p11-compliant approvals in Confluence (cloud)? Edited

We are using Confluence in the cloud, and are considering using it for requirements for some of our GMP-regulated products.  Has anyone used the cloud version of Confluence to document p11-compliant approval signatures?


We are looking at this App:



Of course, part of the overall requirement is validation of JIRA / Confluence itself, and for a cloud environment we need to determine if that's possible.

Hi @Steven Haworth,

We have a cloud app called Comala Approvals, I'd be interested in knowing the specific details of your requirement. Could you contact me through our support system to follow up?



Hi Gorka - yes, we are looking at that App also.  FDA part-11 compliance has a requirement to re-enter at least one security component at the point of signing - usually a password.  So when you click 'approve', you get prompted for password.  Or sometimes even login / password.

I am not sure if we need that level of compliance, or if a simple approval will suffice; that topic needs more internal discussion, for our particular use.

Hi Steven,

If you need to be Part 11 compliant you need an addon that will prompt you to enter the pw (at a minimum) for every signature. The requirements of Part 11 are actually relatively straightforward but you need to be sure you tick all of them. Let us know if we can help any further.

Hi @Steven Haworth,

@Matteo Gubellini [SoftComply] is right, you'd need an app that requests, at least, the password. We do provide that functionality, but in Comala Workflows, which a server version, not cloud, and we provide a guide to help customers with the FDA Title 21 CFR Part 11.


In the cloud version we are looking at this feature too, I'll update this thread as soon as we have further news.


Hi @Steven Haworth,

Yes, you can achieve validation of JIRA and Confluence along with an e-signature solution (such as Comala Workflows) in a cloud environment. One way to achieve this is to validate a cloud infrastructure (such as AWS) and deploy JIRA or Confluence as an application running in that infrastructure. This allows you to maintain the control on application and cloud security but leverage benefits of cloud. Let me know if we can be of assistance.

Andy [Sierra Labs] 

@Monique van den BergApologies and yes I'd appreciate the guidance. What is best way to follow up with you?

No problem -- I should have included that -- I'm at community-managers@atlassian.com if you'd like to email me, @Andy Spoone

Thanks @Andy Spoone - I'm not sure we need that (yet), but we will keep you and that option in mind.  It's very helpful.


yes, Comala does work quite good and other signature components also. They can all be configured to be 21 CFR Part 11 compliant - confluence should be qualified or validated according e.g. ISPE GAMP. The e-signature type we are talking about is an advanced electronic signature (not a qualified / digital one), which is appropriate for the use in the GXP environment (exceptions exist, e.g. for eCTD).

In any case you will get a real "good" e-signature, if you derive your two independent components (user name / password) from LDAP / ActiveDirectory, for example.

Another way around, just to mention it, you might export a PDF file from your (standard) confluence (please design a nice and GMP-like PDF template for reporting) and upload (check-in) the PDF to your validated eQMS/eDMS solution, which might not be on the cloud. In this case you do not need to configure your confluence and your GMP record is transferred back to a validated solution (most probably in-house). In Europe the general understanding and expectation is that your GMP records are under your own control - this is sometimes hard to manage on a cloud-based solution.

We are planning an event for such questions - feel free to have look on that: http://www.ccs-innovation.com/how-to-validate-software-development-tools-used-for-gxp-and-meddev/  

Thanks - very helpful comments @Markus Roemer.


Log in or Join to comment
Community showcase
Season Hughes
Posted Thursday in Off-topic

Friday Fun: What's your go-to for cheering up?

When you need a quick pick-me-up, what do you turn to? It could be as simple as a piece of chocolate, a cup of tea, a funny YouTube video. Share your go-tos below!

381 views 26 2
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot