Tag Archive for: Requirements & Requirements Management

In this blog, we recap our webinar, “IVDR Common Errors: Navigating Notified Body Expectations” – Click HERE to watch it in its entirety.

IVDR Common Errors: Navigating Notified Body Expectations

Explore the notified body process and IVDR technical documentation with experts Margot Borgel, Director of IVD Global Regulatory Affairs at RQM+, and Vincent Balgos, Director of Medical Device Solutions at Jama Software®.

You will gain a thorough understanding of these topics and more:

  • The notified body’s approach to technical reviews
  • Key considerations from the notified body’s perspective
  • Common mistakes made when compiling technical documentation

Below is a preview of our webinar. Click HERE to watch it in its entirety.

The following is an abbreviated transcript of our webinar.

IVDR Common Errors: Navigating Notified Body Expectations

Margot Borgel: Hello, everybody. I am Margot Borgel. I’m the Director of IVD Global Regulatory Affairs for RQM+. My role at RQM+ is to support clients in their IVD regulatory journey. So this includes making sure that our projects are meeting regulatory requirements, and providing regulatory leadership to other RQM+ consultants and CRO team members. I provide regulatory support and guidance through the entire product lifecycle from design concept through clinical studies, regulatory submissions, and approvals.

A little bit about me is that I joined RQM+ after four years at BSI Notified Body, where I was a member of the IVD technical team, specifically working on IVDR, IVDD, and UKCA certifications. I’ve worked with many different IVDs across most technologies and many, many device manufacturers. Prior to that, I spent about eight years in the industry for an IVD manufacturer. In that organization, I performed duties in research and development, manufacturing, technical support, and product transfer, as well as manufacturing.

Just a little bit about RQM+. RQM+ is a global MedTech service provider, that provides expertise across the full product lifecycle for both medical devices and IVD companies. We provide end-to-end solutions across the complete medical device product life cycle. And that includes many different aspects of the MedTech life cycle. We have a variety of different business units that support different projects, so regulatory and quality consulting, laboratory services, clinical trial services, reimbursement, and technology as well with our Fern.ai solution.

So we’re here today to talk mostly about IVDR technical files. So we’re going to first go through IVDR technical review and certification by the Notified Body. Then we’ll get into how a Notified Body is going to approach a tech file review. And common errors that are seen during that technical file review process.

RELATED: Jama Connect® for Medical Device & Life Sciences Development Datasheet

Borgel: Okay, so the first thing we have to do before we can really get into this is talk about the IVDR transition timeline. So the timelines have recently been updated. They were approved a few weeks ago by the EU Commission. And so I’m just going to go through those very quickly. We have a date of application which passed 26 May of 2022. We’re about two years past that now. But there is some transitional provisions for devices that are currently certified either by the Notified Body or self-certified under IVDD with a declaration of conformity signed before that May 2022 date. So, basically, from the last transition provisions, everything has been pushed out by 2.5 years.

So for Class D devices and devices with existing IVDD certificates, the new transition deadline is the 31st of December 2027, and then each class is pushed out another year. So Class C is 31st December 2028, and Class B and Class A sterile are 31st December 2029. But there are some provisions that come along with this. The main one that is brand new is that you must lodge a formal application with a Notified Body two and a half years before those final deadlines. So May 2025 for Class D and existing IVDDs. May 2026 for Class C and May 2027 for Class B and Class A sterile. On top of that, there are some other provisions, mainly that you must be complying with the IVDR PMS and vigilance requirements as of the 2022 date of application. You cannot put any new products on the market except under IVDR. All Class A devices must be IVDR compliant. And then, recently added, is that you must have an IVDR-compliant QMS system in place by May of 2025.

Okay, so as an IVD manufacturer under IVDR, there are a lot of obligations for manufacturers. This is covered in Article 10 of the IVDR. One of those requirements is that you will maintain and keep up-to-date technical documentation for your device.

And so what does that look like? The requirements are pretty consistent across classes, with a few differences as you have lower-risk and higher-risk devices. But for all devices, you must have that compliant QMS system. You must have a tech file meeting Annex II requirements. And you must meet all of the GSPRs. You must have a performance evaluation plan and report and PMPF plan. For Class A devices, you’re self-declared so you don’t have to worry about Notified Body requirements. But all other devices, from Class A sterile up to Class D, require a Notified Body assessment and certification. Class A and Class B devices need a post-market surveillance report, whereas Class C and D need periodic safety update reports. The difference in content is pretty small, but there are some differences in where you put those documents, who you provide them to, and things like that.

And then Class C and D also require a summary of safety and performance. If you have a companion diagnostic that would fall under Class C, you’re also going to need to do an EMA consultation for that CDx. And for Class D devices, you’ll need to adhere to common specifications, or potentially go through expert panel review. And you’ll need to interact with the EU Reference Labs, which includes product verification and batch release.

This slide is just an overview of all of the technical documentation that is required under IVDR. I’m not going to go into every single thing on this list right now, but that’ll be here for your information. And it’s mainly covered in Annexes II and III of the IVDR.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Borgel: Okay, so, now, I’m going to talk a little bit about Notified Body processes. Each Notified Body is going to have its own nuance to this process, but this is generally how it will go. So you, as the manufacturer, will submit your application to the Notified Body. There will be some back and forth there as you talk about your devices, what classifications they are, what kind of groups are going to get set up, and things like that. And once that’s all situated, you will sign a contract, and then you’ll be officially under contract with the Notified Body. They will do what’s called an application review. This is covered in Annex IX of the IVDR. They’ll basically just make sure they have everything that they need, that they agree with the classifications that you’ve provided, that they have assigned the right codes to your devices, and things like that.

After that is complete, the actual conformity assessment activities will start. So QMS audit and technical review, different Notified Bodies are going to do this slightly differently. Some don’t have any constraints. They can do one or the other at the same time, separately. There are no contingencies. Others have some requirements that the QMS audit happen either before or after the tech review, or that you have to have certain aspects of your technical file complete before the QMS audit occurs. And that’ll be something you’d discuss with your Notified Body. Once those two things are complete, there’ll be a certificate recommendation and then some sort of a review and approval process. So this is like a panel review at some Notified Bodies or a decision-maker review. And then, after that, the certificate will be issued.

When we break down that technical review into a little bit more detail, this is what it looks like. So you submit the documentation to the Notified Body. Most Notified Bodies do what’s called a completeness check, where they just look at what you’ve submitted and make sure they have all the documents they need, and sort out any deficiencies. If it’s a Class D device, you’ll need to make sure that you’re meeting certain requirements for those. So, mainly, have you met common specifications, or is it a first-of-type Class D without common specs? So then we’ll get into tech review. That will go through three rounds of questions, typically, for most Notified Bodies, where you’ll be able to resolve deficiencies in your technical file. That’ll go back and forth. While that’s happening, if you do have a Class D, that first-of-type expert panel review process will be ongoing.

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
IVDR Common Errors: Navigating Notified Body Expectations

How to Overcome Development Challenges: Optimizing Review Cycles for Regulated Industries

The nature of regulated industries poses specific hurdles that demand strict procedures and careful consideration. Teams must navigate various difficulties, such as adhering to strict regulations and managing complicated relationships with stakeholders, to deliver top-notch products, software, and systems. Improving the review process is a critical approach for overcoming these challenges, promoting teamwork, enhancing decision-making, and expediting time to market. In this blog post, we delve into how streamlined review processes can help teams conquer development obstacles in regulated sectors.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

The Critical Role of Enhanced Review Cycle Processes

  • Ensuring Compliance with Regulations: In industries such as medical device & life sciences, aerospace & defense, and automotive, adherence to regulatory standards is of utmost importance. Through improved review procedures, all requirements and deliverables are thoroughly evaluated, reducing the possibility of non-compliance and associated penalties. Regular and thorough reviews also aid in the early detection and resolution of any issues during the development process
  • Fostering Efficient Collaboration: Development projects often involve the collaboration of diverse teams and external partners. Enhanced review processes establish a structured framework for effective collaboration, ensuring that all stakeholders can contribute and provide feedback efficiently. This cooperative approach leads to the creation of comprehensive and well-rounded solutions.
  • Expediting Development Timelines: Timeliness is crucial in regulated industries. Streamlined review processes can significantly reduce development timelines by swiftly identifying and addressing any issues that may arise. This minimizes the need for rework and helps teams stay on track, ultimately accelerating the time-to-market.
  • Enhancing Decision-Making: Enhanced review processes offer a holistic view of project progress and potential challenges, facilitating well-informed decision-making. By providing all relevant information to stakeholders, teams can make timely and well-founded decisions, aligning everyone towards a common goal.

“The review process is a lot quicker than it was before, it’s very efficient in Jama Connect. If we compare it to reviewing the spreadsheets and Word documents versus doing a review in Jama Connect Review Center, it’s about an 80% reduction in time, for sure.”
– Kurt Shuler, Vice President, Marketing – Arteris IP, “See How Arteris IP is Leveraging Jama Connect for Autonomous Vehicle Development”

Strategies for Enhancing Review Processes

  • Simplifying Review Processes: It is crucial to have well-defined and streamlined protocols in place for reviews to optimize the process. This includes setting specific review deadlines, using standardized templates, and clearly outlining the roles and responsibilities of all parties involved.
  • Utilizing Modern Technology: Innovative review tools like Jama Connect’s Review Center offer the ability for real-time collaboration and feedback. These tools allow for reviews to take place at different times, preventing delays and keeping the process moving forward.
  • Centralizing Documentation and Feedback: Having a centralized location for all review documents and feedback ensures that team members have access to the most up-to-date information. This promotes transparency and ensures that feedback and approvals are properly recorded and easily traceable, which is crucial for compliance audits.
  • Identifying and Removing Obstacles: Regularly evaluating review cycles to pinpoint any issues and implementing solutions such as automated notifications and reminders can help keep the review process on track. This proactive approach helps maintain progress and ensures timely completion of reviews.

“If working in Aerospace / Avionics engineering, Jama Connect is a solid option to handle requirements, elements of detailed design and Test artifacts. It also enhances cross-team collaboration through the Review Center, the Stream feature.”

– Process Engineer, Aerospace & Defense  

The Benefits of Jama Connect®’s Review Center

Jama Connect®‘s Review Center provides an iterative, collaborative approach to reviewing requirements and tests in real-time. With Jama Connect’s Review Center, teams can:

  • Enable efficient and scalable reviews and shorten review cycles by up to 50%
  • Prioritize critical decisions and align stakeholders to improve response times, minimize meetings, and eliminate communication bottlenecks
  • Facilitate compliant reviews and approvals by creating a standardized review process, gaining formal approvals, and exporting to an auditable system of record
  • Engage unlimited stakeholders: Drive participation from buyers, suppliers, and partners across organizational boundaries for centralized definitions, input, and decisions
“Jama Connect allows us to centrally collect project documentation (requirements, product risks, test cases, etc) and efficiently review, release, and reuse the contents of these documents.”
– Vice President of Engineering, Medical Device & Life Sciences

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Conclusion

Improving review procedures is a vital approach to overcoming challenges in regulated industries. When reviews are optimized, they not only ensure adherence to regulations, but also promote efficient teamwork, accelerate development timelines, and enhance decision-making. Jama Connect’s Review Center provides a robust solution for enhancing review processes, allowing for efficient and scalable reviews, aligning stakeholders, promoting compliant reviews, and engaging an unlimited number of participants. With Jama Connect’s Review Center capabilities, teams can streamline their review processes, resulting in the timely delivery of high-quality, compliant products that meet the stringent requirements of regulated sectors.

“We have achieved a significant ROI with Jama Connect in risk reduction and productivity gains: reuse is up 100%, rework is down 50%, requirements review cycle time is cut by 30% and audit preparation time is down 75%.”
Kurt Shuler, Vice President, Marketing – Arteris IP, “See How Arteris IP is Leveraging Jama Connect for Autonomous Vehicle Development”

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by McKenzie Jonsson, and Decoteau Wilkerson.

Ensuring Quality and Reliability in Automotive Software Development: An Overview of ASPICE 4.0

ASPICE (Automotive SPICE) 4.0 is a process assessment model tailored specifically for the automotive industry to ensure the quality and reliability of software and system development processes. It is part of the larger ISO/IEC 330xx family of standards and is derived from the general SPICE (Software Process Improvement and Capability determination) framework.

Key Features of ASPICE 4.0

  • Process Reference Model (PRM): ASPICE 4.0 defines a set of processes relevant to automotive software and system development. These processes cover the entire lifecycle from requirements elicitation to maintenance. The PRM provides a comprehensive overview of essential activities and outcomes expected in each process.
  • Process Assessment Model (PAM): The PAM provides detailed guidance on assessing the maturity of these processes. It includes indicators for evaluating the performance and capability of each process, helping organizations identify strengths and areas for improvement.
  • Capability Levels: ASPICE 4.0 defines a six-level capability model, ranging from Level 0 (Incomplete) to Level 5 (Optimizing). Each level builds on the previous one, with Level 1 focusing on basic performance, and higher levels emphasizing increasingly sophisticated process management and continuous improvement.
  • Automotive-specific Focus: Unlike general SPICE models, ASPICE 4.0 addresses the unique requirements of automotive systems, including compliance with safety standards such as ISO 26262. It emphasizes processes that are critical for developing safe, reliable, and high-quality automotive software and systems.
  • Traceability and Compliance: ASPICE 4.0 ensures that all processes are well-documented and traceable, facilitating compliance with regulatory and industry standards. This traceability is crucial for audits and assessments, providing a clear linkage between requirements, design, implementation, and verification.
  • Scalability and Flexibility: The model is designed to be scalable, allowing organizations of different sizes and complexities to adopt and implement its processes. It provides flexibility to tailor the processes based on specific project needs while maintaining the core principles of quality and reliability.

Benefits of ASPICE 4.0

  • Improved Quality: By following structured and well-defined processes, organizations can enhance the quality of their software and systems, reducing defects and failures.
  • Risk Management: ASPICE 4.0 helps in identifying and mitigating risks early in the development process, particularly those related to safety and compliance.
  • Customer Confidence: Adherence to ASPICE 4.0 standards demonstrates a commitment to quality and reliability, fostering trust and confidence among customers and stakeholders.
  • Competitive Advantage: Organizations that achieve higher capability levels can differentiate themselves in the market, showcasing their proficiency in delivering high-quality automotive solutions.

RELATED: Best Practices to Accelerate Your Automotive Spice (ASPICE) Capabilities

With ASPICE 4.0, there are several changes to the previous version, including:

A revised process landscape to better cover essential development activities of modern mechatronic systems and to reflect modern collaboration models more accurately, addressing increasing complexity due to digitization, automation, and artificial intelligence (AI).

Figure 2 – Automotive SPICE process reference model – Overview

image source: Invensity

Inclusion of processes to address Machine Learning (MLE.1 – MLE.4) and hardware development (HWE.1 – HWE.4), as well as adding a validation process for the overall system (VAL.1) and a support process for data management in machine learning (SUP.11).

image source: Invensity

Strategy documents are now required from Capability Level 2 instead of Level 1, changing their role and the approach to managing versus executing processes.

image source: Invensity

A shift from focusing on “Work Products” to “Information Items”, which emphasizes the main results of processes as indicators rather than specific documents, and combining base practices that consider traceability and consistency into a common base practice.

A push towards maximum repeatability and reproducibility of assessment results to reduce subjectivity and eliminate redundancies, leading to more efficient assessments and avoiding misinterpretations. Additional terminology to keep aligned with other standards.

A new Training model focusing on varying degrees of knowledge necessary and specialties:

image source: Invensity

RELATED: Jama Connect® for Automotive

Jama Connect for Automotive is designed to help you get ramped up quickly with a single platform, training, and documentation aligned to industry standards and regulations including ISO21434:2021, ISO 26262:2018, and ASPICE, while applying a proven systems engineering approach to product development.

Download this solution overview to find out what’s included in Jama Connect for automotive, including:

  • Frameworks aligned to key industry regulations
  • Procedure and configuration guides specific to automotive manufacturing activities
  • Consulting and training customized to your teams’ automotive product development processes

Note: This article was drafted with the aid of AI with additional content, edits for accuracy, and industry expertise by Matt Mickle and McKenzie Jonsson.

The Role of AI in Product Development: A Glimpse into the Near Future

Artificial intelligence (AI) is a topic that has infiltrated every aspect of society, causing a transformational shift (or the promise of one) in almost every landscape – and product development is no exception. AI has the potential to significantly improve productivity, innovation, and accuracy throughout the whole product development lifecycle, from ideation and defining requirements to commercialization.

In this blog post, we’ll look at some of the different ways AI and ML are (or will likely) influence product development.

Concept and Idea Generation

The ideation stage of product development is frequently very difficult. By employing data analytics and machine learning algorithms to recognize consumer preferences, market trends, and new demands, AI can significantly improve this stage. Large volumes of data from social media, customer evaluations, and sales statistics can be analyzed by AI systems to produce insights that support the development of new product concepts.

For instance, generative design algorithms can generate several design concepts according to predetermined standards, providing a range of possibilities that would be challenging for human designers to generate independently.

Great Products Start with Clear Requirements

Successful product delivery starts with having the right user needs and requirements. Efficient, precise, and professionally written requirements form the foundation of the product development process so that various teams (design, software, and hardware systems) can all work together with a shared and clear understanding of the project goals.

On such example of using AI and ML for creating product or systems requirements is Jama Connect Advisor™, a state-of-the-art requirements authoring guide and optimizer powered by natural language processing for engineering. Jama Connect Advisor was built to help a system engineer, or a product developer write effective, well-organized requirement specifications based on industry-accepted INCOSE (International Council on Systems Engineering) rules and the EARS (Easy Approach to Requirements Syntax) notation.

Design and Prototyping

AI-powered technologies are transforming the phases of design and prototype. AI-powered generative design tools can explore every potential combination of a solution, testing and iterating solutions faster and more efficiently than humans could. This results in creative and well-optimized goods in addition to quickening the design process.

Furthermore, AI can improve prototyping by using sophisticated simulation methods. Before a real prototype is made, artificial intelligence (AI)-powered virtual prototyping can discover possible problems and areas for development by simulating how a product would behave under various scenarios. This lowers the time and expense involved in using conventional prototyping techniques.

Material Selection and Optimization

A product’s success can sometimes be contingent on the choice of materials. AI can assist in this process by predicting the qualities and performance of various materials through machine learning models. Through the examination of material qualities, usage patterns, and performance results, artificial intelligence may suggest the best materials for certain uses, guaranteeing longevity and economy.

AI can also optimize the use of materials, cutting waste and advancing sustainability, and can precisely forecast material requirements through predictive analytics, assisting businesses in minimizing excess inventory and minimizing environmental impact.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Manufacturing and Supply Chain Management

With the introduction of smart factories, AI is poised to completely transform the production process. These factories use AI to automate and optimize their production lines, which boosts productivity and decreases downtime. Predictive maintenance, enabled by AI, can forecast equipment breakdowns and arrange timely repairs, assuring smooth and ongoing operations.

In supply chain management, AI may boost logistics by forecasting demand, optimizing inventory levels, and managing supplier relationships. AI algorithms can examine historical data and market patterns to estimate demand more accurately, guaranteeing that products are accessible when and where they are needed, while preventing overstock and stockouts.

Quality Assurance and Testing

Ensuring product quality is paramount in product development. AI may complement quality assurance processes through automated testing and anomaly identification. Machine learning models can be trained to spot faults and anomalies in items, enhancing the accuracy and speed of quality checks.

AI may also undertake real-time monitoring during the manufacturing process, recognizing and correcting quality concerns as they develop. This proactive strategy not only promotes product quality but also decreases the expense associated with post-production adjustments and recalls.

Customer Feedback and Iterative Improvement

Post-launch, AI may continue to play a significant role in product development through the analysis of consumer feedback. Natural language processing (NLP) algorithms can sift through reviews, social media comments, and customer support conversations to derive important insights on product performance and consumer happiness. This data can inform iterative changes, ensuring that goods evolve to match consumer needs more effectively.

AI-driven sentiment analysis may also monitor client reactions in real-time, enabling organizations to respond promptly to any issues or trends. This responsiveness develops a better relationship with customers and improves brand loyalty.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

The Future of AI in Product Development

As AI technology continues to evolve, its impact on product development will only rise. Companies that leverage the power of AI will be better positioned to innovate, shorten time-to-market, and provide goods that resonate with consumers. The future of product development is clearly connected with AI and machine learning, offering a new era of innovation, efficiency, and precision.

In conclusion, the integration of AI in product development has great promise for revolutionizing how things are imagined, produced, manufactured, and polished. By integrating AI, firms can stay ahead of the curve, continuously adjust to market circumstances, and provide products and systems that not only meet but surpass client expectations. The future is bright for those who harness AI to drive product innovation and development.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Decoteau Wilkerson and Kenzie Jonsson.

Jama Connect® Features in Five: TestRail Integration

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.

In this Features in Five Integration Series video, Steven Pink – Senior Solutions Architect at Jama Software® – demonstrates integrating test results from TestRail with Jama Connect®.

VIDEO TRANSCRIPT

Steven Pink: Hello and welcome to the Features in Five Integration Series. My name is Steven Pink and I’m a senior solutions architect at Jama Software. Today we’re going to be walking through a live demonstration of integrating test results from TestRail with Jama Connect.

We make it possible for you to integrate Jama Connect with preferred best-of-breed software to achieve live traceability across the end-to-end development cycle. Live requirements traceability is the ability for any engineer at any time to see the most up-to-date and complete upstream and downstream information for any requirement no matter the stage of systems development or how many siloed tools and teams it spans. This enables significant productivity and quality improvements and dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market.

The goal of integrating with a testing tool like TestRail is to better visualize test coverage for our requirements. Jama Connect can help in identifying and calling out gaps in test coverage, while also visualizing and reporting on the test results, utilizing the filters, dashboards, and exportable reports.

Integration with TestRail starts by mirroring TestRail’s hierarchy of test suites, test sections, test cases, and test results in Jama Connect. We use sets of test cases to mirror the test suites and folders to mirror the test sections within those suites.

As we transition into Jama Connect, I want to point out how we’re relating our test results and test cases from TestRail to the requirements being authored and captured in Jama Connect. As we look at this relationship diagram, we see our software requirements and our user stories relate to the custom test cases being managed over in TestRail. This is a very common scenario for many of our customers where certain teams might be utilizing a different tool for testing, and we need to integrate those results back with the requirements managed in Jama Connect. We can author a test case directly within Jama Connect or within TestRail.

RELATED: Jama Connect® Integrations for Live Traceability™

Pink: So we’re going to start out by authoring a test case in Jama Connect. This demo suite would mirror a suite in TestRail, and this folder would mirror a section in TestRail. I’m going to author a new test case within this folder. We’ll call this example test case. Once I’ve saved this test case, we’ll trace it to the requirement that it covers within this project. I’m going to choose one of my example software requirements.

So now I’ve created a test case with a relationship to the software requirement that it covers. We’ll notice this integration URL is populated automatically and allows us to jump to the mirror of that test case that’s been created in TestRail. Once I’ve signed into TestRail, we’ll be able to see that that test case is mirrored into TestRail.

It is in that demo suite and in section A. If we want to run this test case, I’m going to go to my test runs and results and create a new test run. It’s going to be based on that demo suite, and we’re going to include all test cases, which is just one in this example. This example test case is now showing untested. And if I were to look back in Jama Connect, we’ll see for my example test case under the relationships tying back to that software requirement. As soon as we come in here and run our test execution, let’s say we update this to past or failed, this result is going to get sent back to Jama Connect automatically.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Pink: We can also see on the test case itself, there’s an easy link back into Jama Connect. So if our test runners working in TestRail would like to see requirement coverage and traceability, they’re able to easily click the link from TestRail and go back into Jama Connect and explore that traceability and coverage. I’ll use that link right now to go back to our test case in Jama Connect. And now we’ll see because we’ve executed that test case, there’s an associated test run, and that test run is showing the result of past. We can visualize all of this through our trace views, our dashboards, and our custom export templates within Jama Connect. So this is a great reason to be syncing and integrating these results so that we can visualize through the trace view which of these requirements have test cases in place, which requirements might have gaps in testing, as well as being able to drill down and see those test results, even being able to show status of those test results and the status of the defects associated.

Thank you for watching this Features in Five session on integrating test results between Jama Connect and TestRail. If you’re an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please visit our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process.

To view more Jama Connect Features in Five topics, visit:
Jama Connect Features in Five Video Series

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from IndustryWeek, titled “Reshoring and Automation: Where Do Cobots Fit in?” – originally written by Bryan Bird.

Reshoring and Automation: Where Do Cobots Fit in?

A look at how smaller manufacturers are using the technology to grow their businesses.

For North American businesses of all types, especially those in the manufacturing sector, 2022 was anything but typical. Or boring. Or easy. “Labor shortages” and “supply chain issues” became go-to phrases that encapsulated the most significant challenges for industry, continuing well into 2023.

The good news? Supply chain issues are improving monthly, and inflation has dropped by more than 50% from its peak. Additionally, reshoring initiatives are gaining ground around North America as businesses and policy makers at the state and federal levels recognize the importance of having a strong domestic manufacturing sector.

In fact, 62% of manufacturers surveyed in a Deloitte poll in November 2022 had already started reshoring or nearshoring their production capacities. Survey respondents were 305 executives at transport and manufacturing firms, mostly in the U.S., with annual revenue of $500 million to more than $50 billion.

Subsidies from the Inflation Reduction Act, the CHIPS Act, and capital loan programs provided by the U.S. Small Business Administration give manufacturers more good reasons to embrace reshoring strategies. In short, the outlook for the manufacturing sector looks strong, despite the headwinds. Now we just need to find the labor to handle all this.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Filling the Labor Gap

Automation is a key element of America’s manufacturing resilience today and will be in the future. Industrial robots can plug labor gaps and support reshoring efforts. However, traditional industrial automation is frequently too complex and costly for many applications, leaving companies of all sizes–with tasks that need to be completed and no workers or automation available to take the work on.

Take for example Wisconsin-based Processed Metal Innovators (PMI), a metal fabricator that produces hundreds of different stamped and welded metal parts. Erik Larson, vice president of operations at PMI, was tired of turning business away. With the labor shortage in Wisconsin making it tough to hire certified welders and with traditional robotic welders not feasible for high mix/low volume production, Larson needed another option.

The company employs seven welders, but for some jobs needed nine or 10. Having added cobots to the mix, Larson was able to grow the business to where he’s now able to take on the work of 30 welders.

Traditional industrial automation isn’t always well-suited to the versatile product mix that is becoming increasingly typical of many manufacturers’ operations. It often takes too long to reconfigure traditional automation to handle high mix/low volume operations and to add new product lines.

For mass production and applications involving heavy duty payloads such as aircraft fuselages, traditional industrial robots shine. However, agile manufacturers need automation that’s flexible enough to handle a wide range of tasks and products and is also quick and easy to deploy. This is where collaborative robot (‘cobot’) solutions come in.

Cobots can address labor gaps and support reshoring efforts, just like their traditional industrial robot counterparts, but they do so with less cost and complexity. This is one of the reasons why cobots are the fastest-growing segment of the industrial automation sector. Additionally, after completing a risk assessment, cobots’ built-in safety features may even enable them to work “cage free.” This means that the robot can be deployed close to humans and it allows manufacturers to create flexible production lines that can handle rapid switches to new products and product customizations. At PMI, Larson is no longer turning business way but can handle it with cobots now performing many of the repetitive welds: “With cobots, we can go out there and quote work we haven’t been able to quote before, because we know by the time we accept the purchase order, we can get a cobot in here and ready to weld the parts,” he says.

Adoption of cobot technology is on the rise—with more than 20% year-over-year growth forecasted through 2026 by market intelligence firm Interact Analysis—driven by North American industry’s urgent requirement for flexible, affordable automation.

The Advanced Robotics for Manufacturing (ARM) Institute–a Manufacturing Innovation Institute funded by the Office of the Secretary of Defense and part of the Manufacturing USA network—counts reshoring and the development of flexible industrial automation systems among its most important goals. Much of the research funded by ARM uses cobots as part of the solution–a recognition on ARM’s part that manufacturers are increasingly looking to collaborative automation to address their current and future production concerns.

RELATED: How Manufacturing Will Reap the Rewards of Smart Factories

New Cobot Frontiers Cobots provide a platform that enables innovative manufacturing applications, much of it driven by collaboration between customers, integrators and third-party hardware and software developers. For example, Andrew Pearce Bowls, a small Vermont-based company specializing in hand-crafted kitchen products deployed a cobot on a unique sanding application that automates the entire polishing cycle on wooden cutting boards. The company discovered cobots through an integrator, chose specialist sanding hardware and software from a certified third-party supplier –and built the fixturing that the cobot uses to change sandpaper in-house. ROI was achieved in eight weeks.

Some handling applications demand extremely high repeatability, which often means updating the robot’s moves every time it’s transported between workstations. Presented with this problem in an environment where .5mm accuracy is required, AIM Processing, a Colorado-based injection molder deployed a third-party hardware/software solution that features a locking mechanism with a relative offset. ROI was achieved in less than 15 weeks.

Meanwhile, by leveraging their cobot’s scripting capabilities and third-party simulation software, Go Fast Campers, a small manufacturer of customized, lightweight pop-up truck campers in Bozeman, Montana, developed a programming approach that allows any cell to make any part within a maximum cell volume using any standard stock size. The company has since deployed a line of four cobots on machine-tending applications, all of them incorporating this customer-built software innovation.

And welding applications once considered too heavy-duty for collaborative automation are also taking off. Cobot-based complex TIG welding tasks, for example, are now firmly within the cobot domain, as one Ohio-based sheet metal manufacturer discovered when an integrator demonstrated the capabilities of a specialist third-party MIG and TIG welding solution. The deployment increased welding production at the company by 200% and boosted machine tending productivity by 600%.

Cobots are not a panacea for every challenge. There will always be applications where the payload is simply too large or the reach requirements too much for a typical cobot to handle, but for all the rest, there is a compelling case to be made that cobots are a match for today’s challenging manufacturing landscape.

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from the Innovation News Network, titled “How Manufacturing Will Reap the Rewards of Smart Factories” – originally published on April 10, 2024.

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from the Innovation News Network, titled “How Manufacturing Will Reap the Rewards of Smart Factories” – originally written by Dahwood Ahmed and published on April 10, 2024.

How Manufacturing Will Reap the Rewards of Smart Factories

Dahwood Ahmed, Regional Director of UK&I at Extreme Networks, examines the concept of Industry 4.0 and how smart factories will push manufacturing into this.

Manufacturing is entering Industry 4.0, giving rise to the world’s first smart factories. A golden rush of data now pours from previously offline machinery, offering an unprecedented overview and insight into the entire manufacturing process.

And that’s just the beginning. From digital twins to biometric screening and payment, intelligent energy and climate management, smart sensors, digital signage, and 360 analytics for IT, Operations, and Marketing, the modern factory is becoming a marvelous technological beehive.

And the honey? Rich, actionable data. Digital tonnes of it.

However, all this data needs to be collected, analyzed, and used in real-time. And when there’s that much traffic, it can easily overwhelm and crash a traditional network infrastructure.

In other words, one of the biggest problems in modern manufacturing isn’t building smart factories. It’s keeping them running safely at maximum capacity—and reaping the rewards.

A smarter world

As we all know, every industry on the planet has been forced to adjust over the last five years. Manufacturing was no exception to this abrupt disruption of the status quo. It was because of war, a pandemic, and economic headwinds and because several game-changing technologies matured or were invented, introducing next-generation tools in areas such as cloud technology, IoT, robotics, blockchain, AI, and more.

All these changes and challenges created unprecedented pressure to keep the world’s production and supply chain flowing.

Luckily, manufacturing is an experienced and mature industry used to handling significant changes. Its leaders are already embracing digital transformations and innovative technologies, making impactful strides towards increased productivity, production, and capacity without sacrificing resilience and safety.

Consequently, manufacturing machines and everything else connected to smart factories are coming online, providing manufacturers with something they have never had before.

A real-time digital overview of – and insight into – the entire manufacturing process.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Smart factory technology all comes down to data

So, by gathering and analyzing data from sensors, machines, and other IoT devices, manufacturers gain real-time insights into their operations. They can measure and monitor equipment performance, identify potential problems before they occur, and automate manual processes.

In addition to data-driven decisions, there’s predictive analytics. By extracting actionable intelligence from new and existing data sources to predict future trends and behaviors, manufacturers can further improve machine maintenance, supply chain optimization, the quality of goods produced, the customer experience, and safety procedures.

On the topic of safety, smart factory technology also provides significant benefits. Smart factory solutions can help prevent accidents and keep workers safe by monitoring the environment and equipment, identifying hazards, and alerting workers to dangers. In addition to safety, smart factory technology can help optimize energy usage, reducing costs and making it more sustainable.

Needless to say, these are massive changes that will have considerable effects on an operation’s efficiency and effectiveness. This is particularly significant for manufacturing because the industry is full of operations where even minuscule improvements can yield massive results.

Building skyscrapers on outdated foundations

However, all these new trains need tracks. Legacy network technology wasn’t built to handle the complexity or sheer amounts of data circulating in a smart factory. Nor does it have the other capabilities of modern networking, such as running digital twins.

Digital twins and simulation technologies are arguably some of the most transforming manufacturing tools to emerge from Industry 4.0. They revolutionize how manufacturers design, test, and optimize their operations by letting them create virtual models of their networks and processes. Using these models, they can simulate and test different scenarios without impacting production.

Yet this also requires a modern network infrastructure because of the incredible amounts of data passing between physical manufacturing processes and digital twin simulations. And the more processes come online, the more important it becomes to stay online.

Production line downtime, regardless of its cause, whether system overload, equipment malfunction, or connectivity loss, is costly. Between 2019-2020 and 2021-2022, the annual cost of downtime for Fortune 500 companies worldwide soared by 65% to more than £102 million.

And that’s per facility.

RELATED: Jama Connect® Software Collaboration Datasheet

Staying secure

It’s not just network failure or equipment malfunctions, either. One of the few downsides of coming online is the exposure to bad actors, who are a relatively new threat to manufacturers. However, cybercrime is a threat that needs to be taken seriously.

From network disruption to halted production, lost data, compromised security, and reputational damage, cybercriminals seek to hold manufacturing operations hostage in any way they can, fully aware that a million-pound payout could be cheaper than an idle operation.

Network hardening strengthens the defenses of smart factories and can mitigate both passive (data is left intact) and active (data is corrupted or destroyed) forms of cybercrime. It provides industrial security and mitigates risk by providing a robust, secure network for a high density of connected devices, which brings us back to the heart of the matter.

The need for new infrastructure

Industry 4.0 is undoubtedly the next step in the evolution of manufacturing. Just like our brains process millions of nerve signals daily to transform our bodies into cohesive entities, smart factories can use technologies and the data they produce to create interconnected manufacturing marvels.

But the information must flow fast. If manufacturers want to reach their goals, if they want to build and run their smart new factories to the absolute pinnacle of their potential, they need to start at the beginning—with the foundation.

In other words, the network infrastructure.

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Med Device Online, titled “3 Lessons Learned From EU MDR Implementation To Ensure IVDR Adoption” – originally published on May 13, 2024 and written by Hilde Viroux and Maggie Chan (PA Consulting) and Dona O’Neil (Northeastern University.)

3 Lessons Learned From EU MDR Implementation To Ensure IVDR Adoption

In the previous article, “How The Right Operating Model For EU MDR Compliance Can Support A Global Footprint,” we discussed key factors for maintaining operational excellence to achieve cost reduction, enhanced compliance, and support global footprint. In this article, we shift our focus toward leveraging lessons learned from EU MDR implementation to ensure seamless transition during IVDR implementation, thereby minimizing the risks of product disruption in the EU market.

The new IVDR requirements present significant challenges for manufacturers, with approximately 90% of all IVD products subject to notified body (NB) review, which is a substantial increase from the current rate of less than 15%. With the limited capacity of NBs, establishing relationships with NBs and engaging in early planning are crucial. These amplify concerns over experience gaps for companies without a quality management system (QMS) for IVDs or any device products, established process and documentation system, or limited experience interacting with NBs. Bridging these gaps and establishing sustainable processes pose additional burdens for IVD manufacturers. However, drawing from EU MDR implementation lessons, IVD manufacturers can navigate this transition, mitigate risks, minimize business disruption, and ensure a smooth transition to IVDR.

For IVD manufacturers, the key lessons learned that can be leveraged from EU MDR implementation include early QMS preparation and planning and collaboration with internal and external stakeholders for project alignment and resource planning, alongside digitalization efforts to support data management and documentation.

RELATED: Jama Connect® for Medical Device & Life Sciences Development Datasheet

1. QMS Preparation And Planning

Manufacturers with an existing QMS for IVDs or medical devices need to conduct a gap assessment against IVDR requirements and develop tailored solutions to bridge the gaps, while those without structured procedures or systems must establish a robust QMS to ensure compliance. ISO 13485 specifies requirements for QMS, and those requirements are harmonized to IVDR. IVD manufacturers are required to comply with the standard. Implementing standardized processes and procedures in accordance with ISO 13485 demonstrates the manufacturer’s commitment to maintaining high standards of quality and compliance. Therefore, a QMS that is developed with insights from subject matter experts in EU MDR can accelerate the approval process with NBs and maintain a competitive position in the IVD industry.

For manufacturers with existing QMS, leveraging the expertise of those who have successfully implemented it, whether it’s for IVDR or EU MDR, would be great resources throughout the IVDR implementation journey as there are extensive similarities between EU MDR and IVDR (Table 1). These experts should prioritize IVDR project activities and provide insights into IVDR requirements. Such insights include evaluating the new classification of IVDs, highlighting gaps in existing processes and systems for IVDR, establishing relationships with NBs, and proposing customized solutions to bridge the knowledge gaps.

Summary of key QMS requirements under EU MDR and IVDR

On the other hand, manufacturers with limited to no experience with QMS or NBs need a dedicated team of subject matter experts (in-house or external) to conduct a gap assessment. The goal of the assessment is to highlight gaps, issues, potential risks, and impacts on the organization against IVDR requirements. This helps create a business case that outlines the requirements to bridge the gaps (knowledge, process, and system), a high-level timeline with key regulatory deadlines, and the associated costs for supporting the IVDR implementation. In addition, this business case should detail potential risks associated with not meeting the requirements by the deadlines, as this is important for senior stakeholders to gain early insight into the process.

2. Collaboration With Internal And External Stakeholders

Furthermore, ascertaining the costs associated with implementing new processes and systems, developing capabilities with the right skillsets, designing training to upskill team members, and selecting new vendors to outsource some of the processes is crucial for the business case before kicking off the implementation project. This information can help senior management to make informed decisions and align the business portfolio with regulatory and market strategies.

Similar to EU MDR implementation, collaboration is the key for a seamless IVDR implementation. It is important to promote cross-functional collaboration and clear communication with stakeholders to ensure everyone understands their roles and responsibilities, milestones are achieved, and compliance is met. A clear road map that outlines timeline, milestones, and key regulatory deadlines is necessary when engaging with stakeholders, not only to ensure alignment but also to enable management to plan their resources accordingly. Furthermore, early engagement with all actors in the supply chain enables a comprehensive understanding of their capabilities in achieving IVDR compliance, so the business case can be prepared accordingly.

IVDR compliance is an ongoing effort, so it is important to emphasize to senior stakeholders the importance of developing a comprehensive strategy for process sustainability and resources management to maintain operational excellence. Prior to the completion of implementation, a new business case should be created outlining the necessary resources (people and technologies) and the associated costs to maintain compliance once the important milestone of IVDR certification is achieved. Without an efficient strategy and comprehensive planning, a manufacturer will soon be at risk of non-compliance and face substantial consequences (e.g., product recalls, warning letters, reputation damage, litigation, fines and penalties, etc.).

Given that ongoing IVDR compliance is a long-term commitment, strategic outsourcing of certain processes to third-party providers may be necessary to ensure efficient resource allocation. Establishing a robust governance structure is crucial to oversee all in-house processes and activities of the supply chain, ensuring alignment with regulatory requirements and organizational objectives.

RELATED: What the New Medical Device Regulations (EU MDR) Mean for You

3. Digitalization

Additional pre- and post-market reporting requirements add burdens, especially for manufacturers without an established QMS or limited experience with NBs. However, digitalization can play an important role in relieving these burdens and streamlining the processes. Digital solutions, such as artificial intelligence (AI) and machine learning (ML) technologies, can significantly enhance efficiency and accuracy by automating routine activities such as data collection, compliance triage, and report drafting. These solutions can streamline the process for drafting various types of regulatory reports, such as clinical performance report, performance evaluation report, technical documentation, and others.

Additionally, a regulatory information management (RIM) system can play a crucial role in managing the submission of regulatory documents to improve traceability. It can facilitate tracking of document signoffs and enable monitoring of document submission locations, ensuring comprehensive traceability throughout the regulatory process. These digital solutions not only enhance data management and documentation efficiency but also streamline the compliance process with IVDR.

Conclusion

For IVD manufacturers, lessons learned from EU MDR implementation offer invaluable guidance when creating the business case for IVDR implementation and post-compliance maintenance, designing an implementation road map, and establishing sustainable processes and systems for IVDR compliance. By incorporating early preparation, implementing collaborative efforts with stakeholders, and utilizing digital solutions for efficient data management and documentation management, manufacturers can mitigate risks, minimize business disruption, and ensure compliance with IVDR requirements. Furthermore, establishing robust governance structures and strategic resource planning is essential for long-term success in this evolving regulatory landscape. Embracing these strategies not only facilitates a smooth transition during IVDR implementation but also fosters a culture of continuous improvement and innovation within the IVD industry.

In this blog post, we summarize our eBook titled “Mastering ISO/IEC 27001: A Guide to Information Security Management”. Click HERE to read the full eBook.

Mastering ISO/IEC 27001: A Guide to Information Security Management

Understanding Information Security Management

Information security, often referred to as cybersecurity, is a critical aspect of modern technology and business operations. It encompasses the protection of sensitive data, systems, and networks from unauthorized access, disclosure, disruption, modification, or destruction. The evolution of information security practices has been shaped by the rapid advancements in technology and the evergrowing sophistication of cyber threats.

In the early days of computing, security concerns were minimal, and systems operated in relatively isolated environments. As technology expanded and interconnected networks became prevalent, the need for robust information security measures became apparent. The 1980s and 1990s witnessed the rise of antivirus software and firewalls as the primary means of defense against early computer viruses and network intrusions.

The 21st century brought about a paradigm shift in information security, driven by the widespread adoption of the internet, cloud computing, and mobile technologies. With the increasing complexity of cyber threats, traditional security measures proved insufficient. The focus shifted towards a more holistic approach, including encryption, multi-factor authentication, and intrusion detection systems. The concept of “defense in depth” gained prominence, emphasizing multiple layers of security to safeguard against diverse attack vectors.

In recent years, artificial intelligence and machine learning have played a significant role in information security. These technologies enable proactive threat detection, behavioral analysis, and automated response mechanisms, helping organizations stay ahead of rapidly evolving cyber threats. Additionally, the adoption of zero-trust security models has become prevalent, assuming that no user or system is inherently trustworthy, and continuous verification is necessary.

As the digital landscape continues to evolve, information security practices must adapt accordingly. Privacy concerns, regulatory compliance, and the increasing interconnectivity of devices further underscore the importance of a comprehensive and dynamic approach to information security. Organizations must remain vigilant, continually updating and enhancing their security measures to mitigate emerging risks and safeguard sensitive information in an ever-changing digital landscape.

This guide “Mastering ISO/IEC 27001: A Guide to Information Security Management” provides a comprehensive and practical guide to understanding and implementing the ISO/IEC 27001 standard for information security management. Authored by experts in the field, the paper delves into the key concepts, principles, and requirements of ISO/IEC 27001, offering valuable insights into establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

ISO/IEC 27001 for Information Security

ISO/IEC 27001 is an internationally recognized standard that provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 27001 outlines a systematic approach to managing information security within an organization.

The primary objective of ISO/IEC 27001 is to help organizations ensure the confidentiality, integrity, and availability of their information assets. It is applicable to businesses of all sizes and industries, acknowledging the
importance of information security in the digital age. The standard is not prescriptive about specific security measures but rather focuses on a risk-based approach, allowing organizations flexibility in implementing controls based on their unique needs and risk profile.

The key components of ISO/IEC 27001

  • Scope and Policy Development: Organizations define the scope of their ISMS, identifying the boundaries and context for information security. A robust information security policy is established to guide the implementation and operation of the ISMS.
  • Risk Assessment and Treatment: A thorough risk assessment is conducted to identify and evaluate potential threats and vulnerabilities to information assets. Organizations then implement controls to mitigate or manage these risks, taking into account the level of risk tolerance.
  • Implementation of Controls: ISO/IEC 27001 provides a comprehensive set of controls organized into 14 domains, covering areas such as access control, cryptography, physical security, and incident management. Organizations select and implement these controls based on their specific risk assessment.
  • Documentation and Records: Proper documentation of the ISMS, including policies, procedures, and records, is essential for effective implementation and maintenance. This documentation helps demonstrate compliance with the standard and facilitates audits.
  • Monitoring and Measurement: Continuous monitoring and measurement of the ISMS performance are critical. This includes regular internal audits, management reviews, and the monitoring of security incidents to ensure the effectiveness of the security controls.
  • Continuous Improvement: ISO/IEC 27001 follows the PDCA cycle, emphasizing continuous improvement. Organizations regularly review and update their ISMS based on changes in the internal or external environment and emerging threats.

Achieving ISO/IEC 27001 certification demonstrates an organization’s commitment to information security and can enhance its reputation, build customer trust, and improve its ability to compete in the marketplace. The standard provides a structured and systematic approach to managing information security, helping organizations adapt to the evolving threat landscape and safeguard their valuable information assets.

RELATED: How to Develop IoT Products with Security in Mind

Implementing ISO/IEC 27001

Setting up the ISMS Framework: The first step is defining the scope and objectives of the ISMS. This involves identifying the information assets to be protected, the boundaries of the ISMS, and the organizational context.
Organizations establish an Information Security Policy that aligns with their business objectives and regulatory requirements. The commitment of top management is crucial during this phase, as they provide leadership and
allocate necessary resources.

Conducting a Risk Assessment: A critical component of ISO/IEC 27001 implementation is the identification and assessment of information security risks. This involves evaluating potential threats, vulnerabilities, and the
impact of security incidents. The risk assessment is typically conducted through a systematic and comprehensive process, considering factors such as likelihood, impact, and risk appetite. The output of the risk assessment
informs the selection of appropriate security controls to mitigate or manage identified risks.

Developing and Implementing Security Controls: Based on the results of the risk assessment, organizations select and implement security controls to address the identified risks. As mentioned above, ISO/IEC 27001
provides a set of controls organized into 14 domains, covering aspects such as access control, cryptography, incident management, and business continuity. The selection of controls is tailored to the organization’s specific
context and risk profile. Implementation involves developing policies, procedures, and guidelines, as well as deploying technical measures to safeguard information assets.

Monitoring and Continuous Improvement: Continuous monitoring and measurement are integral to the success of an ISMS. Organizations conduct internal audits to assess the effectiveness of implemented controls and ensure compliance with the standard. Management reviews, which involve top management evaluating the performance of the ISMS, are also conducted periodically.

Throughout the implementation process, communication and awareness raising activities are essential to ensure that all employees understand their roles and responsibilities in maintaining information security. Employee training, regular communication about security policies, and promoting a security-conscious culture contribute to the overall success of ISO/IEC 27001 implementation.

By following these steps and incorporating a risk-based approach, organizations can establish a robust ISMS that not only complies with ISO/IEC 27001 standards but also adapts to the dynamic nature of the information security landscape.

TO DOWNLOAD THIS WHITEPAPER IN ITS ENTIRETY, VISIT:
Mastering ISO/IEC 27001: A Guide to Information Security Management

In this blog, we recap our webinar, “Best Practices for Live Requirements Traceability” – Click HERE to watch it in its entirety.

Best Practices for Live Requirements Traceability

As the product and software development process grows in complexity, with more and more teams adding information, it is becoming increasingly difficult to track requirements throughout the development lifecycle and for stakeholders to get a clear view. Every decision can have an impact on the requirement or the product itself.

How do you prevent your organization from wasting time and resources, repeating research and searching for information, and how do you ensure that final deliverables tie in directly to the initial business needs?

The answer is Live Traceability™. Live Traceability is the ability to see the most up-to-date and complete upstream and downstream information for any requirement, no matter the stage of systems development or how many siloed tools and teams it spans.

This enables engineering and product management processes to be managed through data and to improve performance in real-time.

In this webinar, attendees will learn about the challenges of live requirements traceability and how you can utilize Jama Connect® to overcome them. You will see how to provide backward and forward visibility for requirements, but also other information about the product you are building. You will also learn how easy it is to do an impact analysis, to generate reports, and get an overview of how your requirements tie together.

In this session you’ll learn more about:

  • Best practices for live requirements traceability in a modern solution
  • The easy and intuitive way you link your information in Jama Connect
  • How Jama Connect can be leveraged to help with impact analysis
  • Understanding suspects and traceability views

Below is a preview of our webinar. Click HERE to watch it in its entirety.

The following is an abbreviated transcript of our webinar.

Best Practices for Live Requirements Traceability

Martijn Janssen: Today, I’m going to talk to you about traceability and our Jama Connect solution. The goal is to give you a few insights and to give you a short overview on how traceability is used within the Jama Connect solution and where it can help you to find information, connect information, and make sure that you have the most value out of your requirement management tool.

To actually go through the session, I have a number of topics I want to touch on and just do a quick overview in the short time we have available today. First of all, I will do a little introduction, talk to you about how data gets connected together, and then we’ll actually go into the system and take a look at three little minutes scenarios, so a very basic scenario on how you actually would get information into the system, how you would connect it together and trace and track the information throughout the platform.

Then the second scenario, we’ll go into a bit more on how the Jama Connect solution allows you to trace and track information from all the points in the system and to actually make sure you can take action on the topics when you find them. The last part is a little bit more advanced on the reuse of information and reuse of assets, data assets, throughout the different projects or products in the Jama Connect solution, so you can reuse that information, or for instance, create variance over something along those lines. Then we’ll open it up for some questions and answers at the last part.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Janssen: Okay. When we talk about capturing data, we all know data in our organizations in different forms exist, so we have documents, and we have Excel sheets, and those Excel sheets contain rows and all those rows have the data around a certain requirement on a certain topic. Now, that’s all fine, but what we actually are after, what we really want from the system is information. Information gets created by building relationships and structure around those data assets in the system. When you do that, you basically empower your users and the ecosystem around you to find that information and to go along the relationship you build to get context on the data they are looking at.

Now, you can go a step higher with that, and that would be the top of the triangle is the knowledge part. The knowledge part means that you actually have to consider capturing the decision on the change you make to the information. We’ll touch you a little bit on that today, but that’s also in part a possibility in the Jama Connect.

The benefits of getting that information related, as I stated, you can trace those relations back to get to the source of where your data started, what was the first part that you actually started off from, what was the decision point, where did you start with capturing that requirement? Also, at a higher level, you can have an overview of what will happen when you change that specific part of information or piece of information. What will the ripple-down effect be when I start changing that specific part?

And then on the learning part on the actual knowledge part, you want to capture the why of a change, so why did we change it? If you go back in time and look at those changes, you can actually find back why you made the change and why you decided to, for instance, have a status changed or a requirement changed.

And of course, you do not do that in your own ecosystem. You have many, many connections around you that have input on those decisions and have input on those connections, so engineering partners, customers, and other departments within the company can be invited to take part in that process. We’ll take a look at that a little bit later on.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Janssen: So in the Jama Connect solutions, we will take a look at the first part for data to information, so how do we actually relate information together and what is involved in building those relationships. And when I have them, what leverage, what value and benefits can I get out of those relationships and what kind of overview do they give me? Now then, on the question part, we’ll take a little look as well on all the different areas where Jama Connect allows you to collaborate and to capture decisions and information on the changes you make during the process of building up your requirement.

Why would we do all these exercises in the system? What is the underlying question? There’s a number of questions we get on a daily basis from our customers when it comes to traceability, so questions like, did we miss anything? Are we building a product that is still complying to what we originally set out to do? What was the original requirement? Where do we start off from? Do we have everything covered when it comes to the validation or the actual testing of parts? Embracing change is something that a lot of customers are on different levels when it comes to how they approach change, but when you look at change, and actually before you do the change, you can see what will happen if you do change that item and what will happen if you start editing the information you have at the top level or at a medium level, it gives you a lot more insight into what will happen and what will the impact be for the organization. So, change becomes a bit more, let’s say, easier to look at and to decide what you want to do.

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Best Practices for Live Requirements Traceability