We have both regulated products (medical device software under FDA 21 CFR Part 11) and commercial products in the same Jira instance. The regulated products need immutable test evidence, full traceability, and formal sign-offs, but this heavyweight process kills velocity for commercial teams if applied universally.
There’s tension between compliance rigor and agile speed. If we enforce strict workflows and mandatory fields across all projects, commercial teams complain about bureaucracy. If we make it optional, regulated teams skip steps and create audit risk. How do you handle projects with different compliance requirements in a shared Jira instance without creating a compliance nightmare or slowing everyone down?
Automated capture is ideal but we still have manual exploratory testing for regulated products. How do you train testers to follow compliance procedures without making it feel like busywork? We’ve had pushback from testers who see evidence documentation as slowing them down.
We use project categories to separate compliance levels. Projects tagged “Regulated” get a different workflow and screen scheme with mandatory evidence fields. Commercial projects use a lightweight workflow. The key is making this transparent-teams know which category they’re in and what rules apply. We also have a compliance dashboard showing which projects have open audit findings.
Project categories help but you still need governance. We created a “Compliance Tier” custom field at the project level with values: Tier 1 (FDA regulated), Tier 2 (SOC2/ISO), Tier 3 (commercial). Automation rules check the tier and apply appropriate validation. For example, Tier 1 projects require test evidence attachments before closing test cases, but Tier 3 doesn’t.
Training and templates are key. We created Jira issue templates for Tier 1 test cases that pre-populate required fields and include guidance text: “Attach screenshot or log file as evidence. This is required for FDA audit compliance.” We also run quarterly training sessions showing real audit findings where missing evidence caused problems. When testers understand the why (avoiding regulatory penalties), compliance becomes less of a chore.
For exploratory testing, we use a simplified evidence capture workflow: testers record a screen video during the session and attach it to the test case. One video covers multiple test steps and provides richer evidence than screenshots. This balances compliance needs with tester efficiency.
Yes, we use workflow properties to lock fields. Once a test execution moves to “Completed” status, key fields (Test Result, Evidence Attachment, Tester Name, Completion Date) become read-only. Only users with a special “Compliance Admin” role can edit them after that, and any edits are logged in a separate audit issue. This satisfies auditors while preventing accidental tampering.