concerns you describe well.

We have released CFR Part 11 Compliance E-Signatures (FDA) for JIRA, and happy to work with you on a Confluence version!

We have not released a Confluence product plugin yet b/c Part 11 compliance has a number of interpretations (massive spec!) and Confluence content is a bit more diverse in content types compared with JIRA (where all DB/transactional based).

Regardless of that though, happy to share our experiences and provide other insights (which is longer than a simple forum answer - involved!), at the development / solution level. Also provide some guidance on the validation doc you have, wrt Confluence/JIRA.

There are corps out there (e.g., pharma, medical, food supply, etc.) that are using JIRA/Confluence in this way now - I know.

My email is if you would like to discuss/vet more.




BTW - This is an especially favorite topic b/c I worked on a project where we'd designed a very complex DMP system with a large pharma in my earliest days as a consultant in the Atlassian space.

The beauty of JIRA - a powerful workflow engine with endless possibilities.. Confluence too!


Also to echo Tim's comments:

"That's not to say that we couldn't pass certification, but we have not actively sought to be audited and cerfied."

This is true. Yes, possible, for sure!

Discussed this internally a bit further - and would like to add to my prior answer here. I will also email you Jeff and we can catch a call to discuss your SOP.

While base-JIRA and Confluence have not been officially certified, per se, they are being used at large health care companies, including large pharmas and biotechs.

The products are carefully documented and tested. The availability of the source code only makes it easier to audit if necessary. There are multiple ways to achieve compliance; here is one possible way designed to contain costs:

Step 1: We ensure your Confluence configuration satisfies E-Signature, Access Control and Traceability requirements. An early discussion with your QA rep may uncover your company's specific requirements (not sure if you are GMP, GLP, GCP or GDP). Then we develop supporting components to meet these needs (self-run, automated, auditor-run).

Step 2: Qualifying the installation of Confluence. This can be achieved by carefully documenting the installation steps, including your custom configuration (user access configuration, workflow configuration, etc.).

Step 3: Validating your functionality. This involves developing Validation Plan, System Requirements, Test Scripts and Traceability Metrics. Your Validation SOP may suggest other artifacts or steps, such as Performance Qualification.

Step 4: Meeting other requirements, for example a secure controlled hosted solution to further validate the environment and ongoing data security and integrity in preparation for auditor compliance.

AppFusions can help you through this process. It is our belief that high quality document management implementations should not cost an arm and leg.

Hi all,

So is this the end of Confluence and FDA? 

I hope not... whats the latest?





@Jeff and others who may help ;-)

We are a small company active in control of drugs on the market (in fact one of our many activities).
We are ISO17025 compliant but still struggling with a full paper quality management system. We are now (at least) looking for an electronic document system for the management of our QMS.
I know ISO17025 (derived from ISO9000) is much less demanding than FDA but still we have to validate the system.
On the other side we are already using Confluence and Jira in our IT development team.
When the demand of an electronic QMS came to my ears, I thought naturally that Confluence was a valid option. I've already tested plugins like Workflows and I think everything we need is already in Confluence or in a plugin. Nevertheless, validation is a must.

There are especially 2 phases of the validation which are a bigger concern for me:

  • Design and implementation (coding)
  • Inspection & structural testing ('White-Box' testing)

I know source code of confluence is available but...

What's your experience with validating such a software ?

Any help would be greatly appreciated!


We have just released a Confluence add in that provides a 'Page Quality' macro that can be used to address some of the key document quality concerns for content.

You can find it in the Atlassian Marketplace here:

The following quality principles, particularly for printed versions, can be met using this macro:

  • The revision status and relevant changes can be shown
  • The original Confluence document is linked so readers can determine if their copy of the document is up to date, has been changed or is obsolete
  • The Approval button can help to approve documents before release

The information shown can include a number of useful page attributes such as who last modified the page, who the contributors are, the date changed, the page id etc.

Users can choose to use a preset default list of page information that can be set at a global or space level, or alternatively, the page information can be set at the page level using the macro's options.

The macro also has a simple page approval feature. Users can note their approval of a particular version of a page by clicking on the 'Approve' button. Pages can be unapproved in a similar way.

Hi jatabatabai

We have just released an eQMS plugin for Confluence with a full integrated quality system for Medical Devices.

It contains full guidance for FDA's 21 CFR compliance



For Confluence Cloud users: you might find this add-on useful. It's an electronic signing tool that can help with 21 CFR Part 11 compliance.


Very interesting topics covered in the log so far. 

We are using Jira, Confluence as our software development tools. When we start using these tools, we never thought we might use these tools for Medical device clearance. Please suggest me how can I validate these tools to meet FDA requirements. 



Hello Bhupinder,

Confluence can be used as a document management system for your QMS or the technical documentation. 

Jira can be used as requirement management system coupled with BitBucket, Bamboo and other tools. Jira will manage the workflow and the traceability to requirements. Jira is anyway so flexible it can be used for other purposes. We have an add-on for risk management of medical devices

Regarding the validation itself, it's not an impossible task for either platforms.  The FDA guidance at this link provides a good starting point. 

We have also put together a small article regarding validation of cloud tools

Specifics of validation of each tool are too complex to be discussed in a blog post, but as a rule of thumb the steps are:

1) Define requirements

2) Assess risk

3) Create a validation plan. IQ and OQ at a minimum, and maybe even PQ to stress the environment.






Check SoftComply products

Hi Matteo

I'm really interested in your eQMS add on for Confluence, but only have the Cloud version.  Will you be developing a similar tool for Confluence Cloud?



Hi Matteo

Regarding your sentence: Regarding the validation itself, it's not an impossible task for either platforms.  The FDA guidance at this link provides a good starting point. 

This link isn't working. Do you know where similar/the same information might currently be? 

We are also trying to manage documentation of medical devices in FDA Part 11 compliant way with Confluence and Comalatech Workflow. One big issue that is an unsolved blocker for us is the problem that you can display eg an image in your page that is actually an attachment of another page. A reader/reviewer/approver will not notice unless he checks every link using the edit mode. Even if you set your page permissions to read-only once it has been approved, you can still change the image/attachment of the other page and therewith indirectly the content of locked page. Also, you cannot configure Confluence so that you cannot use attachments of other pages. All events triggered when an attachment is updated go only to the page it is attached to and not to any other page referring to this attachment. I cannot imagine a way to circumvent this issue unless you lock the entire database with a final approval. If you are already using Confluence in a FDA Part 11 compliant setting, how did you solve this issue?



Hi Tuelle,

We are in a similar situation and decided to state in a SOP/work instruction to not use attachments from other pages. Additionally, every attachment has to be uploaded as a new version and needs to come with a change on the page. This is due to Confluence always linking to the most current version of an attachment and due to uploading attachments does not trigger a new page version.

Otherwise this is a major issue when looking through the page: a page version can be both, draft and effective. Also, old page versions will always link to the most current attachment/image which can falsify old records.

We might solve this at a later stage with a custom add-on.


Leave your contact if you need more information.

Hi Tuelle,

I'm product manager in Comalatech, the company behind Comala Workflows. We are working on a new feature to save snapshots of the approved pages i.e., frozen versions of the pages when those were finally approved. Please, create a support ticket so I can follow up there.



That sounds interesting! We have experimented with a proprietary plugin that generates a PDF export of a page once a page reaches the approved state. The PDF is attached to its source page and we have a document header on the page which has links to the pdf as well as to the history of all electronic signatures. The problem with our approach is that you have to argue that users should read the authoritative PDF exports, but in practice, they are of course reading the confluence page. It would be much nicer if there would be a solution that allows users to only consider the Confluence page if they are looking for regulative relevant information. 


I have created SUPPORT-823

Thanks for your support!

Hi @Tuelle,

As an alternative to the PDF-based approach, as mentioned on this thread, you can also use a third-party app, Scroll Documents (to be clear: I work for the developer of this app), to save versions of multi-page documents directly in Confluence. You can then view and share these versions from within Confluence itself at any later time.

Scroll Documents is currently only available on Confluence Cloud, but we’re currently developing a server version too (in the server version, versions will be saved as static content, so you also don’t have to worry about content from dynamic macros changing in the future). To keep updated and get more info about the server version, please sign up on our website and you’ll be the first to know when it's ready.

Cheers, Tom.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Confluence

Lessons and Learnings: Six Months of Working Remote [Discussion]

Hey there, folks! For most of us, the past six months- yes, you read that right- have been a journey. More people than ever before have pivoted to working remotely, and navigating being on-scre...

8,196 views 6 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you