When will 21 CFR 11 and ISO 13485 be addressed?

Wyatt Davis March 1, 2021

Does Atlassian plan on being compliant to these regulations/standards in their cloud offerings?

 

I posted in the Regulations & Compliance: General Discussion thread but didn't receive any answer. In fact I'm not seeing much activity in this group or the general Compliance forum (other than a few spam posts). Am I in the right place?

1 answer

Suggest an answer

Log in or Sign up to answer
0 votes
Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 1, 2021

Hello Wyatt, 

 

There is work in progress to evaluate if a combination of Release Tracks capability, with 3rd party services (we are currently collaborating with SoftComply) could satisfy these regulations. There is no final determination yet, we can update you once we have made further progress cc: @Matt Tse 

Wyatt Davis March 2, 2021

Thanks for the reply. I do agree that Release Tracks may be enough to satisfy the validation requirements for FDA and I don't see any other issues regarding the digital signature requirements when using a third party for workflow/document management with Confluence.

Any ideas on how you plan to comply with Section 11.1 (e)?

(e) Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection.

Also Section 11.30 specifically "additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality."?

Wyatt Davis March 2, 2021

PS - A quick review of the ISO standard suggests that Confluence Cloud can probably be used for documents as is - the standard appears to be less stringent.

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 9, 2021

Thank you @Wyatt Davis , 

We do have at rest and in transit encryption, not sure if this is what you meant: https://www.atlassian.com/trust/security/security-practices#encryption-of-data 

We don't offer today the signature functionality though 

Wyatt Davis March 9, 2021

@Filiberto Selvas  I'm just quoting the US law that covers what they consider "open systems" for document control use.

It looks like section 11.30 is trying to ensure that records are confidential and can be trusted to be authentic when using an open system. I'm asking for your teams guidance on this because it's a clause that we don't have to apply to our internally controlled systems.

For us to move to the cloud we need to know that we can pass an FDA audit - do you have any customers on the cloud that have been audited?

marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 9, 2021

Hi @Wyatt Davis , we're an Atlassian Marketplace vendor for Document Control for Confluence Cloud.  Some of our customers use our add-on for helping being compliant with  FDA regulations.  I'm happy to help you contact our customers for your questions.  Just contact us at contact@phaselockedsoftware.com .

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 5, 2021

Hello @Wyatt Davis ,

The main issue with Confluence Cloud and 21 CFR 11 (and for other less stringent standards), is that it is very dynamic. It is frequently updated so any validation is difficult to defend. We are working with Atlassian to find a solution, but it will probably be the towards the end of the year.

Other than that, the system is compliant to most of 21 CFR 11.

Get in contact with us if you need more info.

 

Matteo

Wyatt Davis May 5, 2021

@marc -Collabello--Phase Locked-  @Matteo Gubellini _SoftComply_ 

Thanks for the replies. From what I can tell we will be "on our own" as far as validation and compliance goes. It doesn't seem that Atlassian wants to even address the regulations here.

I think with data residency and release tracks we may be able to rationalize enough justification to be able to use the cloud version. It is a tenfold price increase for small businesses though.

Matteo Gubellini _SoftComply_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 6, 2021

We'll keep you posted when we have a solution for its validaiton.

TAGS
AUG Leaders

Atlassian Community Events