Comala Document Management Cloud FDA Title 21 CFR Part 11 Compliance Statement
Document Version | 1.0 |
---|
If you are using Confluence and Comala Document Control Cloud within an FDA-regulated environment, then you might need to setup Confluence following the FDA CFR 21 part 11 regulation -
This article provides an overview of how companies are using these tools to achieve compliance and draws directly from the real-life experience of our customers.
In this article, we assume that Confluence Cloud is set up as a 'closed system’. 'Closed system’ is a regulatory term and refers to a situation where the access to the system is controlled by you. This would be the typical scenario within the corporate world and hence was used here as a key assumption.
For our purposes, the CFR 21 part 11 covers two areas:
Electronic Records: This area relates to the data which is stored and managed within the system, i.e.: your Confluence pages. It imposes requirements on the system to ensure the electronic data can be used in lieu of paper documents (Subpart B)
Electronic Signatures: This area relates to how people can electronically sign documents and forms (i.e. Confluence pages), with the purpose that these electronic signatures substitute paper signatures (aka 'wet signatures') (Subpart C)
This article covers both these areas and focuses on how Comala Document Mangement Cloud contributes to achieving compliance.
For an organization to be in compliance, the right tools must be paired with the appropriate quality processes. We outline these in the compliance table below.
A word of caution: the content and information you keep in Confluence, and how it is used within your quality management system, will have an impact on your compliance strategy. We highly recommend that you seek specific advice from a regulatory expert regarding the optimal setup for your organization.
Table of Contents
Appfire does not claim compliance or certification of any of our tools, as it is not possible for any vendor to offer a compliant system. In addition to taking advantage of technical elements, compliant systems must also implement the necessary procedural and administrative controls.
Need Help?
Need help setting up Confluence and Comala Document Management Cloud for controlled documents? Contact Us.
1. The Toolset Required to set up a Compliant Document Management System in Confluence
The following table shows what tools are needed to create a compliant configuration:
Component | Role |
---|---|
Confluence | The platform for creating, storing and using the electronic records. |
Comala Document Management Cloud | An Appfire Comala app for Confluence which provides a way to enforce an approval process for documents. Comala Document Control Cloud provides a preset Quality Management System Workflow that implements a typical document approval process. The preset workflow can be modified using a Workflow Builder to reflect your documented approval process. This approval process is supported by built-in electronic signatures and an audit log. |
Comala Publishing Cloud | An Appfire Comala app for Confluence that separates approved pages from pages that are still in the authoring and approval process. It creates a structure of an authoring space, where approved documents are automatically published into an official space. This helps ensure that users of documents always access the current approved release. It complements the functionality of Comala Document Management Cloud and is optional. Some customers find it easier to work with a set of two spaces, or it can be used in cases where stricter auditing is required. |
Secure infrastructure | Provide a secure platform where only authorized users access and modify the data. Backup facilities. |
Third-party User Management/Directory Solution | A directory service, or a single sign-on integrated with Confluence, to support user account management. Although not strictly required by the regulation, in most cases organizations in the regulated space seek more advanced security and authentication features that are not provided by Confluence’s internal directory. In particular, for the CFR 21 part 11, a common practice is the enforcement of periodic renewal of passwords. This feature requires a solution outside of Confluence. |
2. A Compliance Checklist Against the FDA CFR 21 part 11
Subpart B - Electronic Records
Reference | Requirement (the original working is given in italics) |
| ||
---|---|---|---|---|
Appfire Apps | Confluence | Process |