p11-compliant approvals in Confluence (cloud)? Edited

We are using Confluence in the cloud, and are considering using it for requirements for some of our GMP-regulated products.  Has anyone used the cloud version of Confluence to document p11-compliant approval signatures?

3 comments

We are looking at this App:

https://marketplace.atlassian.com/plugins/electronic-signing-cc/cloud/overview

 

Of course, part of the overall requirement is validation of JIRA / Confluence itself, and for a cloud environment we need to determine if that's possible.

Hi @Steven Haworth,

We have a cloud app called Comala Approvals, I'd be interested in knowing the specific details of your requirement. Could you contact me through our support system to follow up?

Regards,

Gorka

Hi Gorka - yes, we are looking at that App also.  FDA part-11 compliance has a requirement to re-enter at least one security component at the point of signing - usually a password.  So when you click 'approve', you get prompted for password.  Or sometimes even login / password.

I am not sure if we need that level of compliance, or if a simple approval will suffice; that topic needs more internal discussion, for our particular use.

Hi Steven,

If you need to be Part 11 compliant you need an addon that will prompt you to enter the pw (at a minimum) for every signature. The requirements of Part 11 are actually relatively straightforward but you need to be sure you tick all of them. Let us know if we can help any further.

Hi @Steven Haworth,

@Matteo Gubellini [SoftComply] is right, you'd need an app that requests, at least, the password. We do provide that functionality, but in Comala Workflows, which a server version, not cloud, and we provide a guide to help customers with the FDA Title 21 CFR Part 11.

workflows_server.jpg

In the cloud version we are looking at this feature too, I'll update this thread as soon as we have further news.

Regards

Hi @Steven Haworth,

I just wanted to let you know that we have released a new Quality Management System (QMS) Workflow. This workflow features approvals with E-Signatures. Reviewers need to use their email and password to confirm their identity (this is a compliance requirement). Although the e-signature does not work with SAML SSO yet. Due to the large amount of identity providers, we will progressively support SAML SSO based on our customers’ demand. If you are using SSO, could you tell me what's your identity provider?

Besides the e-signature, we have also included the option to set up approvers as Space Parameters. Admins can set a list of users or groups as Controlled Document Approvers.

Best regards,
Gorka

Hi @Steven Haworth,

Yes, you can achieve validation of JIRA and Confluence along with an e-signature solution (such as Comala Workflows) in a cloud environment. One way to achieve this is to validate a cloud infrastructure (such as AWS) and deploy JIRA or Confluence as an application running in that infrastructure. This allows you to maintain the control on application and cloud security but leverage benefits of cloud. Let me know if we can be of assistance.


Andy [Sierra Labs] 

@Monique van den BergApologies and yes I'd appreciate the guidance. What is best way to follow up with you?

No problem -- I should have included that -- I'm at community-managers@atlassian.com if you'd like to email me, @Andy Spoone

Thanks @Andy Spoone - I'm not sure we need that (yet), but we will keep you and that option in mind.  It's very helpful.

Hi,

yes, Comala does work quite good and other signature components also. They can all be configured to be 21 CFR Part 11 compliant - confluence should be qualified or validated according e.g. ISPE GAMP. The e-signature type we are talking about is an advanced electronic signature (not a qualified / digital one), which is appropriate for the use in the GXP environment (exceptions exist, e.g. for eCTD).

In any case you will get a real "good" e-signature, if you derive your two independent components (user name / password) from LDAP / ActiveDirectory, for example.

Another way around, just to mention it, you might export a PDF file from your (standard) confluence (please design a nice and GMP-like PDF template for reporting) and upload (check-in) the PDF to your validated eQMS/eDMS solution, which might not be on the cloud. In this case you do not need to configure your confluence and your GMP record is transferred back to a validated solution (most probably in-house). In Europe the general understanding and expectation is that your GMP records are under your own control - this is sometimes hard to manage on a cloud-based solution.

We are planning an event for such questions - feel free to have look on that: http://www.ccs-innovation.com/how-to-validate-software-development-tools-used-for-gxp-and-meddev/  

Thanks - very helpful comments @Markus Roemer.

Comment

Log in or Sign up to comment
Community showcase
Posted Dec 07, 2018 in Off-topic

Friday Fun: Dry T-Shirt Competition - What's your BEST (Atlassian) T-Shirt!?

[Note: So it was my turn for Friday Fun and sadly I was sick thanks to rubbish sinus infection... so apologies to most of Europe and Asia for the delayed post. However, I finally got out of bed for t...

388 views 27 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you