Greetings. Second post. I posted an almost identical topic in the Bugzilla forum, but this time the question applies to Subversion.

In order to have a cost-effective configuration management system that we can share with our development partners, we are looking at implementing Subversion on a server within our corporate firewall control but accessible to external parties. In addition to our desire to share a CM system with our partners, we also need the tool for ourselves. We have developers and testers and QA spread around the country and the chances are better than even that messing with files in Visual Sourcesafe will corrupt the file if done over the WAN. We desperately need a better solution than VSS.

The problem is that my company is a medical device manufacturer and Subversion will be used to manage and to control work product files for product software. Consequently, the tool needs to be appropriately validated for its intended use.

Has anyone else in an FDA-regulated environment implemented Subversion? To what extent did you validate it for compliance to 21 CFR 11? Does Subversion even have the native capability to be compliant to Part 11, or did you have to modify the system or use other controls to meet Part 11 requirements? Apart from Part 11, what other requirements did you have with respect to meeting 21 CFR 820.70(i) since this tool is used as a means for automating part of the quality system? What about the requirements for 21 CFR 820.40 and document controls?