Greetings. First post. I won't overwhelm you with details about myself and will try to get to the point.
In order to have a cost-effective defect tracking system that we can share with our development partners, we are looking at implementing Bugzilla on a server within our corporate firewall control but accessible to external parties.
The problem is that my company is a medical device manufacturer and Bugzilla will be used to document and to maintain defect records for product software. Consequently, the tool needs to be appropriately validated for its intended use.
Has anyone else in an FDA-regulated environment implemented Bugzilla? To what extent did you validate it for compliance to 21 CFR 11? Does Bugzilla even have the native capability to be compliant to Part 11, or did you have to modify the system or use other controls to meet Part 11 requirements? Apart from Part 11, what other requirements did you have with respect to meeting 21 CFR 820.70(i) since this tool is used as a means for automating part of the quality system?