Compliance, JIRA Core and the Atlassian Cloud
When companies first contact us to discuss how we can help them, many ask whether it’s possible to implement their electronic quality management system (eQMS) process in JIRA Core in the Atlassian Cloud.
In this article I answer that question. For simplicity I’ll focus here on JIRA Core, but many of the same considerations will also apply to JIRA Service Desk as well as Confluence and other Atlassian tools.
In a few words
It depends on several factors, but in most cases you will need to implement your compliance related processes on a JIRA Core Server instance.
The summary
There are four areas we need to consider:
1. Compliance with FDA and other regulatory requirements
If you use JIRA Core to coordinate the quality management process but export the data before having it signed off and also rely on external evidence ( such as signed and scanned printouts from JIRA ) to establish compliance, then the Atlassian Cloud could be a suitable platform.
However if you plan to use JIRA Core data as evidence for compliance, eg to demonstrate that CAPAs have been opened and managed to completion or that required training has been carried out, the Atlassian Cloud is not the platform for you. In that case your best option will be to use a JIRA Core Server instance.
2. Functionality
JIRA Core on the Atlassian Cloud is less flexible and extensible than Atlassian Core Server. You need to consider what functionality you may miss out on if you use the Atlassian Cloud and how critical this is for your organisation.
3. IT administration
How easy will it be for your company to run a JIRA Core Server instance? You can delegate IT admin tasks and hardware management to a third party organisation, but nothing beats the Atlassian Cloud in terms of a ‘no hassle’ solution.
4. Costs
Ultimately, the real cost of each of the two alternatives for your organisation – using JIRA Core on the Atlassian Cloud or JIRA Core Server – will directly relate to the first three points.
The detailed discussion
1. Why can’t we use Atlassian Cloud records as proof of compliance?
The main reason is that regulatory bodies insist on software validation. The key regulation here is FDA CFR 21 part 11, but other guidelines and regulations from the FDA as well as European authorities and others all agree that you need to demonstrate that you control any software platform you use. The new ISO 13485:2016 standard for medical device quality management contains even more explicit requirements for validation of software applications used for operational purposes.
The most fundamental way that the Atlassian Cloud violates these requirements is the fact that you have no control over the actual JIRA Core version that you use. Even if you validate the Atlassian Cloud, Atlassian are pushing new versions of JIRA Core to the Cloud a couple of times a month. While it’s great that users always have access to the latest version, it negates the possibility of using Atlassian Cloud data directly for your electronic compliance records.
In addition, the Atlassian Cloud servers are currently located in the USA. Depending on the actual data you store and your own geography, this alone may mean you cannot host your data in the Atlassian Cloud.
It’s also worth pointing out here that, at the time of writing, Atlassian cannot be legitimised as a third party supplier to the regulated healthcare industry because it doesn’t:
- hold any ISO certifications
- open its floor to supplier audit
- or make any regulatory representation in regard to its own QMS.
This means that the way to use Atlassian software for regulatory compliance is to create a supporting document that demonstrates the reasoning why it is OK to use. This will usually involve an in-house installation with a validation plan.
2. What functionality would we miss out on if we used the Atlassian Cloud?
One of the reasons we can use JIRA Core for eQMS processes is its huge flexibility and extensibility. Many of the extension points and third party plugins are not available if you’re using JIRA Core in the Atlassian Cloud (see JIRA plugins for quality management and Managing your CAPAs in JIRA: key questions answered).
As a result you would experience:
- a less streamlined user interface, because there is less flexibility to control how the various issue-related screens look
- and more restricted automation options.
See Atlassian’s guidance on restricted functions in Atlassian Cloud apps.
3. What about hosting our own JIRA Core Server instance?
ore Server instance?The hassle-free use of the Atlassian Cloud may be tempting but, as outlined above, there are a number of down sides. Hosting your own instance of JIRA Core Server would avoid those, but then you would need to manage the application in-house, increasing the burden on your IT team.
However there is another alternative. There are companies that specialise in hosting Atlassian instances, giving you all the benefits of your own Altassian Core Server instance with none of the hassle of managing it. We work with several providers and will be able to recommend the best one to suit your specific requirements, however I’ve had very good experiences with the people at AtlasHost.
4. But would it be cheaper to host JIRA Core Server ourselves?
All costs included, whether hosted internally or externally, I’m yet to see a JIRA Core Server installation that is cheaper than using JIRA Core in the Atlassian Cloud. JIRA Core Server is still good value for money considering it provides better support to compliance.
The conclusion
While it is possible to run much of your eQMS process using JIRA Core in the Atlassian Cloud and there are benefits to doing so, you would need to rely on a separate process for sign-off and regulatory compliance. If your management team is comfortable with that, this may be a viable option for your company. Alternatively, using a third party company to host and manage an instance of JIRA Core Server could be a good middle ground and, taking all factors into account, could stack up well financially too.
We can advise you on the most appropriate options for your circumstances and help you set up your eQMS to maximise efficiency and ensure compliance. Please get in touch for a no-obligation chat.