Does Atlassian plan on being compliant to these regulations/standards in their cloud offerings?
I posted in the Regulations & Compliance: General Discussion thread but didn't receive any answer. In fact I'm not seeing much activity in this group or the general Compliance forum (other than a few spam posts). Am I in the right place?
Hello Wyatt,
There is work in progress to evaluate if a combination of Release Tracks capability, with 3rd party services (we are currently collaborating with SoftComply) could satisfy these regulations. There is no final determination yet, we can update you once we have made further progress cc: @Matt Tse
Thanks for the reply. I do agree that Release Tracks may be enough to satisfy the validation requirements for FDA and I don't see any other issues regarding the digital signature requirements when using a third party for workflow/document management with Confluence.
Any ideas on how you plan to comply with Section 11.1 (e)?
(e) Computer systems (including hardware and software), controls, and attendant documentation maintained under this part shall be readily available for, and subject to, FDA inspection.
Also Section 11.30 specifically "additional measures such as document encryption and use of appropriate digital signature standards to ensure, as necessary under the circumstances, record authenticity, integrity, and confidentiality."?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
PS - A quick review of the ISO standard suggests that Confluence Cloud can probably be used for documents as is - the standard appears to be less stringent.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you @Wyatt Davis ,
We do have at rest and in transit encryption, not sure if this is what you meant: https://www.atlassian.com/trust/security/security-practices#encryption-of-data
We don't offer today the signature functionality though
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Filiberto Selvas I'm just quoting the US law that covers what they consider "open systems" for document control use.
It looks like section 11.30 is trying to ensure that records are confidential and can be trusted to be authentic when using an open system. I'm asking for your teams guidance on this because it's a clause that we don't have to apply to our internally controlled systems.
For us to move to the cloud we need to know that we can pass an FDA audit - do you have any customers on the cloud that have been audited?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Wyatt Davis , we're an Atlassian Marketplace vendor for Document Control for Confluence Cloud. Some of our customers use our add-on for helping being compliant with FDA regulations. I'm happy to help you contact our customers for your questions. Just contact us at contact@phaselockedsoftware.com .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Wyatt Davis ,
The main issue with Confluence Cloud and 21 CFR 11 (and for other less stringent standards), is that it is very dynamic. It is frequently updated so any validation is difficult to defend. We are working with Atlassian to find a solution, but it will probably be the towards the end of the year.
Other than that, the system is compliant to most of 21 CFR 11.
Get in contact with us if you need more info.
Matteo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@marc -Collabello--Phase Locked- @Matteo Gubellini _SoftComply_
Thanks for the replies. From what I can tell we will be "on our own" as far as validation and compliance goes. It doesn't seem that Atlassian wants to even address the regulations here.
I think with data residency and release tracks we may be able to rationalize enough justification to be able to use the cloud version. It is a tenfold price increase for small businesses though.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We'll keep you posted when we have a solution for its validaiton.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.