Introducing the Cloud eQMS Solution for Confluence

Table of Contents

    Why Confluence?

    Or perhaps the first question should be – why quality management?

    Most medical device companies need to have a compliant quality management system in place to assure consistent quality of their product. Quality management system consists of a number of written procedures and a multitude of records that will be generated during the lifecycle of the device.

    In case your medical device is a software product (SaMD) or it has a software component in it, your software development team might be using Jira already. Most organisations would then like to move everything on to the Atlassian stack including their quality management system. With the fantastic integration between Jira and Confluence where you can pull information easily from one to the other using built in queries and macros, it is best to go with a quality management system in Confluence. 

    How to Implement a Compliant eQMS in Confluence Cloud?

    Atlassian Cloud products are currently considered to be the best viable option for the small and medium-sized medical device companies. The self-hosted platform of Server and Data Center are either no longer supported or too expensive for those companies, respectively.

    Technology aside, the most important question for you is how to maintain compliance with the medical device regulations and standards, such as MDR / IVDR, ISO 13485, FDA 21 CFR820 or the more demanding FDA 21 CFR11.

    As with any electronic quality management system, you will need to ensure that the system you build on Confluence will meet requirements like: authentication (electronic signature), audit trail (change history), data integrity, data transfer security, back-ups, etc. 

    The Cloud eQMS Solution for Confluence is here

    We are happy to inform you that with the SoftComply Cloud eQMS Solution on Confluence, a combination of existing Confluence apps and our services, you can meet the compliance requirements.

    Following is a detailed description of the solution.

    A compliant QMS content. 

    We have put together a full QMS based on the requirements of ISO 13485, IEC 62304, ISO 14971 and 21 CFR 820, and growing. There is a Quality Manual that explains how the QMS is organized; a Quality Policy – a brief statement about your organization’s purpose and strategic direction and a commitment for achieving the quality objectives; a set of written Procedures (20 SOPs) and more than 70 Technical Document Templates.

    All documents are pre-filled and have embedded guidance on how you should finalize them. It is a self-sufficient system, where the Procedures explain the required processes and the Templates are used to gather and document the relevant information.

    But what about the “e” in the eQMS? 

    It stands for everything electronic in the quality management system – the electronic workflows, electronicsignatures, macros and automatically populated reports that will help you automate your activities and have a better oversight of your product quality.

    Electronic document workflows with compliant e-signatures are already available on Confluence. For the SoftComply Cloud eQMS solution we have chosen one of the first and most customisable app from Comalatech (now part of Appfire) – Document Management.

    Configuring your Confluence Cloud instance for Compliance.

    Confluence is a great space for document management and collaboration but it comes pretty empty at first. To have the quickest start and to adopt the best practices gathered from our experience, we recommend our customers to have the Cloud eQMS setup done by us. This is the quickest way to have everything properly set up and obtain the advanced workflows and useful macros to make your quality management system electronic.

    More support from SoftComply – validation of the Cloud eQMS Solution.

    “Pre-validated software” might sound as a perfect solution for fulfilling the validation requirement of a medical company, but you need to keep in mind that you are expected to repeat at least part of the validation protocol in-house to confirm the results of the pre-validation provided by the developer.

    However, having app developers support you in the validation is most beneficial – not only does it show that the software tool developer has an idea about the regulatory framework of the medical device industry but it allows to demonstrate compliance using the developers’ own expertise and in-depth knowledge of the tool. Due to their knowledge of the internal processes of the tool, they can put together a relatively lean protocol that adequately challenges the product.

    SoftComply provides validation support as a service to medical device and other safety critical domain companies. We can provide you with the validation protocol of the Cloud eQMS Solution – test cases that you can use for in-house testing. Alternatively, we can also run the first validation of the entire Cloud eQMS Solution in your Confluence instance for you and provide you with a complete validation package as a result. Remember that you will have to periodically run validation tests in-house to ensure that Confluence and other apps that you use for the eQMS work as expected. 

    Final Remarks on Atlassian Cloud

    Atlassian recognises the importance and the complexity of the regulations we have to comply with in the safety-critical domains like the MedTech industry. They are moving towards providing a number of additional features to help bridge the existing gaps to compliance. Some examples for Confluence Cloud include:

    1. Password policy is available for all subscription tiers;
    2. Audit logs are available for all subscription tiers;
    3. Encryption in transit and at rest is available for all subscription tiers;
    4. Sandbox mode and Release Tracks are available for Cloud Premium and Cloud Enterprise versions (to support “delaying” any updates for a couple of weeks while performing validation tests to ensure the integrity of the update);
    5. Data residency is available for all Cloud Enterprise today but it is also going to be available for Cloud Premium and Cloud Standard plan soon as well;
    6. Apps will be allowed to manage their own data residency for GDPR purposes;
    7. Atlassian Cloud Enterprise is also HIPAA compliant;
    8. Several Atlassian Cloud products, including Confluence, have achieved ISO/IEC 27001 certification. Follow this link Compliance at Atlassian | Atlassian for more details.

    Want to Learn More about the Cloud eQMS Solution?

    EMAIL us at info @ softcomply.com

    BOOK a DEMO with us

    LEARN MORE – check out the CLOUD eQMS SOLUTION videos in YouTube  

    By Marion on 25 May 2022

    Table of Contents

    Ready to get started?

    Contact us to book a demo and learn how SoftComply can cover all your needs

    New Cybersecurity Risk Management Features in Jira
    Picture of Marion Lepmets

    Marion Lepmets

    CEO
    November 8, 2024

    The Role of Cybersecurity in Medical Device Safety The Global medical device market is a $800 billion business that is rapidly growing, especially in the area of software as a medical device (SaMD). The majority of the SaMD segment is made up of the digital health and digital therapeutics solutions,...

    Medical Device Compliance Guide
    Picture of Marion Lepmets

    Marion Lepmets

    CEO
    September 23, 2024

    Introduction This medical device compliance guide focuses on the key requirements and strategies for navigating the regulatory landscape. We will cover the role of major regulatory bodies like the FDA, the classification of devices, and the importance of quality management. We will also discuss the challenges of global compliance and...

    CVSS-FDA-cybersecurity-medical-devices-1712x599-c
    Picture of Matteo Gubellini

    Matteo Gubellini

    Regulatory Affairs Manager
    September 16, 2024

    This case study describes the experience of a multinational medical device manufacturer meeting the FDA cybersecurity requirements. The company is operating in the MedTech sector developing a class 2/IIb device consisting of hardware and software. The company spent about 2 years working on the security risk management of the device....