I am a long time user and fan of Confluence and have recently moved to a new role in an FDA regulated environment. One of my primary goals is to help convert the existing paper-based document control system to an electronic system. I have looked into several off-the-shelf systems but they are all charging obsurd amounts of money. Given what I know of Confluence, I think that it could be a very sutiable system given that our organization implements the correct procedures around it. With that said I have the following questions;
I greatly appreciate any and all feedback that you could provide!
We released a document that describes how some of our customers (Comalatech) achieve compliance with the FDA Title 21 CFR Part 11 regulatory requirements for Electronic Records and Electronic Signatures using Comala Workflows.
I hate to be the bearer of lots of bad news, but I'm afraid I won't be able to answer questions 1 or 2, as that would violate our privacy policies, but I can say that Atlassian is not certified by any of the Standards organizations. That's not to say that we couldn't pass certification, but we have not actively sought to be audited and cerfied.
We do not complete vendor audit documents as we don't have the resources to dedicate to such a task, but for more general queries, I would suggest contacting us at email@example.com.
This is a very valid / good use case.
I think I could help you on this, to further your discovery/explore.
Our team has done some work in this area - and also understand the different concerns you describe well.
We have released CFR Part 11 Compliance E-Signatures (FDA) for JIRA, and happy to work with you on a Confluence version!
We have not released a Confluence product plugin yet b/c Part 11 compliance has a number of interpretations (massive spec!) and Confluence content is a bit more diverse in content types compared with JIRA (where all DB/transactional based).
Regardless of that though, happy to share our experiences and provide other insights (which is longer than a simple forum answer - involved!), at the development / solution level. Also provide some guidance on the validation doc you have, wrt Confluence/JIRA.
There are corps out there (e.g., pharma, medical, food supply, etc.) that are using JIRA/Confluence in this way now - I know.
My email is firstname.lastname@example.org if you would like to discuss/vet more.
BTW - This is an especially favorite topic b/c I worked on a project where we'd designed a very complex DMP system with a large pharma in my earliest days as a consultant in the Atlassian space.
The beauty of JIRA - a powerful workflow engine with endless possibilities.. Confluence too!
Also to echo Tim's comments:
"That's not to say that we couldn't pass certification, but we have not actively sought to be audited and cerfied."
This is true. Yes, possible, for sure!
Discussed this internally a bit further - and would like to add to my prior answer here. I will also email you Jeff and we can catch a call to discuss your SOP.
While base-JIRA and Confluence have not been officially certified, per se, they are being used at large health care companies, including large pharmas and biotechs.
The products are carefully documented and tested. The availability of the source code only makes it easier to audit if necessary. There are multiple ways to achieve compliance; here is one possible way designed to contain costs:
Step 1: We ensure your Confluence configuration satisfies E-Signature, Access Control and Traceability requirements. An early discussion with your QA rep may uncover your company's specific requirements (not sure if you are GMP, GLP, GCP or GDP). Then we develop supporting components to meet these needs (self-run, automated, auditor-run).
Step 2: Qualifying the installation of Confluence. This can be achieved by carefully documenting the installation steps, including your custom configuration (user access configuration, workflow configuration, etc.).
Step 3: Validating your functionality. This involves developing Validation Plan, System Requirements, Test Scripts and Traceability Metrics. Your Validation SOP may suggest other artifacts or steps, such as Performance Qualification.
Step 4: Meeting other requirements, for example a secure controlled hosted solution to further validate the environment and ongoing data security and integrity in preparation for auditor compliance.
AppFusions can help you through this process. It is our belief that high quality document management implementations should not cost an arm and leg.
Hi, @jtabatabai. I'm kind of in a similar situation as you are. Long time fan of Confluence, looking to set up an ISO13485 and CFR 21 Part 11 -compliant QMS. The landscape of QMS software looks quite depressing to me, I would be very happy if there was a way we could connect and you'd tell how it worked out for you.
@Jeff and others who may help ;-)
We are a small company active in control of drugs on the market (in fact one of our many activities).
We are ISO17025 compliant but still struggling with a full paper quality management system. We are now (at least) looking for an electronic document system for the management of our QMS.
I know ISO17025 (derived from ISO9000) is much less demanding than FDA but still we have to validate the system.
On the other side we are already using Confluence and Jira in our IT development team.
When the demand of an electronic QMS came to my ears, I thought naturally that Confluence was a valid option. I've already tested plugins like Workflows and I think everything we need is already in Confluence or in a plugin. Nevertheless, validation is a must.
There are especially 2 phases of the validation which are a bigger concern for me:
I know source code of confluence is available but...
What's your experience with validating such a software ?
Any help would be greatly appreciated!
We have just released a Confluence add in that provides a 'Page Quality' macro that can be used to address some of the key document quality concerns for content.
You can find it in the Atlassian Marketplace here: https://marketplace.atlassian.com/plugins/com.gumvillage.confluence.pagequality.pagequality
The following quality principles, particularly for printed versions, can be met using this macro:
The information shown can include a number of useful page attributes such as who last modified the page, who the contributors are, the date changed, the page id etc.
Users can choose to use a preset default list of page information that can be set at a global or space level, or alternatively, the page information can be set at the page level using the macro's options.
The macro also has a simple page approval feature. Users can note their approval of a particular version of a page by clicking on the 'Approve' button. Pages can be unapproved in a similar way.
We have just released an eQMS plugin for Confluence with a full integrated quality system for Medical Devices.
It contains full guidance for FDA's 21 CFR compliance
For Confluence Cloud users: you might find this add-on useful. It's an electronic signing tool that can help with 21 CFR Part 11 compliance.
Very interesting topics covered in the log so far.
We are using Jira, Confluence as our software development tools. When we start using these tools, we never thought we might use these tools for Medical device clearance. Please suggest me how can I validate these tools to meet FDA requirements.
Confluence can be used as a document management system for your QMS or the technical documentation.
Jira can be used as requirement management system coupled with BitBucket, Bamboo and other tools. Jira will manage the workflow and the traceability to requirements. Jira is anyway so flexible it can be used for other purposes. We have an add-on for risk management of medical devices https://marketplace.atlassian.com/plugins/com-softcomply-riskmanager-cloud/cloud/overview
Regarding the validation itself, it's not an impossible task for either platforms. The FDA guidance at this link https://www.fda.gov/MedicalDevices/ucm085281.htm provides a good starting point.
We have also put together a small article regarding validation of cloud tools https://softcomply.com/fda-compliance-and-the-cloud-tools/
Specifics of validation of each tool are too complex to be discussed in a blog post, but as a rule of thumb the steps are:
1) Define requirements
2) Assess risk
3) Create a validation plan. IQ and OQ at a minimum, and maybe even PQ to stress the environment.
Check SoftComply products
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs