Tag Archive for: Compliance & Regulation

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share excerpts from an article, sourced from MedTech Dive, titled “UK regulators name 3 approved bodies to ease device certification bottleneck” – originally written by Nick Paul Taylor and published on August 31, 2023.

UK regulators name 3 approved bodies to ease device certification bottleneck

A MHRA leader hailed the action as “almost doubling capacity for medical device assessment in the U.K.”

SHansche via Getty Images

Dive Brief:

  • The Medicines and Healthcare Products Regulatory Agency (MHRA) has designated three more bodies to certify medical devices in the U.K.
  • As a result of Brexit, the U.K. is requiring manufacturers of all except the lowest-risk devices to apply for UK Conformity Assessment (UKCA) certification from an approved body. The approved bodies perform the same role as the notified bodies that issue CE marks to devices sold in the European Union.
  • MHRA’s designation of three approved bodies helps address a capacity shortage that led the government to stagger the transition from CE marks to UKCA certification.

RELATED: Failure Modes, Effects, and Diagnostic Analysis (FMEDA) for Medical Devices: What You Need to Know

Dive Insight:

MHRA automatically moved the U.K.’s three existing notified bodies, BSI, SGS and UL, to the approved body scheme when the country split from the European Union. Since then, efforts to add capacity have proceeded slowly. The U.K. affiliate of DEKRA, a notified body in the EU, became the first new approved body for medical devices 11 months ago.

Now, MHRA has designated TÜV SÜD, Intertek, and TÜV Rheinland UK. The designation clears the three bodies to certify general medical devices and empowers TÜV Rheinland UK to assess in vitro diagnostic (IVD) products. IVD capacity is lagging behind, with MHRA having designated four bodies in total.

In a statement, Laura Squire, chief healthcare quality and access officer at MHRA, hailed the addition of the three approved bodies as “almost doubling capacity for medical device assessment in the U.K.” It is unclear how many applications each approved body is capable of handling.

RELATED: Elevating Your Medical Device and Life Sciences Product Development Processes with Jama Connect®

Even so, the designations go at least some way toward addressing a long-standing concern. The Regulatory Horizons Council identified the “lack of capacity in approved bodies within the U.K.” as a risk to patient safety and access to devices in a report two years ago.

Responding to the report early this year, the government accepted recommendations about addressing bottlenecks in device approval, notably the shortage of approved bodies, and taking mitigating steps to ensure the supply of products after the transition to UKCA. The concerns informed the decision to keep accepting devices with CE marks through 2028 or 2030, depending on the regulation.

Image for the blog, "EU Medical Device Regulation (EU MDR) FAQs: Industry Expert Insights"

EU Medical Device Regulation (EU MDR) FAQs: Industry Expert Insights

Are you grappling with the intricacies of the EU Medical Device Regulation (EU MDR) and searching for clear answers to your most pressing questions? Look no further!

In this blog post, we’ve teamed up with subject matter expert Saby Ágai, Senior Professional Services Consultant at Jama Software®, who will shed light on the complex world of medical device compliance.

Overview + General Information

Why was the MDD (Medical Devices Directive) updated?

Saby Ágai: MDD entered into force in 1993, 30 years ago. There have been many changes over these three decades. There have been technological changes since then, software for example has more attention now than it had 30 years ago.

Patient demographics characteristics have changed, now it is a more aging population than it was 30 years ago. Medical device safety should correspond to these changes.

MDD was primarily focused on medical device commercialization criteria rather than looking at patient safety from a holistic perspective.

What are the most important changes introduced by the EU Medical Device Regulation?
  • EU MDD was focused on commercialization guardrails and market clearance criteria first.
  • EU MDR accounts for the full technological landscape, establishing guardrails for the regulation, manufacturing, and commercialization of medical devices.
Given that timelines may continually change, what is the latest information regarding extensions?

Transition Timelines Chart

RELATED: What the New Medical Device Regulations (EU MDR) Mean for You

Implementation/Adaptation + Need for Process Improvement

The EU MDR has changed how medical devices are covered. What opportunities and challenges might this expansion present for manufacturers?


  • Manufacturers can deliver to the market higher levels of safety for their medical devices.
  • Manufacturers can be more aware and in control of their medical device lifecycle.
  • Potentially this could result in less recalls and less rework, and fewer customer complaints. There is also an opportunity for an easier pathway to other markets like US, Canada, Japan, and others.


  • Steep learning curve to adopt to the new regulation
  • Lack of professional, lack of experiences how to adopt to the new regulations
  • Optimizing efforts and resources spent on the adoption of MDR
What strategic steps should medical device companies and regulatory experts take to ensure a successful transition in light of the changes brought on by the MDR and its effect on CE markings?

Manufacturers should have a plan for MDR transition

  • Expert panel of the EU could be involved to receive professional support
  • Regulatory professionals should be competent to the new regulations
  • Best practices across the medical industry should be utilized for the transition
How can medical device manufacturers improve their Quality Management Systems (QMS) to be better at compliance? What new approaches can be used to make business growth and product innovation possible?

New quality management processes should be developed to correspond to the requirements of the MDR. Manufacturers should also revisit their core processes including quality assurance, risk management, and post-market process to see if re-implementation needed to ensure compliance with new MDR.

Related: Learn about the continual rollout of the EU Medical Device Regulation (MDR) and In-Vitro Device Regulation (IVDR) and the impact they’re having on the medical device industry:

Data & Documentation

What impact does the EU MDR’s demand for increased device traceability and technical documentation have on promoting patient safety and regulatory visibility? What potential advantages and obstacles might exist when attempting to reach these outcomes?

Patients will benefit from the increased focus on safety and regulatory visibility on medical devices that MDR demands. On the other hand, novel technologies in medical devices may suffer from delays to be available early for patients. It is a balance though between efficiency and safety that always was there. The increased volume of technical documentation can lead to higher levels of design awareness for the manufacturers, on the other hand the increased resources needed to get there need to be financed.

How can medical device manufacturers collaborate with notified bodies and competent authorities to ensure a streamlined and efficient certification process?

There is a conflict of interest that does not allow the Notified Body and Authorities to provide consulting on MDR compliance for the same manufacturer that registered for certification. Manufacturers can help the certification process by signing up for certification on time. Manufacturers also can streamline certification processes by involving competent and experienced professionals to fulfill the Person Responsible for Regulatory Compliance (aka PRRC) role.

RELATED: CE Marking for Medical Device Software: A Step-By-Step Guide


Can you explain the new EU MDR’s structure and how it supports innovation and patient safety?

Here is a great resource for that: https://www.leanentries.com/wp-content/uploads/mdr-table-of-contents.pdf. MDR is taking a holistic view on patient safety by broadening its scope to the full lifecycle of medical devices.

What are some key differential requirements that organizations will need to comply with?

Chart showing 6 stages of the structure of the EU MDR Technical Documentation

Let’s investigate the products listed in Annex XVI of the MDR and discuss the effects this will have on both manufacturers and healthcare providers. How can stakeholders take advantage of this inclusion to create positive results?

Those products are subject to the MDR, even though those are without an intended medical purpose. These products previously were unregulated products and the MDR introduces new manufacturing and surveillance requirements. A positive result is the higher level of transparency of the design, manufacturing and post market activities of these products. Users of such products benefit from a higher level of safety when using these products.

Will the stricter regulatory requirements of the EU MDR hinder or promote innovation in the medical device industry?

There is always a balancing between introducing novel technologies to patient treatments that potentially can save or extend our life as a patient versus using only high level of safety assured medical devices. If the current MDR hinders or promotes innovation only time will tell.

How can manufacturers balance the need for compliance with the desire to bring innovative products to market in a timely manner?

Market regulations are prescriptive to the given market. Manufacturers probably will deliver slightly different functionalities for essentially the same medical devices depending on how the market regulation allows for more open for novel technologies.

Patient Safety

How does the EU MDR change clinical evaluation requirements? And how can the industry adapt to these changes while continuing to prioritize patient well-being and efficacy?

The MDR has more rigorous clinical evaluation requirements, necessitating robust clinical data to support the safety and performance claims of the device. For each device, the manufacturer must plan, establish, document, implement, maintain and update a post-market surveillance (PMS) system that is proportionate to the risk class and appropriate for the type of device. The PMS system actively and systematically gathers, records and analyses data on the quality, performance and safety of a device throughout its entire lifetime. Post-market clinical follow-up (PMCF) is a continuous process that updates the clinical evaluation. It is conducted in accordance with a PMCF plan that is an element of the overall PMS plan.

What opportunities does the EU MDR present for enhancing patient safety through better data collection and analysis?

Clinical evaluation and post-market related information will be more transparent for the medical devices; therefore, manufacturers will have more opportunities to analyze device safety based on adverse events of similar types of devices.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

Post-Market Surveillance

How does the increased emphasis on clinical data and post-market surveillance impact medical device manufacturers’ approach to product development and monitoring?

Clinical and post-market data collection should drive the design effort by transferring efficacy and safety related subjects back to development. Also, the analyses of similar products post market reporting enable manufacturers to enhance the safety of their medical device designs.

How can manufacturers leverage the new post-market surveillance requirements to proactively identify and address potential issues with their products?

MDR mandates and sets requirements for the post-market surveillance process. PMS process should be part of the manufacturer’s Quality Management System.

Manufacturers can use proactively the data gathered as part of the post-market activities for the following:

  • to update the benefit-risk determination and to improve the risk management;
  • to identify the need for preventive, corrective or field safety corrective action;
  • to identify options to improve the usability, performance and safety of the device;
  • to detect and report trends.


How will the EU MDR impact medical device companies operating outside the EU but wishing to access the European market?

For new arrivals, the new MDR is a demanding legislation to comply with in the European Union. Currently the conformity assessment bodies have limited bandwidth for new devices. Therefore, new manufacturers should assess the timing nature of their market access. For medical device companies operating outside the EU, there are further requirements set in the MDR in Article 11 on Authorized representatives.

How can Jama Software help organizations more easily comply with regulations like EU MDR?

Jama Software provides a solution for medical device manufacturers to adapt easily and to response quickly to the changes that the EU MDR demands. It’s achieved by providing best practices in medical device design in the context of the MDR.

IoMT Image showing a doctor and patient discussing a chart

Embracing the Future of Healthcare: Exploring the Internet of Medical Things (IoMT)

Internet connected devices, part of the Internet of Things (IoT) are everywhere. These devices, often referred to as “smart” devices are in our homes, cars, offices, and gyms. Therefore, it is no surprise that smart devices are making their way into our healthcare environments. In the ever-evolving landscape of healthcare, technological advancements continue to revolutionize the way we diagnose, monitor, and treat patients. Among these groundbreaking innovations, the Internet of Medical Things (IoMT), also called Healthcare IoT, has emerged as a powerful force, combining the power of the internet and medical devices to improve patient care, enhance efficiency, and drive positive health outcomes. This article delves into the world of IoMT, exploring its potential and highlighting its significance in shaping the future of healthcare.

Understanding IoMT

IoMT refers to a network of medical devices, sensors, software applications, and healthcare systems interconnected through the internet. These interconnected devices gather and exchange vital data, enabling healthcare providers to remotely monitor patients, track health conditions, and make informed decisions in real-time.

RELATED: Elevating Your Medical Device and Life Sciences Product Development Processes with Jama Connect®

How IoMT Transforms Healthcare

  1. Remote Patient Monitoring: IoMT allows healthcare professionals to remotely monitor patients’ health conditions in real-time. Connected devices, such as wearables and implantable sensors, collect valuable health data, including heart rate, blood pressure, glucose levels, and more. This continuous monitoring helps in the early detection of abnormalities, enabling prompt intervention and preventing complications.
  2. Enhanced Patient Engagement: IoMT empowers patients to actively participate in their own healthcare. Connected devices enable individuals to monitor their health parameters, track progress, and access personalized health information through user-friendly mobile applications. This increased engagement and access to information promote medical compliance, leading to improved health outcomes.
  3. Efficient Healthcare Delivery: IoMT streamlines healthcare delivery by automating processes and reducing human error. Smart devices integrated with electronic health records (EHR) systems enable seamless data sharing, eliminating the need for manual data entry. This enhances the accuracy and speed of medical documentation, enabling healthcare providers to focus more on patient care.
  4. Predictive Analytics and AI: IoMT-generated data, combined with advanced analytics and artificial intelligence (AI), provides powerful insights for healthcare decision-making. Machine learning algorithms can analyze vast amounts of patient data to identify patterns, predict disease progression, and support personalized treatment plans. This data-driven approach improves diagnostics, enhances treatment outcomes, and reduces healthcare costs.

Challenges and Security Considerations

While the IoMT brings forth numerous benefits, it also presents challenges and security concerns that must be addressed. Privacy and data security are critical considerations when dealing with sensitive patient information. In addition to privacy concerns, healthcare data is used to devise and implement patient care plans, and incorrect or altered data can result in detrimental, rather than successful care. Robust security measures, including encryption, access controls, and regular system audits, must be implemented to safeguard patient data from potential cyber threats.

The Impact of IoMT on Healthcare Professionals

The Internet of Medical Things (IoMT) not only benefits patients but also has a significant impact on healthcare professionals. With IoMT, healthcare providers can access real-time patient data, allowing for more proactive and informed decision-making. This immediate access to critical information enables doctors and nurses to remotely monitor patients, detect potential issues early on, and intervene promptly. By leveraging IoMT, healthcare professionals can optimize their workflows, reduce administrative burdens, and focus more on delivering quality care to their patients. Additionally, IoMT facilitates collaboration and consultation among healthcare providers. Through secure data sharing and telemedicine applications, specialists from different locations can review patient information, discuss treatment plans, and provide expert advice. This seamless connectivity between healthcare professionals promotes knowledge sharing, enhances diagnosis accuracy, and enables comprehensive, multidisciplinary care. IoMT enables healthcare providers to leverage the collective expertise of a network of professionals, ultimately improving patient outcomes and optimizing resource allocation.

RELATED: Requirements Traceability Diagnostic

IoMT in Remote and Underserved Areas

One of the most significant advantages of IoMT is its potential to address healthcare challenges in remote and underserved areas. In regions with limited access to healthcare facilities, IoMT offers a lifeline by bringing medical expertise and resources virtually. Remote patient monitoring through connected devices enables healthcare professionals to remotely assess patients’ vital signs, chronic conditions, and recovery progress. This capability is particularly valuable for individuals living in rural areas, elderly patients, and those with limited mobility. Furthermore, IoMT can bridge the gap between patients and specialized healthcare services. Through telemedicine, patients in remote locations can consult with medical specialists without the need for long-distance travel. This reduces the burden on patients and their families, improves access to specialized care, and enhances health outcomes. The IoMT’s ability to deliver healthcare remotely has the potential to revolutionize healthcare delivery, ensuring that quality care reaches even the most underserved populations.

The Future of IoMT: Advancements and Opportunities

IoMT is rapidly evolving, with continuous advancements and exciting opportunities on the horizon. As technology progresses, we can expect further integration of IoMT with AI and machine learning algorithms. These advancements will enable more accurate diagnostics, personalized treatment plans, and predictive analytics, leading to precise and targeted healthcare interventions and improved patient outcomes. Moreover, the emergence of 5G technology will play a pivotal role in unlocking the full potential of IoMT. The high-speed and low-latency capabilities of 5G networks will support real-time data transmission, facilitating seamless connectivity between devices and healthcare systems. This will revolutionize telemedicine, remote patient monitoring, and enable new applications such as robotic surgeries and augmented reality-based medical training.


The Internet of Medical Things (IoMT) represents a revolutionary paradigm shift in the healthcare industry, offering immense potential to improve patient care, increase efficiency, and drive positive health outcomes. By harnessing the power of interconnected medical devices, sensors, and advanced analytics, IoMT enables remote patient monitoring, enhances patient engagement, streamlines healthcare delivery, and leverages predictive analytics. Despite challenges, with careful attention to security and privacy, IoMT has the potential to shape the future of healthcare, ushering in an era of personalized, connected, and data-driven medicine.

Digital Thread

In this blog, we preview a section from the new eBook, “CIMdata: Digital Thread in Aerospace and Defense”
Click HERE to download it.

Recent CIMdata research on behalf of the Aerospace and Defense PLM Action Group member companies in collaboration with PTC clearly indicates that digital thread investment within the ecosystem of industrial users, their customers, suppliers, and solution providers is poised for rapid growth. Initial implementations of targeted digital thread solutions have provided proof points of value and essential learnings. Now, rounds of investment are ramping up, guided by these early achievements and with expectations driven by the value potential revealed.

The concept of a digital thread providing automated linkage of multiple representations of a product, each tuned to the needs of various creators and consumers along the lifecycle, is very powerful. Until recently, tracing these linkages has been primarily a manual process, extracting product information from myriad heterogeneous systems and relating them in ad hoc reports. But now, with recent advances in commercial PLM solutions, the digital thread, with automated linkages and traceability, has become a practical possibility, even for industries with complex products, such as aerospace & defense.

In response, industry leaders have implemented targeted digital thread solutions and envision expanding these solutions throughout the product lifecycle. With the newness of this approach there is not much available in the way of lessons learned or value achieved. This lack of real data is a barrier to broader investment within industry. On the solution side, providers are constantly seeking additional insight into investment drivers within industry.

Future Digital Thread Investment Priorities

Looking to the future, industry leaders are taking a broader view of the digital thread’s value potential, with more investment in production and service use cases. They view the next stage as more complex and transformative to their companies. Fortunately, several have been successful in establishing programs that enjoy strong support from a well-informed and motivated senior management. However, many others have not.

All Top 5 pain points being targeted in future implementations relate to accessibility and traceability across data elements, especially traceability of requirements throughout the product lifecycle. Systems engineering is featured prominently in many responses, including ranking as the top new value opportunity being targeted in future digital thread implementations, which aligns with CIMdata’s view that systems engineering is a principal driver of the digital thread.

Digital Thread Investment Priorities

RELATED: Requirements Traceability Diagnostic

Strategies for Success

An area of divergence between industry leaders is in the focus of their implementations. For some, the focus is providing interfaces to source applications to extract and associate product data artifacts and attributes. For others, the key is the association and traceability of dependencies between artifacts in support of a use case. And for a few, the focus is on data governance, which they believe is foundational for enabling a richer and more extensive set of product lifecycle use cases.

The number one inhibitor to formulating and executing a digital thread strategy is “lack of interoperability between different vendors’ tools and systems.” The number one proposed means for mitigation is to “increase support of standards.”

Images showing digital thread bar chart for strategies for success

Solution Technologies

Key Technical Considerations

Core to the value of digital thread is traceability across multidiscipline sources and derivative product-related artifacts along the product lifecycle and throughout the extended enterprise.

The digital thread value landscape is distributed across a heterogeneous value chain from customer to OEM to partners and multiple tiers of suppliers. This reality drives the need for data interoperability and elevates the importance of standards and openness of enabling solution architectures.

Proven technical solutions exist for enabling the digital thread, and leading solution providers are investing heavily in research guided strategies and roadmaps to further strengthen their offerings.

Data is the foundation of the digital thread. This reality elevates the importance of sound data governance and a cleansed repository, especially as use case implementations proliferate and must be interlinked into an extended thread.

Bar chart showing Product Lifecycle Data stats

Technologies in Use Today

The technologies used to link product lifecycle data segregate into three tiers as shown in Figure 16. The top tier, which has the longest history, includes PLM and PDM, followed by ERP, and custom applications. The middle tier consists of application and data integration tools. These are followed by the third tier of newer specialty technologies for combining data from multiple sources and establishing linkages and traceability. We can expect the ranking of these specialty technologies to rise significantly over the next few years.

Solution Capability and Provider Alignment

Attitudes on the topic of solution capability and provider alignment are mixed. Some industry leaders are quite critical, especially regarding data model accessibility and flexibility to comply with a corporate data governance strategy. Other interviewees are somewhat neutral or slightly positive. They feel that some providers are moving in the right direction; some are not. Several feel that solution capabilities have improved significantly overall in the last 5-10 years and that, despite some remaining gaps, are now fully capable. Some express satisfaction that “good partnering” is happening.

RELATED: Reduce Project Risk in the Product Development Process

Jama Software® Solutions

Jama Software®’s industry-leading platform, Jama Connect®, helps teams manage requirements with Live Traceability™ through the systems development process for proven cycle time reduction and quality improvement. The number-one problem product engineering organizations face is managing requirements traceability spanning siloed teams and tools (e.g., design, hardware, software, test, risk, quality) which creates an increased risk of negative outcomes such as extensive rework, delays, and cost overruns.

Jama Connect enables digital engineering for innovative organizations in aerospace, automotive, medical, and industrial verticals. The future of product development relies on agile and transformative digital engineering techniques. Jama Connect helps customers solve their toughest challenges and simplify complex mission-critical system development across complex partner and supplier ecosystems.

Jama Connect seamlessly integrates with the product development technology stack. Organizations can take advantage of Jama Connect’s integration solutions with market-leading tools for design and simulation, task management, lifecycle management, quality assurance, and testing. Teams can work in their preferred tools while ensuring all requirements are verified and validated to achieve complete traceability.

V Model image showing Jama Connect integrating with several additional platforms

Live Traceability with Jama Connect Delivers:
  • 1.8X faster time to defect detection
  • 2.1X faster time to execute test cases
  • 2.4X lower test case failure rates
  • 3.6X higher verification coverage

Jama Software’s benchmark study for monitoring and measuring traceability through its Traceability Score™ has shown that companies that have a higher traceability score in the digital thread have faster cycle times and defect detections. This allows companies to be nimble and be twice as fast in releasing products vs. companies that do not monitor and measure traceability in their product lifecycle. Requirements Traceability Benchmark

This has been an excerpt from the eBook, “CIMdata: Digital Thread in Aerospace and Defense”
Click HERE to download the full version.

INCOSE Handbook Overview

In this blog, we discuss INCOSE’s System Engineering Handbook V5. To download this handbook, click HERE.

Empowering Engineers: Exploring INCOSE Systems Engineering Handbook V5

What is INCOSE?

The International Council on Systems Engineering (INCOSE) was founded as a collaborative effort to bring systems engineers together and provide them with resources to progress in their field. Their mission is to cultivate a strong network of professionals, supply educational materials, and create tools that will help systems engineers be successful. INCOSE is dedicated to elevating the global profile of the systems engineering (SE) profession.

RELATED: A Guide to Good Systems Engineering Best Practices: The Basics and Beyond

INCOSE Systems Engineering Handbook

According to INCOSE, the Systems Engineering Handbook “shows what each systems engineering process activity entails in the context of designing for affordability and performance. On some projects, a given activity may be performed very informally (e.g., on the back of an envelope, or in an engineer’s notebook); or, on other projects, a more formal response is required with interim products under formal configuration control.”

The handbook provides assistance for individuals of various backgrounds and experience levels, such as those just beginning their systems engineering journey, engineers from different disciplines needing to apply the principles of systems engineering, and experienced engineers looking for a handy reference.

INCOSE Systems Engineering Handbook V5

The newly released INCOSE Systems Engineering Handbook V5 is a comprehensive guide to the discipline of SE which outlines the current best practices and serves as an informative reference for understanding SE in terms of content and application.

Some of the topics included in the latest handbook include:

  • Elaboration on the key systems life cycle processes described in ISO/IEC/IEEE 15288:2023;
  • Chapters covering key systems engineering concepts, system lifecycle processes and methods, tailoring and application considerations, systems engineering in practice; and
  • Appendices, including an N2 diagram of the systems engineering processes and a detailed topical index.

DOWNLOAD: INCOSE Systems Engineering Handbook V5

Applying INCOSE Standards Using Jama Connect Advisor™

System engineers focus on making each of the individual systems work together into an integrated whole that performs as expected across the lifecycle of the product. In order to deliver successful products, they need the right user needs and requirements. Efficient, precise, and professionally written requirements form the foundation of the product development process so that various teams (design, software, and hardware systems) can all work together with a shared and clear understanding of the project goals.

Jama Connect Advisor™ is a state-of-the-art requirements authoring guide and optimizer powered by natural language processing for engineering that helps a system engineer or a product developer write effective, well-organized requirement specifications based on industry-accepted INCOSE rules and the EARS (Easy Approach to Requirements Syntax) notation.

To learn more, download our Jama Connect Advisor™ datasheet.

In this blog, we recap our webinar, “Effectively Managing Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries”. Click HERE to watch the entire thing.

If you’re in the automotive or semiconductor industries – cybersecurity is likely top of mind.

During this informative session Effectively Managing Cybersecurity in Jama Connect for Automotive and Semiconductor Industries, Kevin Dibble, Principal Consultant at Reinnovate Consulting, and Matt Mickle, Director of Automotive Solutions at Jama Software®, offer insights on how the right tooling solution can make a difference in managing a cybersecurity case.

In this webinar, attendees will see exactly how to:

  • Define cybersecurity goals, requirements, and concepts
  • Conduct threat analysis and risk assessment
  • Establish traceability to the architecture design and verification/validation of cybersecurity measures
  • Document the cybersecurity case and manage changes
  • Identify and classify assets for the subject of the cybersecurity case
  • Discover how Jama Connect can help you optimize your cybersecurity processes and stay ahead in the Automotive and Semiconductor industries.

Below is an abbreviated transcript of our webinar.

Effectively Managing Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries

Kevin Dibble: Well, first I’m going to talk about what we’re going to talk about, so these are the topics that we’re going to cover. And without reading this slide, really we’re going to cover the development life cycle of creating, the example we’re going to use is a 48-volt power assist system. You might also think of it as a battery management system. And so I’ll go over the agenda, but what you can see on the is we’re going to cover everything from the planning in the case through the TARA work and down through the left side of the V and some of the right side of the V activities as well. And here’s how we’re going to do it. First, to get everyone oriented to 21434, we’re going to talk about the standard itself briefly and highlight some of the benefits of implementing a cybersecurity case in a tool, in a requirement management tool.

Then we’ve got some workflows to look at, the steps of the development life cycle for 21434 from the perspective of an OEM and then again from the perspective of a tier one. And then Matt is going to show the work products, the traceability, and what we’ve talked about at the beginning actually in the tool in a built-out project for a 40 volt power assist system. And then we’ll finish with some takeaways. So that’s what’s on tap for today. And so I want to make the case for managing cybersecurity and the cybersecurity case and the work products in a requirements management tool. So I’m going to just look at each one of these points. The first item is to improve collaboration between OEMs, tier ones, and tier twos.

Jama Connect supports ReqIF, which can be used for bidirectional communication of requirements, item definitions, et cetera, as well as updates to those assets. And so it supports better collaboration. One thing that Jama promotes is this idea of trace as you go. So traceability is not an afterthought handled by a requirement engineer at the end of the project that takes weeks to implement on a complex project. It’s something that the engineers are doing as they’re creating the requirements tracing to parent requirements, design blocks for requirement allocation, et cetera. And so this tool supports that traces you go methodology along with some views of the progress of tracing.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

Dibble: The impact analysis is a powerful tool when you trace as you go and the requirements left and right side V model assets are linked together. Then running impact analysis reports as changes come in midstream in programs, which they do in automotive for sure. You get that as a benefit. Like I mentioned earlier, requirements allocation. So allocating requirements to design blocks or interconnecting the requirement management system to design tools and doing allocation in those tools like Design Architect gives you some powerful analytics like test coverage reports automatically generated. Also connecting the tools through connectors gives you a toolchain view instead of disjointed tool. And finally, Jama Connect offers some analytics that we’ll see some of these in the demo that will give you a very clear indication of where you are in the project, especially in terms of requirements that are allocated, tests that have been covering requirements, and so on and so forth.

So with that, I’m going to orient everybody to 21434 in terms of the V model, which it’s centered on, and two other standards that you may be more familiar with. ISO 26262 and Automotive ASPICE. And so just a couple things here. If you are familiar with these other two standards, you’ll see that 21434 fits nicely alongside and that was intended by the ISO folks that did the standard. They very much aligned it with ISO 26262, and really even in nomenclature. So whereas in safety we have safety goals, in security we have security goals, in safety, we have the HARA, the hazard and risk assessment. In cybersecurity, we have the TARA, threat, and risk assessment, and so on and so forth. And also the common supporting processes like configuration management, change management, project management, document management, even confidence in use of software tools that all of these standards rely on are again repeated and required in 21434.

RELATED: A Guide to Road Vehicle Cybersecurity According to ISO 21434

Dibble: So just some basic organization of the standard in terms of the V model and then we’ll look at it in one more view in terms… this is directly out of ISO. And at Jama, we’ve added some color coding and I’m going to explain that. And so if you’re not familiar with this view, 21434 is oriented by clauses and sub-clauses. And so you can see the clause here like clause five is organizational, that’s policy and tool management and quality management and things. And then clause six, et cetera, and on down, that’s how this is organized. Jama has capabilities that support these sub-clauses. And so we’ve used a color system here to highlight that. The sub-clauses that are colored in green are fully supported and in fact, recommended to implement in Jama. The yellow are optional, they could be implemented in Jama.

And for most of these, we have customers that are implementing these types of things in Jama, but they also use other systems to implement them. And then this kind of yellow-green is partially supported. Jama can support some of the requirements but not all. And then of course red is not recommended for support in Jama and it’s usually house and other tools or things like production tools, et cetera. Okay, so what Jama brings to the table in terms of capabilities to support these green and yellow items are document building and generation. So the document management functionality as well as the exporting functionality. As you’ll see in the demo, you can export what has been entered in a requirements tree or in one view can be exported into a more of a document-style view that perhaps suppliers or other people might want to consume.

It has built-in collaboration tools for reviewing, which is very important because 21434, like 26262 requires review records, and all the work products are reviewed. Traceability and impact analysis, I already talked about. VNV verification and validation with the test manager tool as well as interconnections to other tools and analytics. There’s a nice support for the right side of the V activities. Using a common tool does bring alignment between different engineering disciplines, whether it’s hardware, software in systems, or if it’s QA tests and V&V activities versus development activities. Release planning and coverage through dashboards and status metrics and then of course baselining and reuse and whatnot.

And so this slide shows all of the items from the previous slide that were recommended or are optional and just shows how they would look in a project tree format. Again, Matt’s going to go through most of these items for our 48-volt power assist item that we’ve built out. Okay, one of the important features of Jama Connect as well as any requirement management tool is the ability to develop traceability. Here we’re showing the traceability model, which is their traceability models come with the product, but they also can be customized. And then I’ve got a little animation here to show for cybersecurity, some of those standard parts and tying them back to the standard. So for instance, in the model, I don’t know, it’s small print, but you can probably see cybersecurity asset, attack path, damage scenario, threat scenario. Those all correspond to the TARA and here are the sections that those are discussed in.

To watch the entire webinar, visit:

Effectively Managing Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries

Curious to learn how the Medical Device Framework in Jama Connect® can help streamline your compliance efforts and ensure your products meet necessary regulatory requirements?

During this informative session, Vincent Balgos, Director of Medical Device Solutions at Jama Software® discusses the latest solution offerings for Medical Device and Life Sciences in Jama Connect, including:

  • Updated Software as Medical Device (SaMD) framework incorporating readily available off-the-shelf elements for workflow and efficiency
  • Newly developed Research Use Only (RUO) and In-Vitro Diagnostics (IVD) frameworks
  • Refined solution enhancements, including new and updated report templates
  • Self-guided onboarding framework to assist new users in Jama Connect

Discover how Jama Connect can help you optimize compliance and regulatory processes, helping you stay ahead in the constantly evolving medical device industry.

Below is an abbreviated transcript and a recording of our webinar.

Elevating Your Medical Device and Life Sciences Product Development Processes with Jama Connect®

Vincent Balgos: For today’s webinar, I’d like to talk about our updates to our Medical Device and Life Sciences Solution 2.0. For the agenda, there are quite a few improvements I’d like to share with you today. The first one is really just kind of talking about general overview and general improvements in terms of risk, some new features that we’ve enabled with Jama Connect, but also some new and updated solutions such as Software as a Medical Device, Research Use Only, and our new self-guided onboarding framework.

So the intent of the update is to continually improve Jama solution to the medical device and life sciences industries based on a variety of factors, including new Jama Connect features and abilities that help streamline general product development processes and industry best practices. Also adapts to the ever-evolving regulations such as MDR, IVDR, and potential changes to the lab developed test area. We’ll talk about more of this in the ROU space. We’ve also included internal research and internal experience with over 80 years of industry experience from the internal Jama team. And lastly, we’ve also incorporated some feedback from customers like yourselves on best practices, innovative solutions, and new use cases. So thank you ahead of time and please continue to contribute via the Jama Community Ideation page or discussion with Jama folks.

These solutions that are presented are compatible and available with Jama Connect for both our cloud customers, both the standard and validated, and our self-hosted environments. Some highlighted features may require version updates, and this is really particular to our self-hosted customers with legacy versions.

RELATED: The Top 5 Challenges in Digital Health Solution Development

Balgos: So what I’d like to first talk about is the general organization and layout. So what I’m going to do is come back between screens, between the PowerPoint and the actual, the demo itself.

So the first thing I want to show is the general organization and layout of our new Medical Device Framework 2.0. The first thing I want to show is when we go ahead and take a look, you’ll see here in this new folder we have something enumerated Medical Device Framework 2.0, that actually has our new Medical Device Framework and our other additional popular framework such as SAMD and Consumables Framework.

The other folder to mention is really kind of our new use case library that highlights additional use cases that we’ve seen across our 300 plus customers and their practices using Jama Connect. We’ll deep dive into each one of these very shortly. We’ve also archived the current… sorry, the previous Medical Device Framework 1.0 for your reference only.

So now let’s go ahead and dive into the overview of the MDF 2.0. So I’m going to jump into the tool. And as you can see here right on the screen, we’ve updated the relationship rule diagram with some minor improvements. The first thing we’ve done is really streamline the risk stream where we remove the validation trace and trace this now to an external resource item type. The purpose of this item type is a general documentation catch call for a lot of various traces that you may have. The most common example is associated with risk. So as many of you may know, not all risk controls are requirements. So we still need a way to trace to these non-requirement risk controls. These controls could be IFUs or instructions for use, training, labeling, or labeling and packaging, et cetera, and may vary depending on your risk management procedures. This provides additional risk coverage traceability that provides flexibility for your organization.

RELATED: Jama Connect® for Digital Health Solution Overview

Balgos: Another thing that we’ve done is actually updated our hazards library to include general hazards identified in 14971. As you can see here on the screen, we’ve now populated the general hazards identified in 14971 based on the information that you have. So you have pretty much a starting place with your hazard library that you have here.

The next item that I’d like to talk about is actually this new feature called the Risk Lookup Matrix. Available in 8.754, this features allows a new lookup matrix risk analysis approach that automatically outputs the desired content based on a pre-configured lookup table. This really aligns with 14971. Let me show you a quick demo of this because we’ve now implemented this as part of our Medical Device Framework 2.0.

RELATED: The Importance of Benefit-Risk Analysis in Medical Device Development

Balgos: As you can see here on the screen, I have a new item type called Risk Evaluation 2.0 that kind of, again, follows the general 14971 schema of hazardous sequence of events, hazardous situations harmed. But here is now where we’ve implemented this new lookup matrix feature where now I’ve now identified the input pick lists where I may be able to change this, and then that automatically updates my risk level based off that matrix. So for example here, if I went ahead and increases the frequency and I increase my severity from here over here, and this one as well, I can see that both my P total and risk analysis has been updated per the lookup matrix. We have an additional features [inaudible 00:07:27] video that showcases a little bit more. So we definitely encourage you to look at that further.

The other thing that we wanted to share with particularly this medical device update is we have now included pre-configured FMEA item types for ease of implementation for your risk processes. If I go ahead and look into my admin area, what I mean by this is when I look at my item type, I’ve now included pre-configured DFMEAs, process FMEAs, and use FMEAs that you may configure based on your organization. This just allows for streamlining of your risk measures processing quickly to Jama Connect.

To watch the entire webinar, visit
Elevating Your Medical Device and Life Sciences Product Development Processes with Jama Connect®

Digital Thread

In this blog, we recap the “New Research Findings: The Impact of Live Traceability™ on the Digital Thread” webinar.

Examine new industry research that highlights the reasons for the growing interest in digital thread and learn how Live Traceability™ enables the digital thread to reduce risk, save cycle time, and improve product quality.
The digital thread is a measurable data-driven architecture that links together information generated from across the product lifecycle and is envisioned to be the primary or authoritative data and communication platform for a company’s products at any instance of time.

During this session, James Roche, Practice Director of Aerospace & Defense at CIMdata, Inc and Cary Bryczek, Director of Aerospace & Defense Solutions at Jama Software®, report on key findings from recent research on digital thread conducted by CIMdata on behalf of the Aerospace and Defense PLM Action Group — and in collaboration with Jama Software and other solution providers. The shared objective of this research was to gain an understanding of the needs and opportunities within industry that will inform digital thread solution strategies and roadmaps and guide industrial implementations.

Finally, learn how Jama Software’s industry-leading platform, Jama Connect®, helps teams manage requirements with Live Traceability across the systems development process for proven cycle time reduction and quality improvement.

Below is an abbreviated transcript and a recording of our webinar.

New Research Findings: The Impact of Live Traceability™ on the Digital Thread

James Roche: Thank you to Jama Software for inviting me to participate in today’s discussion of the exciting and important topic of digital thread. In this presentation, we’ll report key findings from recent research on the topic of digital thread conducted by CIMdata on behalf of the aerospace and defense PLM action group member companies in collaboration with Jama Software and other PLM solution providers. We’ll begin with an introduction of how this research came about, who sponsored it, and for what purpose. We’ll explain how the information was gathered and from whom. Then we’ll review the key findings from the research in various categories as shown here, the what and why of the digital thread, the current reality, planning future investments, and solution capability and provider alignment with the needs and strategies of their industrial customers.

I will then turn the session over to my colleague from Jama Software, Cary Bryzcek. The initiators and prime sponsors of this research are seven A&D OEMs who are the current members of the Aerospace and Defense PLM Action Group. Since its founding in 2014, the A&D PLM Action Group has sponsored research and jointly staffed projects on topics such as model-based definition, multiple-view bill of materials, PLM technology obsolescence management, global collaboration, model-based system engineering, and digital twin digital thread. The members regularly interact with the principal PLM solution providers in project collaborations and executive level strategic discussions.

RELATED: Jama Connect® for Air, Land, Sea, and Space Datasheet

Roche: The group’s leadership has recently determined to expand its reach into the PLM solution provider community, and engage in collaborative research and dialogue on strategic topics. The topic selected for this program was digital thread. We know that investment in digital thread today is real and substantial, and the level of investment will continue to rise. That reality positions digital thread as an emerging strategic opportunity within the PLM ecosystem. To invest effectively in solution development as a software provider, or solution implementation as an industrial user requires insight into current state enablers and barriers and future investment drivers.

The shared objective of this research was to gain understanding of needs and opportunities within industry that will inform digital thread solution strategy and roadmap, and guide industrial implementations. The project used two methods of gathering information, subject matter expert interviews and an online survey. Interviews were conducted by CIMdata with three communities, the participating solution providers, key A&D customers nominated by the participating sponsors, and the A&D action group member companies. The second method of information gathering was through a web-based survey targeted toward a broader community beyond practitioners in industry. The learnings from the interviews were applied to develop the line of inquiry for the web-based survey.

RELATED: Extending Live Traceability™ to Product Lifecycle Management (PLM) with Jama Connect®

Roche: CIMdata conducted a total of 15 interviews, five with the solution provider sponsors, five with their key customers, and five with A&D action group members. A total of 90 complete and validated survey responses were received and have been analyzed. Review of the names of the companies represented and the positions held by the interviewees and survey respondents confirms that the information received is representative of the most influential companies and leading thinkers within the aerospace and defense industry. The survey was open to all industries, but it was targeted toward and most heavily promoted within aerospace and defense, and nearly 60% of responses were from that industry. The response distribution was evenly spread across companies’ size by revenue.

We began our interviews and the survey with an exploration of the what and the why of digital thread. The conceptual understanding of digital thread within industry is very immature. All interviews began with a question, “What is your definition of digital thread,” which yielded 15 different definitions. Nearly half of the company’s survey do not have a commonly accepted definition of digital thread, and less than 10% use the published definition. Our search for the reasons for digital thread’s rise to prominence revealed the traditional drivers such as product complexity, time to market and search for efficiencies are clearly still in play, but new realities such as rising customer expectations as evidenced in the DOD’s digital engineering strategy with an authoritative source of truth, and new enabling technologies are major drivers of the digital thread’s rise to prominence.

Among specialists, there is a broad shared perception of what digital thread does, and what a digital thread is. The most prominent characteristic of what a digital thread is and what it does relate to establishing linkages and traceability between product data. Interestingly, if you combine the most prominent characteristics of what a digital thread does, you have a reasonable definition of the digital thread, establishes traceability of product information across multiple domains in the lifecycle, mechanical, electrical or electronic software and firmware to provide meaningful relationship connections between a product’s digital assets. Our research examined the current and expanding digital thread value footprint in three dimensions, program stage, data, and use cases.

To watch the entire webinar, visit
New Research Findings: The Impact of Live Traceability™ on the Digital Thread


What is DevSecOps? A Guide to Building Secure Software

DevSecOps has gained popularity as a secure and dependable software development methodology in the fast-paced world of software development. But what is DevSecOps really, and why is it so crucial?

DevOps is a set of techniques that stresses collaboration and automation between development and operations teams. DevSecOps is the integration of security practices into this methodology. DevSecOps seeks to establish a security culture that guarantees the software is secure and complies with compliance standards by integrating security into every phase of the software development lifecycle, from planning through deployment.


RELATED: Practical Guide for Implementing Software Validation in Medical Devices: From FDA Guidance to Real-World Application – Part I

What are the advantages of DevSecOps?

The ability to identify and address security risks earlier in the development process is one of the main advantages of DevSecOps. This means that security is incorporated into the software at the outset instead of being added later, which can be expensive and time-consuming. Also, DevSecOps plays a big role in decreased risk of security breaches and data leaks by identifying vulnerabilities earlier.

The fact that DevSecOps helps to ensure compliance with laws and standards is another crucial feature of the practice. In many businesses, especially those that deal with sensitive or private data, including healthcare and banking, compliance is becoming more and more crucial. DevSecOps aids in ensuring that the software complies with requirements by incorporating compliance into the development process.

How does DevSecOps work?

What does DevSecOps look like in practice? DevSecOps is fundamentally about cooperation and communication between teams working on development, security, and operations. This implies that everyone bears some kind of responsibility for security, not just the security team. Instead of adding security features later, development teams collaborate with security and operations teams to incorporate security into the software from the start.

The automation of DevSecOps is a crucial element. Automation makes the development process more efficient, reduces errors, and ensures consistency. DevSecOps can aid in the quicker and more precise detection of vulnerabilities and threats by automating security testing and other security operations.

RELATED: Why it Makes Sense to Store Cybersecurity Risk Management Items Inside a Requirements Management System

Ongoing Monitoring with DevSecOps

Continuous monitoring is a key component of DevSecOps. This means that maintaining security involves ongoing monitoring and improvement rather than being a one-time action. DevSecOps can assist in identifying and mitigating risks before they turn into significant concerns by continuously monitoring the program for security threats and vulnerabilities.

DevSecOps also depends on a culture that values security. As a result, security is more than just a collection of guidelines; it’s also a way of thinking and conducting business. Organizations may ensure that security is always a top priority and that everyone is aware of the significance of security in their work by developing a culture of security.

DevSecOps is a vital method of software development that places an emphasis on teamwork, automation, and constant monitoring. DevSecOps contributes to the creation of a security culture that guarantees the software is secure and complies with regulatory standards by integrating security into every phase of the software development lifecycle. Organizations that implement DevSecOps are well-positioned to produce secure and dependable software that satisfies the needs of their stakeholders and customers given the growing relevance of security in today’s society.

There are numerous online resources, like blogs, podcasts, and online courses, that you may use to learn more about DevSecOps. In the world of DevSecOps, there is something for everyone, whether you are a developer, security expert, or operations specialist.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by McKenzie Jonsson.


ARP4754A / ED-79A: Enhancing Safety in Aviation Development

Safety is always put first in the aviation sector. Strict adherence to rules and demanding standards helps to preserve this commitment to safety. This is where ARP4754A, a significant standard, comes into play. In this blog post, we will discuss the importance and function of ARP4754A (and its EASA equivalent ED-79A, henceforth ARP4754A) and how it impacts the design of civil aircraft and systems.

Understanding ARP4754

ARP4754A, commonly known as “Guidelines for Development of Civil Aircraft and Systems,” is an industry standard published by SAE International. Its goal is to create a structured procedure for the development and certification of aircraft and related equipment in order to guarantee adherence to safety rules. From initial concept to final certification, these rules are intended to serve as a reference for engineers, designers, and manufacturers. ARP4754A is recognized as an appropriate standard for aircraft system development and certification. The corresponding EASA Acceptable Means of Compliance AMC 25.1309 (included as a section of CS-25) does recognize ARP4754/ED–79 as well.

RELATED: Jama Connect® Airborne Systems Solution Overview

Purpose and Objectives

ARP4754A’s main goal is to increase aviation safety by encouraging a methodical and uniform approach to designing and developing aircraft and systems. It aims to reduce risks and dangers related to aircraft operations by resolving potential flaws and vulnerabilities. The standard’s goals consist of:

  • Safety Assessment: ARP4754A stresses performing in-depth safety evaluations to pinpoint dangers, weigh the risks, and put in place the right countermeasures. Revision A, specifically addresses functional safety and the design assurance process.
  • System Development: It offers recommendations for the development of aviation systems, including requirements management, verification and validation, and configuration management.
  • Considerations for Certification: ARP4754A guarantees that systems and aircraft adhere to legal criteria and certification procedures, supporting their secure integration into the aviation industry.

Development Lifecycle

The development lifecycle outlined by ARP4754A recommends adherence to established systems engineering principles and emphasizes the significance of iterative and incremental procedures, stakeholder collaboration, and requirement traceability throughout the lifecycle stages. The typical key processes covered by ARP4754A are well-defined:

  • Planning Process: This stage defines the means of producing an aircraft or system which will satisfy the aircraft/system requirements and provide the level of confidence which is consistent with airworthiness requirements.
  • Safety Assessment Process: Prescribes close interactions between the safety assessment process and system development process to capture safety requirements imposed on the design.
  • Architecture Planning and Development: The system architecture is established, including hardware, software, and interfaces
  • Requirements Process: Detailed system requirements are defined, considering functional, performance, security, and safety aspects.
  • Design Process: Detailed hardware and software item requirements are defined and allocated to system requirements.
  • Implementation Process: The system components are developed, integrated, and tested according to the defined design requirements.
  • Verification and Validation Process: This includes the activities necessary to demonstrate that the item requirements are complete, correct, and consistent with the system needs and architecture.
  • Integral Processes: ARP4754A describes additional processes that are applicable across all of the above processes. They are: Safety Assessment; Development Assurance Level Assignment; Requirements Capture; Requirements Validation; Configuration Management; Process Assurance; Certification & Regulatory Authority Coordination

RELATED: What Are DO-178C and ED-12C?

Impact on Aviation Safety

The policy related to ARP4754A plays a crucial role in ensuring safety in the aviation industry. It employs a step-by-step approach to identify and address potential hazards and risks during the early stages of development. This policy prioritizes safety assessments, risk reduction, and thorough testing, ultimately minimizing the chances of any mishaps or incidents in practical scenarios.

Moreover, ARP4754A promotes a culture of collaboration where stakeholders can effectively share knowledge and communicate throughout the development process. This ensures that safety concerns are addressed, and all parties involved have a clear understanding of their respective roles and responsibilities. The result is a coordinated effort that leads to a successful outcome.


The aviation industry relies heavily on ARP4754A as a fundamental benchmark and acceptable means of compliance for the development of civil aircraft and systems. By adhering to a structured approach to development, it ensures aviation safety and minimizes possible risks. Its systematic lifecycle stages, emphasis on safety assessments, and compliance with certification requirements significantly contribute to the overall reliability and integrity of aviation products. Even as the aviation industry progresses, ARP4754A remains a critical reference point, promoting a safety-first mindset and reinforcing the industry’s dedication to passenger safety.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Decoteau Wilkerson and Cary Bryczek.

Learn how Jama Connect can be used to carry out ARP4754A: Digital Transformation and the Importance of Requirements Management Within the DoD