In 2016, the Jama Software team proudly announced that we had received a certification from internationally-recognized testing body TÜV SÜD. Jama Connect™ was certified as a software tool for development of safety-related products according to ISO 26262 (up to ASIL D) and IEC 61508 (up to SIL 3). It was especially noteworthy, as Jama Software was one of the first vendors to be both SaaS and agile to have received this certification.
Three years later, we are excited to announce we have extended the scope of our certification from TÜV SÜD. Jama Connect is now also certified as a software tool for development of medical devices according to IEC 62304 and railway applications according to EN 50128.
This new certification gives medical device developers and railway application developers confidence that Jama Connect has been evaluated and qualified for defining, building and testing products that have to meet critical functional safety requirements.
We recently talked with Christian Nowak, Functional Safety Expert at TÜV SÜD, to discuss what is required to receive such certifications and what they mean for our customers.
Jama Software: Can you explain, generally, how the certification process is completed?
Christian Nowak: For a software tool certification, we are focusing our assessment on the development processes and the validation approach and evidences provided by our customers. An important activity is the on-site audit at the customer’s premises. The first audit was conducted in 2016 as part of the original certification and we performed a three-day re-audit in June 2018 at Jama Software’s headquarters in Portland, OR.
During the initial audit we looked at the organization’s processes in the light of the functional safety standards’ requirements for developing and maintaining safety-relevant software. The recent re-audit included sample checks to see if these processes are being followed based on the evidences created.
We also discussed and assessed modifications and improvements of processes, which play an important role for verification and validation especially in the context of the Agile development approach at Jama Software.
JS: What is required in addition to the on-site audit?
CN: The on-site activities are usually supported by off-site reviews of the documentation evidences generated by the customer. Due to the agile development approach at Jama Software leading to frequent releases, our assessment approach had to be adapted and is following this pace.
In other words, we are regularly assessing the modifications Jama Software is applying remotely and updating our certification report accordingly. In a way, our assessment approach has, in this case, also become “agile.”
JS: What does this certification mean for our customers? How can they benefit from these certifications?
CN: Every Jama customer who is attempting to adhere to the mentioned standards for developing safety-related systems, hardware or software must provide documentation evidences addressing the requirements defined in the standards.
Those requirements also consider the software tools that are used for the development of safety-related systems, hardware or software. The idea is that systematic faults should be avoided not only in the actual developed systems, hardware or software, but also in the software tools used for the development.
By undergoing a successful third-party certification by an accredited testing body like TÜV SÜD, Jama Software demonstrates that they are following adequate development processes and performing adequate validation activities for preventing systematic faults.
Thus, Jama customers can use the TÜV SÜD certificate as an argument for software tool qualification in projects where increased confidence in the software tool is required. They do not have to spend all the efforts for qualifying the tool themselves; they only have to make sure that they are following the safety manual that Jama Software is providing for each release.
JS: What is the value for organizations developing products in accordance with these standards?
CN: In some industry fields, functional safety standards are mandatory to be complied with – in others, product liability is a main driver. In general, the quality, reliability and of course the safety of those products are being improved, which helps avoiding recalls, sanctions, and worse – consumer injury.
JS: How long is the certificate valid for?
CS: Generally, a TÜV SÜD functional safety product certificate is valid for five years. During this timeframe, TÜV SÜD is however regularly monitoring the adherence to the requirements by accompanying the agile development remotely as mentioned before and by returning every two years for an on-site audit.
JS: Is TÜV SÜD involved in the development of the functional safety standards?
CN: Yes, TÜV SÜD is actively participating in the standardization committees. Please note that just recently the second edition of the automotive functional safety standard was released (ISO 26262:2018).
JS: How long does the tool certification process take, on average?
CN: Well, this depends on the maturity of the existing development processes, the complexity of the tool and the experience of the company with functional safety when we start with the assessment. I would say the initial certification can be achieved within six months, but it can also take much longer if many iteration loops are required.