In this article, we explain how you can achieve compliance with ISO 13485:2016+A11:2021 sections 4.2.4 (Control of Documents) and 4.2.5 (Control of Records) by using Confluence Cloud and the QC Approvals app. This guide also provides information on supporting other parts of the standard and lists the tools needed for successful implementation.
Confluence is a wiki that helps teams collaborate and share knowledge efficiently. It serves as a document repository and collaboration platform, tracking all changes to documents, including when and by whom they were made. Team members can create, share, and work together on content seamlessly.
If your organization follows the EN ISO 13485:2016+A11:2021 quality management system, Confluence can help you meet many of its requirements.
By extending Confluence with QC Approvals, you can comply with document and record management requirements, specifically sections 4.2.4 and 4.2.5
Regulatory Requirements
Implementing ISO 13485 shows a company’s commitment to quality and regulatory compliance, which also supports compliance with the EU MDR (Medical Device Regulation) and IVDR (In Vitro Diagnostic Regulation). ISO 13485 is not mandatory for EU MDR compliance, but it provides a strong framework that helps achieve it.
The EU MDR requires additional documentation, including what is specified in Annex II and Annex III for the medical device or in vitro device technical file, as well as extra records for post-market surveillance and clinical evaluation.
If your QMS is ISO 13485-compliant, review Annexes ZA or ZB as relevant to identify which parts of the QMS may need updating to meet MDR or IVDR requirements. Most of the processes for creating, updating, and maintaining documentation under ISO 13485 will largely remain the same.
We recommend reviewing our complementary FDA CFR 21 Part 11 compliance statement along with this document.
QC Analytics does not claim compliance or certification of any of our tools, as no vendor can provide a fully compliant system. While technical features are important, full compliance also requires proper procedural and administrative controls.
ISO 13485:2016+A11:2021 Checklist
The following Checklist covers the requirements of ISO 13485:2016+A11:2021 for sections 4.2.4 Control of Documents and 4.2.5 Control of Records.
|
Reference |
Requirement |
QC Approvals |
Confluence |
Processes |
|---|---|---|---|---|
|
4.2.4 (a) |
Review and approve documents for adequacy prior to issue; |
QC Approvals provides a way of enforcing approval for documents. Built-in electronic signatures and report tables support the approval workflow. The Approvals Templates feature enables different configurations according to your defined approval workflows. |
Each Confluence page has a unique Space/Title combination. Page versions are saved automatically, and comparisons between versions are provided through Confluence’s Page History. Unique page identifiers may be assigned manually using page properties or metadata. |
Define the approval workflow that works best for you. |
|
4.2.4 (b) |
Review, update as necessary, and re-approve documents; |
QC Approvals supports the approval of updated content according to the defined workflow. |
|
|
|
4.2.4 (c) |
Ensure that the current revision status and changes to documents are identified; |
QC Approvals provides a clear way to distinguish between current and draft versions of pages. The “Version Control” feature supports this by enabling Major or Minor version types and assigning Alias. |
Confluence’s Page History feature provides a clear view of changes to each page. |
|
|
4.2.4 (d) |
Ensure that relevant versions of applicable documents are available at points of use; |
|
Users can access Confluence from anywhere on the internet, using any device, according to your network and security settings. |
|
|
4.2.4 (e) |
Ensure that documents remain legible and readily identifiable; |
|
Every Confluence page is uniquely identified by its space and title. |
Keeping documents electronically keeps them clear and readable at all times. |
|
4.2.4 (f) |
External documents are clearly identified, and their distribution is controlled; |
|
Confluence lets you attach external files to pages, helping you organize them alongside your internal structures like approvals, IDs, and access controls. |
|
|
4.2.4 (g) |
Prevent deterioration or loss of documents; |
|
|
Establish a Backup Policy. |
|
4.2.4 overall |
Changes to documents are reviewed and approved by appropriate functions in the organization; |
The approval workflow in QC Approvals provides a role-based approval process. |
|
|
|
4.2.4 overall |
Documents are retained for a defined retention period; |
|
Confluence provides the mechanism to retain all documents, along with their version history. |
Establish a Backup Policy. |
|
4.2.5 |
|
|
Confluence provides granular access controls to manage document permissions effectively. It also maintains comprehensive version histories of pages and enables comparison between versions. |
|
How to use Confluence and QC Approvals
Below are some tips on how you can use Confluence Cloud and QC Approvals to reinforce ISO 13485:2016+A11:2021 processes.
Annual reviews of documents
All your Quality Management System documents must be reviewed periodically.
Forms and Standardized Document Layouts
Many procedures rely on forms or standardized document formats. For example, some of the available templates include:
-
Meeting notes template,
-
Executive business review template,
-
DACI: Decision documentation template,
-
Project plan template,
-
Product requirements, etc.
Confluence page templates provide an effective way to make these forms readily available to your team.
Medical Device Files (MDF) and Other Specialized Collections (DHF, FMR)
A Confluence page can act as the index for your Medical Device File (MDF), with links to all related pages and files, either attached or external. This makes sure the MDF always points to the latest document versions and avoids duplicates. The content is also easy to access in a clear structure that makes sense to users.
You may need extra records to meet EU MDR requirements. For example, ISO 13485:2016+A11:2021 requires keeping a medical device file (clause 4.2.3) with a minimum set of information. Under EU MDR, the technical documentation must include everything listed in Annex II and Annex III, plus additional records for post-market surveillance and clinical evaluation. Even with these extra requirements, the way you create, update, and maintain the documents stays mostly the same.
Internal communication
Confluence supports information sharing, teamwork, and internal communication.
How to Set Up a DMS in Confluence
To set up a compliant Document Management System (DMS) in Confluence Cloud, you will need to have the following:
-
A license for Confluence Cloud: Confluence will serve as your main platform to create, update, and manage your documents.
-
A license for QC Approvals for Confluence Cloud: QC Approvals will serve as your way to confirm that the latest changes on your documents have been reviewed and approved.
-
Secure infrastructure: Ensure a secure platform where only authorized users can access and modify data.
Need Help?
If you need help setting up Confluence and QC Approvals, feel free to contact us.