Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

E-Signatures and Compliance in Confluence Cloud

Recently, we have seen many organizations in regulated industries evaluate Confluence as they look to bring their documentation into the Cloud. These organizations need to meet strict compliance standards from regulatory bodies like the FDA and ISO. One of the requirements found across many different standards is a verified approval for documents, and the most common form is an e-signature. We want to provide the community some guidance around electronic signatures in Confluence Cloud. 

Digital Verification Methods

In Confluence, this means that organizations need to be able to have specific users enter valid credentials when approving documents. For example, if a company wants to receive FDA approval, its quality management system must meet the FDA standard 21 CFR Part 11, which requires teams to show verified reviews and approvals on their documents. There are a number of different ways to show digital verification, including biometric scans and handwriting captured by software, but the simplest method is usually an electric signature. The FDA standard requires two unique pieces of identification for a verification by electronic signature, which could include user names, account passwords, or signing tokens. 

Signing tokens, also referred to as One-Time Passwords (OTP), are an accepted method of electronic signature for compliance. If you've ever entered a validation code when signing up for a service like Netflix or Amazon, then you've used an OTP. One-time passwords or tokens are short, computer-generated codes, and no surprise, expire after one use.

Whatever the method, it's also important that there is a stored electronic record of the verification, that can be used for internal and external compliance audits.

E-Signature Solutions

While there are out-of-the-box software solutions for compliance needs, these tend to be very expensive, and/or require a lot of expertise. Atlassian products like Confluence offer an alternative that is cost-effective, flexible and easy-to-use. However, Confluence does lack some of the fundamental requirements for compliant documentation, like native e-signature functionality. But, with the rights apps, organizations can add e-signatures and other needed features.

Currently, the best way to get e-signatures in Confluence Cloud is with Comala Document Management for Cloud. This Comalatech app allows you to add review and approval workflows to Confluence. The app comes with three workflow templates, including a QMS workflow with e-signatures that is already used by several customers to meet compliance audits. Users can also edit or create custom workflows, building workflows that match their industry requirements, and adding e-signatures where and when they're needed. These e-signatures can use the approver's Confluence username and password, or an OTP token generated with popular third-party apps like Authy, 1Password or Google Authenticator. Comala Document Management also keeps a detailed workflow history with the necessary e-signature audit trail.


For many companies, the combination of Confluence Cloud and Comala Document Management will be all that's needed to meet their industry's signing standards. Comala Document Management has a free 30-day evaluation, so organizations can explore the app to see if it meets their requirements.

Next Steps

For those companies that do need to take further steps to meet compliance standards, there are other add-ons that provide additional guidance and functionality. SoftComply is an example of a vendor that specializes in compliance solutions, with apps like eQMS. This add-on provides a package of QMS resources within Confluence that assist companies with meeting compliance standards like ISO 13485, IEC 62304, ISO 14971 and 21 CFR 820. The app includes manuals that guide the customer to setting up their QMS, document templates, and a complete example QMS.

With apps like Comala Document Management, eQMS and many others, Atlassian products can now provide compliant solutions to meet almost any regulation, bringing new customers into the Atlassian ecosystem.


marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 12, 2020

Very interesting.  Depending on your situation, Document Control for Confluence Cloud is another solution:

My recommendation is to compare the different apps in order to gain an understanding of their strengths and weaknesses.

Like claudioac likes this

i love this so much how can i get

Like # people like this

Hi @Chorn Daravuth - thanks for the kind words! You can try the latest version of the app for free on the Atlassian Marketplace. Since this article came out, we've released Comala Document Management for Cloud. If you have any questions, you can always reach out to our team at

A really important thing to keep in mind if you work in an FDA regulated industry is that it is not enough to just install the apps.  You must also run a validation protocol and document evidence that the setup that you've installed is validated to it's intended use.  

Many people doing regulated development do this, but I think it is generally a bad idea for reasons outlined in this blog post.  There are better things to let your dev team work on then maintaining the validated state of your tooling. 


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events