Document Control Documentation

Revision: 2022-04-12

User Documentation

Installing the add-on

You can install Document Control Logo Document Control for Confluence Cloud from the Atlassian Marketplace. Click the "Try it free" button to get started.

Configuration and settings

Once the add-on is installed, expand the Document Control for Confluence Cloud add-on in the Universal Plugin Manager and click "Configure".

The Universal Plugin Manager view of the add-on

The "Get started" page helps you with considering the configuration options.

The add-on "Get started" page.

The configuration page provides these settings:

The add-on configuration page.

Authentication requires users to authenticate using their Confluence login before signing a page. (If your intent is to comply with 21 CFR 11, you should enable this setting.) If your approval flow is lightweight, you can disable this setting and allow users to review/approve a document with a click.

Document Control supports authentication with a secret key provided by Atlassian (API Key) and through a 2FA (two-factor authentication) process using an authenticator app. Using an authenticator app requires a setup process by each user in order to connect the authenticator app with Document Control. Users can reset their 2FA setup using an Atlassian API Key. The confluence administrator can enable and disable the authentication methods separately.

21 CFR 11 requires the signer to authenticate for each signature. Bulk signatures, i.e. a single electronic signature for multiple documents, are not conformant. Document Control offers both two-factor authentication and authentication using a secret key. Please contact us if you need additional authentication methods.

Signature settings

Signature settings groups configuration settings related to signature meanings.
The Meanings settings allow the configuration of meanings associated with each signature added to a controlled document. You can customize the available Meaning options (the default options are based on the language of 21 CFR §11.50), or disable Meanings entirely. Optionally you can define up to ten custom signature meaning types.
Once you have configured the meanings, these meanings show up during the signing flow and allow a signer to indicate the signature meaning.

Reviewer settings

Notification: The Email notification setting will trigger automatic emails to reviewers whenever they are added to a page.

Restrictions: The restrictions settings allows to restrict editing, signing, and changing reviewers on a page. Restrictions will only be applied to a page after reviewers are updated.

Document Control can only adjust the restrictions if the user "Electronic Signing for Confluence Cloud" has the permissions to add/delete restrictions in the space. If the user "Electronic Signing for Confluence Cloud" does not have these permissions, the setting has no effect.

Restrict page edits to reviewers, and give reviewers edit rights. This allows only reviewers to edit a page. When this setting is selected, a new reviewer automatically gets edit rights on the document. The final edit permission also depends on the group permissions of the reviewer.
Restrict signatures to reviewers allows only reviewers to sign a page.
Restrict changing reviewers to document editors allows only users with document edit rights to change the reviewers. As a document editor, you can add reviewers. These reviewers can sign documents, even if they have no edit rights.

Timestamp display: You can choose to display signature timestamps in either the ISO 8601 format (e.g. 2021-04-26T10:15:41Z), or in a US date format. The US format shows the abbreviated month and full weekday (e.g. Monday, Apr 26, 2021, 06:15 AM EDT). This display format prevents possible confusion about dates like 03/04/2021 in international settings.
The timezone for display of the timestamp can be set to either UTC or an IANA Time Zone Database listed time zone.

Automation settings

These settings are described at Automation and webhook events.

Creating a controlled document

A controlled document can be a page in a space. When you create a new controlled document in a restricted space or document, make sure the user "Electronic Signing for Confluence Cloud" has permissions on the new page. If you are creating a new page from scratch, the best practice is to choose the "Controlled document" template from the Create dialog:

Choosing the Controlled Document template.

This template sets up the page with everything needed for use with the Document Control add-on.

If you want to use a different template, or if you want to take an existing page and convert it to a controlled document, it's a simple two-step process:

1. Add the "Document Control" macro somewhere in the body of the page (typically at the bottom):

Inserting the Document Control macro.

2. Add the "controlled-document" label to the page:

Adding the Document Control label.

Assigning reviewers

There are two ways to add reviewers to a page:

1. Click the Document Control byline on the page (the link under the page title)
2. From the page menu (the three-dot icon with links to Move, Copy, Delete, etc.), click "Manage Reviewers".

Once the "Manage Reviewers" dialog is open, you can add a reviewer to a page by searching by name.

Adding a reviewer.

You can also use this dialog to remove a reviewer by clicking the small "x" next to each reviewer's name.

If you have the Email notification setting enabled, the new reviewer will receive an email inviting them to review the page:

Email notification for new reviewer.

The page's document control status will change to Needs Review until all reviewers have added a signature to the page.

Signing a page

From the page menu, click "Add Signature":

Opening the Add Signature dialog.

Fill out the form and click Submit to sign the page.

If the Authentication setting is enabled, the user is required to authenticate with Document Control with one of the following methods:

Enter their email and a secure token, and both must match the presently logged in Confluence user.
Enter a 2FA code generated with an authanticator app.

If both methods are enabled, the user must choose an authentication method.

Choose an authentication method.

Signature Authentication Information

API key: When using API key authentication, a user needs to generate a secure token once by using the Atlassian provided secure token management page at the Atlassian API token page. The token is unique to each user, and can be revoked on demand. If the email and the secure token do not match, an error message is shown under the email and token fields to indicate a problem:

Signing a page with API key.

The email for the signature must be the email address used for Confluence login. You can find your login email at your Atlassian profile page.

2FA: For 2FA authentication, a user needs to install and pair an authenticator app. Compatible apps are:

FreeOTP+ Authenticator
Google Authenticator
Microsoft Authenticator
Alternative authenticator apps compatible with "TOTP"

When using 2FA authentication for the first time, a user needs to pair their authenticator app with Document Control.

Pair authenticator app with Document Control.

The 2FA codes are unique to each user, and can be revoked on demand using a user-specific API token. When signing, the signature dialog ask you to enter a 6 digit code called 2FA token. This token is generated by your authenticator app. The token is refreshed regularly. If the token does not match, an error message is shown to indicate a problem:

Signing a page with 2FA.

Document Control Status

All pages set up for document control will have one of three statuses:

Not reviewed - No reviewers have been added to this page.
Needs review - One or more reviewers have been added to this page, but not all reviewers have signed the most recent version of the page.
Reviewed - All reviewers have signed the most recent version of the page.

The document control status is reflected in the byline (the link under the page title) of each page. It's also reflected in the Document Control macro. For example, in the following screenshot, Jason Wright and Lucille Bluth have been assigned as reviewers, but only Lucille Bluth has signed:

Page that needs review.

Once Jason Wright signs the page, the page looks like this:

Page that has been fully reviewed.

If the page is edited, all reviewers will need to sign the page again to maintain the "Reviewed" status; see Page versioning for more details.

Using the space-level macro

To see the document control status of all pages in a space at a glance, you can use the "Space View" setting of the Document Control macro. Typically, you might want to add the macro to the top-level page in a space. To do this, start editing a page. Then choose from the menu "+" and "View more" to insert the Document Control macro. Choose the "Space View" setting:

Insert the Space View macro.

You can use the shortcut "/dccc" to insert the Document Control macro. Below you can see an example of the macro with "Space View" setting.

Example of the Space View macro.

Space view allows you to display additional information on the document state by checking the option "Show last signature date and meaning in space view":

Show last signature date and meaning in space view.

General Page

You can access the Document Control general page directly from the top menu. This page provides links to the documentation and signature authentication setup if enabled.

Document Control overview page.

Automation and webhook events

Document Control automation allows you to connect Document Control to an automation tool like ScriptRunner from Adaptavist.

Labels

Document Control can add a label to a document if the review status changes. On the configuration page, you need to check the option "Use a label as a flag when document state changes."

When Document Control detects a change in the document review status, it will add a label to the document. The label acts like a flag. The default label is "dc-review-change". Adding a label generates a webhook event if you have set up a webhook listener. For example, ScriptRunner by Adaptavist lets you listen to such events and run automatic actions in response to such an event.

Once you have received the webhook event, you should remove the label from the document with your automation tool. If the label is not removed, subsequent changes to the document review state will not add a new label.

Once you have received a webhook event, you can check the document review status and run an automation with e.g. ScriptRunner. The document review status can be queried by checking the content property "dccc-byline" of the document. The value of the content property contains the property "documentStatus" with these possible values:

"not-reviewed" A document is in this state if no reviewers are added to the document.
"needs-review" If a document has reviewers, and not all reviewers have signed, a document is in this state.
"reviewed" Once all reviewers have signed, a document is in the "reviewed" state.

Querying the content property "dccc-byline" returns a JSON object containing:

{
...
    "documentStatus": {
      "value": "not-reviewed"
    },
...
}

In addition to listening to webhook events, you can check for the presence of the label "dc-review-change" on a regular schedule with e.g. a cron expression.

Beta Document Control State

Available from 2021-07-01

After adding a reviewer or a signature to a document, Document Control updates the content property "dccc-state". This content property encodes the current document state. You can read this property and get information on reviewers, signatures, and document state. You should not modify this content property, as Document Control will rewrite the content property regularly.

Querying the content property "dccc-state" returns a JSON object. The example JSON object below contains comments (after //) explaining the field just before the comment. If you write code using the Document Control State, please check the field "stateFormatVersion". If this version is incremented, the format has changed.

{
...
"value": {
    "example": false,
    "stateFormatVersion": 2,
    "status": {
      "name": {
        "value": "Reviewed"
      },
      "documentStatus": {
        "value": "reviewed"
      }
    },
    "documentVersion": 7,  // The Confluence assigned document version.
    "documentDt": "2021-06-28T14:26:03.593Z", // The timestamp of the last document edit.
    "documentId": "123456789",  // The Confluence Id of the document.
    "lastMeaning": "Review",  // The meaning of the last signature (if a meaning was given).
    "lastSigDt": "2021-06-28T14:26:22.700Z", // The timestamp of the last signature.
    "reviewersVersion": 5,  // The version of the reviewers.
    "signaturesVersion": 2, // The version of the signatures.
    "signatures": [  // A list of signatures applied to the document in reverse chronological order.
      {
        "most_recent": true,  // A property which is "true" if the signature was applied to the most recent document version.
        "version_known": true,
        "documentVersion": 7, // The document version the signature was applied to.
        "accountId": "XXXXXXXXXXXXXX", // The identifier of the user who signed.
        "timestamp": "2021-06-28T14:26:22.700Z", // The timestamp of the signature.
        "comment": "signature comment", // Signature comment, if present.
        "signature_version": 2,
        "meaning": "Review",  // The meaning of the signature (if a meaning was given).
        "name": "Jane Example", // The name of the signer.
        "documentId": "123456789", // The Confluence Id of the document to which the signature was applied.
        "documentDt": "2021-06-28T14:26:03.593Z" // The timestamp of the last document edit.
      },
      {  // Another signature, it was applied to a previous document version.
        "most_recent": false,
        "version_known": true,
        "documentVersion": 6,
        "accountId": "XXXXXXXXXXXXXX",
        "timestamp": "2021-06-28T13:23:43.983Z",
        "comment": "old signature",
        "signature_version": 2,
        "meaning": "Other",
        "name": "John Example"
      }
    ],
    "reviewers": [  // List of reviewers for the current document.
      {
        "accountId": "XXXXXXXXXXXXXX", // The identifier of the reviewer.
        "name": "Jane Example", // The name of the reviewer.
        "pic": "https://XXXX.atlassian.net/wiki/aa-avatar/XXXXXXXXXXXXXX",  // Link to the avatar image of the reviewer.
        "signed": true,  // "true" if the reviewer signed the last document version, "false" if not.
        "reviewerFormatVersion": 2
      }
    ]
  }
...

The "status" field describes the current document status as described above about the "dccc-byline" field.

The "signatures" list contains the most recent signatures with a limit of up to 50 signatures. The "reviewers" list contains the current document reviewers. If no signatures or reviewers are present, these lists will be empty.

Document Control State Format Information

The Document Control State content property is available from 2021-07-01. Documents produced before this date will not have a "dccc-state" content property. If a signature and/or reviewer is added to an older document, the "dccc-state" will be added with the information available. Documents produced before 2021-07-01 might not contain all information documented above. The content property might contain additional fields not documented here.

Troubleshooting

Page/space restrictions

If you have view/edit restrictions enforced either on a space or a page and wish to use the Document Control add-on, you'll need to ensure that the add-on user has both view and edit privileges (the add-on user is "Electronic Signing for Confluence Cloud"). For example, click "Restrictions" from the page menu:

Opening the Restrictions dialog.

Add the "Electronic Signing for Confluence Cloud" user:

Giving privileges to the add-on user.

Page versioning

The Document Control add-on uses Confluence's built-in versioning system to ensure that signatures are linked to a specific version of a page. For example, if a page has been signed by all reviewers, but is then edited, the Document Control macro will show that those signatures were for previous versions of the page:

Signatures for a previous version of the page.

You can click the link in the macro to see the full version history of the page:

Viewing a page's version history.

Note: Restoring a page to a previous version does not resolve the need to re-sign the page. This is because Confluence actually creates a new version that duplicates the restored version.

Signature visibility

As an option you can restrict signature visibility to show only signatures for the current document version. In order to apply this setting you need to edit the document (and thus create a new document version in this process). To change the setting you need to edit the Document Control Macro and check the checkbox "Show signatures applied to the most recent document version only."

Viewing all signatures.

After checking the checkbox, only the most recent signatures are visible:

Viewing current document version signatures only.

If you later to decide to unchecked the checkbox, the earlier signatures will be visible again. Please note that this change also creates a new document version.

Page copying

The Document Control add-on stores information in each page's content properties. This is essentially a form of metadata stored in the page without being directly visible in the page's body.

The way Confluence handles content properties:

When a page is moved, content properties are preserved.
When a page is copied, content properties are not preserved. UPDATE November 2020: Confluence started copying content properties when a page is copied in some instances, but not in others. Atlassian is aware of the problem.

As a result, copies of controlled documents will not preserve signatures or reviewers. You should make sure to keep the original page intact and move it around your Confluence instance instead of making copies.

SAML/SSO

If you use SAML single sign-on to authenticate with Confluence, it's highly likely that the Authentication setting will not work. Your users need to have an Atlassian account and password for the add-on's authentication process to work.

Data security statement

Overview

The Document Control add-on helps with review and 21 CFR 11 compliant document signing on Confluence Cloud, including the ability to ensure that all signatures are authenticated at the time of signature. All transactions with Confluence Cloud are secured using Atlassian Connect Express / JWT. Data transport is secured using TLS (Transport Layer Security).

Data storage

The add-on server stores your configuration settings. It does not store any data from your Confluence instance, including users, pages, reviewers, signatures, or anything else. All of the data generated by the add-on is stored in your Confluence instance, not the add-on server. If you opt in to secondary authentication (2FA), Document Control stores an identifier and cryptographic information to secure the secondary authentication process. By not opting in to secondary authentication, no secondary authentication data will be processed or stored.

Certification

The add-on is not certified by any authority. 21 CFR 11 compliance is a complex process, and this add-on is merely a small part. Full compliance will depend on Confluence settings, user management, and other operational processes.

Backups

The add-on server, which stores your configuration settings, is automatically backed up by Heroku. In addition we keep offsite backups for disaster recovery.

Privacy

All transactions are secured using HTTPS/JWT. Because no personal data is stored, there is no long-term privacy risk to using this add-on.

The add-on will request email addresses for your users if and only if you enable the "Send email notification to new reviewers" option in the add-on configuration. Email addresses are only used to send one-time notifications to those users who are added as reviewers for a page. Email address are not stored in the add-on, shared, or used for any other purpose.

Secondary authentication (2FA) is based on TOTP.

Component	Description
Confluence Cloud ("Confluence")	See Atlassian documentation.
Document Control for Confluence Cloud ("Add-on")	A Confluence add-on providing a technical solution for document review and electronic signing.

Subpart B - Electronic Records

Requirement	Topic	Confluence	Add-on	Organization
§11.10(a)	Validation of systems			The organization is responsible for validating their Confluence installation and the add-on.
§11.10(b)	Record generation	Confluence has the ability to export documents in PDF or Word format.	The add-on's macros will appear in exported records.	The organization is responsible for keeping an immutable record (for example using a document management system).
§11.10(c)	Protection of records	Confluence provides the ability to backup or transfer pages.	The add-on stores all data within Confluence pages.	The organization is responsible for archiving, long term storage, and backups. Pages in Confluence can be modified and deleted, and Confluence is not an archival system.
§11.10(d)	Limiting system access	Confluence provides the ability to manage users and groups, and to restrict privileges to particular users or content.		The organization is responsible for managing access.
§11.10(e)	Audit trails	Confluence keeps changes in a timestamped, secure audit log. When a page is modified, the old version of the page is preserved in the audit log.	The add-on links signatures to particular versions of a page, which will be reflected in the audit log. Signatures for older versions are preserved and visible via the Document Control macro.
§11.10(f)	Sequencing		The add-on ensures all steps happen in the proper order.
§11.10(g)	Authority checks	See Confluence Cloud data security policies.	The add-on is only available to authenticated Confluence users, and can be configured to require additional authentication at time of signing.
§11.10(h)	Validity			The organization should ensure this for all devices that use Confluence/the add-on.
§11.10(i)	Education and training			The organization should ensure that all users are properly educated, trained, and experienced.
§11.10(j)	Written policies			The organization should write and distribute policies related to electronic signatures.
§11.10(k)	Controls documentation			The organization is responsible for maintaining controls documentation.
§11.50(a)	Signature manifestations		The add-on ensures that signatures include the printed name of the signer and the data and time when the signature was executed. The add-on can be configured to include a signature meaning.
§11.50(b)	Signature records		The add-on ensures signature manifestations are part of the electronic record by storing them within the Confluence page.	The organization is responsible for keeping an immutable record (for example using a document management system).
§11.70	Signature/record linking		The add-on does not move signatures between records, and copied records do not retain electronic signatures. See Page copying for more detail.

Subpart C - Electronic Signatures

Requirement	Summary	Add-on	Organization
§11.100(a)	Uniqueness	The add-on ensures electronic signatures are unique to one Confluence account.	The organization should ensure that Confluence accounts are unique to one individual, and that Confluence accounts shall not be resued by, or reassigned to, anyone else.
§11.100(b)	Identify verification		The organization should verify the identity of individuals before assigning a Confluence account.
§11.100(c)	Agency certification		The organization should certify their use of electronic signatures in writing as per §11.100(c), and persons within the organization should provide any additional certification or testimony as required.
§11.200(a)(1)	Identification components	The add-on can be configured to require users to provide their email address (i.e. identification code) and a secure token before signing.	The organization should enable authentication for all signatures in the add-on's configuration.
§11.200(a)(1)(i)	Single session	The add-on can be configured to require authentication for all signatures.	The organization should enable authentication for all signatures in the add-on's configuration.
§11.200(a)(1)(ii)	Multiple sessions	The add-on can be configured to require authentication for all signatures.	The organization should enable authentication for all signatures in the add-on's configuration.
§11.200(a)(2)	Genuine owners	The add-on can be configured to require authentication for all signatures.	The organization should ensure authentication information for Confluence accounts is only known, or can only be used, by the account's genuine owners.
§11.200(a)(3)	Unauthorized attempts		The organization should take steps to ensure that use of an individual's Confluence account by anyone other than its genuine owner requires collaboration of two or more individuals.
§11.300	Controls for identification codes/passwords		The organization is responsible for maintaining controls for Confluence authentication information.