Revision: 2021-02-05
Documentation
Installing the add-on
You can install Document Control for Confluence Cloud from the Atlassian Marketplace. Click the "Try it free" button to get started.
Configuration and settings
Once the add-on is installed, expand the Document Control for Confluence Cloud add-on in the Universal Plugin Manager and click "Configure".
The "Get started" page helps you with considering the configuration options.
The configuration page provides these settings:
Regulatory compliance
Authentication requires users to authenticate using their Confluence login before signing a page. (If your intent is to comply with 21 CFR 11, you should enable this setting.) If your approval flow is lightweight, you can disable this setting and allow users to review/approve a document with a click.
Signature settings
Signature settings groups settings related to signature meanings.
The Meanings settings allow the configuration of meanings associated with each signature added to a control document. You can customize the available Meaning options (the default options are based on the language of 21 CFR §11.50), or disable Meanings entirely. Optionally you can define a custom signature meaning type.
Reviewer settings
Notification: The Email notification setting will trigger automatic emails to reviewers whenever they are added to a page.
Restrictions: The restrictions settings allows to restrict editing, signing, and changing reviewers on a page. Restrictions will only be applied to a page after reviewers are updated.
- Restrict page edits to reviewers, and give reviewers edit rights. This allows only reviewers to edit a page. When this setting is selected, a new reviewer automatically gets edit rights on the document. The final edit permission also depends on the group permissions of the reviewer.
- Restrict signatures to reviewers allows only reviewers to sign a page.
- Restrict changing reviewers to document editors allows only users with document edit rights to change the reviewers. As a document editor, you can add reviewers. These reviewers can sign documents, even if they have no edit rights.
Search: Document Control by default searches the groups "confluence-users", "site-admins", and "administrators" when adding reviewers. You can opt to search all user groups in Confluence when adding a reviewer. Searching all user groups will slow down adding reviewers.
Creating a controlled document
A controlled document can be a page in a space. When you create a new controlled document in a restricted space or document, make sure the user "Electronic Signing for Confluence Cloud" has permissions on the new page. If you are creating a new page from scratch, the best practice is to choose the "Controlled document" template from the Create dialog:
This template sets up the page with everything needed for use with the Document Control add-on.
If you want to use a different template, or if you want to take an existing page and convert it to a controlled document, it's a simple two-step process:
1. Add the "Document Control" macro somewhere in the body of the page (typically at the bottom):
2. Add the "controlled-document" label to the page:
Assigning reviewers
There are two ways to add reviewers to a page:
1. Click the Document Control byline on the page (the link under the page title)
2. From the page menu (the three-dot icon with links to Move, Copy, Delete, etc.), click "Manage Reviewers".
Once the "Manage Reviewers" dialog is open, you can add a reviewer to a page by searching by name.
You can also use this dialog to remove a reviewer by clicking the small "x" next to each reviewer's name.
If you have the Email notification setting enabled, the new reviewer will receive an email inviting them to review the page:
The page's document control status will change to Needs Review until all reviewers have added a signature to the page.
Signing a page
From the page menu, click "Add Signature":
Fill out the form and click Submit to sign the page.
If the Authentication setting is enabled, the user is required to enter their email and a secure token, and both must match the presently logged in Confluence user. A user needs to generate a secure token once. The token is unique to each user. If the email and the secure token do not match, the email and token fields are highlighted in red to indicate a problem:
Document control status
All pages set up for document control will have one of three statuses:
- Not reviewed - No reviewers have been added to this page.
- Needs review - One or more reviewers have been added to this page, but not all reviewers have signed the most recent version of the page.
- Reviewed - All reviewers have signed the most recent version of the page.
The document control status is reflected in the byline (the link under the page title) of each page. It's also reflected in the Document Control macro. For example, in the following screenshot, Jason Wright and Lucille Bluth have been assigned as reviewers, but only Lucille Bluth has signed:
Once Jason Wright signs the page, the page looks like this:
If the page is edited, all reviewers will need to sign the page again to maintain the "Reviewed" status; see Page versioning for more details.
Using the space-level macro
To see the document control status of all pages in a space at a glance, you can use the "Space View" setting of the Document Control macro. Typically, you might want to add the macro to the top-level page in a space. To do this, start editing a page. Then choose from the menu "+" and "View more" to insert the Document Control macro. Choose the "Space View" setting:
You can't use the shortcut "/dccc" to insert the Document control macro. Below you can see an example of the macro in "Space View" setting.
Troubleshooting
Page/space restrictions
If you have view/edit restrictions enforced either on a space or a page and wish to use the Document Control add-on, you'll need to ensure that the add-on user has both view and edit privileges (the add-on user is "Electronic Signing for Confluence Cloud"). For example, click "Restrictions" from the page menu:
Add the "Electronic Signing for Confluence Cloud" user:
Page versioning
The Document Control add-on uses Confluence's built-in versioning system to ensure that signatures are linked to a specific version of a page. For example, if a page has been signed by all reviewers, but is then edited, the Document Control macro will show that those signatures were for previous versions of the page:
You can click the link in the macro to see the full version history of the page:
Note: Restoring a page to a previous version does not resolve the need to re-sign the page. This is because Confluence actually creates a new version that duplicates the restored version.
Signature visibility
As an option you can restrict signature visibility to show only signatures for the current document version. In order to apply this setting you need to edit the document (and thus create a new document version in this process). To change the setting you need to edit the Document Control Macro and check the checkbox "Show signatures applied to the most recent document version only."
After checking the checkbox, only the most recent signatures are visible:
If you later to decide to unchecked the checkbox, the earlier signatures will be visible again. Please note that this change also creates a new document version.
Page copying
The Document Control add-on stores information in each page's content properties. This is essentially a form of metadata stored in the page without being directly visible in the page's body.
The way Confluence handles content properties:
- When a page is moved, content properties are preserved.
- When a page is copied, content properties are not preserved. UPDATE November 2020: Confluence started copying content properties when a page is copied in some instances, but not in others. Atlassian is aware of the problem.
As a result, copies of controlled documents will not preserve signatures or reviewers. You should make sure to keep the original page intact and move it around your Confluence instance instead of making copies.
SAML/SSO
If you use SAML single sign-on to authenticate with Confluence, it's highly likely that the Authentication setting will not work. Your users need to have an Atlassian account and password for the add-on's authentication process to work.
Data security statement
Overview
The Document Control add-on helps with review and 21 CFR 11 compliant document signing on Confluence Cloud, including the ability to ensure that all signatures are authenticated at the time of signature. All transactions with Confluence Cloud are secured using Atlassian Connect Express / JWT. Data transport is secured using TLS (Transport Layer Security).
Data storage
The add-on server stores only your configuration settings. It does not store any data from your Confluence instance, including users, pages, reviewers, signatures, or anything else. All of the data generated by the add-on is stored in your Confluence instance, not the add-on server.
Certification
The add-on is not certified by any authority. 21 CFR 11 compliance is a complex process, and this add-on is merely a small part. Full compliance will depend on Confluence settings, user management, and other operational processes.
Backups
The add-on server, which only stores your configuration settings, is automatically backed up by Heroku. In addition we keep offsite backups for disaster recovery.
Privacy
All transactions are secured using HTTPS/JWT. Because no user data is stored, there is no long-term privacy risk to using this add-on.
The add-on will request email addresses for your users if and only if you enable the "Send email notification to new reviewers" option in the add-on configuration. Email addresses are only used to send one-time notifications to those users who are added as reviewers for a page. Email address are not stored, shared, or used for any other purpose.
Logging
We keep logs in order to audit for possible security incidents and other errors.
21 CFR 11 compliance statement
Components
Component | Description |
Confluence Cloud ("Confluence") | See Atlassian documentation. |
Document Control for Confluence Cloud ("Add-on") | A Confluence add-on providing technical solution for document review and electronic signing. |
Subpart B - Electronic Records
Requirement | Topic | Confluence | Add-on | Organization |
§11.10(a) | Validation of systems | The organization is responsible for validating their Confluence installation and the add-on. | ||
§11.10(b) | Record generation | Confluence has the ability to export documents in PDF or Word format. | The add-on's macros will appear in exported records. | |
§11.10(c) | Protection of records | Confluence provides the ability to backup or transfer pages. | The add-on stores all data within Confluence pages. | |
§11.10(d) | Limiting system access | Confluence provides the ability to manage users and groups, and to restrict privileges to particular users or content. | ||
§11.10(e) | Audit trails | Confluence keeps all changes in a timestamped, secure audit log. When a page is modified, the old version of the page is preserved in the audit log. | The add-on links signatures to particular versions of a page, which will be reflected in the audit log. Signatures for older versions are always preserved and visible via the Document Control macro. | |
§11.10(f) | Sequencing | The add-on ensures all steps happen in the proper order. | ||
§11.10(g) | Authority checks | See Confluence Cloud data security policies. | The add-on is only available to authenticated Confluence users, and can be configured to require additional authentication at time of signing. | |
§11.10(h) | Validity | The organization should ensure this for all devices that use Confluence/the add-on. | ||
§11.10(i) | Education and training | The organization should ensure that all users are properly educated, trained, and experienced. | ||
§11.10(j) | Written policies | The organization should write and distribute policies related to electronic signatures. | ||
§11.10(k) | Controls documentation | The organization is responsible for maintaining controls documentation. | ||
§11.50(a) | Signature manifestations | The add-on ensures that signatures include the printed name of the signer and the data and time when the signature was executed. The add-on can be configured to require that signers include a signature meaning. | ||
§11.50(b) | Signature records | The add-on ensures signature manifestations are part of the electronic record by storing them within the Confluence page. | ||
§11.70 | Signature/record linking | The add-on does not allow signatures to be moved between records, and copied records do not retain electronic signatures. See Page copying for more detail. |
Subpart C - Electronic Signatures
Requirement | Summary | Confluence | Add-on | Organization |
§11.100(a) | Uniqueness | The add-on ensures electronic signatures are unique to one Confluence account. | The organization should ensure that Confluence accounts are unique to one individual, and that Confluence accounts shall not be resued by, or reassigned to, anyone else. | |
§11.100(b) | Identify verification | The organization should verify the identity of individuals before assigning a Confluence account. | ||
§11.100(c) | Agency certification | The organization should certify their use of electronic signatures in writing as per §11.100(c), and persons within the organization should provide any additional certification or testimony as required. | ||
§11.200(a)(1) | Identification components | The add-on can be configured to require users to provide their email address (i.e. identification code) and a secure token before signing. | The organization should enable authentication for all signatures in the add-on's configuration. | |
§11.200(a)(1)(i) | Single session | The add-on can be configured to require authentication for all signatures. | The organization should enable authentication for all signatures in the add-on's configuration. | |
§11.200(a)(1)(ii) | Multiple sessions | The add-on can be configured to require authentication for all signatures. | The organization should enable authentication for all signatures in the add-on's configuration. | |
§11.200(a)(2) | Genuine owners | The add-on can be configured to require authentication for all signatures. | The organization should ensure authentication information for Confluence accounts is only known, or can only be used, by the account's genuine owners. | |
§11.200(a)(3) | Unauthorized attempts | The organization should take steps to ensure that use of an individual's Confluence account by anyone other than its genuine owner requires collaboration of two or more individuals. | ||
§11.300 | Controls for identification codes/passwords | The organization is responsible for maintaining controls for Confluence authentication information. |