Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Does anyone use JIRA for medical device Complaint Management?

Currently working in the RUO space, but actively developing the QMS infrastructure to support medical device (ISO 13485 / 21CFR820)

We currently use JIRA's issue posting and tracking for development and troubleshooting activities, but have primarily paper-based QMS processes with an electronic document management system (hoping to convert to full eQMS as well). 

I've done some initial research into the JIRA addon apps (confluence, comala workflows and publishing), which look like they would capture the majority of the ISO13485 and 21CFR part 11 compliance.

However, I haven't seen any pages with anyone specifically using JIRA workflows to track things like complaint management (Initial evaluation, testing, risk assessments, impacts, tracking to associated complaints/known issues, tracking to product requirements, escalation to CAPA, Adverse Events, etc.)

It seems like this is something that could be done with the added functionality with the electronic signatures and audit trails, and the separate "project" spaces seem like they could be configured to fulfill customized workflows based on the QMS requirements. 


Is this something that anyone else has tried? Anyone used this with the new greenlight partnership? 


Thank you! 

7 answers

2 accepted

0 votes
Answer accepted

Hi Brenda,

Some medical device manufacturers use our software to track product risks -

kind regards,

Craig Schwarze

0 votes
Answer accepted

Hi @Brenda Kelly

The answer will be "sure" - like with a lot of business areas, Jira can be configured to more specific industries. Its flexibility ensures you can have workflows, screens, etc which meet the needs of your team.

Admittedly I've not worked in the medical device industry so I don't have any specific knowledge here - but you could do a discovery inhouse to decide how to setup Jira.

Or if you're looking for advice on apps - this answer has some good suggestions, and mentions these apps which look specific to your industry :)


Hi Brenda

We started with a paper-based Quality Management System (QMS) certificated to ISO 13485:2013. However, since we focus on development of software as a medical device I ended up using Atlassian products as a business framework and built an eQMS to satisfy ISO 13485:2016 and FDA 21 CFR 820. We've been using this validated system since 2015, had many external audits with no paper in sight.

So, you are right it is entirely possible using appropriate addons and some effort to configure.

JIRA - issue types for requirements, NC, CAPA, complaints, changes, risk, etc each with their own workflow.   There are of course a number of addons to support this, including ALM Structure which enables traceability, planning, etc.

Confluence - Document wiki spaces which links (pulls in) jira issues. Critical to have Comala Document Management, or similar, which applies document workflows, tailored to you SOPs.

Service Desk - provides customer front end to support complaint handling and pot market surveillance.

Audit trail is inherent and a system fully compliant with EU GDPR, US 21 CFR part 11 and HIPAA can be developed.


I hope this helps


Hi @Al ,


I just found your answer when googling for "JIRA ISO13485". Great! Would you be available for a chat on your experience?

We're currently struggling with using JIRA to trace user requirements in MDR / ISO 13485. We feel like JIRA should be capable of supporting us - but don't see the way currently. It sounds like you've done it.

Appreciate your answer,


Like Wade Metzler likes this

Hi Michael

Yes, indeed.

You should consider jira issues as records within your QMS.  In that way you can create an issue type for each record needed, e.g complaint, NC, CAPA, and so on.

You do need to have admin access to customise jira and confluence. 

(See also other responses from Soft Comply and RadBee).

For requirements you can use any built-in issue type, or create a specific Requirement or Sub-requirement if desired to represent the functional requirements.  All jira issues can be linked, e.g. parent  / child, relates to, etc. Requirements can therefore be linked to risks, tests, design, etc to provide full traceability.

All jira issues can, of course, also be pulled into Confluence pages so full specification documents can be created using the jira requirements (and other issues) to build everything required for technical file with appropriate approvals.


Hi @Al ,

thanks a lot for your answer - that helped already a lot. We're aware of the QMS, complaint, NC and CAPA handling capabilities within JIRA.

We're stuck however with the traceability aspects. We need a way to trace requirements from the design level down towards the technical design document levels. We're working in a SCRUM model where we separated the product design work (product definition) from the product build work (product execution). Now, our product owners specify their epics and stories and hand it over to product execution for a two weeks sprint. We're seeing some issues with the traceability of the specs produced by the product owners - especially if they're modified (user centric approach!) during product execution. We thought to solve this by documenting aspects in Confluence - but ended in a copy-past nightmare. Any idea on how to tackle this? Maybe a specific tool in mind?

We're on the cloud version and have full admin rights.

Thanks a lot, 


Hi @Michael Maretzke 

We can help you with the reporting in Confluence. Feel free to reach us directly, you can also check some traceability-related videos here:




Hi @Brenda Kelly

we have joined forces with Comalatech in developing FDA 21 CFR 11 compliant solution for Confluence. It extends the ISO13485-based SoftComply eQMS with FDA compliant document approval, CAPA, training and change request workflows (built on Comala Document Management and Comala Publishing) and compliant access management. The solution is called MediCompli - You can read more about its features -  

To automate ISO14971 compliant medical device risk management we have developed the SoftComply Risk Manager apps

We also support medical device companies in automating regulatory compliance on Atlassian stack -

In case of any questions, please drop us an email -

Hello everyone,

We have recently launched a service to provide a fully 21 CFR 11 compliant turnkey solution based on Atlassian tools. Check this if you are interested.

We can also help you set it up yourself in your own server instance if you prefer.

We also have different Apps for Risk Management in Jira, specifically for the Med Tech sector. Link below:


Hi @Matteo Gubellini _SoftComply_ , with the announcement of Atlassian Server EOL I am wondering if you believe compliance is achievable using Atlassian Cloud?

Hello @Ally Lancaster ,

Atlassian will end selling new Confluence and Jira Server licenses in February 2021 and they will end supporting Server apps in February 2024.

Companies already on Server will be supported for the next three years and, even after that, the system will still run the same, even without updates from the App vendors and Atlassian.

We believe companies considering migrating to Cloud in the next 3 years will have the possibility to do so; we at Softcomply with our partners we are assessing all the requirements and some vendors are already working to release Cloud apps to bridge the compliance gaps.

We'll keep you posted.

Like # people like this

Hi, @Brenda Kelly.  Adding to what others have said, there's at least one Atlassian Solution Partner who specializes in this area exclusively. They are called @RadBee. There may be others, too. I just happen to be personally aware of this one. 

-dave [ALM Works]  

Hello @Brenda Kelly 

Yes, the idea to manage Complaints process in Jira is a viable one, and the same is true for some of the other classical Quality processes (i.e. CAPAs and Deviations management, Suppliers management).  If you use the Server or Data Center platforms you can indeed achieve full GAMP 5 and CFR 21 part 11 compliance.

The approach is especially powerful if the organisation already uses Jira for other processes (software development). Bringing Quality processes into the platform where everyone are anyways, is a very effective way to make more people engage fully with these processes and reduces friction overall.

These are my favorite 'go to' Apps when we do these type of implementations (which is basically our bread and butter):

On Jira:

1. InLabs Electronic Signatures

2. Midori's Better PDF

3. ScriptRunner, JSU. JMWE, JWT (For all those nifty automations)

4. Structure for Jira (ALM) --> essential if you do Design Controls in Jira

5. ProjectBalms Risk Register --> For risk management

6. Xray Tests Management --> For Design Controls


On Confluence, In case you do Controlled Documents in Confluence:

1. Scroll PDF Eporter

2. Comala Document Management

3. Comala Publishing

4. Comala Metadata

5. Read&Understood Training Genius (Disclosure: this is our App)


Hope this helps,




(Thanks @Dave Rosenlund _ALM Works_ for the shout-out)

Hi @Rina Nir , with the announcement of Atlassian Server EOL I am wondering if you believe compliance is achievable using Atlassian Cloud?


Like # people like this

Suggest an answer

Log in or Sign up to answer

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you