How I came to hate Excel & decided to develop an automated Risk Management tool for JIRA

January 9, 2017

Part I

By Matteo Gubellini, VP of Regulatory Affairs of SoftComply*

“Ok, let’s follow a few of these risk mitigation actions down to outputs and verification activities” says the auditor.

Typical question. Actually there couldn’t be a more typical audit question. Traceability.

We have been here dozens of times. And every time it’s the same feeling.

You just hope that the auditor will not pick an action that has accidentally slipped through the cracks.

No matter how bulletproof your quality system is, how many times you and your team have reviewed the risk documents and traceability matrices. You are always worried that there could be one of them that was missed by everyone.

Someone forgot to transfer it to the requirements, or forgot to trace it, or mixed it with something that sounded almost the same.

Because every project is the same; at the end of it, the final push, all hands on deck, everybody is rushing. Hundreds of requirements, risk mitigation actions, verification protocols, deviations, reports to write, approvers that are offsite or nowhere to be found.

Did we forget something…?

And sometimes it happens – “Oh, it seems we can’t find this one…”

Panic in the backroom

While I try to bring the attention of the auditor to another topic, I know a few meters away my colleagues are scrambling through the endless Excel files, trying to find that bloody risk mitigation action.

The auditor is getting impatient. It’s the last day, they are already behind schedule, they don’t need another delay.

Even if it was there, even when you print those gigantic excel files on A3, or on a plotter, you just can’t read them. They are just too big. And the page layout function of excel is not the best.

But to be completely fair to Mr. Gates, this is not what Excel was designed to do. It’s great when you can use a combo of Lookup, Match and so on to automatically populate the Risk column, but this is not its main purpose.

Excel is a Spreadsheet.

Spreadsheets are used to manipulate data. Not to manage risk and traceability.

“So this action..?” the auditor asks again.

“It’s here, it’s just a very large document, it may take a while to find it” and I smile (only on the outside).

The door behinds me opens and I hope the answer is coming. A colleague whispers in my ear: “6th page, 13th row”

Yes it’s there. I knew it! I smile again (this time on the inside too).

I point it to the auditor and we follow it through the end, without any damage. Well done team!

“Great, let’s pick another one…” the auditor continues.

Deep breaths. Deep breaths.

In the next week’s blog, I will tell you more about the Risk Management tool we developed for JIRA.

Also coming soon – articles about design control, guidance documents for software in or as a medical device, international standards and risk assessment for software based medical devices…

* SoftComply is a developer of Cloud and Server based tools that help companies manage their software risks and implement their quality systems based on the medical device software regulations www.softcomply.com

Read more about SoftComply Risk Manager

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

6 Steps to Agile Risk Management in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
June 19, 2025

Balancing agile development with regulatory compliance feels like trying to mix oil and water. But what if I told you there’s a way to integrate risk management directly into your Jira workflow without sacrificing speed or compliance?  Based on a recent webinar with Aaron Morris, I’ve distilled the process into...

Solution Partners to verticals and business users
Picture of Marion Lepmets

Marion Lepmets

CEO
June 11, 2025

For years, Atlassian solution partners have built successful businesses around helping IT teams configure Jira and Confluence, manage licenses, and handle technical implementations. But that world is rapidly changing. Atlassian is shifting its focus from IT admins to business users in specific departments and industries – and partners who don’t...

Agile
Picture of Monika Isak

Monika Isak

Head of Growth
June 2, 2025

For regulated industries – such as Pharma, MedTech, FinTech and Aviation – compliance isn’t optional; it’s mandatory. Tools like Jira and Confluence are powerful, but their true potential is only realized when configured to meet industry-specific regulatory requirements. This is where industry consultants come into play, offering expertise that goes...