Master Validation Plan for SoftComply Validation of Confluence Cloud
1. Objective
This Master validation plan describes the high level activities required to maintain the validation status of Atlassian Confluence Cloud using SoftComply Validation App.
The software tools in scope are:
-
Atlassian Confluence Cloud (Standard plan or higher), specifically the instance at the address below:
2. Terms and Definitions
3. References
-
General Principles of Software Validation; Final Guidance for Industry and FDA Staff; Document issued on: January 11, 2002
-
Computer Software Assurance for Production and Quality System Software; Draft Guidance for Industry and Food and Drug Administration Staff, September 2022
-
ISO 13485:2016 Medical devices — Quality management systems — Requirements for regulatory purposes
-
SoftComply Validation for Confluence, ref SoftComply Validation for Confluence – for Automated Testing | Atlassian Marketplace and User Guide of the SoftComply Validation App for Confluence – SoftComply.
4. System Description
4.1 Confluence
Confluence Cloud is a Cloud-based document management system. It manages Pages that are both documents and containers of other pages, and Spaces, equivalent to folders.
5. Validation Approach
5.1 Description
The SoftComply Validation App for Confluence runs integrity tests on the current Confluence instance periodically.
The tests can be run up to once every 7 days.
5.2 Documentation
For each run, the App automatically creates a pair of pages, a Validation Protocol and a Validation Report.
These documents are created in a predefined space:
Add space link here
5.2.1 Validation Protocol
Each Validation Protocol is named using the following convention:
“Validation Protocol DDD MMM dd hh:mm:ss UTC YYYY”, e.g. Validation Protocol Tue Feb 02 12:41:50 UTC 2023.
The protocol contains a list of Test Cases, each identified as “TC-CON-nnn” with nnn as a sequential number starting at 001. Each test case contains one or more steps, with the associated step description which includes the acceptance criteria. Each step is numbered as 1., 2., 3., etc.
For clarity, each validation protocol is nested under the relative result page.
5.2.2 Validation Report
Each Validation report is named using the following convention:
“Validation Report DDD MMM dd hh:mm:ss UTC YYYY”, e.g. Validation Report Tue Feb 02 12:41:50 UTC 2023.
The protocol contains the list of Test Cases and Steps, each identified as per the Validation Protocol. Each step is associated with the actual results (usually in the form of a screenshot with timestamp watermark) and a Pass/Fail statement.
At the end of each report, a summary describes the number of tests run, passed cases, skipped cases and failed cases.
5.2.2.1 Pass
A test case step is marked as Pass if it meets the acceptance criteria.
A test case is marked as Pass if all steps are a Pass.
5.2.2.2 Fail
A test case step is marked as Fail if it does not meet the acceptance criteria.
A test case is marked as Fail if any step is Fail.
5.2.2.3 Skipped
A test case step is skipped if any precondition for its execution is incorrect, in particular if any previous steps / cases it depends on are either skipped or failed.
A test case is marked Skipped if any step is Skipped, unless one or more steps are Fail.
5.3 Features to be validated
5.3.1 Intended use and risk
Confluence is intended to store electronic records and manage their changes. This documents are related to production and quality system. Confluence is considered to be used directly as part of production or the quality system, except for the exclusions listed below.
Features are considered high process risk when its failure to perform as intended may result in a quality problem that foreseeably compromises safety, meaning an increased medical device risk.
|
Feature |
Risk |
Rationale |
|---|---|---|
|
Protection of records to enable their accurate and ready retrieval throughout the records retention period. Confluence will store data persistently. Confluence instances can be backed up and restored. Confluence pages can be stored and attachments can be managed. |
The feature does not pose high process risk. |
<redacted> |
|
Limiting system access and specific operations to authorized individuals. Only Users who an Administrator has invited will have access to Confluence. Confluence will allow administrators to manage plug-ins and other Administrator Settings. Authorized users shall be able to manage pages and spaces. Admins shall be able to set permissions and restrictions at global, space and page level. |
These features does not pose high process risk. |
<redacted> |
|
Audit trail, page history. Confluence will retain previous versions of documents after changes have been made. |
The feature does not pose high process risk. |
<redacted> |
|
Reporting: Confluence will be able to pull issue data from JIRA and use them to generate tables in reports. |
The feature does not pose high process risk. |
<redacted> |
|
Inline and page comments. |
The feature does not pose high process risk. |
<redacted> |
5.3.2 Exclusions
-
Blogs;
-
Minor utilities and macros.
5.4 Means
The test cases consist of automated inputs into the system. The Validation app interfaces with the system simulating actual user inputs.
5.5 Traces
The following table links requirements to Test Cases:
|
Feature |
Associated test case(s) |
|---|
|
Feature |
Associated test case(s) |
|---|---|
|
Protection of records to enable their accurate and ready retrieval throughout the records retention period. |
<redacted> |
|
Confluence will store data persistently. |
<redacted> |
|
Confluence instances can be backed up and restored. |
<redacted> |
|
Confluence pages can be stored and attachments can be managed. |
<redacted> |
|
Limiting system access and specific operations to authorized individuals. |
<redacted> |
|
Only Users who an Administrator has invited will have access to Confluence. |
<redacted> |
|
Confluence will allow administrators to manage plug-ins and other Administrator Settings. |
<redacted> |
|
Authorized users shall be able to manage pages and spaces. |
<redacted> |
|
Admins shall be able to set permissions and restrictions at global, space and page level. |
<redacted> |
|
Audit trail, page history. |
<redacted> |
|
Confluence will retain previous versions of documents after changes have been made. |
<redacted> |
|
Reporting: Confluence will be able to pull issue data from JIRA and use them to generate tables in reports. |
<redacted> |
|
Inline and page comments. |
<redacted> |
5.6 Management of Failures
The App developer (SoftComply) is in charge of the initial triage of the failures.
The developer will determine if the issue is either:
-
A glitch in the execution, typically associated with a timeout of Confluence. This is not considered to be a failure, and the test run can be repeated.
-
A minor issue with the App, typically related to minor changes in Confluence such as the id of an element or the position of a button. This does not compromise the integrity of Confluence. SoftComply will upgrade the app an a test run can be repeated.
-
An actual Confluence issue. SoftComply will open a ticket with Atlassian and share it with the Company. An internal assessment will determine the actual impact on the document management system.
