Tag Archive for: Requirements & Requirements Management

[Webinar Recap] Navigating AI Safety with ISO 8800: Requirements Management Best Practices

As artificial intelligence (AI) becomes increasingly embedded in automotive and semiconductor applications, ensuring its safety is critical.

In this webinar recap, Matt Mickle from Jama Software and Jody Nelson from SecuRESafe (SRES) dive into the newly introduced ISO/PAS 8800 provides a framework for managing AI-related safety requirements in road vehicles, addressing the challenges of functional safety, system reliability, and risk mitigation.

What You’ll Learn:

  • The importance and framework of ISO/PAS 8800 for AI safety in road vehicles
  • How to derive and manage AI safety requirements effectively
  • Addressing insufficiencies in AI systems and ensuring traceability to related standards
  • Practical strategies for integrating ISO 8800 into a structured requirements and systems engineering workflow

Below is an abbreviated transcript of our webinar.

Jody Nelson: Appreciate the invitation from Jama Software for this discussion. I think it’s a very important topic as we’re going to be talking about a newly released standard, the ISO/PAS 8800. And our agenda for today, we’re going to first start out and talk about the framework and importance of the 8800. In order to do this, we have to pull in other standards. So as we’ll discuss in this discussion, the 8800 is not a standalone standard. It does have dependencies on ISO 26262 and ISO 21448. So we’ll start out from some framework for ADAS, automated drive systems, and then we’ll go into deriving and managing AI safety requirements. And this is a very difficult topic to go through. So this is where it is really great in this partnership with Jama Software to walk through it with a requirements management tool because it’s much easier to see once we’re in a tool environment.

And we’ll talk about addressing insufficiencies. This is something that we talk about a lot in Safety of Intended Functionality (SOTIF.) Now, we’re going to drive that down into lower levels into the AI system, including down to the machine learning model level. And with all of these safety standards that we talk about and with all these aspects of safety, we need traceability. So we’ll talk about in 26262 traceability between requirements to verification testing to your safety analysis. And these are the aspects that we want to show in today’s webinar. And then we’ll actually jump into the tool itself and show you a practical example of how to use 8800 and just show that flow.

So before we get into that, I do want to lay out a little bit of an AI requirements landscape. And before we jump into the AI safety landscape, let’s take a step back because it’s very important that we harmonize and ground ourselves with where we’re at now prior to these AI safety standards.

Well, the Automotive Functional Safety Development, as most of you know, the ISO 26262, was released in November of 2011. We have this pyramid of development. And it’s very common, and one of the biggest advantages of 26262 is almost everything’s built into the standard. So we don’t look out of the standard much when we’re in the traditional functional safety world. It’s all built into the standard.

Well, we start out with this quality management system (QMS) layer, this quality management system layer, and that’s the one exception to that last statement. This is where we point out to an outside standard such as ISO 9001, IATF 16949. These are the most commonly used in automotive, and that sets up our basis for our quality management layer. So that’s setting the initial processes.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

Nelson: But that’s not sufficient enough for safety. So we build on top of that functional safety processes, functional safety policies, which we call our functional safety management. And the majority of that is captured in Part 2 of the standard ISO 26262. So that’s the layer that we build on top of the QMS.

And then of course, we need a path forward. We need an understanding of the steps that we need to follow, and this is within our functional safety lifecycle. Again, this is built within the standard. We can jump into Part 2 of ISO 26262. It provides us an overall life cycle from concept phase all the way to decommissioning. So we’re talking about 15, 20-year lifetime.

And then on top of that is where we do the actual development, and that’s where in the standard’s Parts 3 through 7 goes into the concept phase, driving functional safety requirements, technical safety requirements, driving down into your hardware and software, and then coming back up to this V cycle where we do verification and eventually validation.

Now, this framework is well established. As I mentioned, since 2011, we’ve been following ISO 26262, and nearly the entire framework is built in. As we transition into autonomous drive and to AI safety, it gets a little bit less clear and less straightforward as this. So I readapted that first pyramid and looked at now the AI safety aspects of our development in automotive.

So in the bottom layer, we’re going to have to have an AI management system. So we’re still going to use our 16949 or 9001 QMS, but we need to extend beyond that. And what was released in 2023, late in 2023, is a standard called ISO/IEC 42001, which I’ll discuss briefly today. This sets up the nuances that we need to consider when we’re talking about AI, data governance, ethical concerns. All these kinds of responsible AI aspects are included into this framework of the 42001. 42001 is not meant to replace 16949. It’s meant to play with it to work together with your QMS. So it’s not about getting rid of your QMS processes. It’s about adding in the inclusions for our concerns or relevance with AI.

Well, just as we had in functional safety, we have to build in an AI safety management on top of that. Now, we’re going to start pulling in, for example, ISO/PAS 8800 that we’ll be talking about today, but in conjunction with the 26262 because 26262 still helps us establish the safety management. 8800 gives us the specific aspects of AI to that.

RELATED: Compliance Made Easy with Jama Connect® for Automotive and Semiconductor Development

Nelson: And then our lifecycle, we will be following aspects of 26262 lifecycle, but also SOTIF. So the ISO 21448 will be a critical aspect as well because we’re going to be combining both of these ideas into what will lead into the aspects that we need for the ISO 8800. So all three of those will be incorporated to build in this AI safety lifecycle.

Then of course, for the AI safety development, we’re going to have aspects of 26262. We’re going to have aspects of SOTIF, 8800 as we discussed today. And then we have some kind of complementary standards that will help us round this out. The ISO/IEC 5469, this will be replaced by an actual technical standard in the future. But as of now, this is a technical report. It is informal so it provides us only guidance that there’s no shells or requirements in it, but it’s going to help us. And we’ll see in the 8800 as you go through the standard, it points out to 5469 in some cases. And then soon to be released or currently released, the ISO 5083, which will be a replacement to the ISO 4804. This will help again align to ISO 26262 to that V cycle, that V-Model that we’re commonly used in 26262 world. But help us with more of the verification, validation activities in autonomous drive.

So I called this the new automotive model. As I mentioned before, we do have to point out to a few other standards. I do understand there is in some cases standards fatigue. We’re trying to boil this down into the most condensed version that we can present here.

So just briefly, I’ll look into a couple of these standards. As I mentioned ISO/IEC 42001, if you’re not familiar with this, it was released late in December of 2023. It is agnostic to industry, it’s agnostic to size of company, and it’s for both organizations that use AI or that develop AI. So it’s a very broad standard. Again, it is our QMS layer, but with the specific aspects of AI that we need to talk about. So it helps us ensure this responsible development of using AI systems. It does address ethical considerations, transparency, safety, and security, and it does provide a risk-based approach. Most of our functional safety standards and safety standards that we talk about in automotive are a risk-based approach. So within 42001, we talk about risk analysis, risk assessments, risk treatment, how we’re going to control these risks, and then an impact assessment of the overall risks that remain. So that’s our bottom layer.

And then I just wanted to point out the ISO/IEC 5469. Again, this is informative, meaning there’s no shells in the standard or in the technical report. It just provides us guidance and draws in this connection between functional safety and using AI systems either as a safety mechanism or somehow the AI system can impact safety.

To watch the entire webinar, visit:

Navigating AI Safety with ISO 8800: Requirements Management Best Practices

The Clear Choice: Why Jama Connect® Surpasses Codebeamer for Requirements Management and End-to-End Traceability

To adapt to increasing industry challenges and complexities, innovative organizations are now requiring best-in-class software to scale development, reduce risk, save time, and ensure compliance to quality, safety, and security regulations.

As organizations strive to deliver innovative products while navigating regulatory requirements, the tools they use for requirements management and traceability can make or break their success. This eBook is designed to help you understand the critical differences between Jama Connect and Codebeamer, two leading requirements management solutions, so you can make an informed decision.

The Requirements Sector

The landscape of requirements management has undergone significant transformation. Traditional tools (like IBM® DOORS®) which once dominated the market, are now considered outdated. These legacy systems often lack the flexibility, ease of use, and integration capabilities required by modern teams. As a result, organizations are turning to modern solutions like Jama Connect that are built to meet the needs of today’s dynamic development environments.

Why Jama Connect?

Jama Connect stands out as a leading requirements management solution because it is designed with the user in mind. Its modern, user-friendly interface, combined with powerful features like comprehensive traceability and real-time collaboration, ensures that teams can manage requirements and risks effectively throughout the product, systems, and software lifecycle. Jama Connect also emphasizes customer success, offering expert support and training to help teams maximize their investment. Ease of use, rapid deployment, pre-configured, well-documented industry frameworks, and in-house subject matter experts provide the fastest time-to-value/ROI without sacrificing quality or safety.

RELATED: See why users rank Jama Connect as the #1 requirements management tool on the market in the most recent G2 Report

The Clear Advantages of Jama Connect Over Codebeamer

If you’re comparing Jama Connect to Codebeamer, one thing is clear — Jama Connect is the only purpose-built requirements management platform that delivers Live Traceability™ which allows engineering and other teams toquickly and easily access the latest and most complete information for any requirement, no matter the stage of development or tools used. This real-time capability boosts productivity by ensuring teams work with the latest data and reduces risks like delays and defects by finding issues early. In addition, Jama Connect accelerates your product, systems, and software development by managing user needs and product information across the end-to-end development lifecycle.

Only Jama Connect Delivers Live Traceability™ Across Best-of-Breed Tools

Other vendors lock you into inferior platforms. Only Jama Connect seamlessly integrates with your tools-of-choice across engineering teams. And, only Jama Connect can manage the state of development across all integrated teams and tools. Jama Connect’s unique and industry-specific Traceability Information Models define the relationships and expected behavior across teams and tools.

Learn More »

Our customers consistently tell us that they chose Jama Connect over Codebeamer for the following reasons:

1. Ease of Use and High Adoptability

Jama Connect’s intuitive design and user-friendly interface make it easy for teams to adopt and use. Unlike Codebeamer, which can be complex and challenging for new users, Jama Connect ensures that teams can start managing requirements effectively with minimal training. Users insist on a requirements management and traceability solution that is easy to use so that both internal and external stakeholders can efficiently access, share, and review information in a single source of truth, increasing and speeding up the adoption across teams for a better ROI.

The ease of use is not only imperative for users but also for administrators. Jama Connect offers an intuitive and user-friendly administration interface that enables admins to adapt the tool to their organization’s needs without having to learn overcomplicated configuration settings and concepts.

2. Modern Integration and Collaboration Capabilities

Jama Connect provides comprehensive traceability and impact analysis, enabling teams to manage change effectively and reduce the risk of errors. The platform seamlessly integrates with other best-of-breed tools (including Jira and Azure DevOps) in the development ecosystem, ensuring that teams can work efficiently without having to change their other development tools. In contrast, Codebeamer focuses on working solely with other PTC tools and its own limited application lifecycle management (ALM) capabilities.

Modern product and software development requires optimal real-time collaboration between stakeholders. Jama Connect provides an enhanced collaboration experience with its communication streams and advanced Review Center, enabling both internal and external stakeholders with the capabilities to perform formal and iterative reviews.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

3. Intelligent Engineering Management

Jama Connect empowers Intelligent Engineering Management by addressing a critical challenge faced by engineering and product development organizations: the lack of real-time KPIs and metrics during development. This gap often leads to delays, budget overruns, and product defects or recalls. Jama Connect uniquely transforms traceability into a measurable instrument, enabling teams to track real-time metrics and KPIs throughout the product development process. By providing a comprehensive overview of project progress and aligning it with required processes, teams can identify gaps early, mitigate risks, and avoid missed requirements. With its Live Traceability™ and integrations with other best-in-breed engineering tools, Jama Connect ensures that both internal and external data are seamlessly managed, driving informed decision-making and on-time project delivery.

4. Strong Customer Support

We know that our customers need a support team that makes them a priority. That’s why Jama Connect offers unparalleled customer support (including 24/7 support for any production outages), with dedicated customer success teams that work closely with you to ensure you achieve your goals. In contrast, Codebeamer’s support can be limited, making it difficult for your teams to get the help they need when they need it.

5. Scalable and Flexible

Jama Connect is highly adaptable, making it suitable for a wide range of industries and project sizes. Whether your organization is in automotive, aerospace, medical devices, or another industry, Jama Connect can be tailored to meet your specific needs, often getting you up and running quickly with custom-built data frameworks to satisfy your industries regulations and best practices. Additionally, the platform offers flexible deployment options, including cloud and self-hosted, giving you the freedom to choose the best setup for your organization.

6. Fastest Time to Market/ROI

Deploy Jama Connect’s easy-to-use interface in weeks, not months, with easy updates and high performance. Preconfigured frameworks are built-in to satisfy industry regulations and help teams ease the path to compliance, along with in-house industry-focused subject-matter experts and exceptional customer support.

7. Lowest Total Cost of Ownership

With simple and straightforward administration and no need for custom scripting or continuous updating, Jama Connect has the lowest total cost of ownership in comparison to Codebeamer. Jama Connect scales easily without big infrastructure investment, and with unlimited no-cost access for extended internal/external stakeholders, all team members can be involved with additional costs.

THIS HAS BEEN A PREVIEW – TO READ THIS EBOOK IN ITS ENTIRETY, VISIT:
The Clear Choice: Why Jama Connect Surpasses Codebeamer for Requirements Management and End-to-End Traceability

Cybersecurity in Unregulated Industries: Proactive Strategies for Mitigating Risk

Cybersecurity in Unregulated Industries: Proactive Strategies for Mitigating Risk

In today’s modern, digital landscape, cybersecurity threats are not limited to heavily regulated industries like aerospace, automotive, and medical devices. While government mandates drive compliance in regulated sectors, industries without strict cybersecurity oversight for specific products — such as consumer electronics, financial services, insurance, industrial manufacturing, and software development — are increasingly taking proactive steps to address cybersecurity risks. With cyberattacks growing in frequency and sophistication, companies in these industries must prioritize security to protect intellectual property, maintain customer trust, and prevent costly disruptions.

RELATED: Integrate Cybersecurity and Safety Risk Management in Jama Connect® to Simplify and Accelerate Medical Device Development.

Cybersecurity Challenges in Unregulated Industries

Unlike regulated markets, where adherence to standards such as ISO 21434 (for automotive) or DO-326A (for Aerospace & Defense) is required, many industries operate without formal cybersecurity frameworks. However, recent high-profile breaches have underscored the need for stronger security measures:

  • Consumer Electronics: A leading smart home device manufacturer recently faced scrutiny after vulnerabilities in its IoT ecosystem allowed hackers to access users’ security cameras. Without strict regulatory oversight, companies must self-impose cybersecurity best practices to safeguard consumer data.
  • Industrial Manufacturing: A ransomware attack on a global industrial equipment provider disrupted production lines and resulted in significant financial losses. As manufacturers embrace Industry 4.0 and connected systems, cybersecurity must become a core consideration.
  • Software Development: Open-source software dependencies have become a major target for cybercriminals. The recent exploitation of a widely used software library demonstrated how vulnerabilities in third-party components can create widespread security risks.
  • Insurance: A major insurance provider suffered a data breach when cybercriminals exploited weaknesses in its cloud-based claims processing system. The breach exposed sensitive policyholder information, including Social Security numbers and financial details, highlighting the need for robust encryption and access controls in an industry handling vast amounts of personal data.
  • Financial Services: A global investment firm fell victim to a sophisticated phishing attack that compromised employee login credentials, allowing attackers to execute fraudulent transactions. As financial institutions increasingly rely on digital banking and AI-driven trading, strengthening identity verification and fraud detection measures is critical to mitigating cybersecurity threats.

Even without formal regulations, companies in these industries recognize that cybersecurity is a business imperative – and also crucial to remaining trusted and respected in the market. Many are implementing best practices, such as adopting secure development methodologies, integrating threat modeling, and enhancing collaboration between security and development teams.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

How Jama Connect® Supports Cybersecurity in Unregulated Industries

While unregulated industries may not face the same compliance pressures as sectors like automotive, medical devices, or aerospace & defense, they still need robust cybersecurity risk management. Jama Connect provides the tools necessary to build a strong cybersecurity foundation by:

  • Embedding Security into Development Processes: Jama Connect enables teams to integrate cybersecurity considerations throughout product, project, and program development, ensuring that security is addressed from the earliest stages.
  • Enhancing Collaboration and Risk Visibility: With real-time collaboration and traceability, teams can proactively identify, assess, and mitigate security risks before they escalate.
  • Facilitating Secure Software Development: By providing structured frameworks for security requirements and risk assessments, Jama Connect helps organizations adopt secure coding practices and threat modeling techniques.
  • Supporting Industry-Specific Best Practices: Even without formal regulatory requirements, Jama Connect allows organizations to implement cybersecurity frameworks aligned with industry standards such as NIST Cybersecurity Framework and Secure Software Development Lifecycle (SSDLC).

As cyber threats continue to evolve, companies in unregulated industries must take proactive steps to secure their products and operations. By leveraging Jama Connect, organizations can establish a structured, security-first approach that reduces vulnerabilities and builds resilience against emerging cyber risks.

Want to learn about how to mitigate cybersecurity risks in regulated markets? Check out this blog post.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Mario Maldari, Brian Morrisroe, and Kenzie Ingram.

Understanding ISO 26550: Managing Variability in Systems and Software Engineering

Understanding ISO 26550: Managing Variability in Systems and Software Engineering

As products become more complex, companies need better ways to manage different versions and configurations. ISO 26550 helps organizations handle variability in systems and software engineering, making it easier to develop, maintain, and update product lines while ensuring quality and compliance.

What is ISO 26550?

ISO 26550, Software and Systems Engineering — Reference Model for Product Line Engineering and Management, provides a framework for managing product variations. It helps organizations develop multiple product versions efficiently by identifying shared components and differences, reducing duplication, and improving consistency.

FOR A MORE IN-DEPTH LOOK AT ISO 26550, WATCH:
Use Cases and Strategies for Simplifying Variant Management

Key Aspects:

  • Product Line Engineering (PLE): A structured approach to managing families of related products.
  • Variant Management: Guidelines for handling product differences while keeping a common foundation.
  • Traceability & Compliance: Ensures all product versions meet quality and regulatory standards.
  • Lifecycle Integration: Supports managing variability from initial planning through development and maintenance.

Where is ISO 26550 Used?

ISO 26550 is useful for industries that build complex, configurable products, such as:

  • Automotive: Managing different car models and features while meeting safety regulations.
  • Aerospace & Defense: Ensuring variations of mission-critical systems meet strict requirements.
  • Medical Devices: Maintaining compliance across different product versions for various markets.
  • Industrial Equipment: Handling multiple configurations of machinery and control systems.
  • Software Development: Supporting modular software design to serve different customer needs.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

How Jama Connect® Helps:

Jama Connect makes it easier to follow ISO 26550 by providing:

  • Live Traceability™: Tracks changes across product versions to maintain compliance.
  • Variant Management: Helps teams manage multiple configurations efficiently.
  • Requirements Management: Organizes and links requirements across product lines.
  • Collaboration & Reviews: Improves teamwork and decision-making.
  • Compliance & Audit Support: Provides workflows and reports to simplify audits.

Conclusion

ISO 26550 helps organizations manage product variability effectively, improving efficiency and compliance. Jama Connect supports this by providing tools for traceability, variant management, and collaboration. If your organization needs a better way to handle product variations, Jama Connect can help simplify the process.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matt Mickle, McKenzie Ingram, and Decoteau Wilkerson.

Jama Software and :em AG Announce Strategic Partnership to Drive Efficiency in Requirements Management

Jama Software and :em AG Announce Strategic Partnership to Drive Efficiency in Requirements Management

Jama Software a leading provider of requirements management and traceability solutions, is pleased to announce a strategic partnership with :em AG. This collaboration brings together Jama Software’s industry-leading platform, Jama Connect®, with :em AG’s expertise in process and method consulting to help organizations streamline product development, enhance compliance, and mitigate risk.

Jama Connect empowers teams with real-time collaboration, Live Traceability™, and comprehensive requirements, risk, and test management, enabling them to navigate complex regulatory environments with confidence. Through this partnership, :em AG will support customers in seamlessly integrating Jama Connect into their development workflows — including variant management, risk management, and test management —while providing expert guidance on configuration and adoption.

“We are excited to partner with :em AG to expand the reach of Jama Connect and help more organizations overcome the challenges of increasingly complex product and software development,” said Tom Tseki, Chief Revenue Officer at Jama Software. “Together, we are enabling teams to accelerate innovation while decreasing risk by ensuring end-to-end traceability and regulatory compliance.”

Dr. Marcus Krastel, Member of the Board of :em AG, added, “We are delighted to have Jama Software, another leading provider of requirements management software, as a partner and to be able to address new customers with our services. Together, we are driving forward the digital transformation and offering solutions for the increasingly complex work with requirements and regulations.”

About Jama Software

Jama Software is focused on maximizing innovation success in multidisciplinary engineering organizations. Numerous firsts for humanity in fields such as fuel cells, electrification, space, software-defined vehicles, surgical robotics, and more all rely on Jama Connect requirements management software to minimize the risk of defects, rework, cost overruns, and recalls. Using Jama Connect, engineering organizations can now intelligently manage the development process by leveraging Live Traceability™ across best-of-breed tools to measurably improve outcomes. Our rapidly growing customer base spans the automotive, medical device, life sciences, semiconductor, aerospace & defense, industrial manufacturing, consumer electronics, financial services, and insurance industries.

For more information about Jama Connect services, please visit jamasoftware.com/

Strengthening Cybersecurity in Regulated Markets: How Jama Connect® Enhances Risk Management in Product Development

Strengthening Cybersecurity in Regulated Markets: How Jama Connect® Enhances Risk Management in Product Development

Discover how Jama Connect® empowers product development teams in regulated markets like aerospace, automotive, and medical devices to integrate cybersecurity and safety risk management with requirements management

In today’s connected world, cybersecurity is a critical concern for product development in regulated markets. According to a recent report by Cybersecurity Ventures, cybercrime is predicted to cost the world $10.5 trillion annually by 2025, underscoring the growing risks facing industries that rely on connected products.

As products become increasingly software-driven and connected, they present new vulnerabilities that require robust security measures. Industries such as aerospace, automotive, and medical devices must navigate complex cybersecurity regulations to protect sensitive data, ensure product safety, and maintain compliance with evolving standards. Failure to address cybersecurity risks not only jeopardizes user safety but can also lead to costly delays, recalls, regulatory penalties, and reputational damage.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

The Importance of Cybersecurity in Regulated Markets

Regulated markets operate under strict guidelines to protect data, ensure operational integrity, and maintain public trust. Cybersecurity compliance involves adhering to laws, standards, and regulatory requirements established by governments and industry authorities to safeguard digital information and systems from threats like unauthorized access, data breaches, and cyberattacks.

Recent incidents underscore the urgency of robust cybersecurity measures:

  • Medical Devices: The U.S. Food and Drug Administration (FDA) issued updated guidance requiring medical device manufacturers to submit cybersecurity plans as part of their premarket submissions. This move follows increasing concerns about vulnerabilities in connected medical devices that could jeopardize patient safety and data security.
  • Automotive Industry: A notable cybersecurity breach involving a major automaker demonstrated how connected vehicles can be remotely accessed and controlled. This incident has accelerated the push for stricter compliance with ISO 21434, the international standard for automotive cybersecurity risk management.
  • Aerospace & Defense: Cyberattacks targeting defense contractors have highlighted the need for stringent cybersecurity protocols. The implementation of DO-326A and other cybersecurity standards is becoming increasingly critical to protect sensitive information and ensure the safety of airborne systems.

RELATED: Jama Connect Enables DevSecOps Through Robust API and Integrations That Connect All Activity to Requirements

Jama Software’s Approach to Cybersecurity in Regulated Markets

Jama Software recognizes the critical importance of cybersecurity in regulated industries and has integrated out-of-the-box cybersecurity risk management capabilities into its industry-specific frameworks for Jama Connect. This integration facilitates a proactive approach to cybersecurity across various sectors, including airborne systems, automotive, and medical devices.

Aerospace & Defense

Aircraft, system, and subsystem manufacturers and their suppliers benefit from a customizable solution with a robust REST API aligning all cybersecurity activity with an integrated DevSecOps CI/CD pipeline, easy collaboration and reviews involving internal and external teams, and customizable reports to demonstrate compliance with the “Airworthiness Security Process Specification” (DO-326A). Jama Connect for Airborne Systems provides a framework to identify potential cyber threats, assess vulnerabilities, and implement security measures.

Automotive Industry

The shift towards software-defined vehicles has introduced new cybersecurity challenges. Jama Connect for Automotive offers OEMs and suppliers the capability to develop necessary work products that comply with ISO 21434 for cybersecurity management. It offers comprehensive cybersecurity diagnostics including Threat Analysis and Risk Assessment (TARA) templates and reports, as well as case management, progress monitoring, and reporting features to demonstrate compliance. By facilitating collaborative planning, validation, and alignment, it reduces risks through enhanced collaboration among specialized teams, removes guesswork from threat analysis, and accelerates project launches through efficient reuse of components.

Medical Device Industry

For medical device manufacturers, managing cybersecurity risk under standards like ANSI/AAMI SW96:2023 is complex. Jama Connect for Medical Devices harmonizes cybersecurity and safety risk management, simplifying complex risk evaluations and accelerating responses to threats. This integration reduces complexity, increases efficiency in managing risks, and ensures comprehensive documentation of traceability, which is crucial for regulatory compliance and patient safety. By embedding cybersecurity risk management into its industry-specific frameworks for Jama Connect, Jama Software empowers organizations to integrate cybersecurity risk management into product development processes for efficient and proactive identification, evaluation, and mitigation of cybersecurity risks, compliance with regulatory standards, and enhanced overall security posture of their products.

As cybersecurity threats continue to evolve, regulated industries must take proactive steps to safeguard their products, data, and users. The growing complexity of cybersecurity regulations highlights the need for robust risk management frameworks that integrate security into every stage of the product development lifecycle. By leveraging Jama Connect’s industry-specific cybersecurity capabilities, organizations can streamline compliance efforts, enhance collaboration, and mitigate risks more effectively. Investing in secure-by-design practices today ensures a safer and more resilient future for the products and industries that shape our world.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Mario Maldari and McKenzie Jonsson.

Headshot of a subject matter expert leading a webinar on Unlocking the Power of the Digital Thread in MBSE

In this blog, we recap our recent webinar, “Unlocking the Power of the Digital Thread in MBSE”

Best Practices: Unlocking the Power of the Digital Thread in Traceable MBSE™

In the world of product and systems development, integrating the digital thread throughout Model-Based Systems Engineering process isn’t just an advantage — it’s a game-changer.

In this engaging webinar, host Brian Kennedy, Principal Solutions Consultant at Jama Software, will show how the digital thread transforms MBSE, driving better traceability, stronger collaboration, and greater efficiency across the product lifecycle. You’ll also see how Live Trace Explorer™ helps connect your MBSE tools seamlessly, creating Traceable MBSE™.

What You’ll Learn:

  • The role of the digital thread in enhancing Traceable MBSE workflows
  • Best practices for building a connected thread across diverse systems
  • How Live Trace Explorer improves product quality, reduces risks, and accelerates delivery
  • Using coverage metrics to identify gaps and ensure process completeness
  • Proven strategies to reduce iteration loops and support regulatory compliance

Walk away with actionable insights to strengthen your Traceable MBSE processes — and see how Jama Connect® can elevate your engineering workflows.

Below is an abbreviated transcript of our webinar.

Briand Kennedy: During today’s webinar, I’m going to be discussing the process of unlocking the power of the digital thread in Traceable MBSE. To begin with, let’s just take a step back and understand what exactly is the Traceable MBSE process and where did it originate from? Today, many products that companies produce are live for safety-critical and one of the requirements for life and safety-critical products is that the company must completely document how the product should perform. Additionally, they have to also prove that it performs as specified. As products have become much more complicated and sophisticated and systems have become much more integrated and difficult to model doing this process has become a greater challenge than it was maybe previously.

As a result of us interviewing various engineering leaders who are responsible for product release, we asked them what keeps you up at night? What are the top things that these engineering leaders say keeps them up at night? As we listened to them, we heard many common questions come up. These are the five top questions or issues that they indicated. The first one is, how do I know which product requirements have been missed in my design? How do I know which product requirements are not fully covered by my test cases that I’ve defined? How do I know which product requirements have failed to pass tests? How do I identify development activity that happens to be using incorrect requirements or maybe isn’t even directly connected to requirements? And finally, how do I know if changes that have been made in say, hardware impacts my software team or if a requirement change impacts either the hardware or software team? How do I understand this traceability? These are the things that we’ve heard a lot about. I bet one of these might resonate with you.

RELATED: Bridging ALM and MBSE: Strategies for Seamless Integration

Kennedy: I’ll tell you what, why don’t we take a quick survey? There’s going to be a survey that pops up, and we’ll give you a couple of minutes to walk through these questions and tell us which one of these questions do you identify most with or is most pressing on your needs. Thank you very much for answering which one of these questions is the one you most identify with. At the end of this presentation, we’re going to come back to each one of these questions and show you how Traceable Model-Based System Engineering processes and the digital thread can help address each one of these items.

So, let’s talk a little bit about how we have developed Traceable MBSE to address these situations. To start with, let’s talk about where we came from. And we came from a paper-based system, and it doesn’t fully address these questions that we have here. And so, in order to solve these problems, we’ve performed a digital transformation, and that started with a very simple thing a long time ago of actually switching from physical paper over to electronic files. This provided significant improvements in efficiency and allowed each domain and discipline to be able to capture their data electronically versus on paper. It does improve communication, allows us to share data more easily, and allows us to reuse data in a much easier process. But fundamentally, this first step of converting from paper to electronic file, although it was a huge advantage, didn’t fundamentally change the process in which we did system engineering. We were still stuck with disconnected data.

So the next phase in this is what I call the decomposition phase. This occurred when we actually took those individual documents, for example, a complete requirement specification, and decomposed it to individual items. And this was very powerful. What we were able to do is instead of having a single document with all the specifications in it, we would decompose it to individual requirements, and each individual requirement could be referenced independently. And in fact, they allowed us to reuse this data and such. So you could have the same requirement being reused in multiple places, whereas before, you literally had two separate pieces of text that you were duplicating. Once again, another huge improvement in efficiency. This concept of decomposition doesn’t just isolate two requirements. It implemented various other things, such as the modeling systems for various other things. And it ended up creating a capability so that each discipline, each domain was able to create unique tools that address decomposition or analysis or simulation of their particular areas.

RELATED: Jama Connect for Traceable MBSE™

Kennedy: So what we saw was requirements identification and subsystem requirement identification, being executed in Word or Excel spreadsheets initially, and even going into some modeling techniques and different tools. So we ended up with a verification validation process that for each individual domain we were able to create some decent automation, but they weren’t connected. Each group was independently looking at their data and creating it, and there wasn’t consistent reuse across it and no consistent way of knowing what was the correct stuff. We depended on things like email and such like that. So it really created an impact on things like a lack of ongoing risk assessment, and change management became very difficult because even though we had decomposed some of the things and we had captured all the documents electronically, we still were not interconnected. We didn’t have a uniform interconnectivity, and this meant we had to take one more step in our digital transformation. And that final step was to create a true full model definition.

And when we talk about creating a full model, it involves quite a few things. First is governance. We have to create a structure and version control on top of the data. So we would classify the data in groups and control each one of those individual items, requirements simulations, functional definition, architectures as individual items and version control them in a controlled system in a database framework. So, we had a governance structure and control framework that needed to be defined. We then expanded from just having text-based or static images to having full diagrams where each item was interrelated and connected together. And we were able to create visual diagrams that illustrated how our systems were being designed, how functions and sub-functions and systems and subsystems were supposed to interact, and how data was supposed to flow from one part of our system to another. And we created these diagrams. Finally, we created a common data model, which allowed us to capture all these different pieces of data and define relationships from one item to the other and have consistent terminology and consistent use of that data. So we had one requirement defined in one place,e and it was used wherever it was needed by referencing that single item. And so that’s where we talk about a data model. We needed a complete data model to capture all this data that we were governing in the governance area and in the diagrams.

To watch the entire webinar, visit:

Best Practices: Unlocking the Power of the Digital Thread in Traceable MBSE™

A clock wearing a graduation hat alongside a lightbulb with gears and text about requirements management for seamless product delivery.

Jama Connect Features in Five: Requirements Management for Seamless Product Delivery

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of Jama Connect’s powerful features… in under five minutes.

In this Features in Five video, Michelle Solis, Solutions Architect at Jama Software, explores how Jama Connect offers an effective solution for delivering software, products, and services. We will examine how key features, such as importing, the traceability information model, and the review center, can help streamline processes, reduce rework, and minimize scope creep.

VIDEO TRANSCRIPT

Michelle Solis: Hello. I’m Michelle Solis, a Solutions Architect at Jama Software. In this video, we’ll explore how Jama Connect provides an effective solution for delivering software, products, and services. We’ll dive into how key features like importing, the traceability information model, and the review center can help streamline processes, reduce rework, and minimize scope creep.

Many teams gather requirements in Word or Excel while tracking development in separate tools, creating a lack of traceability between stakeholder needs and engineering work. This disconnect can lead to missed input, rework, and defects when requirements change. Without an integrated system, engineering may build outdated requirements, and QA may test against incomplete information, leading to costly delays.

Jama Connect bridges this gap by providing structured traceability and an efficient review process. Customers start by importing requirements from Word, Excel, or other tools. Once in Jama Connect, users can conduct structured reviews with stakeholders, enforce signatures, and track version changes. This ensures seamless traceability as requirements evolve, keeping teams aligned and reducing errors.

RELATED: Jama Connect® Features in Five: Reuse & Sync

Solis: Let’s jump into the tool and see how Jama Connect provides a solution for the delivery use case. We’ll start by looking at the traceability information model for an example project. Here, our requirements, like the previous slide detailed, start as an intake questionnaire filled out in Word. Those questions and responses are brought into Jama and then decomposed into customer requirements. From there, they further break down into functional and nonfunctional requirements with potential development tasks or software configurations.

Those tasks are tested and defects are logged against those tests. This traceability model allows users to see the downstream impacts of changes and trace defects up to their customer requirement. To the left, we have our exploratory that holds and organizes the requirements. Our customer component opens up to those customer intake questions and customer requirements. The customer intake questions are brought in using our Word import tool.

On the right hand of our screen, we see an example of what that intake questionnaire might look like. Now, we can see those questions and responses once they’ve been imported. Let’s click on one of these items and see one method of collaboration. In the comment stream section, we can pose questions for discussions, ask for a decision, or raise an issue. Our stakeholders, in response, can answer those decisions, answer questions, or provide resolutions.

In this example, I asked for clarification on this specific question. Now, instead of having to look through emails and other channels of communication, Jama Connect can be my source of truth. Once we finalize these questions and answers, we can break these down into customer requirements, and then we can send off our customer requirements for a review. I’ll right-click on my customer requirements and send them out for review. Our review wizard will be initiated, and I’ll define the name. I have different options for settings. One setting I’ll leave on is requiring an electronic signature from my approvers. I’ll designate my participants. In this case, it’s Michael Scott, my stakeholder, and myself. And then, in the final screen, it’ll show me what that invitation looks like when it gets sent out to my stakeholders.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Solis: While this review is initiating, I’m going to switch and sign in to Michael Scott so we can see what it looks like from the stakeholders perspective. Now let’s jump into a review we just initiated as a stakeholder. When a reviewer logs in, they are brought into a review screen with all of the reviews they are actively participating in. This makes the review process easy to jump into, and your non Jama users will be able to ramp up into the reviews quickly.

In the review, participants can reject and approve items line by line. They can leave comments and highlight specific text when they want to specify spelling errors or specific details. Once the review is complete, we’ll approve and sign off. From here, we can export our review into Word or PDF with our signatures attached.

Jama Connect streamlines product delivery by enhancing traceability, collaboration, and review processes, ensuring that teams remain aligned and projects stay on task. From capturing stakeholder requirements to managing approvals and exporting finalized documentation, Jama Connect provides a structured yet flexible approach to a successful product development.

Thank you for watching this demonstration of how Jama Connect features solve for the delivery use case. If you would like to learn more about how Jama Connect can optimize your product development processes, please visit our website at jamasoftware.com. If you’re already a Jama Connect customer and would like more information, please contact your customer success manager or Jama software consultant. Thank you.

To view more Jama Connect Features in Five topics, visit:
Jama Connect Features in Five Video Series

Pictures of two hosts discussing the topic of ECSS as a tool for compliance standards.

Ensure your space systems meet industry standards with ease.

The European Cooperation for Space Standardization (ECSS) provides a unified set of standards to streamline space system development and promote interoperability among international agencies. Our customers are leveraging Jama Connect® to comply with ECSS standards, resulting in enhanced collaboration, reduced risk, and mission success in the aerospace industry.

With Jama Connect, you can seamlessly manage these standards while maintaining full traceability and ensuring compliance throughout your projects.

Join us for this engaging webinar with Jama Software® experts Cary Bryczek – Director of Aerospace & Defense (A&D) Solutions and Martijn Janssen – Senior Solutions Consultant, provide a high-level overview of the ECSS standards, along with best practices for leveraging them within Jama Connect, including:

  • ECSS Process workflows and how they align with processes managed within Jama Connect
  • Establishing a ECSS Library in Jama Connect to provide a single–source of truth
  • Explanation on how to tailor the ECSS requirements and leverage Jama Connect’s Reuse capability

Don’t miss the chance to unlock new efficiencies in your systems engineering processes and ensure your projects stay on track.

Below is an abbreviated transcript of our webinar.

Accelerate Your ECSS Standards Compliance

Cary Bryczek: Hello, everyone, and thank you for joining us. My name is Cary Bryczek. I’ll be the moderator for today’s webinar, Accelerating Your Compliance with ECSS Standards inside Jama Connect.

I am Cary, the Director of Aerospace and Defense Solutions. I lead up a global team of industry and Jama Connect experts. For today’s webinar, first to speak is Martijn Janssen.

Martijn is a senior consultant at Jama Software. He has been working with PLM and requirements management solutions for over 15 years and is very proficient in not only Jama Connect, but the Siemens Industry Software solutions, as well as PTC Windchill. He currently works on implementing space-related systems such as satellites, launchers, and space-related components in the European Union for our Jama Connect partners. Martijn is a specialist in both systems engineering and information technologies. With that, I’ll pass it over to you, Martijn.

RELATED: Jama Connect® for Space Systems Datasheet

Martijn Janssen: Well, thank you for the introduction there, Cary. So, welcome everybody to our webinar on ECSS. I’m very excited today to introduce you to the way we manage ECSS standards within Jama Connect. Over the past couple of years, we’ve been working with a lot of customers on managing ECSS standards within our solutions, and today, we’re going to show you some examples on how we manage to do that. So, without further ado, I’m going to go over some of the ECSS standards, what it includes, what the use cases our customers face, and then afterwards, we’ll dive into the system and show you some of those use cases in action in Jama Connect. Let’s dive in to the presentation.

When we talk about ECSS, I presume many of you here already are aware, but for those of you that are not aware of ECSS, ECSS is a European corporation and it’s a collaboration between the ESA, the European Space Agency and many different other space agencies across the world to make sure that we have a single set of standards that we can use across companies working in the European space activities. Many of our customers around the world are looking to those standards, making sure they are compliant to them and working with those standards in different projects and at different levels. So, ECSS is a standard. You can find a lot of information on the website or ESA around the standards. They’re all there to be found if you’re not aware of them already.

The way that ECSS is organized and set up is something you will see in the standards on the website itself, but we also have the organization within our Jama Connect application. So, when we talk about the standards, the standards are divided into branches and disciplines. So, you will find, for example, the different branches on the top level there. So, for example, the space project management branch or the engineering branch, and below those branches, you will find a lot of disciplines detailed out per section and they are numbered in a specific way. Again, when we look into the demo, you will see a lot of those specific annotations come back and we maintain that same structure within Jama Connect.

RELATED: CIMdata: Digital Thread in Aerospace and Defense

Janssen: So many of our customers use a subset or a number of these standards in their Jama Connect application to make sure they are compliant and they are working towards the standards that ESA has set for these specific projects. So, the main structure in here is recognizable towards what is on the website and in the organization of ECSS. Outside of the actual organization of the disciplines and the branches, the disciplines themselves are even further, let’s say, detailed in documents and all these documents fall into one of those disciplines. So, for example, when we look at the discipline system engineering, you can see a large number of documents below that talking about different topics.

So, for example, on testing, on verification, on referencing, coordinate systems, all kinds of documents describing the standard, what you need to do to be compliant towards those standards. Now these documents are pulled into Jama Connect, and as you will see later on, we have all these documents available for you to start tracking and tracing compliance. So, the structure from a branch to a discipline to all the documents is something that you will recognize in the demo later on and where you can find and filter and search for certain topics that are numbered and maintained by the ESA. All right. So, that’s a little bit of a background behind the ECSS organizational diagram.

To watch the entire webinar, visit:

Accelerate Your ECSS Standards Compliance with Jama Connect®

Understanding ISO 26580: The Standard for Agile Product Line Engineering

Understanding ISO 26580: The Standard for Agile Product Line Engineering

Modern organizations face the challenge of balancing speed, compliance, and innovation, particularly when managing complex systems across multiple product lines. ISO 26580 provides a structured approach to addressing these challenges by standardizing Agile Product Line Engineering (APLE). But what exactly is ISO 26580, and why is it important? Let’s break it down.

ISO 26580 is an international standard that defines best practices for Agile Product Line Engineering (APLE). It bridges the gap between Agile methodologies and Product Line Engineering (PLE), enabling organizations to efficiently develop and manage product variations while maintaining agility in development processes.

The standard provides guidance on:

  • Integrating Agile principles with PLE frameworks
  • Managing shared assets across multiple product variations
  • Streamlining development cycles without sacrificing quality
  • Ensuring regulatory compliance within Agile environments

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Flow chart with the important elements of ISO 26580; adaptability, efficiency, compliance, cost reduction, and collaboration.

As industries shift towards mass customization and digital transformation, companies need robust strategies to manage evolving product lines efficiently. ISO 26580 helps businesses achieve this by:

  • Enhancing Efficiency: Organizations can reuse core components across product variations, reducing duplication and accelerating time-to-market.
  • Improving Collaboration: By integrating Agile methodologies, teams across different domains can collaborate more effectively, reducing silos.
  • Ensuring Compliance: Many industries, such as automotive and aerospace, require rigorous compliance. ISO 26580 helps align Agile processes with industry regulations.
  • Reducing Costs: With a structured approach to managing product variations, organizations can significantly cut development costs and resource expenditures.
  • Increasing Adaptability: Agile PLE enables companies to quickly adapt to market changes and customer demands without overhauling entire systems.

Who Benefits from ISO 26580?

Industries that manage complex systems with multiple variations, such as:

  • Automotive (e.g., different models of electric vehicles with shared software platforms)
  • Aerospace & Defense (e.g., modular avionics systems)
  • Medical Devices (e.g., regulatory-compliant software variations for different regions)
  • Software Development (e.g., product suites with configurable features)

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Final Thoughts

ISO 26580 is a game-changer for organizations balancing innovation, compliance, and efficiency in Agile product development. By standardizing Agile Product Line Engineering, it empowers businesses to streamline processes, improve collaboration, and accelerate market responsiveness. For companies navigating complex product variations, adopting ISO 26580 isn’t just an advantage — it’s a necessity.


Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matt Mickle, McKenzie Jonsson, Mario Maldari, and Decoteau Wilkerson.