Documentation — Compliance Glossary for Confluence

Installation Guide

Go to Atlassian Marketplace and search for "Compliance Glossary for Confluence"
Click Install (requires Confluence Cloud admin permissions)
Once installed, find the app under Apps in your Confluence navigation
No configuration needed — the app is ready to use immediately
The app has four tabs: Dashboard, Terms, Compliance Scanner, and Audit Export

Requirements: Confluence Cloud only. Built on Atlassian Forge — no external servers or configuration.

Managing Terms

Create a term: click "+ New Term", fill in the name, definition, category, synonyms, and notes
Edit a term: every edit creates a new version with automatic diff tracking
Submit for review: change status from Draft to Review
Approve / Reject: reviewers approve or reject. Approval is timestamped with user ID.
Deprecate: mark outdated terms as Deprecated — the scanner will flag any page still using them
Bulk operations: select multiple terms with checkboxes to deprecate or delete in bulk
Search and filter: find terms by name, definition, or category. Filter by status.

Approval Workflow

Terms follow a five-stage lifecycle with full audit trail:

Draft → Review → Approved → Deprecated → Deleted

Four-eyes principle: the person who creates or edits a term cannot approve their own changes — another team member must approve
Review request: move a term from Draft to Review to request approval
Approval: reviewer approves or rejects — action is timestamped with user ID
Deprecation: approved terms can be deprecated when they're no longer current
Soft delete: deprecated, draft, or review terms can be moved to Deleted — the record and its full history are preserved for audit purposes
Reactivation: deprecated or deleted terms can be sent back to Review if they need to be reinstated
Approved terms cannot be deleted directly — they must be deprecated first, ensuring no active approved terminology is lost without a deprecation step
Audit trail: every status change (including deletion) is recorded in the term's version history

Compliance Scanner

Auto-scan: triggers automatically when any Confluence page is created or updated
Manual scan: scan a specific space on demand from the Compliance Scanner tab
What it detects: deprecated terms, unapproved (draft) terminology, pending review terms, synonym violations
Each finding shows: the flagged term, which page it was found on, the surrounding context, and the reason for flagging
Dashboard score: see your overall compliance percentage and breakdown of issues by type
The scanner uses read-only Confluence access — it never modifies your content

Audit Export & Dashboard

Generate report: click "Generate Report" then "Download CSV" for a full compliance export
CSV columns: Term, Definition, Status, Category, Version, Approved By, Approved Date, Created At, Updated At, Synonyms
Version history: expand any term in the report to see all historical changes
Dashboard: compliance score (% approved), issue count by type, category breakdown
Export runs entirely in your browser — no data is sent to any external server

CSV Import

Prepare your CSV file with these columns:

Term,Definition,Category,Synonyms
GDPR,"General Data Protection Regulation",Privacy,"Data Protection Regulation"
SOX,"Sarbanes-Oxley Act",Financial,Sarbanes-Oxley
HIPAA,"Health Insurance Portability and Accountability Act",Clinical,"health insurance act"

Required columns: Term, Definition
Optional columns: Category, Synonyms, Notes
Synonyms: separate multiple synonyms with semicolons
Max batch size: 50 terms per import
Duplicate detection: terms that already exist in your glossary are automatically skipped and reported
Imported terms start in Draft status — they must go through the approval workflow

Known Limits & System Boundaries

Compliance Glossary runs on Atlassian Forge, which imposes certain platform constraints. These limits are designed into the product and handled gracefully.

Scanning

Space scan limit: Maximum 500 pages per space scan. Larger spaces will show a truncation warning. For full coverage on large instances, scan individual spaces.
Term matching: Uses exact word-boundary matching. The scanner detects whole-word matches only — it will not catch plurals, abbreviations, or fuzzy variations (e.g. "AE" won't match "AEs").
Auto-scan triggers: Fires on page create and update only. Page deletions, moves, and renames do not trigger a scan.
Scan history: Each scan overwrites previous results for the same page. There is no historical scan record per page.

Data & Storage

Forge function timeout: Backend operations have a 25-second timeout. Large scans and exports use batching to stay within this limit.
Runtime memory: 256 MB per function invocation (Forge platform limit).
CSV import batch size: Maximum 50 terms per CSV file. For larger imports, split into multiple files.
All terms loaded to browser: The term list, search, and filter run client-side. Very large glossaries (thousands of terms) may have slower initial load.
Audit export: CSV is generated in the browser. Glossaries with 1000+ terms and extensive version history may take several seconds.

Workflow

No skip-state transitions: Terms must follow the lifecycle (Draft → Review → Approved). You cannot go directly from Draft to Approved.
Single space per term: Each term belongs to one Confluence space or "ALL". Multi-space assignment is not supported.
Stale approval threshold: Fixed at 6 months. Not configurable per category or regulation.
No undo/revert: You can view full version history but cannot revert a term to a previous version.
Bulk operations: Bulk deprecate and bulk delete process terms sequentially. Large selections may take a moment.

Compliance scope

No e-signatures: The app uses Atlassian account IDs for attribution, not cryptographic e-signatures (Part 11 Subpart C).
No role-based access control: The app inherits Confluence permissions. There are no separate admin/editor/viewer roles within the app.
No finding resolution workflow: The scanner flags issues but does not yet support acknowledging, justifying, or closing individual findings.
Export format: CSV only. PDF and XML export are not available.

Frequently Asked Questions

Where is my data stored?

All data stays on Atlassian infrastructure. Built on Forge — zero external servers, zero data transfer outside your Confluence instance.

Does the app modify my Confluence pages?

No. The scanner reads pages to detect terminology issues but never modifies content. Read-only access only.

What's the difference between this and a regular glossary?

Regular glossaries store definitions. Compliance Glossary adds version history, approval workflows with audit trail, compliance scanning, and one-click export for auditors.

How long does setup take?

Install from Marketplace, add your terms (or bulk import via CSV), and the scanner starts immediately. Most teams are operational in under 30 minutes.

Can I import existing terminology?

Yes. CSV import supports terms, definitions, categories, and synonyms. Duplicates are automatically detected and skipped.

What regulations does this support?

The tool is regulation-agnostic. Teams use it for FDA 21 CFR Part 11, EBA/MiFID II, SOC 2, ISO 27001, GDPR, EU AI Act, and any framework requiring controlled vocabulary.

Is it free?

Yes. The app is free during early access with all features. No credit card required.

Can I try it on a test instance?

Absolutely. Install on any Confluence Cloud instance including free or developer instances from Atlassian.