p11-compliant approvals in Confluence (cloud)?

Steven Haworth December 4, 2017

We are using Confluence in the cloud, and are considering using it for requirements for some of our GMP-regulated products.  Has anyone used the cloud version of Confluence to document p11-compliant approval signatures?

4 comments

Steven Haworth December 4, 2017

We are looking at this App:

https://marketplace.atlassian.com/plugins/electronic-signing-cc/cloud/overview

 

Of course, part of the overall requirement is validation of JIRA / Confluence itself, and for a cloud environment we need to determine if that's possible.

Gorka Puente _Appfire_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
December 5, 2017

Hi @Steven Haworth,

We have a cloud app called Comala Approvals, I'd be interested in knowing the specific details of your requirement. Could you contact me through our support system to follow up?

Regards,

Gorka

Steven Haworth December 5, 2017

Hi Gorka - yes, we are looking at that App also.  FDA part-11 compliance has a requirement to re-enter at least one security component at the point of signing - usually a password.  So when you click 'approve', you get prompted for password.  Or sometimes even login / password.

I am not sure if we need that level of compliance, or if a simple approval will suffice; that topic needs more internal discussion, for our particular use.

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 6, 2017

Hi Steven,

If you need to be Part 11 compliant you need an addon that will prompt you to enter the pw (at a minimum) for every signature. The requirements of Part 11 are actually relatively straightforward but you need to be sure you tick all of them. Let us know if we can help any further.

Gorka Puente _Appfire_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
December 6, 2017

Hi @Steven Haworth,

@Matteo Gubellini _SoftComply_ is right, you'd need an app that requests, at least, the password. We do provide that functionality, but in Comala Workflows, which a server version, not cloud, and we provide a guide to help customers with the FDA Title 21 CFR Part 11.

workflows_server.jpg

In the cloud version we are looking at this feature too, I'll update this thread as soon as we have further news.

Regards

Gorka Puente _Appfire_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
September 10, 2018

Hi @Steven Haworth,

I just wanted to let you know that we have released a new Quality Management System (QMS) Workflow. This workflow features approvals with E-Signatures. Reviewers need to use their email and password to confirm their identity (this is a compliance requirement). Although the e-signature does not work with SAML SSO yet. Due to the large amount of identity providers, we will progressively support SAML SSO based on our customers’ demand. If you are using SSO, could you tell me what's your identity provider?

Besides the e-signature, we have also included the option to set up approvers as Space Parameters. Admins can set a list of users or groups as Controlled Document Approvers.

Best regards,
Gorka

Andy Spoone December 7, 2017

Hi @Steven Haworth,

Yes, you can achieve validation of JIRA and Confluence along with an e-signature solution (such as Comala Workflows) in a cloud environment. One way to achieve this is to validate a cloud infrastructure (such as AWS) and deploy JIRA or Confluence as an application running in that infrastructure. This allows you to maintain the control on application and cloud security but leverage benefits of cloud. Let me know if we can be of assistance.


Andy [Sierra Labs] 

Andy Spoone December 7, 2017

@Monique vdBApologies and yes I'd appreciate the guidance. What is best way to follow up with you?

Monique vdB
Community Manager
Community Managers are Atlassian Team members who specifically run and moderate Atlassian communities. Feel free to say hello!
December 7, 2017

No problem -- I should have included that -- I'm at community-managers@atlassian.com if you'd like to email me, @Andy Spoone

Steven Haworth December 11, 2017

Thanks @Andy Spoone - I'm not sure we need that (yet), but we will keep you and that option in mind.  It's very helpful.

Markus Roemer December 7, 2017

Hi,

yes, Comala does work quite good and other signature components also. They can all be configured to be 21 CFR Part 11 compliant - confluence should be qualified or validated according e.g. ISPE GAMP. The e-signature type we are talking about is an advanced electronic signature (not a qualified / digital one), which is appropriate for the use in the GXP environment (exceptions exist, e.g. for eCTD).

In any case you will get a real "good" e-signature, if you derive your two independent components (user name / password) from LDAP / ActiveDirectory, for example.

Another way around, just to mention it, you might export a PDF file from your (standard) confluence (please design a nice and GMP-like PDF template for reporting) and upload (check-in) the PDF to your validated eQMS/eDMS solution, which might not be on the cloud. In this case you do not need to configure your confluence and your GMP record is transferred back to a validated solution (most probably in-house). In Europe the general understanding and expectation is that your GMP records are under your own control - this is sometimes hard to manage on a cloud-based solution.

We are planning an event for such questions - feel free to have look on that: http://www.ccs-innovation.com/how-to-validate-software-development-tools-used-for-gxp-and-meddev/  

Steven Haworth December 11, 2017

Thanks - very helpful comments @Markus Roemer.

Markus Roemer December 12, 2017

my pleasure @Steven Haworth

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2020

Hello Steven (and others),

We have recently launched a service to provide a fully 21 CFR 11 compliant turnkey solution based on Atlassian tools. Check this if you are interested.

https://softcomply.com/medicompli/

We can also help you set it up yourself in your own server instance if you prefer.

Matteo

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events