What addons are best for FDA compliance?

SteveR January 24, 2013

We are doing development that is considered to be a medical device and falls under FDA guidelines and requirements. They require things like traceability (tying requirements to pieces of code to specific tests to bugs, etc.), electronic signatures/approvals, robust change and version mgmt, etc. Looking for advice on what tools/addons are best.

Thanks,

Steve Rohde

9 answers

1 accepted

1 vote
Answer accepted
JohnA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 28, 2013

Hi Steve,

If I'm honest this will be more about implementation of your systems rather than addons that will help you to implement them, so the first thing is to consider your needs and imagine them in terms of a workflow and integration between the applications. Whilst their are addons that will facilitate the process of implementing that workflow, but you need to think about exactly what you want/need to achieve because the Atlassian Stack in its present form will do virtually everything you need and it's just a case of being clear in what you need to implement. Often implementing a stack is a big challenge and developing processes for departmental changes require some advice from outside professionals to smooth the transition, so you might find that instead of purchasing addons you find better value just purchasing implementation and training services from an Atlassian Expert as they can assit you in getting the most out of the Stack and ensuring you meet all your compliance requiremnets.

All the best,
John

5 votes
Erez Kaminski -Ketryx- April 17, 2023

Hi Steve, 

 

FDA Compliance is about proving that you manage your software processes in a way that is traceable and risk-based. Another critical aspect is the ability to create design controls (e.g. Design History File) as needed. This requires information from many different systems, processes, and people.  We have recently released a solution to the Atlassian Marketplace that removes the need for multiple addons and allow you to connect to all the system you use and track that information in a single source of truth.

 

Ketryx integrates all of the products in your dev tooling - including Jira - to provide one validated system to produce safety-critical applications.  Once you connect Ketryx, it will reconfigure Jira to comply with everything the FDA requires, so you wouldn’t need to manage so many addons (and validate them!). 

 

You can find our product page here.

 

3 votes
Brent Lewis July 8, 2020

Hello - We have been very happy using JIRA in FDA regulated medical environment for IT Testing and Change management with the following plugins and setup

  • XRay Test Management for JIRA: Provides out of the box configuration for test cases, test execution, and test reporting in JIRA.
  • XPorter – Export Issues from JIRA: Provides export functionality needed to generate PDF or Print-outs of executed test cases from XRay.
  • Electronic Signature Fields: Provides 21CFR11 compliant electronic signature fields for JIRA.
  • JIRA Workflow Toolbox: Provides a number of advanced workflow configurations needed to configure for 21CFR11 approval routing of test cases and test executions.

Here is some detail on how we implemented the 21CFR11 compliant approvals

In order to allow multiple users to approve Tests and Test Executions, the following configuration has been established.

A “Required Approvers” multi-user select field has been created to allow users to indicate what approvers are required.

A “Pending Approvers” multi-user select field has been created to track the approvers that have not yet approved. This field is controlled by workflow and is not able to be modified by users.

Whenever an object is submitted for approval, the users identified in the “Required Approvers” field are copied to the “Pending Approvers” field (using JWT plug-in) and an email notification is sent to each user in the “Required Approvers” field (using JWT plug-in).

The JIRA electronic signature plug-in is leveraged to implement fields for re-authentication and electronic signature in compliance with 21CFR11.

If a user approves the object, the system is configured to remove their name is removed from the “Pending Approvers” field (using JWT plug-in).  Once all names are removed from the Pending Approvers field, the system automatically moves the object to the “Approved” status (using JWT plug-in) and sends an email notification to the owner of the object to notify them of its approval (using JWT plug-in)

kevinkre December 29, 2020

Hi Brent...thanks for sharing your approach. As it turns out I am doing a very similar process and we use all the same components... still in progress, but your confidence and approach has validated my prototyping efforts...BEST!

Like Brent Lewis likes this
2 votes
Sébastien CORSYN January 9, 2020

These answers are a bit dated, so I would like some fresh information.

I am currently looking for a test management tool for the develpment of a medical device (software). The company I work for has chosen JIRA to manage this project, so the tool I am looking for must have a great JIRA integration. But what is the most important for us is the traceability. To get the CE marking, we are audited and we need to be ISO 13485 compliant.

Which JIRA apps is the best solution for us ? From what I have read, JIRA+XRAY Test Management for JIRA + Confluence + SoftComply eQMS would be a good basis to meet our requirements. Am I right ?

Thanks

Regards,

Sébastien

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 14, 2020

Hello Sebastien,

We have a Risk Management plugin that can definitely help with the traceability between Risks and Requirements, then you can pull the data in Confluence. Look for "Risk Manager" in the Atlassian Markeplace.

A QMS is something that you will probably need to have, and our eQMS can do the job.

If you are planning to enter the US market too, then you have to make sure the system is 21 CFR 11 compliant. In this case things get a bit more complicated, as you will need compliant workflows (Comala workflows on Server is the only thing we can recommend). In addition you will need Crowd or similar to ensure password and user management are compliant too. We can offer a turnkey solution for all of this, just check https://www.clearvision-cm.com/medicompli/. 

If you have other questions just let us know.

Regards

Matteo

Sébastien CORSYN January 14, 2020

Hi @Matteo Gubellini _SoftComply_ ,

SoftComply eQMS will certainly be chosen for this job. Risk Manager probably too, but it is not my job. My part of the job is too choose a test management tool for JIRA (probably XRay, Deviniti RTM or Qmetry)

Regards

Sébastien

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 14, 2020

@Margus _SoftComply_ Can you please suggest Sebastien some test tools?

Margus is our certified Atlassian Expert and has knowledge of these tools.

Margus _SoftComply_ January 15, 2020

Hi @Sébastien CORSYN !

From test management perspective its easier to pick a tool that keeps test elements (cases, runs, results, plans, suits, etc) as jira issues. Then its easier to create traceability between items - you just link issues and can have nice working clickable traceability.

The issuelink based traceability is comfortable if you also use Confluence for example to create traceability reports and/or export traceability info directly from jira issue search results. Then you can easily just switch whichever side you like to see traceability (REQ -> TESTS or TESTS -> REQ) and you do not need any other tools to get it.

Thus XRay is qood for that , Zephyr also. But Test Rail not so much - since their tests are in external system, then the traceability reporting is not so good if you like to use Jiras own reporting system. It might have its own reports, but havent used it for a while and it must be then reviewed from that perspective.

Hope it helps in you context!

Sébastien CORSYN January 16, 2020

Hi @Margus _SoftComply_ 

Thanks for this reply. I have tested XRay, Deviniti RTM and Qmetry and I think XRay is the best choice. It offers good traceablity tools and allows automated tests. I have also tried Zephyr but my first opinion was not very good so I did not try Zephyr more than one hour.

Thanks

Sébastien

Radoslaw Cichocki _Deviniti_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
July 9, 2020

Hi @Sébastien CORSYN ,

An exemplary setup that you can use to comply with 21CFR11 is:

  1. TestFLO - Test Management for Jira, the most flexible QA app for Jira, it supports automated tests as well
  2. Electronic Signature for Jira (specifically designed to meet 21CFR11 requirements)
  3. Any kind of workflow extension plugin, I'd suggest JSU
  4. Confluence + Comala Document Management

The rest is proper configuration, translating the requirements into the tools. Something an Atlassian Platinum Partner company such as Deviniti can help you with. If you'd like to talk about it, feel free to contact us here.

Regards,
Radek Cichocki

Erez Kaminski -Ketryx- April 17, 2023

Hi Sebastian, I wanted to add that we have recently launched Ketryx to the Atlassian Marketplace, which is a turn-key solution that connects all your existing systems (including Jira) into a single, traceable source of truth for the complete product/software lifecycle. You can manage everything from requirements to complaints, test cases, test executions, complaints, CAPA, and anything else you need, through a single validated system!

You can find out more here.

Like Bailey Pearlman likes this
1 vote
Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2020

Hello everyone,

We have recently launched a service to provide a fully 21 CFR 11 compliant turnkey solution based on Atlassian tools. Check this if you are interested.

https://softcomply.com/medicompli/

We can also help you set it up yourself in your own server instance if you prefer.

Matteo

Sébastien CORSYN February 11, 2020

Hi @Matteo Gubellini _SoftComply_ ,

How does MediCompli work ? Is it an add-on for Confluence ? I have not found it in the Atlassian Marketplace.

Does it need a server or is there a cloud version ?

Thanks

Sébastien

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 13, 2020

Hello @Sébastien CORSYN ,

MediCompli is not an add-on per se, it is a collation of Confluence add-ons, on a Confluence Server instance on AWS, externally managed and configured to be fully 21 CFR 11 compliant.

It's for companies who don;t want the burden of managing a server and need this level of compliance.

Unfortunately Confluence Cloud has some major gaps against 21 CFR 11 and the choice of add-ons is more limited.

We can demo it to you if you are interested.

Matteo

1 vote
Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 9, 2017

Hi Steve,

We have just released an eQMS plugin for Confluence with a full integrated quality system for Medical Devices. 

https://marketplace.atlassian.com/plugins/ee.softcomply.qms.confluence-blueprints/server/overview

It will contain answers to most of your doubts.

Regards

Matteo

1 vote
Marion Lepmets _SoftComply_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
February 16, 2017

SoftComply has created two add-ons specifically for medical device software companies - SoftComply Risk Manager is based on ISO 14971 and supports the traceability between risks and software requirements (and test cases for verification of mitigation actions).
SoftComply eQMS (currently without workflows) provides a set of technical documentation based on the requirements of ISO 13485 and 21 CFR 820. 
https://marketplace.atlassian.com/search?query=softcomply

0 votes
James Brown January 17, 2017

One particular issue with JIRA is that the audit history of what changes were made to each JIRA element are not robust enough.  For instance, I can see when the last change was made to a workflow and who made it, however, there is not any automatic storage of the change that was made.

Matthias Thömel November 13, 2017

Hello, that's correct. But: you can do a copy of the workflow right before you publish your changes. Name it with a version number and generate an JIRA entry corresponding to that verison number or copy and describe your changes - that's it, I think. 

 

Regards, Matthias

kevinkre December 29, 2020

The workflows are your main processes. they have to be designed and tracked like any other new or changed process. Revisions have to be approved. Design documents have to be kept, etc. No audit of changes is going to take the place of your process design and validations.

0 votes
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 4, 2013

AppFusions has this plugin addressing this FDA compliance use case for JIRA ... we have a number of customers using this. It's been out for just over a year now.

https://www.appfusions.com/display/PRT11J/Home

Please also see related threads - search for FDA. Here's a couple:

https://answers.atlassian.com/questions/153167/compliance-market-requirements-standards-for-jira-fields-capture-market-requirement-by-segment

https://answers.atlassian.com/questions/151613/confluence-for-fda-regulated-document-management

There are corps out there (e.g., pharma, medical, food supply, etc.) that are using JIRA/Confluence in this way now - I know.

My email is ellen@appfusions.com if you would like to discuss/vet more.

Best,

Ellen

Suggest an answer

Log in or Sign up to answer