How I came to hate Excel & decided to develop an automated Risk Management tool for JIRA

January 9, 2017

Part I

By Matteo Gubellini, VP of Regulatory Affairs of SoftComply*

“Ok, let’s follow a few of these risk mitigation actions down to outputs and verification activities” says the auditor.

Typical question. Actually there couldn’t be a more typical audit question. Traceability.

We have been here dozens of times. And every time it’s the same feeling.

You just hope that the auditor will not pick an action that has accidentally slipped through the cracks.

No matter how bulletproof your quality system is, how many times you and your team have reviewed the risk documents and traceability matrices. You are always worried that there could be one of them that was missed by everyone.

Someone forgot to transfer it to the requirements, or forgot to trace it, or mixed it with something that sounded almost the same.

Because every project is the same; at the end of it, the final push, all hands on deck, everybody is rushing. Hundreds of requirements, risk mitigation actions, verification protocols, deviations, reports to write, approvers that are offsite or nowhere to be found.

Did we forget something…?

And sometimes it happens – “Oh, it seems we can’t find this one…”

Panic in the backroom

While I try to bring the attention of the auditor to another topic, I know a few meters away my colleagues are scrambling through the endless Excel files, trying to find that bloody risk mitigation action.

The auditor is getting impatient. It’s the last day, they are already behind schedule, they don’t need another delay.

Even if it was there, even when you print those gigantic excel files on A3, or on a plotter, you just can’t read them. They are just too big. And the page layout function of excel is not the best.

But to be completely fair to Mr. Gates, this is not what Excel was designed to do. It’s great when you can use a combo of Lookup, Match and so on to automatically populate the Risk column, but this is not its main purpose.

Excel is a Spreadsheet.

Spreadsheets are used to manipulate data. Not to manage risk and traceability.

“So this action..?” the auditor asks again.

“It’s here, it’s just a very large document, it may take a while to find it” and I smile (only on the outside).

The door behinds me opens and I hope the answer is coming. A colleague whispers in my ear: “6th page, 13th row”

Yes it’s there. I knew it! I smile again (this time on the inside too).

I point it to the auditor and we follow it through the end, without any damage. Well done team!

“Great, let’s pick another one…” the auditor continues.

Deep breaths. Deep breaths.

In the next week’s blog, I will tell you more about the Risk Management tool we developed for JIRA.

Also coming soon – articles about design control, guidance documents for software in or as a medical device, international standards and risk assessment for software based medical devices…

* SoftComply is a developer of Cloud and Server based tools that help companies manage their software risks and implement their quality systems based on the medical device software regulations www.softcomply.com

Read more about SoftComply Risk Manager

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

Information Security Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
February 20, 2025

Like with any compliance journey, you should first establish why you need to be compliant with a certain regulation. ISO 27001 certification is widely used to build trust and credibility with customers and stakeholders. Similarly, in the Atlassian ecosystem, the requirement of obtaining ISO 27001 certificate applies to Marketplace Partners...

eat your own dog food
Picture of Monika Isak

Monika Isak

Head of Growth
February 20, 2025

Atlassian’s updated Marketplace Partner Program underscores the need for robust security management. With increasing customer expectations around data protection, security, and compliance transparency, Gold and Platinum Marketplace Partners are required to demonstrate adherence to compliance framework like SOC 2 or globally recognised standards such as ISO 27001. This shift is...

RMP Automation
Picture of Marion Lepmets

Marion Lepmets

CEO
February 19, 2025

Risk Manager Plus on Jira Cloud is the most advanced risk management app supporting a wide range of risk management frameworks. You can easily customize the built-in Risk Models or build your own Risk Model from scratch, e.g. 2- or 3-dimensional Risk Matrix or Risk Score based ones. You can...