Compliance & Regulation Archives

Tag Archive for: Compliance & Regulation

In this blog, we’ll recap a section of our recent Expert Perspectives video, “A Method to Asses Benefit-Risk More Objectively for Healthcare Applications” – Click HERE to watch it in it entirety.

Expert Perspectives: A Method to Assess Benefit-Risk More Objectively for Healthcare Applications

Welcome to our Expert Perspectives Series, where we showcase insights from leading experts in complex product, systems, and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future of their fields.

In the complex world of healthcare, evaluating benefit-risk is crucial to successful product development and patient outcomes. Our expert perspectives video, “A Method to Assess Benefit-Risk More Objectively for Healthcare Applications,” offers actionable insights for healthcare innovators aiming to meet rigorous regulatory requirements while ensuring patient safety and efficacy.

In this episode of Expert Perspectives, Richard Matt breaks down a streamlined, objective method for benefit-risk analysis. He explores a structured frameworks and data-driven approach that help teams make balanced decisions, mitigate risks early, and stay compliant with regulatory standards, including FDA and ISO guidelines.

This patent-pending approach helps organizations navigate challenges, foster innovation, and ultimately bring safer, more effective healthcare solutions to market.

Below is a preview of our interview. Click HERE to watch it in its entirety.

Kenzie Jonsson: Welcome to our expert perspective series where we showcase insights from leading experts in complex product, systems, and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future in their fields. I’m Kenzie, your host, and today, I’m excited to welcome Richard Matt. Formerly educated in mechanical, electrical, and software engineering and mathematics, Richard has more than thirty years of experience in product development and product remediation. Richard has worked with everyone from Honeywell to Pfizer and is now a renowned risk management consultant. Today, Richard will be speaking with us about his patent pending method to assess benefit-risk more objectively in health care. Without further ado, I’d like to welcome Richard Matt.

Richard Matt: Hello. My name is Richard Matt, and I’m delighted to be speaking with you about our general solution to the problem of assessing whether the benefit of a medical action will outweigh its risk. I’ll start my presentation by saying a few words about my background and how this background led to the benefit-risk method you’ll be seeing in the presentation.

To understand my background, it really helps to go back to the first job I got out of undergraduate school. I graduated with a degree in mechanical engineering and an emphasis in fluid flow. And my first job was in the aerospace industry at Arnold Engineering Development Center, at a wind tunnel that Baron von Braun designed. I worked there as a project manager, coordinating various departments with the needs of a client who brought models to be tested. These are pictures of the ADC’s transonic wind tunnel with its twenty-foot by forty-foot long test section that consumes over a quarter million horsepower when running flat out. Those dots in the walls are holes, and a slight suction would pull the out on the outside of the wall to suck the air’s boundary layer through the holes. So a flight vehicle appeared more closely to match its flight air characteristics in free air. It was amazing place to work.

We could talk about aerodynamic issues and thermodynamic issues like why nitrogen condenses out of the air at mach speeds above six or why every jet fighter in every country’s air force has a maximum speed of about mach three and a half. But to stay on the topic of benefit-risk, the reason or my intro to this, the reason I was brought this up was that I saw here firsthand the long looping iterations that came from different technical specialties, each approaching the same problem from the respective of their technical specialty. I found it very frustrating and the, following analogy very apt, after getting, so each of our technical specialties would look at the same problem, the elephant from their own view. And I found myself getting frustrated with my electrical and software engineering coworkers, that they didn’t understand what I was talking about, but I knew realized soon I didn’t understand what they were talking about either.

So I decided I wanted to become part of the solution to that problem by going back to graduate school and getting myself rounded out and my education so I could talk to these folks from their perspective also. So I went back to grad after mechanical and undergraduate, went back to graduate school in electrical and mathematics and picked up enough software. I started teaching, programming also in college. I developed there a solution for the robot arms in those wind tunnels to to control a robot arm for every possible one, two, or three rotational degree of freedom arm, and that was my graduate thesis. After I completed my thesis, I felt empowered to start, my work doing going wherever I wanted doing whatever I wanted to do and realized that if I wanted to do anything significant, it would take many years, and I decided to focus on teamwork. Does that sound pretty good?

RELATED: Jama Connect^® for Medical Device & Life Sciences Development Datasheet

Matt: My ability to work across technical boundaries enabled me to bring exceptional products to the market. For instance, I brought an Internet of Thing (IoT) device to the market during the nineteen nineties before Internet of Things was a thing. And I rapidly advanced while I was working as a VP of engineering at a boutique design firm in the Silicon Valley. These are a few of the clients that I had, through the work that I’ve done over the years.

And, the combination of the breadth of my formal training and my system perspective for solving problems has really helped me work across continue to work across boundaries, so that I’ve worked for companies to help them establish their pro product requirements, trace requirements, do V and V work. I’ve done a lot of post-market surveillance work. I established internal audit programs. I’ve been the lead auditee when my firm is audited. Done had significant success accelerating product development and has been on work on. So mixed in with all of these works, I special I started specializing into risk management as consulting focus versus something I just did normally during development.

And since the defense of a patent requires notice, I’ll mention that the material here is being pursued on the patent, and, would like to talk with anyone who finds this interesting to pursue after you’ve learned about it. So let me start my presentation on benefit risk analysis by talking about how important it is to all branches of medicine and the many problems we have implementing it. The solution I’m gonna come up with, I’ll just outline here briefly so you can follow as we’re going through the presentation. I’m gonna first establish a single and much more objective metric to measure benefit and risk than people traditionally use. I’ll be accumulating overall benefit and risk with sets of metric values from this first metric. And finally, we’ll show how to draw a conclusion from the overall benefits and risk measurements of which is bigger benefit or risk.

So in terms of importance, historically, benefit-risk has been with medicine for millennia. It’s a basic tenant to all of medicine. The first do no harm goes all the way back to the quarter of Hammurabi 2,000 BC, and it legally required physicians to think not just about how they can help patients with treatment or what harm they might cause to treatment and making sure that the balance of those two favor the patient is very much the benefit-risk balance that we look at today. The result we’re gonna talk about is gonna be used everywhere throughout medicine with devices, with drugs, with biologics, even with clinical trials.

So is that fundamental cross medicine? How it’s used currently?

If you are in one of the ways developing new products, benefit-risk determinations have to be used in clinical trials to show that they’re ethical to perform, that we’re not putting people in danger needlessly. Benefit-risk determinations are the final gate before a new product is released for use to patients. And I have a quote here from a paper put out by AstraZeneca saying the benefit-risk determination is the Apex deliverable of any r and d organization. There’s a lot of truth to that. It’s the final thing that’s being put together to justify a product’s release. And so it has a very important role here for FDA and has a very important role for pretty much the regulatory structure of every country, including the EU.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

Matt: In terms of creating a quality system, every medical company is required to have one. Benefit-risk determinations are used to assess a company’s quality system. This is per the FDA notice about factors on benefit-risk analysis. When regulators are evaluating company’s quality system, they’ll use benefit-risk to determine if nothing should be done, if a product should be redesigned, if they should take legal actions against a company of a range of possibilities from replacing things in the field to stopping products from being shipped. It’s also a key in favorite target for product liability lawsuits, because of how subjective it is, and we’ll get to that in a moment. It can also be used for legal actions against officers. So benefit risk is a really foundational concept for getting products out and keeping products out and keeping companies running well. Just a bit of historical perspective of medical documentation and development. We have here, I cited four different provisions of the laws, regarding medical devices in the United States. This is a small sampling.

The point I’m trying to make here is that each of these summaries of the laws discuss continually evolving, continually growing, more rigorous standards for evidence, more detailed requests for information from the regulators to the instrumentation development companies to the product development companies. So first, medical products are heavily regulated. We have the trend of increasing analysis and rigor. Per ISO 142471, and this is an application standard that is highly respected in the medical device field. A decision as to whether risks are outweighed with benefits is essentially a matter of judgment by experienced and knowledgeable individuals.

And this is our current state of the art.

Not that everybody does it this way, but this is the most common method of performing benefit-risk analysis. And benefit-risk analysis by this method, has a lot of problems because it’s based on the judgment and it’s based on individuals, and both of those can change with different settings. That’s why it’s a favorite point of attack for product liability lawsuits.

This quote was true in 1976, when medical devices were put under FDA regulation, but significantly remains unchanged nearly fifty years laters. Benefit-risk determinations are an aberration and that unlike the rest of medicine, they have not improved over time. They’ve remained a judgment by a group of individuals. In, twenty eighteen, FDA was, approached by congress to set a goal for itself of increasing the clarity, transparency, and consistency of benefit risk assessments from the FDA.

This was in human drug review as the subject, and the issue was that various drug companies had gotten very frustrated with the FDA for disagreeing with their assessments of what benefit-risk should look like. And to repeat again, when you have a group of individuals making a judgment, that’s gonna lead to inconsistencies because both the group and their own individual judgment will vary from one situation to the next. I have another, quote here from the article from AstraZeneca. The field of formal and structured benefit-risk assessments is relatively new.

RELATED: Application of Risk Analysis Techniques in Jama Connect to Satisfy ISO 14971

Matt: Over the last twenty years, there’s still a lack of consistent operating detail in terms of best practice by sponsors and health authorities. So this is an understatement, but a true statement. We have had a lot of increasing effort over the last few years because if people are dissatisfied with the state of benefit-risk assessments, they want to do better than this judgment approach. And so there have been a plethora of new methods developed. I’ve found one survey here that summarize fifty different methods just to give you an idea of how many attempts there are. And I went through those fifty methods.

The other thing that’s interesting to see is the FDA’s attempt to clarify benefit-risk assessments. I have here five guidance documents from the FTA, and I would put forth the proposition that anytime you need five temps five attempts to explain something, it means you didn’t understand the thing well in the first place or failing about a bit trying to get it done right. I think this is also held up by the drug companies, pressure on congress to get FDA to improve their clarity and consistency of benefit-risk assessments.

So here’s the, fifty methods that I found in one study of benefit-risk assessments. They have them grouped into, a framework, metrics, estimate techniques, and utility surveys. These are the fifty different methods, and I’ve gone through each one of them. And they all have fundamental problems. They, I’m going through them a bit slowly. Like, here’s one, from the FDA, another benefit risk assessment. Health-adjusted life years are one of the few that uses the same metric for benefit and risk. Number needed to treat is a very popular indication for a single characteristic, but you can’t integrate that across the many factors that needed to do benefit-risk assessment.

And so we’ve gone down the rest of these, methods. If I group these fifty methods by how they accumulate risk, I get a rather useful collection. Most of the methods do not consider all the risk-benefit factors for benefit-risk situation. They will pick on just one factor. And you can’t combine the factors with themselves or with others. It’s simply looking at one factor by itself. So it’s an extremely narrow view of benefit-risk for most of these. The few methods that do look at all the risk-benefit factors, most of them start with what I call the judgment method, where you’re forced to distill all the factors down to the most significant few, only four maybe four to seven methods, four to seven factors.

So either the methods consider only one type of, one factor at a time, or they force you to throw away most of the methods and consider maybe four or seven factors is the second method. The third method is they assign numbers to the factors, they’ll add the factors together, and they’ll divide the benefit sum by the risk sum. And if the division is bigger than one, they’ll say the benefit’s bigger than the risk. And if the division is less than one, they’ll say the risk is bigger than the benefit.

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Expert Perspectives: A Method to Assess Benefit-Risk More Objectively for Healthcare Applications

In the world of automotive and semiconductors, where the pace of technological innovation seems to accelerate daily, staying ahead of trends is critical. That’s why we sat down with Neil Stroud, Jama Software’s industry expert with decades of experience spanning major players like Intel, Arm, and Samsung. Neil has been at the forefront of the functional safety and semiconductor evolution, witnessing firsthand the challenges and transformative changes that shape these industries.

In this exclusive interview, Neil shares his unique perspective on the latest industry dynamics, the impact of global supply constraints, and how the automotive industry’s strategic relationships with semiconductor vendors are evolving. He also discusses Jama Software’s role in helping both sectors address increasingly complex requirements and integration challenges, driving efficiency and reducing risk across the supply chain. Join us in exploring how Jama Connect empowers companies to manage complexity, enhance traceability, and accelerate their time to market.

Driving Innovation: Quarterly Automotive & Semiconductor Trends with Neil Stroud

Kenzie Jonsson: Thanks for sitting down with me today, Neil! I’d love it if you could spend a little bit of time telling us about your background and career path.

Neil Stroud: Prior to joining Jama Software back in April of this year, I’d spent most of my career in the semiconductor industry, working for companies like Samsung, NEC, and PMC-Sierra. I also spent 12 years with Intel, and then moved into the IP space with Arm who are one of the key players in semiconductor IP. Directly before joining Jama Software, I spent time with CoreAVI, a niche software company in the safety-critical graphics space. Almost twenty years of my career has been spent in the functional safety domain. It wasn’t by design; it was more by accident. I didn’t set out to get into that domain at all. It all came about through my time at Intel where I was calling on a big industrial automation company and they asked me the question, “Hey, so when are you going to start supporting functional safety with Intel architecture?”

Of course, at that point, I didn’t know what it was, what it meant, what it was all about. One thing led to another, and I stumbled into the world of functional safety and was given a great opportunity at Intel to go… I was going to say, go and lead it, but it was more me volunteering and saying, I think we should be doing this. And Intel the senior leadership at Intel saying, “Oh, go on then, go do it.” That’s exactly what I did. So, it was quite nice because you’re acting as a startup within the safety of a big corporation like Intel. At that point you start to look at the fundamentals – what does safety look like? What do we need to do as a company? How do we sell it? How do we make money out of it? What are the technical issues? What problems are the industry facing? That kind of stuff. So, I pretty much became a GM of my own startup at that point, which was a great experience.

That was back in the day when complex semiconductor functional safety wasn’t really a thing. So, we were blazing the trail, not just for Intel but for the whole industry. So, little did I know back then where it would lead. It’s been so much fun. That’s also what took me to Arm – to drive the whole functional safety strategy across their ecosystem. So, all of that obviously led me into adjacent businesses especially automotive, as safety is of paramount importance where I worked with the big OEMs and throughout the supply chain. Now here I am at Jama Software bringing all of that experience of semiconductor, automotive, and software and apply that into the requirements management tools domain to drive our presence and growth in the automotive and semiconductor segments.

RELATED: Jama Connect for Automotive

Jonsson: What changes have you been part of at Jama Software recently to help us better meet the needs of our customers?

Stroud: It’s a really interesting time to join Jama Software. Obviously, we’ve been successful as a company over the preceding years. I’m amazed by the number of different market segments that are using Jama Connect. There are some obvious ones like automotive, semiconductor, medical, consumer electronics, and aerospace and defense. But there are some emerging segments as well, which is great to see, like insurance companies and state departments and beyond. Clearly, Jama Connect is a tool that transcends verticals. But of course, we need to be able to tweak and tailor that to accommodate the unique needs of each market segment. Functional safety and cybersecurity are great examples of these differences. That’s what’s exciting as part of the change with Francisco Partners acquiring us back in April for $1.2 billion. That to me is a leading indicator that they’re betting on us to continue growing and we are investing heavily to continue to delight our current customers and of course help new customers achieve new levels of innovation. Placing that bet is exciting for all of us at the company. As a result, one of the changes we made at that time was to really double down on the vertical focus. So, bringing in an organizational structure that allows us to do and in turn drive even more alignment with the needs of each market segment.

It’s good for us. But more importantly, it’s good for the customers because we can talk in their language, we can better understand their problems, and of course we can partner with them to solve their problems. And that in turn means tailoring our product to better suit their needs. So, it’s a win-win. It’s a confirmation of the importance of those verticals to Jama Software and sends a clear message to that we are listening and here to partner with them on their growth journey. So, it’s exciting for me and I see that excitement across the whole company.

Jonsson: Can you tell us what you’re seeing in the industry with the conversations that you’re having with our customers and prospects?

Stroud: Well, I cover both automotive and semiconductor industries. There’s obviously a lot of overlap between the two, and I think that’s an increasing trend we’ve seen over the last few years. The automotive guys have been building a lot more of a strategic relationship with the semiconductor vendors. Not least because when the supply constraints kicked in a couple of years ago, production lines were coming to a halt because they couldn’t get hold of the smallest, tiniest, cheapest components. And at that point, it is interesting how it created a real forcing function. The automotive segment said at that point, “Right, we aren’t going to get burnt again.”

So, they did one or two things. Some went out and tried to tie down the semiconductor vendors contractually to say, “Look, in the event that this happens again,..” and it will happen again because the semiconductor industry tends to work on about a seven-year cycle of oversupply versus constraint, “we want to guarantee our component supply.” The car OEMs and tier-one suppliers obviously didn’t want to get caught in that again. I don’t have visibility into how successful those discussions were, but I don’t think it will necessarily prevent a recurrence. The good news is that there is huge investment going into building new fabs that will provide significant capacity increases in the coming years.

The other interesting dynamic that happened was some of the auto guys said, “Well, screw that. We’re going to do our own silicon.” It sounds easy when you say it quickly, but there’s an awful lot to it when you commit to that solution. Questions like, “Okay, so how are you going to do that?”, “Are we going to go and engage with a design house or we’re going to hire a team of semiconductor design engineers,” “Which fab supplier will we use?” “Will they guarantee supply?”

It’s not a trivial undertaking and to make it work from an ROI perspective it’s probably a ten-year journey. And in the meantime, you’ve still got to work with what you’ve got. The other issue is once you get down that path, you are committed and it’s an expensive commitment to make. The downside is you don’t get the benefit of volume that the big guys like Qualcomm, Samsung, MediaTek, or NVIDIA can offer you. They build millions and millions of chips and can amortize the cost across many customers and markets. If you’re building your own, you don’t get that advantage, but you mostly own your own destiny. So, pros and cons.

So that’s one dynamic. I think the other dynamic we’ve seen in automotive generally over the last five years is a repositioning of what’s important. If we go back, even just five years, we all thought we would be driving autonomous vehicles right now. There’d be mass deployment. You and I would both have one on the drive. Of course, that hasn’t happened because we all realized how difficult it is. I think we were in denial for a while, but that forced us to pivot to solving the software defined vehicle challenge. If we can get that taken care of, then that kind of leads us to the autonomous world anyway. And we can solve it in bite-sized chunks. So thankfully the automotive industry and the semiconductor industry, and probably lots of other industries now are focused on a software-defined vehicle as an intermediate step.

Solving this challenge doesn’t just apply to road vehicles. I think when you look at industrial automation, that’s the same. Do they want to get full autonomy? Of course they do. Is it a challenge? Yeah, it is. So, software-defined has a role to play there. Same in A&D, same in a lot of the other verticals. So, there are a lot of synergies between the verticals as well. That created, I think, clarity, but it also created a seismic shift for the car OEMs in that the OEMs themselves, and I’m talking more about the incumbent suppliers, the big guys like VW, Mercedes, Ford, GM and others. History shows they’re so used to being completely in charge of their own destiny – when you need something, you just put a team together and you go build it. Those days are gone. You look at complexity in a modern vehicle, whether it’s the hardware or the software, you just can’t do that these days. It’s not scalable.

So, you have to rely on the supply chain to drive the innovation and deliver those pieces, those elements, and then you as the OEM have to integrate them. But that’s not a world they’re used to. And it obviously introduces a whole world of complexity.

RELATED: Compliance Made Easy with Jama Connect for Automotive and Semiconductor Development

Stroud: That’s another area where using Jama Software really pays dividends to ensure the whole supply chain is seamlessly connected from a requirements perspective resulting in faster design and delivery across multiple vendors and a better-quality product overall. A modern vehicle can have upwards of 100 million lines of code going into a modern high-end vehicle and this is increasing exponentially. Those software elements are coming from a hundred different vendors. Some of those are safety-related, and some of those are security-related. All of a sudden as an OEM, I’m responsible for integrating all of that, checking it works together, checking it’s still safe, checking it’s still secure, and then rolling it out through the door for consumers to go and purchase a new vehicle.

At the same time, vehicle suppliers can use this new SDV approach to drive new business models that allow post-sales upgrades and updates. If a car doesn’t have a feature on the day of sale, in a year’s time the owner could say, “Hmm, it’d be nice to have that new feature.” You log into your account, put your credit card details in, and as if by magic, the new feature arrives over the air to your vehicle the next day. That’s a whole new world and we are only scratching the surface today.

So, I guess the punchline is from our perspective, and doing what we do, it’s all about efficient requirements management and traceability. This applies not just to the OEMs, but throughout the supply chain as well, to ensure the elements from those hundreds of different vendors all come together. Those requirements have got to be exquisitely accurate and all the independent interdependencies mapped out correctly to be sure that you’re not violating a safety goal or creating a bug in the system.

This way you get into traceability… How well is my project going? How healthy is it? How many of those requirements are covered right now and tested and using that capability to reduce the number of recalls, drive efficiency in the design team, reduce the risk, all those good things. Of course, this level of detail isn’t just important to the engineering teams. It can also be rolled out to senior management who are likely more interested in risk, cost, time-to-market and so on.

So, the market’s really coming to us. Jama Software is now the largest supplier of requirement management solutions overall, which we’re immensely proud of. But we have to learn from the market and our customers how Jama Connect changes grows and morphs as a solution to enable that ubiquitous risk reduction and efficiency improvement. So, there are some big factors at play.

So that’s automotive. The semiconductor segment is interesting as well. It’s a very different world, with different care abouts.

We’ve done very well in the semiconductor space overall, but it still frightens me to see how many spreadsheets are used to manage the business in the big semiconductor companies. And that’s speaking from experience because I lived in that world for a long time. There are way too many spreadsheets out there for doing requirements tracking. When you’re working that way, there’s no single source of truth and that will get you into trouble, guaranteed. It will cost you big with bugs in the silicon. So, it’s imperative to partner with the semiconductor industry and really drive change, accelerate innovation and solve tomorrow’s supply constraints. That’s on the chip design side, but also more recently, we’ve got the CHIPS Act, which is kick-starting a massive investment in the semiconductor industry to drive fab capacity to meet the huge growth in demand for chips.

So, we see the big players such as Intel, Samsung, and TSMC, all investing billions and billions of dollars to put fabs into place to meet this growth in demand and technology, which is exciting. The challenges are different to the auto market but guess what, these chip manufacturers need robust requirements management to run their business. And again, a lot of it’s been running on spreadsheets for a long time.

Now, we’re seeing, of course, headwinds in both industries. We still see that with EV vendors on the automotive side. We see even today challenges in the semiconductor industry with some consolidation of cost and trying to get costs under control. Jama Software has a critical role to play in that transformation. We can help drive efficiency and shorten cycles and time-to-revenue. All those things play into huge cost reductions for all. We are using our expertise in both product and deployment to educate and drive incremental success for our customers.

Kenzie Jonsson: Thank you for your time today, Neil! I really enjoyed this conversation, and I look forward to catching up with you next quarter!

Tackling Industrial Manufacturing’s Biggest Challenges: Solutions That Work

Industrial manufacturing is undergoing a transformation driven by technology, market demands, and a rapidly evolving workforce. However, this evolution brings its own set of challenges that manufacturers must navigate to remain competitive. Below, we’ll explore the top challenges in industrial manufacturing and offer practical solutions to address them.

1. Supply Chain Disruptions

The Challenge: Global events like the pandemic and geopolitical tensions have exposed the vulnerabilities of supply chains. Material shortages, delays, and fluctuating costs have become routine, making it difficult for manufacturers to meet production targets.

The Solution:

Diversified Sourcing: Manufacturers should explore multiple suppliers, ideally in different regions, to reduce the impact of disruptions in one area.
Advanced Analytics and Forecasting: By leveraging data analytics, manufacturers can predict potential disruptions and adjust procurement strategies to maintain inventory levels.
Digital Supply Chain Management: Implementing technology like real-time tracking and automated inventory management systems ensures better visibility and responsiveness across the supply chain.

2. Talent Shortage and Skills Gap

The Challenge: As industrial processes become more automated and technical, there’s a growing need for skilled labor, particularly in areas like robotics, data analytics, and equipment maintenance. However, the industry faces a shortage of qualified workers due to retirements and a lack of interest from younger generations.

The Solution:

Reskilling and Upskilling Programs: Companies can invest in training programs for existing employees, focusing on emerging technologies and technical expertise.
Collaboration with Educational Institutions: Partnering with local schools and universities to create apprenticeship programs and internships can help build a pipeline of future talent.
Adoption of Automation: Automating repetitive or dangerous tasks can offset the impact of labor shortages while enhancing operational efficiency.

RELATED: IEC 61508 Overview: The Complete Guide for Functional Safety in Industrial Manufacturing

3. Adapting to Industry 4.0

The Challenge: Industry 4.0 technologies, including IoT, AI, and machine learning, offer vast opportunities for improving manufacturing processes. However, integrating these technologies can be expensive and complex, especially for small and medium-sized enterprises.

The Solution:

Start Small, Scale Gradually: Manufacturers should begin by digitizing a single aspect of their production (e.g., predictive maintenance) and expand as they see ROI.
Cloud-Based Solutions: Cloud platforms offer scalable, cost-effective ways to implement Industry 4.0 tools without a significant upfront investment in infrastructure.
Cross-Department Collaboration: Ensure alignment between IT, engineering, and operations teams to facilitate seamless integration and minimize disruptions during implementation.

4. Meeting Sustainability Goals

The Challenge: Governments and consumers are increasingly demanding sustainable practices from manufacturers. This includes reducing emissions, minimizing waste, and adopting environmentally friendly materials. However, transitioning to green manufacturing can be costly and complex.

The Solution:

Energy Efficiency Audits: Conduct regular audits to identify areas where energy consumption can be reduced, whether through upgrading equipment or adopting renewable energy sources.
Circular Economy Practices: Embrace recycling and remanufacturing to minimize waste, both in production and post-consumer use of products.
Collaboration with Stakeholders: Partner with suppliers and customers to promote sustainable practices across the entire value chain.

5. Cybersecurity Risks

The Challenge: With the growing adoption of digital technologies comes an increased risk of cyberattacks. These attacks can disrupt production, compromise sensitive data, and damage a manufacturer’s reputation.

The Solution:

Regular Security Audits: Conduct frequent assessments of your digital infrastructure to identify and address vulnerabilities.
Employee Training: Train staff on cybersecurity best practices, particularly in recognizing phishing attacks and securing devices.
Robust Incident Response Plans: Develop and test response plans to minimize downtime in case of a cyberattack, ensuring quick recovery and damage mitigation.

RELATED: The Top Challenges in Industrial Manufacturing and Consumer Electronic Development

6. Maintaining Operational Efficiency Amid Complex Demands

The Challenge: Manufacturers are under pressure to produce more custom products, reduce lead times, and improve quality—all while maintaining efficiency. Meeting these demands often strains existing processes and resources.

The Solution:

Lean Manufacturing: Implement lean principles to eliminate waste in production and streamline processes, improving both speed and efficiency.
Automation and Robotics: Invest in robotic process automation to handle repetitive tasks, reducing human error and speeding up production.
Flexible Manufacturing Systems: Adopt systems that can easily switch between different product types, accommodating the increasing demand for customization without sacrificing efficiency.

Conclusion

Industrial manufacturing is facing unprecedented challenges, but with the right strategies and technology, companies can navigate these obstacles and position themselves for long-term success. From investing in workforce development to embracing digital transformation, the solutions are within reach. By proactively addressing these challenges, manufacturers can enhance their competitive edge in an increasingly dynamic market.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Steven Meadows and Kenzie Jonsson.

This image portrays a video blog series, with this topic being on Software Defined Vehicle development

In this blog, we will preview a section from our video, “Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development” – Click HERE to watch it in its entirety.

Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development

We are excited to introduce Florian Rohde, an expert in electrification, variant management, software defined vehicles, continuous integration and validation, and AI in automotive development. With more than 20 years of experience in the automotive industry, Florian has worked with companies large and small, from Siemens to NIO to Tesla Motors.

In this episode, we discuss:

- Challenges in software defined vehicle development
- Variant and configuration management in SVDs – and which companies are excelling
- Balancing documentation, complexity, and speed

Below is a preview of our interview. Click HERE to watch it in its entirety.

The following is an abbreviated transcript of our webinar.

Kenzie Jonsson: Welcome to our Expert Perspectives series where we showcase insights from leading experts in complex product systems and software development, covering industries from medical device to aerospace and defense. We feature thought leaders who are shaping the future in their fields. I’m Kenzie, your host, and today I’m excited to welcome Florian Rohde, an expert in electrification, variant management, software-defined vehicles, continuous integration and validation, and AI in the automotive industry. With more than 20 years of experience in the automotive industry, Florian has worked with companies small and large, from Siemens to NIO, to Tesla Motors. Without further ado, I’d like to welcome Florian Rohde, who will be speaking with Matt Mickle, Jama Software’s very own director of automotive and semiconductor solutions.

Matt Mickle: Thanks, Kenzie. So my name is Matt Mickle. I run our solution development for automotive and semiconductor at Jama Connect. I’ve been with the company at Jama for about 11 years and worked as a consultant for most of that time. And now my team handles most of the consulting and development of solutions for automotive and semiconductor. And I live out in Europe, in Amsterdam. Came over here to help start up our European headquarters. And I’m joined today by Florian Rohde

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

Florian Rohde: Absolutely. Thanks, Matt. So I’m in the automotive industry for about 20 years. I started as an intern at Bosch, and then I started as a junior test engineer at a company called Siemens VDO, which then was incorporated into Continental. Back in the day, we were building electric power steering systems. So highly safety critical components in your car. So I got grounded into functional safety right from the beginning. I spent about seven, eight years at that company, both in Germany and in Romania. And then in 2012, I joined a startup called Tesla Motors, and that is bringing the interesting parts to our discussions here, I guess.

So in 2012, Tesla had about 2,000 employees worldwide. I was the first member and the founder of a team for vehicle software validation. So every software release, every software functionality on the vehicle level went through my signature for about six years. I counted over 700 releases in that time to the end customer and way more software that went through our test systems in that time. And after six years there at Tesla, I was one year at NIO as a director of integration of smart components. And starting 2019, actually, I became a consultant advisor all around SDV, software-defined vehicles, and basically trying to facilitate the communication between what you can call the old world and the new world. So the new players on the market and established 100-year-old OEMs because I speak both languages. I’ve been in both worlds. So I’m helping both sides, helping the new players really to understand regulatory things and scaling and things like that and helping the established players really to understand the role of software in today’s and tomorrow’s vehicles.

Mickle: Well, I know that when we started to talk about having this chat, one of the things that you’d mentioned is that you’re hearing quite often in the industry about challenges, especially as people are trying to shift into this modern way of working with software-defined vehicles. There’s still a lot of challenges around variant handling and configuration management. You have some strong background in handling some of those things, especially while you worked at Tesla. How would you say that your approach had to change when you started to think in a more software-defined vehicles perspective when it comes to variant management?

Rohde: Yeah. I think in general, there’s a lot of challenges. Variant management is one of them. But I think let’s focus on that for the purpose of this talk. Let’s not focus on engineering culture or software skill sets and so on. That’s, for sure, other topics we can talk about. But today, let’s talk about variant management, configuration management, etc. So on one hand, I see gigantic numbers of configurations out there when you look at legacy OEMs. And somebody told me just Ford F-150 numbers, they were like hundreds of thousands or even higher than that. So on one hand, you see the companies struggling with the variety of variants actually of their product. But then on the other hand, you also see R&D teams struggling with those variants, both in how to handle them on the development side of things, but even more so on the testing side of things, especially… So I’m a test engineer, originally. And for test engineers, additional variants are usually a nightmare because it just means basically one-on-one growth of your testing efforts.

So there is a problem that needs to be solved and it’s on two sides. It’s one, how do you solve that problem in your product itself? And the other thing is, how do you solve that problem in your tool chain? So things like what you’re doing on the requirement side of things, specification, and so on. Let’s look at the product for now. So Tesla had a different approach to this problem. They actually made themselves agnostic to the variety of variants. What does that mean? That means they developed their product software first and they were designing the software in a way that it can handle pretty much an endless amount of variance. Of course, and we can talk about that, there’s challenges to the validation of things. There’s challenges to how you handle software updates. There’s challenges how you handle releases. But we had a pretty good process in place to do so. But the alpha and omega of the whole thing is that there’s a system in place that allows the software to handle the variance without being handcuffed to some process from the past.

RELATED: Strategies for Mitigating Software Defined Vehicle (SDV) Development Risks and Reducing Costly Recalls

Mickle: Okay. So a lot of the challenges that I hear, and maybe some of what you hear, is especially around the alignment of the software with the hardware in terms of releases, considering those are evolving at different paces. So since the software is evolving so fast and handling multiple configurations, how do you account for that with what you’re doing with either tooling or the product?

Rohde: Right. So I think there’s a consensus in industry by now that the hardware has to be able to accommodate new software features over time. Or in other words, it has to be designed for a little more than it originally offers at start of production. There’s still a lot of hesitance around legacy carmakers because it’s a financial discussion, right? So I don’t think from technical point of view, anybody would disagree that the hardware should be overdesigned by, let’s say, 20% so the software can start evolving over time and creating new cool stuff. But it’s always a question how you actually finance that.

The good news here is that actually, hardware and compute power becomes more reasonable in pricing. So we’re not talking about dollars per bytes in memory anymore. We started talking about dollars per gigabytes, right? So we can actually make that happen a little easier. But obviously, there’s a strong legacy of hardware driving the timelines, and then the software goes on the hardware to make the functionality work as designed and then go into the car as a component. So now in the next generation of cars, you hear a lot the term of decoupling. So you’re decoupling software from hardware. What does that actually mean? That means that on the technical side of things, you have to find ways to have your software actually handling the car’s compute resource and not as a conglomerate of several separate ECUs. So we’re talking about zonal architecture at one point in the future, we’re talking about high compute power architecture, HPCs.

But on the other hand, it also means organizationally and structurally. So when I go back and look at the Tesla example, Tesla has one software that runs on all their cars. And the cars are, for sure, not all the same hardware. As a matter of fact, I like to sparkle that in here right now because a lot of people think Tesla holds the variance low, but that’s not the case. Yes, they have only four or five models in the field, five actually by now. But they actually perform some sort of a facelift statistically every week. So while in a traditional car-making you wait for about three to four years before you put in a flurry of hardware changes, and in between, the car stays more or less unchanged. What we experience at Tesla is that every week, there’s some new hardware going into the car. So there’s some new costs down available. There’s something better available. There’s some replacement parts available. It goes in right next week. And that means that you have thousands and thousands of different variants of Teslas driving out there, even though from the outside, they all look the same.

So what we did is we decoupled the software in a way that it’s “smart enough” to handle all these variants. So the way that works is there’s a package and that package of software contains all different options and variants, and it also contains the information who is allowed to play with who, so what variant is allowed to play with what variant of the other car component and so on based on our validation and release process.

But in general, in a very simplified way, the car knows what it is, and that’s already a huge difference to a lot of legacy carmakers. So the car has a digital information about its components in hardware and in software and in mechanics. And based on that information, it receives the software package and it builds its own personalized update out of that. And it’s talking to the components and updates the components with the right versions based on the information it has. This information is on the other hand also mirrored up into what they call the mothership, so the server area. So that information is available in real-time, and I’d like to talk about that a little bit because I think it’s extremely valuable, for example, for the validation and release process to set your priorities.

So let’s say I only have time to do one combination. So I would like to reach most people with my release today. Of course, I’ll do the next combination tomorrow and the day after. But today, I have only time for one and I want to reach the most people. So I can go and I can actually look what combinations are out there that are relevant for this release and I can prioritize my validation on that. Actually, at one point, we went so far that we even took time zones into consideration that we say, “We can validate all of this large area of the fleet, but hey, that will be midnight or 1 AM by the time they get it. So they will not install it for another eight hours or something like this. So let’s focus somewhere else.” So all this information is making it extremely powerful to manage your priorities and both in research… Sorry. And both in development and in validation.

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from MedTech Dive, titled “FDA Seeks Feedback On Health Equity for Medical Devices” – originally published on August 6, 2024, and written by Nick Paul Taylor.

FDA Seeks Feedback On Health Equity for Medical Devices

The agency plans to develop a framework for when devices should be evaluated in diverse populations to support marketing authorization.

Dive Brief:

The Food and Drug Administration is seeking feedback on health equity for medical devices to inform a potential regulatory approach to the topic, the agency said Monday. The paper is open for comment until Oct. 4.
In the discussion paper, the FDA shared its thinking on how sponsors can select study populations that adequately reflect the intended use for a particular medical device.
The discussion paper is part of a broader focus on health equity, one of the Center for Devices and Radiological Health’s strategic priorities, that also includes advice on diversity action plans.

RELATED: Jama Connect^® for Medical Device Development

Dive Insight:

The FDA framed the discussion paper as a response to the “urgent public health need for innovative technologies that help to reduce barriers to achieving health equity.” Seeking to address that need, the CDRH has committed to developing “a framework for when a device should be evaluated in diverse populations to support marketing authorization” as part of its strategic focus on health equity.

Running clinical trials that generate results consistent with how a device will perform in the real world is a way to improve health equity. Acknowledging that generating clinical data “can be complex,” the agency said it has focused its discussion paper on “a few important considerations that may be relevant for FDA’s evaluation of clinical evidence.”

The paper outlines factors that may help sponsors and investigators develop study objectives. To inform early trial design, the FDA recommends asking how the burden of disease and how the prognosis of a disease varies across a device’s intended use population. Sponsors can also ask how a device may introduce, exacerbate or mitigate differences in outcomes across the study population.

Another section of the document describes considerations related to the FDA’s evaluation of safety and effectiveness. The FDA reviews marketing authorization filings to determine whether there is reasonable assurance the device will be safe and effective in the intended population. As such, the agency is looking at whether clinical data “are generalizable to, and representative of, the intended use population.”

The FDA said it “considers it important to understand a sponsor’s rationale regarding the relevance of the provided clinical data to the intended use population.” The rationale could cover the processes used to select and enroll study populations, the agency said, or help the FDA understand difficulties a sponsor encountered when trying to obtain data from certain populations.

RELATED: Intelligent Engineering Management with Jama Connect^® Live Trace Explorer™

In the final section of the paper, the FDA describes example scenarios intended to prompt feedback on its assessment of the benefits and risks of devices. The section features a table that shows how the FDA may respond depending on whether the evidence suggests there are differences in patient populations and health outcomes, as well as whether the sponsor included specific populations in the clinical study.

In some cases, clinical trial sponsors may choose to design studies with “enriched” populations, meaning they intentionally enroll people from groups where differences are expected. The table suggests sponsors that fail to enrich study populations to reflect the intended use may face difficulties at the FDA if the available information suggests differences in patient populations.

The FDA said the absence of enriched populations may “introduce uncertainty” on the applicability of the data to the intended use population.

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Med Device Online, titled “What You Should Know About The FDA’s New Final Rule On LDTs” – originally published on May 14, 2024, and written by Mahnu V. Davar, Philip R. Desjardins, Abeba Habtemariam, and Phillip V. DeFedele, Arnold & Porter.

What You Should Know About The FDA’s New Final Rule On LDTs

On May 6, 2024, the U.S. Food and Drug Administration (FDA or the agency) published its highly anticipated final rule, which was formally published in the Federal Register on May 6, revising the regulatory definition of an in vitro diagnostic (IVD) product to explicitly capture IVDs manufactured by laboratories.

This follows the absence of proposed congressional action and the FDA’s review and consideration of comments to the October 2023 proposed rule (described in our prior Advisory on this subject) resulting in modifications to its phaseout policy and continued exercise of enforcement discretion for certain tests. In connection with the final rule, the FDA also issued two draft enforcement policies for certain tests offered in response to emergent situations or public health emergencies (PHEs). Despite the potential for legal challenges to the final rule, clinical laboratories should begin thinking about strategies for evaluating whether their laboratory-developed tests (LDTs) are subject to the FDA’s phaseout policy, determining the extent of FDA requirements that apply to such LDTs, and engaging with the FDA.

What Did the Final Rule Do?

The final rule amended the definition of an IVD in 21 C.F.R. § 809.3 to make clear that these products are devices as defined under the Federal Food, Drug and Cosmetic Act (FDCA), and may also be biological products under the U.S. Public Health Service Act, “including when the manufacturer of these products is a laboratory.” Although not a substantial rewrite of the IVD definition, this added phrase makes FDA’s position clear that LDTs are subject to regulation as, at a minimum, devices.

Why Does This Matter?

Historically, the FDA exercised enforcement discretion for LDTs, declining to impose its device authorities over such tests in most instances. For purposes of this enforcement discretion policy, the agency defined LDTs as IVDs intended for clinical use that were designed, manufactured, and used within a single clinical laboratory certified under the Clinical Laboratory Improvement Amendments of 1988 (CLIA) that meets CLIA regulatory requirements to perform high complexity testing. As such, LDT manufacturers that generally operated outside FDA oversight will now be expected to come into compliance with FDA requirements and controls applicable to their tests. In consideration of this substantial operational and compliance burden, the preamble to the final rule details a phaseout policy under which FDA will gradually end its general LDT enforcement discretion policy in five phases over a four-year period.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

What Tests Are Subject to the Phaseout Policy?

The phaseout policy generally applies to LDTs as defined above, as well as “IVDs offered as LDTs,” meaning tests that are manufactured and offered as LDTs by CLIA-certified laboratories that meet CLIA requirements to perform high complexity testing and that are used within such laboratories, even if they do not fall within FDA’s historical understanding and definition of an LDT because they are not designed, manufactured, and used within a single laboratory. Thus, the policy technically applies to a broader range of tests than those that actually meet the FDA’s definition of an LDT. However, despite this breadth, the final rule makes clear that the phaseout policy does not extend to IVDs manufactured or used outside of a laboratory, including collection devices.

Consistent with the proposed rule, FDA made clear that certain tests would be excluded from the phaseout policy and subject to immediate regulation since they were never eligible for enforcement discretion:

Direct-to-consumer tests
Tests intended as blood donor screening or human cells, tissues, and cellular and tissue-based products donor screening tests required for infectious disease testing under 21 C.F.R. § 610.40 and 21 C.F.R. § 1271.80(c), respectively, or required for determination of blood group and Rh factors under 21 C.F.R. § 640.5
Tests intended for actual or potential emergencies or material threats declared under Section 564 of the FDCA

Further, the final rule confirmed that the FDA would continue exercising enforcement discretion (and thus not apply device requirements) to the following tests originally described in the proposed rule:

“1976-Type LDTs” (i.e., tests that use manual techniques without automation performed by laboratory personnel with specialized expertise, use components legally marketed for clinical use, and are designed, manufactured, and used within a single CLIA-certified laboratory meeting CLIA requirements for high complexity testing)
Human Leukocyte Antigen (HLA) tests that are designed, manufactured, and used within a single CLIA-certified laboratory meeting CLIA requirements for high complexity histocompatibility testing and used for HLA allele typing in connection with organ, stem cell, and tissue transplantation, HLA antibody screening and monitoring, or conducting real and “virtual” HLA crossmatch tests
Tests intended solely for forensic or law enforcement purposes
Tests used solely for public health surveillance when intended solely for use on systematically collected samples for analysis and interpretation of health data for disease prevention and control and the test results are not reported to patients or their healthcare providers

Notably, in consideration of comments and other feedback, FDA decided to continue to exercise full or partial enforcement discretion for the following tests:

LDTs manufactured and performed within the Veterans Health Administration or the Department of Defense (full enforcement discretion continues)
LDTs approved by the New York State Clinical Laboratory Evaluation Program (enforcement discretion continues for premarket review requirements)
Non-molecular antisera LDTs for rare red blood cell antigens where such tests are manufactured and performed in blood establishments, including transfusion services and immunohematology laboratories and where there is no alternative available to meet the patient’s need for a compatible blood transfusion (enforcement discretion continues for premarket review requirements and all Quality System (QS) requirements other than the recordkeeping requirements at 21 CFR 820 (Subpart M))
Currently marketed IVDs offered as LDTs that were first marketed prior to the date of issuance of the Final Rule (May 6, 2024) and that are not modified or are modified in certain limited ways (enforcement discretion continues for premarket review requirements and all QS requirements other than the recordkeeping requirements at 21 CFR 820 (Subpart M))
LDTs manufactured and performed by a laboratory integrated within a healthcare system to meet an unmet need of patients receiving care within the same healthcare system (enforcement discretion continues for premarket review requirements and all QS requirements other than the recordkeeping requirements at 21 CFR 820 (Subpart M))

For those tests subject to only partial enforcement discretion, the final rule makes clear that all other requirements would apply as they are phased-in under the general phaseout policy for all IVDs offered as LDTs.

What Is The Phaseout Policy?

The phaseout policy consists of the following five stages, which start on May 6, 2024:

Stage 1: FDA will end the general enforcement discretion policy as to medical device safety reporting, correction, and removal requirements, and QS complaint file requirements one year after the publication of the final rule. Thus, manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion must come into compliance with these requirements by May 6, 2025.

Stage 2: FDA will end the general enforcement discretion policy as to all other medical device requirements, except for QS and premarket review requirements, two years after publication of the final rule. Therefore, manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion must come into compliance with these requirements by May 6, 2026.

Stage 3: FDA will end the general enforcement discretion policy as to the following QS requirements three years after the publication of the final rule: (1) design controls (21 C.F.R. § 820.30); (2) purchasing controls (21 C.F.R. § 820.50); (3) acceptance activities (21 C.F.R. §§ 820.80 and 820.86); (4) corrective and preventative actions (21 C.F.R. § 820.100); and (5) records requirements (21 C.F.R. Part 820, Subpart M). As such, manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion or partial enforcement discretion as to certain QS requirements must come into compliance with these requirements by May 6, 2027.

Stage 4: The FDA will end the general enforcement discretion policy as to premarket review requirements for high-risk IVDs (i.e., Class III IVDs or IVDs subject to Biologics License Application requirements) three and a half years after publication of the final rule. Manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion or partial enforcement discretion as to premarket requirements must come into compliance with these requirements by November 6, 2027. Notably, on its media call regarding the final rule, the FDA stated that it intends to complete the reclassification of certain Class III IVDs to Class II IVDs in advance of this deadline, thus lessening the number of PMAs that will be submitted. We further discuss this initiative and its potential relation to the final rule in our related Advisory on this topic.

Stage 5: The FDA will end the general enforcement discretion policy as to premarket review requirements for all remaining IVDs requiring FDA review unless otherwise noted by the FDA (i.e., some Class I and all Class II IVDs) four years after publication of the final rule. Manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion or partial enforcement discretion as to premarket requirements must come into compliance with these requirements by May 6, 2028.

Overview Of Test Types And Status

What About The Draft Public Health Emergency Guidance?

Although the draft PHE policies both address certain tests offered in response to emergent situations or public health emergencies, one relates to tests offered prior to issuance of a declaration under Section 564 of the FDCA while the other relates to tests offered during a declared emergency. These are notable because the FDA explains in the final rule that its general enforcement discretion policy for LDTs never applied to tests intended for emergencies, potential emergencies, or material threats declared under Section 564 because false results can have serious implications for disease progression, public health decision-making, and patient care. Instead, after all previous declarations under Section 564, the FDA has generally expected LDTs to comply with applicable requirements of the FDCA and FDA regulations. However, FDA has adopted, and may continue to adopt, specific enforcement discretion policies for such tests.

FDA’s draft Enforcement Policy for Certain In Vitro Diagnostic Devices for Immediate Public Health Response in the Absence of a Declaration under Section 564 sets forth FDA’s enforcement policy for “immediate response” tests for use in an emergent situation (i.e., the period of time between detection of the exposure or outbreak and either resolution of the exposure or outbreak or issuance of an applicable Section 564 declaration). Notably, the policy only applies to premarket review requirements and does not extend to tests with home specimen collection or at-home tests.

Under the policy, FDA does not intend to object to the offering of “immediate response” tests when:

The test is manufactured and offered by laboratory manufacturers meeting certain criteria
The test has been appropriately validated
FDA is notified
Appropriate transparency is provided
The test is labeled for prescription use only
There is no applicable Section 564 declaration

If no applicable Section 564 declaration is made within 12 months of the start of an emergent situation, FDA anticipates that the public health rationale for the enforcement policy will no longer apply at that time. FDA would then expect the laboratory manufacturer to cease offering the immediate response test or seek approval/clearance/authorization. FDA does not intend to object to the continued offering of an immediate response test while the premarket submission is prepared, submitted, and under FDA review so long as the laboratory manufacturer submits the submission within 12 months from the date of the first offering of the immediate response test.

FDA’s draft Consideration of Enforcement Policies for Tests During a Section 564 Declared Emergency, when finalized, will describe the factors FDA plans to assess in deciding whether to issue an enforcement policy regarding test manufacturers’ offering of certain devices (i.e., unapproved tests and unapproved uses of approved tests) for the diagnosis of disease or other conditions during a declared emergency. FDA intends to assess, among other things:

The need for accelerated availability of such tests
The known or potential risks of such tests
The availability of appropriate alternative tests that are authorized or approved
The availability of sufficient mitigations to address the risks of false results

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

What’s Next?

FDA intends to conduct webinars, publish guidance documents, provide templates, and participate in conferences to help laboratories understand and comply with applicable devices. We also think it likely that the FDA will increase inspections of laboratories offering IVDs as LDTs where the agency has identified or received concerns regarding their quality or accuracy and will start enforcing the FDCA against laboratories and similar entities perceived to be abusing the agency’s Research Use Only/Investigational Use Only policy or not complying with Investigational Device Exemption (IDE) requirements. As we noted in our Advisory on the October proposed rule, the FDA also has identified a number of test types that the agency believes present a higher risk of patient harm when run as LDTs (according to the agency, these include tests such as non-invasive prenatal screening).

Pre-submission meetings, pre-IDE meetings, and other FDA engagements related to data generation, regulatory pathway clarification, and classification will likely increase. The industry will need to closely watch the steps the FDA takes to lessen the burden of the final rule, such as the noted reclassification process, as well as any potential personnel or structural changes, and future funding requests. As the final rule preamble discussion notes, the alignment of the phaseout policy to coincide with the next round of Medical Device User Fee Amendments reauthorization suggests that the agency understands that it will have to carefully evaluate the burden of this exceptional expansion of FDA authority in terms of protecting the public health while not slowing down the availability of key diagnostic advancements to aid patient care.

We anticipate that laboratories and other affected entities will consider pursuing legal action against the agency, arguing that the FDA lacks authority to regulate LDTs and seeking to enjoin the agency from implementing the final rule. The preamble discussion attempts to anticipate and resolve a number of the key challenges raised in comments to the proposed rule, such as important legal questions about FDA authority under the Federal Food, Drug, and Cosmetic Act, interstate commerce concerns, limits on regulation of state-licensed actors, and many other salient issues. FDA clearly is of the view that public health exigencies outweigh the litigation risks, and the final rule phaseout policy and other enforcement discretion positions are sufficient to balance the interests of industry, patients, and the agency.

It remains to be seen what actions Congress may take now that the FDA has articulated a final position on this topic. Although Congress has taken an interest in the regulation, and lack thereof, of LDTs, including holding a recent hearing, a legislative solution that would potentially supersede the final rule is uncertain, if not unlikely in the near term. Therefore, given the current state of affairs, it is important for laboratories offering LDTs to begin strategizing on how they will address the final rule and FDA’s phaseout policy.

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Benefits of the Inflation Reduction Act for Solar PV Manufacturing” – originally published on March 18, 2024.

Benefits of the Inflation Reduction Act for Solar PV Manufacturing

The US Inflation Reduction Act (IRA) has been a significant catalyst in the economic landscape, particularly within the solar photovoltaic (PV) manufacturing industry.
This article will explore the beneficial impact of the IRA on this green technology sector, considering the financial implications, the stimulation of technological advancement, and the prospects under the current legislation.

We will unravel the intricacies of this relationship, setting a foundation for a comprehensive understanding of the future trajectory of the solar PV manufacturing industry in the context of the IRA.

Understanding the Inflation Reduction Act

To fully grasp the impact of the Inflation Reduction Act on solar PV manufacturing, a comprehensive understanding of this legislation is necessary.

The act’s interpretation is rooted in the law’s intent to curb inflation by manipulating economic strategies and regulating financial practices, which brings a focus to its economic implications.

At its core, the IRA aims to stabilize pricing and enhance the dollar’s purchasing power, inadvertently promoting the affordability of renewable energy technologies like solar PV manufacturing.

The legal provisions of the act are its foundational pillars, governing its implementation and enforcement. They outline the responsibilities of key stakeholders, the rights of affected industries, and the penalties for non-compliance.

For the solar PV manufacturing sector, the act’s provisions could potentially reduce production costs and foster competitiveness.

However, like any significant policy shift, the act also brings Implementation Challenges. These can include industries needing to adapt to new economic conditions or potential resistance from sectors negatively affected by the act.

The solar PV manufacturing industry may need to invest in operational adjustments to fully exploit the benefits of the act.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

IRA’s impact on solar PV manufacturing

Drawing upon the legal provisions and economic implications of the IRA, we can explore its tangible effects on the solar PV manufacturing sector.

The act, through its policy implementation, has instigated several changes in this sector, notably in job creation, trade relations, environmental impact, and market competition.

The IRA has been instrumental in job creation within the solar PV manufacturing industry. It has stimulated this growth by providing tax incentives for manufacturing companies to enhance their workforce. This policy implementation has bolstered the industry and helped reduce unemployment rates.

Trade relations have also been impacted by the IRA. The act has fostered a more favorable trading environment for solar PV manufacturers by reducing inflationary pressures on imported raw materials. This has enhanced the competitiveness of US manufacturers in the global market, improving the country’s trade balance in the process.

Regarding environmental impact, the IRA has indirectly boosted the use of renewable energy sources. By making solar PV manufacturing more economically viable, the act has encouraged the production and use of solar panels, thereby reducing greenhouse gas emissions.

Lastly, the act has spurred market competition. The reduced inflation rates have made it more cost-effective for new businesses to enter the solar PV manufacturing sector. This has increased the number of manufacturers, promoting a more competitive market and a wider range of options for consumers.

Financial benefits of the IRA

Delving into the financial benefits of the Inflation Reduction Act, we observe a significant enhancement in the economic viability of the solar PV manufacturing sector. The IRA offers multiple rewards that collectively contribute to the growth and prosperity of this industry.

One of the most compelling benefits is the provision of tax incentives. These incentives lower the tax burden for solar PV manufacturers, freeing up capital that can be reinvested in the business.

This leads to investment growth, another key benefit of the IRA. Increased investment enables manufacturers to expand their operations, purchase new equipment, and hire more employees, fostering business expansion.

In addition to tax incentives and investment growth, the IRA promotes cost efficiency. By reducing the inflation rate, the act increases the purchasing power of manufacturers. This allows them to acquire raw materials and other necessities at lower costs, thereby improving the bottom line and encouraging economic stability.

Moreover, economic stability is further enhanced as the IRA helps to stabilise the value of the dollar. This is crucial for solar PV manufacturers, who often deal in international markets. A stable dollar value reduces the risk of currency fluctuations, providing a more predictable business environment.

IRA and technological advancements

Building on the economic implications, the Inflation Reduction Act also catalyzes technological advancements in the solar PV manufacturing industry.

By providing financial incentives, the IRA stimulates technological investments, leading to accelerated innovation in solar PV technology. These investments are crucial for research and development, enabling companies to explore new, efficient methods of solar PV production.

The IRA implications on technological advancements are significant. The policy’s effectiveness in encouraging investments has been reflected in increased technological breakthroughs, improved production processes, and enhanced solar panel efficiency.

These advancements not only strengthen the industry’s competitive edge but also contribute to environmental sustainability by promoting cleaner energy sources.

However, advancement challenges persist. The rapidly evolving nature of technology necessitates continuous investment and innovation. Despite the financial benefits provided by the IRA, the high costs associated with advanced technology development and implementation can pose a hurdle.

Therefore, while the IRA has been instrumental in fostering growth and innovation, addressing these challenges requires strategic planning and sustained commitment.

Moreover, the effectiveness of the IRA in driving technological advancements is contingent on a supportive regulatory environment. Policymakers must ensure that the IRA’s provisions align with the industry’s evolving needs, encouraging continued investment and innovation.

A dynamic policy framework can help maintain the momentum of technological progress, ensuring the solar PV manufacturing industry’s long-term competitiveness and sustainability.

RELATED: Jama Connect^® for Traceable MBSE™

Future solar energy prospects under the IRA

Looking ahead, the Inflation Reduction Act holds promising potential for the future growth and development of the solar PV manufacturing industry.

It is expected to usher in advancements in various dimensions, including job creation, market expansion, environmental impact, global competition, and sustainable development.

The IRA could stimulate job creation by allocating funds for research, development, and manufacturing processes in the solar PV industry. This would not only increase employment but also enhance the skills of the workforce in this thriving sector.

Market expansion is another potential benefit of the IRA. With reduced inflation, the purchasing power of consumers is likely to increase, leading to heightened demand for solar PV products. This would pave the way for the expansion of the solar PV market.

The table below encapsulates the future prospects under the IRA for the solar PV manufacturing industry:

The IRA could bring about positive environmental impacts by encouraging cleaner energy production, thus reducing greenhouse gas emissions.

Additionally, it could enhance global competition by providing the US solar PV industry with a competitive edge.

Lastly, the IRA could foster sustainable development by promoting environmentally friendly and sustainable practices in the industry. These prospects under the IRA paint a bright future for the solar PV manufacturing industry.

Understanding ISO/IEC 27001: A Guide to Information Security Management

In today’s interconnected world, the importance of securing sensitive information cannot be overstated. Organizations face numerous threats to their information assets, ranging from cyberattacks to data breaches. To address these challenges, many businesses turn to internationally recognized standards for information security management, with ISO/IEC 27001 standing out as a cornerstone in this field.

RELATED: A Guide to Understanding ISO Standards

Overview of ISO/IEC 27001:

ISO/IEC 27001 is a globally recognized standard that provides a systematic approach to managing sensitive information, ensuring the confidentiality, integrity, and availability of data within an organization. Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), this standard outlines best practices for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

Key Principles:

Risk Management: ISO/IEC 27001 is fundamentally built on the concept of risk management. Organizations are required to identify and assess information security risks, implement controls to mitigate those risks, and continuously monitor and review the effectiveness of these controls.
PDCA Cycle: The Plan-Do-Check-Act (PDCA) cycle is at the core of ISO/IEC 27001. Organizations plan their ISMS, implement the plan, check its effectiveness through monitoring and measurement, and act to continually improve the system.

Scope and Requirements:

Scope Definition: Organizations must clearly define the scope of their ISMS, specifying the boundaries and applicability of the standard within their operations.
Risk Assessment: A comprehensive risk assessment is a critical component. This involves identifying assets, evaluating vulnerabilities and threats, and determining the potential impact of information security incidents.
Control Objectives and Controls: ISO/IEC 27001 provides an Annex A, which includes a set of control objectives and controls covering various aspects of information security, such as access control, cryptography, and incident management. Organizations choose and implement controls based on their specific risk profile.

Implementation Process:

Leadership and Commitment: Senior management plays a crucial role in the successful implementation of ISO/IEC 27001. Leadership commitment ensures that information security is integrated into the organization’s culture and business processes.
Documentation: Proper documentation is essential to demonstrate compliance with the standard. This includes the Information Security Policy, risk assessment reports, and records of monitoring and measurement activities.
Training and Awareness: Employees need to be aware of their role in maintaining information security. Organizations should provide training programs to enhance the awareness and competence of personnel.

Certification Process:

Third-Party Certification: Organizations can undergo a certification process conducted by accredited certification bodies to validate their compliance with ISO/IEC 27001. This certification provides assurance to stakeholders, customers, and partners that the organization has implemented a robust ISMS.

Benefits of ISO/IEC 27001:

Risk Reduction: By identifying and addressing potential risks, organizations can significantly reduce the likelihood of security incidents.
Enhanced Reputation: ISO/IEC 27001 certification enhances an organization’s reputation, demonstrating a commitment to information security best practices.
Legal and Regulatory Compliance: Adherence to ISO/IEC 27001 helps organizations comply with various legal and regulatory requirements related to information security.
Competitive Advantage: Certification can be a differentiator in the marketplace, giving organizations a competitive edge by assuring customers of their commitment to information security.

Continual Improvement:

Monitoring and Review: Regular monitoring and review of the ISMS ensure its ongoing effectiveness. This includes conducting internal audits and management reviews to identify areas for improvement.
Feedback Loop: ISO/IEC 27001 emphasizes the importance of feedback mechanisms, ensuring that lessons learned from incidents or changes in the business environment are incorporated into the ISMS.

RELATED: Best Practices Guide to Requirements & Requirements Management

Conclusion

ISO/IEC 27001 provides a robust framework for organizations to establish and maintain an effective Information Security Management System. By adopting this standard, businesses can mitigate risks, enhance their reputation, and demonstrate a commitment to safeguarding sensitive information in an ever-evolving digital landscape. As information security continues to be a top priority, ISO/IEC 27001 remains a valuable tool for organizations seeking a comprehensive and internationally recognized approach to managing information security.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matti Gray, Mandi Walker, and McKenzie Jonsson.

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Expanding EV infrastructure in the US: Both on- and off-road” – originally published on November 20, 2023.

Expanding EV Infrastructure in the US: Both On- and Off-Road

The expansion of electric vehicle infrastructure in the US has been challenged by various issues, from governance to location. Here, we explore the issues and how they can be combated.

The evolution and expansion of electric vehicle (EV) infrastructure, encompassing both on-road charging stations and off-highway electrification, is a burgeoning topic in the United States. This issue has been characterized by significant regional disparities, with varying levels of availability across different parts of the country.

Furthermore, it is marked by distinct challenges that arise in urban versus rural settings as well as on- and off-road contexts. The role of government support and policy direction also comes into play in shaping this landscape.

As interest in electric vehicles continues to surge, understanding the intricacies behind their supporting infrastructure becomes increasingly crucial. Off-highway electric vehicles have their own unique set of requirements when it comes to charging infrastructure, presenting numerous design and manufacturing challenges.

Looking ahead, predicting future trends within this area is challenging due to its rapidly evolving nature but nonetheless vital for planning and strategizing growth trajectories within this realm.

Availability of EV infrastructure in the US

The uneven distribution of electric vehicle charging stations across the United States underscores a significant disparity, with coastal areas generally boasting greater availability than their counterparts in the Midwest and rural regions.

This can be attributed to several factors, including regional disparities in both population density and average income level, which directly influence infrastructure cost and consumer adoption rates of EV technology.

For instance, densely populated urban centers, particularly those along the coasts such as New York City or San Francisco, tend to have higher per capita incomes. These areas are more likely to invest in expensive EV technology and support the infrastructure costs associated with establishing charging stations.

The increased presence of these facilities subsequently encourages more consumers within these regions to adopt electric vehicles due to decreased concerns over charging time.

In contrast, regions characterized by lower population densities or average income levels –such as many Midwestern states and rural areas – are typically less equipped with EV charging infrastructure. This results from a combination of factors: reduced consumer demand for EV technology due to financial constraints; longer distances between destinations that increase concern over charging times; and higher per-unit infrastructure costs arising from the need for more extensive grid enhancements in less developed areas.

As such, despite growing national interest in reducing carbon emissions through transitioning towards electric vehicles, these challenges contribute significantly towards regional disparities in the availability of EV charging stations across America.

Thus, it is imperative that future efforts aimed at expanding this crucial segment of green transportation infrastructure consider these distinctive geographical characteristics and obstacles.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

The challenges of expanding EV charging infrastructure

Significant stumbling blocks surface when scrutinizing the surge in electric vehicle utilization, particularly pertaining to potential power supply problems, prohibitive price points of charging stations, and a paucity of policies promoting progress. These issues include:

Infrastructure costs

The establishment of an extensive network of charging stations necessitates substantial capital outlay from both public and private sectors. The latter’s involvement is critical since government funding alone may not suffice.

Technological limitations

Current technology restricts rapid mass-charging capabilities, potentially leading to power grid stress during peak demand periods. This limitation necessitates additional investments in technology development and grid reinforcements.

Public awareness

Despite growing interest in electric vehicles, many potential users remain uninformed about their benefits or how to utilize existing EV infrastructure effectively.

Sustainability concerns

While electric vehicles significantly reduce greenhouse gas emissions compared to conventional fuel cars, the production process itself can have a substantial environmental footprint, largely due to battery manufacturing processes.

The availability of EV infrastructure in rural and urban areas

Differences in the accessibility and utilization of EV charging stations between rural and urban areas present a nuanced challenge in promoting wider adoption of this sustainable mode of transportation. Rural EV adoption faces obstacles such as a lack of public charging infrastructure due to less population density and greater travel distances.

Moreover, financial considerations play into these disparities as well; the high cost associated with the installation and maintenance of charging stations may not be justified by the potential low usage in rural settings. This situation leads to EV accessibility being heavily skewed towards urban regions where there is higher demand.

On the other hand, urban planning challenges also arise in expanding EV infrastructure within cities. The densely populated nature of urban environments results in space constraints for installing new charging stations. Available funding also becomes a critical factor – adequate EV infrastructure funding is necessary for both the construction and operation of sufficient charging facilities to meet growing demands.

Additionally, differences between these two types of geographies are reflected not only on human mobility but also have an impact on the environment.

While increased use of electric vehicles can significantly reduce greenhouse gas emissions in densely populated cities, achieving similar outcomes in rural areas can prove much more difficult due to their unique characteristics.

Government support

In light of these challenges, it is noteworthy to mention the initiatives taken by American governmental bodies to bolster the proliferation and accessibility of charging amenities for electric vehicles. The US Government has employed a mixture of methods to support this development:

Federal incentives

At the federal level, several incentives have been introduced over recent years to encourage EV adoption. For instance, the Electric Drive Vehicle Battery and Component Manufacturing Initiative provided $2bn in grants for manufacturing of advanced batteries and electric drive components.

Private partnerships

On top of direct funding, the US government also fosters private partnerships aiming at enhancing electric vehicle infrastructure. An example would be the ‘EV Everywhere Grand Challenge’, launched by the Department of Energy (DOE), which works with national laboratories, universities, private industries, and other governmental agencies to increase availability of high-speed charging stations across country.

Infrastructure financing

Additionally, there are efforts directed at infusing capital into public charging infrastructure through financing programs like the Clean Cities Alternative Fuel Vehicle Deployment Initiatives which allocated millions towards building EV charging stations nationwide.

Technological advancements and environmental impact

Given that environmental impact is a key driver behind the shift towards electric vehicles, governmental policies are expanding physical infrastructure but also investing in research & development for technological advancements that could reduce emissions further while improving EV range and battery life.

Developing off-highway EV charging infrastructure

The development of charging facilities for electric vehicles designed for non-highway use represents a unique and complex challenge, necessitating innovative solutions and strategies. Off-highway adaptations require not only the installation of charging stations in remote or less accessible areas but also the incorporation of infrastructure financing to support their construction and maintenance.

Technological advancements have been pivotal in addressing these challenges, making it feasible to develop energy-efficient charging systems that can withstand harsh environmental conditions while providing reliable service. These advancements range from solar-powered charging stations to smart grid technologies that optimize electricity usage during off-peak hours.

Investing in this type of infrastructure is critical for promoting sustainable solutions within the transportation sector, particularly in industries such as mining, agriculture, and construction where off-road vehicles are prevalent. The integration of renewable energy sources with charging infrastructure offers dual benefits: reducing greenhouse gas emissions associated with traditional fossil fuel-based power generation and extending the reach of EV technology into areas beyond urban centers.

Furthermore, public-private partnerships offer potential avenues for securing necessary funding without placing undue financial burden on local communities or individual businesses.

As such, developing an efficient and resilient off-road EV charging network requires a holistic approach incorporating technological innovation, targeted investment strategies, and sustainability considerations.

RELATED: Jama Connect^® for Automotive

The challenges of designing and manufacturing off-highway EVs

Designing and manufacturing electric off-highway vehicles presents unique challenges, with research indicating that a significant one is ensuring these machines can withstand the rigors of heavy-duty applications, an issue reported by 60% of manufacturers. Battery longevity is a critical concern in this regard since off-road vehicles often operate in extreme conditions that could quickly diminish battery life.

Similarly, terrain adaptability is another challenge. Electric vehicles must be designed to handle diverse terrains, from rocky landscapes to sandy dunes, without compromising on performance or energy efficiency.

Material sourcing poses yet another problem due to the need for lightweight but highly durable materials for construction. This brings us to durability concerns which are paramount because, unlike regular city electric cars, off-highway EVs have to endure harsher operational conditions requiring them to be more robust and longer-lasting.

Finally, cost efficiency continues to be an obstacle as developing high-performance, yet affordable electric off-highway vehicles remains a struggle for many manufacturers, due to the high costs associated with batteries and other essential components.

The future of EV infrastructure both on- and off-road

Transitioning from the challenges of designing and manufacturing electric off-highway vehicles, it is pivotal to envision what the future holds for EV infrastructure. This includes both on- and off-road contexts, as each comes with its unique set of considerations pertaining to infrastructure financing, renewable energy integration, vehicle-to-grid technology, and battery disposal methods.

The future landscape of EV infrastructure will likely be shaped by a variety of factors. The pace at which this change occurs may largely hinge upon infrastructure financing – securing sufficient funds to create an expansive network of charging stations that facilitate higher EV adoption rates. As more consumers opt for electric vehicles, there will be an increased demand for reliable and accessible charging facilities.

Therefore, investment in this sector is crucial not only for supporting current users but also promoting further uptake.

Simultaneously, the integration of renewable energy sources into these infrastructures represents a crucial aspect. By harnessing power from sustainable resources such as solar or wind energy, the environmental impact can be further mitigated while optimizing energy usage overall.

Moreover, vehicle-to-grid technology presents another promising avenue where electric cars do not just draw power but can feed surplus back into the grid during peak demand hours – thereby acting as mobile energy storage units. This could revolutionize how electricity grids operate while offering additional revenue streams for EV owners.

Lastly are considerations regarding battery disposal methods. With growing numbers of electric vehicles on- and off-road comes increased volumes of spent batteries which necessitate effective recycling or disposal strategies to minimize environmental harm and potential resource losses.

Thus, these aspects collectively indicate a multifaceted future wherein technological advancements must go together with strategic planning and responsible practices.

The US Government’s solutions offer hope

In conclusion, the path to an electrified future, both on- and off-road, resembles a vast and uncharted road. Despite challenges such as regional disparities in charging station availability, hurdles in infrastructure expansion, and manufacturing complexities for off-highway vehicles, progress is being made.

The US Government’s support, alongside innovative solutions, offers hope that these obstacles can be overcome. As the dawn breaks on this new era of transportation, one cannot help but feel a sense of anticipation for what lies ahead – a highway illuminated by the promise of sustainable mobility.

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Why penetration testing is critical to every robust cyber security strategy” – originally published on November 2, 2023.

Foreward by Josh Turpen – Chief Product Officer, Jama Software^®

A big “Thank You!” to Chris Dickens for a great article. As part of our security program here at Jama Software, we have a layered approach to security tests and scans. Scans are done on every build, automated tests are run on every build, and active PEN tests are done multiple times per year. As the only SOC 2 Type 2 product in the space, we have set a high bar for ourselves because we know the importance of security to our customers.

Why Penetration Testing is Critical to Every Robust Cyber Security Strategy

Chris Dickens, Senior Solutions Engineer at HackerOne, outlines an effective penetration testing strategy.

Digital transformation has become an essential requirement for any business that wants to remain competitive in an increasingly digital global landscape.

However, it’s not always straightforward. In many cases, digitizing key processes can expose businesses to a wide array of new cyber security risks they aren’t used to, potentially leading to damaging breaches, attacks and/or loss of sensitive data if they aren’t careful.

In order to protect against such threats, a well-rounded cyber security strategy needs to be put in place alongside any digital transformation initiative.

However, cyber security isn’t a ‘one and done’ activity, strategies must be continuously evaluated and tested to ensure they remain effective.

Cyber criminals constantly evolve their attacks, so cyber security must also evolve. Whatever works now will likely be outdated in just a few weeks or months.

One of the best ways to stay ahead is through regular penetration testing (pentesting), which can give companies a fast, accurate snapshot of the current state of their cyber defences. This point in time activity features ethical hackers putting themselves into the shoes of malicious actors in an attempt to breach a system’s security for the purpose of vulnerability identification.

Typically, both humans and automated programs are used to research, probe, and attack a network using various methods and channels known to be used by cybercriminals.

But too many still don’t fully understand how pentesting works, or how they can effectively implement it into their wider security strategy.

RELATED: Unlocking the Potential: The Importance of Software Defined Vehicles Explained

How has pentesting changed?

The era of secretive, closed-door penetration testing is a thing of the past. In those days, you had to depend on the skills and schedules of usually big companies, enduring long waits, and limited insight into the results and tester’s actions.

Nowadays, penetration testing has evolved significantly. It often commences within a few days and is typically conducted on a smaller scale more frequently. This transformation is credited to innovative platforms that offer real-time transparency into the testing process and a more inclusive approach when bringing testers on board.

The emphasis is now on results and experience from the ethical hacking community rather than formal education and certification. The creation of new AI-based hacking methods and willingness to test source code has also greatly improved the output.

While this may sound quite daunting for the business involved, pentesting is an incredibly effective way to discover major vulnerabilities in their security before they can be exploited, which is critically important for keeping sensitive data safe.

Arguably, penetration testing’s best advantage, however, is its thorough coverage and documentation. Due to its in-depth and refined testing, in most cases, vulnerabilities are discovered and documented, including details on how the bug can be exploited, its impact on an organisation’s compliance, and advice on how to remediate the issues.

Unlike other offensive security engagements, pentesting also allows organisations to test internal systems alongside unfinished applications – this is especially useful when leading up to a new product announcement or organisation acquisition.

Using pentests to inform both present and future security strategies

As mentioned, pentesting is a great way for businesses to gauge the effectiveness of their existing security defences at that moment in time.

However, too many organisations tend to treat it as though it’s the beginning and the end of the process, which it isn’t.

Pentesting is a tool, not a strategy, and as valuable as they are, pentests are only useful if the results are translated into an effective overall security strategy for the future.

An effective modern pentesting strategy should contain the following elements:

Establish key security priorities- First and foremost, businesses must determine what they need to protect. While it’s impossible to protect everything all the time, key assets should be prioritized based upon the damage the asset would cause if it was to be compromised. Typically, highly sensitive information such as proprietary IP, competitive and legal information, and personally identifiable information (PII) will be top of the list.
Get security buy-in from all employees- A sustainable security culture requires buy-in at all levels of an organization, from the executive board to the reception desk. If every employee takes responsibility for company security, it’s much easier to build a model where risks are shared, and teams across the company can scale securely.
Use pentesting as a regular security touchpoint- Regular penetration testing is a great way to promote a more proactive approach to security. All too often, organizations aim to meet only the minimum requirements for compliance – and believe themselves to be secure, which is a highly risky strategy. By contrast, combining regular pentests with bug bounty programs provides a continuous feedback loop that allows companies to quickly identify new vulnerabilities and deal with them before they come to the attention of malicious actors.
Make robust cyber security a strategic differentiator- A recent study by PwC found that 87% of global CEOs are investing in cyber security as a way of building trust with customers. If the lifeblood of the digital economy is data, its heart is digital trust. Organizations with a sound security strategy can quickly turn it into a strategic differentiator for their brand, which is invaluable in highly competitive business sectors and industries.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

The best cyber security strategies can quickly adapt to change

Modern enterprise security is not easy. As more businesses embrace digital transformation and cloud computing becomes the new normal, reliance on IT is at an all-time high.

Consequently, even a small data breach can potentially have a devastating impact. On top of this, attack surfaces are exponentially larger than they were just a few years ago and continue to grow at an alarming rate.

The best practice approach for security teams is to color outside of the lines by infusing new and independent thinking. With this in mind, penetration testing offers much more than just a scan and definitely more than a tick-box compliance requirement.

By developing a cyber security program that employs an agile approach, organizations can prioritize flexibility and make rapid changes when needed.

Engaging ethical hackers enables organizations to deploy an army of specialized experts that will work around the clock to identify vulnerabilities and conduct pentests for both regulatory compliance and customer assessments. In today’s highly competitive and volatile business environment, few organizations can afford to forego such a crucial security advantage.

Contributor Details
Chris Dickens – Senior Solutions Engineer, HackerOne

Tag Archive for: Compliance & Regulation

Expert Perspectives: A Method to Assess Benefit-Risk More Objectively for Healthcare Applications

Below is a preview of our interview. Click HERE to watch it in its entirety.

RELATED: Jama Connect® for Medical Device & Life Sciences Development Datasheet

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

RELATED: Application of Risk Analysis Techniques in Jama Connect to Satisfy ISO 14971

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY: Expert Perspectives: A Method to Assess Benefit-Risk More Objectively for Healthcare Applications

Driving Innovation: Quarterly Automotive & Semiconductor Trends with Neil Stroud

RELATED: Jama Connect for Automotive

RELATED: Compliance Made Easy with Jama Connect for Automotive and Semiconductor Development

Tackling Industrial Manufacturing’s Biggest Challenges: Solutions That Work

1. Supply Chain Disruptions

2. Talent Shortage and Skills Gap

RELATED: IEC 61508 Overview: The Complete Guide for Functional Safety in Industrial Manufacturing

3. Adapting to Industry 4.0

4. Meeting Sustainability Goals

5. Cybersecurity Risks

RELATED: The Top Challenges in Industrial Manufacturing and Consumer Electronic Development

6. Maintaining Operational Efficiency Amid Complex Demands

Conclusion

Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development

The following is an abbreviated transcript of our webinar.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

RELATED: Strategies for Mitigating Software Defined Vehicle (SDV) Development Risks and Reducing Costly Recalls

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY: Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development

FDA Seeks Feedback On Health Equity for Medical Devices

The agency plans to develop a framework for when devices should be evaluated in diverse populations to support marketing authorization.

Dive Brief:

RELATED: Jama Connect® for Medical Device Development

Dive Insight:

RELATED: Intelligent Engineering Management with Jama Connect® Live Trace Explorer™

What You Should Know About The FDA’s New Final Rule On LDTs

What Did the Final Rule Do?

Why Does This Matter?

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

What Tests Are Subject to the Phaseout Policy?

What Is The Phaseout Policy?

Overview Of Test Types And Status

What About The Draft Public Health Emergency Guidance?

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

What’s Next?

Benefits of the Inflation Reduction Act for Solar PV Manufacturing

Understanding the Inflation Reduction Act

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

IRA’s impact on solar PV manufacturing

Financial benefits of the IRA

IRA and technological advancements

RELATED: Jama Connect® for Traceable MBSE™

Future solar energy prospects under the IRA

Understanding ISO/IEC 27001: A Guide to Information Security Management

RELATED: A Guide to Understanding ISO Standards

Overview of ISO/IEC 27001:

Key Principles:

Scope and Requirements:

Implementation Process:

Certification Process:

Benefits of ISO/IEC 27001:

Continual Improvement:

RELATED: Best Practices Guide to Requirements & Requirements Management

Conclusion

Expanding EV Infrastructure in the US: Both On- and Off-Road

The expansion of electric vehicle infrastructure in the US has been challenged by various issues, from governance to location. Here, we explore the issues and how they can be combated.

Availability of EV infrastructure in the US

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

The challenges of expanding EV charging infrastructure

Infrastructure costs

Technological limitations

Public awareness

Sustainability concerns

The availability of EV infrastructure in rural and urban areas

Government support

Federal incentives

Private partnerships

Infrastructure financing

Technological advancements and environmental impact

Developing off-highway EV charging infrastructure

RELATED: Jama Connect® for Automotive

The challenges of designing and manufacturing off-highway EVs

The future of EV infrastructure both on- and off-road

The US Government’s solutions offer hope

RELATED: Jama Connect^® for Medical Device & Life Sciences Development Datasheet

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Expert Perspectives: A Method to Assess Benefit-Risk More Objectively for Healthcare Applications

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development

RELATED: Jama Connect^® for Medical Device Development

RELATED: Intelligent Engineering Management with Jama Connect^® Live Trace Explorer™

RELATED: Jama Connect^® for Traceable MBSE™

RELATED: Jama Connect^® for Automotive

Foreward by Josh Turpen – Chief Product Officer, Jama Software^®