Tag Archive for: Compliance & Regulation

In this image, we show a vehicle lit up by several digital points to portray automotive & semiconductor trends.

In the world of automotive and semiconductors, where the pace of technological innovation seems to accelerate daily, staying ahead of trends is critical. That’s why we sat down with Neil Stroud, Jama Software’s industry expert with decades of experience spanning major players like Intel, Arm, and Samsung. Neil has been at the forefront of the functional safety and semiconductor evolution, witnessing firsthand the challenges and transformative changes that shape these industries.

In this exclusive interview, Neil shares his unique perspective on the latest industry dynamics, the impact of global supply constraints, and how the automotive industry’s strategic relationships with semiconductor vendors are evolving. He also discusses Jama Software’s role in helping both sectors address increasingly complex requirements and integration challenges, driving efficiency and reducing risk across the supply chain. Join us in exploring how Jama Connect empowers companies to manage complexity, enhance traceability, and accelerate their time to market.

Driving Innovation: Quarterly Automotive & Semiconductor Trends with Neil Stroud

Kenzie Jonsson: Thanks for sitting down with me today, Neil! I’d love it if you could spend a little bit of time telling us about your background and career path.

Neil Stroud: Prior to joining Jama Software back in April of this year, I’d spent most of my career in the semiconductor industry, working for companies like Samsung, NEC, and PMC-Sierra. I also spent 12 years with Intel, and then moved into the IP space with Arm who are one of the key players in semiconductor IP. Directly before joining Jama Software, I spent time with CoreAVI, a niche software company in the safety-critical graphics space. Almost twenty years of my career has been spent in the functional safety domain. It wasn’t by design; it was more by accident. I didn’t set out to get into that domain at all. It all came about through my time at Intel where I was calling on a big industrial automation company and they asked me the question, “Hey, so when are you going to start supporting functional safety with Intel architecture?”

Of course, at that point, I didn’t know what it was, what it meant, what it was all about. One thing led to another, and I stumbled into the world of functional safety and was given a great opportunity at Intel to go… I was going to say, go and lead it, but it was more me volunteering and saying, I think we should be doing this. And Intel the senior leadership at Intel saying, “Oh, go on then, go do it.” That’s exactly what I did. So, it was quite nice because you’re acting as a startup within the safety of a big corporation like Intel. At that point you start to look at the fundamentals – what does safety look like? What do we need to do as a company? How do we sell it? How do we make money out of it? What are the technical issues? What problems are the industry facing? That kind of stuff. So, I pretty much became a GM of my own startup at that point, which was a great experience.

That was back in the day when complex semiconductor functional safety wasn’t really a thing. So, we were blazing the trail, not just for Intel but for the whole industry. So, little did I know back then where it would lead. It’s been so much fun. That’s also what took me to Arm – to drive the whole functional safety strategy across their ecosystem. So, all of that obviously led me into adjacent businesses especially automotive, as safety is of paramount importance where I worked with the big OEMs and throughout the supply chain. Now here I am at Jama Software bringing all of that experience of semiconductor, automotive, and software and apply that into the requirements management tools domain to drive our presence and growth in the automotive and semiconductor segments.


RELATED: Jama Connect for Automotive


Jonsson: What changes have you been part of at Jama Software recently to help us better meet the needs of our customers?

Stroud: It’s a really interesting time to join Jama Software. Obviously, we’ve been successful as a company over the preceding years. I’m amazed by the number of different market segments that are using Jama Connect. There are some obvious ones like automotive, semiconductor, medical, consumer electronics, and aerospace and defense. But there are some emerging segments as well, which is great to see, like insurance companies and state departments and beyond. Clearly, Jama Connect is a tool that transcends verticals. But of course, we need to be able to tweak and tailor that to accommodate the unique needs of each market segment. Functional safety and cybersecurity are great examples of these differences. That’s what’s exciting as part of the change with Francisco Partners acquiring us back in April for $1.2 billion. That to me is a leading indicator that they’re betting on us to continue growing and we are investing heavily to continue to delight our current customers and of course help new customers achieve new levels of innovation. Placing that bet is exciting for all of us at the company. As a result, one of the changes we made at that time was to really double down on the vertical focus. So, bringing in an organizational structure that allows us to do and in turn drive even more alignment with the needs of each market segment.

It’s good for us. But more importantly, it’s good for the customers because we can talk in their language, we can better understand their problems, and of course we can partner with them to solve their problems. And that in turn means tailoring our product to better suit their needs. So, it’s a win-win. It’s a confirmation of the importance of those verticals to Jama Software and sends a clear message to that we are listening and here to partner with them on their growth journey. So, it’s exciting for me and I see that excitement across the whole company.

Jonsson: Can you tell us what you’re seeing in the industry with the conversations that you’re having with our customers and prospects?

Stroud: Well, I cover both automotive and semiconductor industries. There’s obviously a lot of overlap between the two, and I think that’s an increasing trend we’ve seen over the last few years. The automotive guys have been building a lot more of a strategic relationship with the semiconductor vendors. Not least because when the supply constraints kicked in a couple of years ago, production lines were coming to a halt because they couldn’t get hold of the smallest, tiniest, cheapest components. And at that point, it is interesting how it created a real forcing function. The automotive segment said at that point, “Right, we aren’t going to get burnt again.”

So, they did one or two things. Some went out and tried to tie down the semiconductor vendors contractually to say, “Look, in the event that this happens again,..” and it will happen again because the semiconductor industry tends to work on about a seven-year cycle of oversupply versus constraint, “we want to guarantee our component supply.” The car OEMs and tier-one suppliers obviously didn’t want to get caught in that again. I don’t have visibility into how successful those discussions were, but I don’t think it will necessarily prevent a recurrence. The good news is that there is huge investment going into building new fabs that will provide significant capacity increases in the coming years.

The other interesting dynamic that happened was some of the auto guys said, “Well, screw that. We’re going to do our own silicon.” It sounds easy when you say it quickly, but there’s an awful lot to it when you commit to that solution. Questions like, “Okay, so how are you going to do that?”, “Are we going to go and engage with a design house or we’re going to hire a team of semiconductor design engineers,” “Which fab supplier will we use?” “Will they guarantee supply?”

It’s not a trivial undertaking and to make it work from an ROI perspective it’s probably a ten-year journey. And in the meantime, you’ve still got to work with what you’ve got. The other issue is once you get down that path, you are committed and it’s an expensive commitment to make. The downside is you don’t get the benefit of volume that the big guys like Qualcomm, Samsung, MediaTek, or NVIDIA can offer you. They build millions and millions of chips and can amortize the cost across many customers and markets. If you’re building your own, you don’t get that advantage, but you mostly own your own destiny. So, pros and cons.

So that’s one dynamic. I think the other dynamic we’ve seen in automotive generally over the last five years is a repositioning of what’s important. If we go back, even just five years, we all thought we would be driving autonomous vehicles right now. There’d be mass deployment. You and I would both have one on the drive. Of course, that hasn’t happened because we all realized how difficult it is. I think we were in denial for a while, but that forced us to pivot to solving the software defined vehicle challenge. If we can get that taken care of, then that kind of leads us to the autonomous world anyway. And we can solve it in bite-sized chunks. So thankfully the automotive industry and the semiconductor industry, and probably lots of other industries now are focused on a software-defined vehicle as an intermediate step.

Solving this challenge doesn’t just apply to road vehicles. I think when you look at industrial automation, that’s the same. Do they want to get full autonomy? Of course they do. Is it a challenge? Yeah, it is. So, software-defined has a role to play there. Same in A&D, same in a lot of the other verticals. So, there are a lot of synergies between the verticals as well. That created, I think, clarity, but it also created a seismic shift for the car OEMs in that the OEMs themselves, and I’m talking more about the incumbent suppliers, the big guys like VW, Mercedes, Ford, GM and others. History shows they’re so used to being completely in charge of their own destiny – when you need something, you just put a team together and you go build it. Those days are gone. You look at complexity in a modern vehicle, whether it’s the hardware or the software, you just can’t do that these days. It’s not scalable.

So, you have to rely on the supply chain to drive the innovation and deliver those pieces, those elements, and then you as the OEM have to integrate them. But that’s not a world they’re used to. And it obviously introduces a whole world of complexity.


RELATED: Compliance Made Easy with Jama Connect for Automotive and Semiconductor Development


Stroud: That’s another area where using Jama Software really pays dividends to ensure the whole supply chain is seamlessly connected from a requirements perspective resulting in faster design and delivery across multiple vendors and a better-quality product overall. A modern vehicle can have upwards of 100 million lines of code going into a modern high-end vehicle and this is increasing exponentially. Those software elements are coming from a hundred different vendors. Some of those are safety-related, and some of those are security-related. All of a sudden as an OEM, I’m responsible for integrating all of that, checking it works together, checking it’s still safe, checking it’s still secure, and then rolling it out through the door for consumers to go and purchase a new vehicle.

At the same time, vehicle suppliers can use this new SDV approach to drive new business models that allow post-sales upgrades and updates. If a car doesn’t have a feature on the day of sale, in a year’s time the owner could say, “Hmm, it’d be nice to have that new feature.” You log into your account, put your credit card details in, and as if by magic, the new feature arrives over the air to your vehicle the next day. That’s a whole new world and we are only scratching the surface today.

So, I guess the punchline is from our perspective, and doing what we do, it’s all about efficient requirements management and traceability. This applies not just to the OEMs, but throughout the supply chain as well, to ensure the elements from those hundreds of different vendors all come together. Those requirements have got to be exquisitely accurate and all the independent interdependencies mapped out correctly to be sure that you’re not violating a safety goal or creating a bug in the system.

This way you get into traceability… How well is my project going? How healthy is it? How many of those requirements are covered right now and tested and using that capability to reduce the number of recalls, drive efficiency in the design team, reduce the risk, all those good things. Of course, this level of detail isn’t just important to the engineering teams. It can also be rolled out to senior management who are likely more interested in risk, cost, time-to-market and so on.

So, the market’s really coming to us. Jama Software is now the largest supplier of requirement management solutions overall, which we’re immensely proud of. But we have to learn from the market and our customers how Jama Connect changes grows and morphs as a solution to enable that ubiquitous risk reduction and efficiency improvement. So, there are some big factors at play.

So that’s automotive. The semiconductor segment is interesting as well. It’s a very different world, with different care abouts.

We’ve done very well in the semiconductor space overall, but it still frightens me to see how many spreadsheets are used to manage the business in the big semiconductor companies. And that’s speaking from experience because I lived in that world for a long time. There are way too many spreadsheets out there for doing requirements tracking. When you’re working that way, there’s no single source of truth and that will get you into trouble, guaranteed. It will cost you big with bugs in the silicon. So, it’s imperative to partner with the semiconductor industry and really drive change, accelerate innovation and solve tomorrow’s supply constraints. That’s on the chip design side, but also more recently, we’ve got the CHIPS Act, which is kick-starting a massive investment in the semiconductor industry to drive fab capacity to meet the huge growth in demand for chips.

So, we see the big players such as Intel, Samsung, and TSMC, all investing billions and billions of dollars to put fabs into place to meet this growth in demand and technology, which is exciting. The challenges are different to the auto market but guess what, these chip manufacturers need robust requirements management to run their business. And again, a lot of it’s been running on spreadsheets for a long time.

Now, we’re seeing, of course, headwinds in both industries. We still see that with EV vendors on the automotive side. We see even today challenges in the semiconductor industry with some consolidation of cost and trying to get costs under control. Jama Software has a critical role to play in that transformation. We can help drive efficiency and shorten cycles and time-to-revenue. All those things play into huge cost reductions for all. We are using our expertise in both product and deployment to educate and drive incremental success for our customers.

Kenzie Jonsson: Thank you for your time today, Neil! I really enjoyed this conversation, and I look forward to catching up with you next quarter!

This image portrays top challenges in industrial manufacturing and offer practical solutions to address them.

Tackling Industrial Manufacturing’s Biggest Challenges: Solutions That Work

Industrial manufacturing is undergoing a transformation driven by technology, market demands, and a rapidly evolving workforce. However, this evolution brings its own set of challenges that manufacturers must navigate to remain competitive. Below, we’ll explore the top challenges in industrial manufacturing and offer practical solutions to address them.

1. Supply Chain Disruptions

The Challenge: Global events like the pandemic and geopolitical tensions have exposed the vulnerabilities of supply chains. Material shortages, delays, and fluctuating costs have become routine, making it difficult for manufacturers to meet production targets.

The Solution:

  • Diversified Sourcing: Manufacturers should explore multiple suppliers, ideally in different regions, to reduce the impact of disruptions in one area.
  • Advanced Analytics and Forecasting: By leveraging data analytics, manufacturers can predict potential disruptions and adjust procurement strategies to maintain inventory levels.
  • Digital Supply Chain Management: Implementing technology like real-time tracking and automated inventory management systems ensures better visibility and responsiveness across the supply chain.

2. Talent Shortage and Skills Gap

The Challenge: As industrial processes become more automated and technical, there’s a growing need for skilled labor, particularly in areas like robotics, data analytics, and equipment maintenance. However, the industry faces a shortage of qualified workers due to retirements and a lack of interest from younger generations.

The Solution:

  • Reskilling and Upskilling Programs: Companies can invest in training programs for existing employees, focusing on emerging technologies and technical expertise.
  • Collaboration with Educational Institutions: Partnering with local schools and universities to create apprenticeship programs and internships can help build a pipeline of future talent.
  • Adoption of Automation: Automating repetitive or dangerous tasks can offset the impact of labor shortages while enhancing operational efficiency.

RELATED: IEC 61508 Overview: The Complete Guide for Functional Safety in Industrial Manufacturing


3. Adapting to Industry 4.0

The Challenge: Industry 4.0 technologies, including IoT, AI, and machine learning, offer vast opportunities for improving manufacturing processes. However, integrating these technologies can be expensive and complex, especially for small and medium-sized enterprises.

The Solution:

  • Start Small, Scale Gradually: Manufacturers should begin by digitizing a single aspect of their production (e.g., predictive maintenance) and expand as they see ROI.
  • Cloud-Based Solutions: Cloud platforms offer scalable, cost-effective ways to implement Industry 4.0 tools without a significant upfront investment in infrastructure.
  • Cross-Department Collaboration: Ensure alignment between IT, engineering, and operations teams to facilitate seamless integration and minimize disruptions during implementation.

4. Meeting Sustainability Goals

The Challenge: Governments and consumers are increasingly demanding sustainable practices from manufacturers. This includes reducing emissions, minimizing waste, and adopting environmentally friendly materials. However, transitioning to green manufacturing can be costly and complex.

The Solution:

  • Energy Efficiency Audits: Conduct regular audits to identify areas where energy consumption can be reduced, whether through upgrading equipment or adopting renewable energy sources.
  • Circular Economy Practices: Embrace recycling and remanufacturing to minimize waste, both in production and post-consumer use of products.
  • Collaboration with Stakeholders: Partner with suppliers and customers to promote sustainable practices across the entire value chain.

5. Cybersecurity Risks

The Challenge: With the growing adoption of digital technologies comes an increased risk of cyberattacks. These attacks can disrupt production, compromise sensitive data, and damage a manufacturer’s reputation.

The Solution:

  • Regular Security Audits: Conduct frequent assessments of your digital infrastructure to identify and address vulnerabilities.
  • Employee Training: Train staff on cybersecurity best practices, particularly in recognizing phishing attacks and securing devices.
  • Robust Incident Response Plans: Develop and test response plans to minimize downtime in case of a cyberattack, ensuring quick recovery and damage mitigation.

RELATED: The Top Challenges in Industrial Manufacturing and Consumer Electronic Development


6. Maintaining Operational Efficiency Amid Complex Demands

The Challenge: Manufacturers are under pressure to produce more custom products, reduce lead times, and improve quality—all while maintaining efficiency. Meeting these demands often strains existing processes and resources.

The Solution:

  • Lean Manufacturing: Implement lean principles to eliminate waste in production and streamline processes, improving both speed and efficiency.
  • Automation and Robotics: Invest in robotic process automation to handle repetitive tasks, reducing human error and speeding up production.
  • Flexible Manufacturing Systems: Adopt systems that can easily switch between different product types, accommodating the increasing demand for customization without sacrificing efficiency.

Conclusion

Industrial manufacturing is facing unprecedented challenges, but with the right strategies and technology, companies can navigate these obstacles and position themselves for long-term success. From investing in workforce development to embracing digital transformation, the solutions are within reach. By proactively addressing these challenges, manufacturers can enhance their competitive edge in an increasingly dynamic market.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Steven Meadows and Kenzie Jonsson.

This image portrays a video blog series, with this topic being on Software Defined Vehicle development

In this blog, we will preview a section from our video, “Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development” – Click HERE to watch it in its entirety.

Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development

Welcome to our Expert Perspectives Series, where we showcase insights from leading experts in complex product, systems, and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future of their fields.

We are excited to introduce Florian Rohde, an expert in electrification, variant management, software defined vehicles, continuous integration and validation, and AI in automotive development. With more than 20 years of experience in the automotive industry, Florian has worked with companies large and small, from Siemens to NIO to Tesla Motors.

In this episode, we discuss:

    • Challenges in software defined vehicle development
    • Variant and configuration management in SVDs – and which companies are excelling
    • Balancing documentation, complexity, and speed

Below is a preview of our interview. Click HERE to watch it in its entirety.

The following is an abbreviated transcript of our webinar.

Kenzie Jonsson: Welcome to our Expert Perspectives series where we showcase insights from leading experts in complex product systems and software development, covering industries from medical device to aerospace and defense. We feature thought leaders who are shaping the future in their fields. I’m Kenzie, your host, and today I’m excited to welcome Florian Rohde, an expert in electrification, variant management, software-defined vehicles, continuous integration and validation, and AI in the automotive industry. With more than 20 years of experience in the automotive industry, Florian has worked with companies small and large, from Siemens to NIO, to Tesla Motors. Without further ado, I’d like to welcome Florian Rohde, who will be speaking with Matt Mickle, Jama Software’s very own director of automotive and semiconductor solutions.

Matt Mickle: Thanks, Kenzie. So my name is Matt Mickle. I run our solution development for automotive and semiconductor at Jama Connect. I’ve been with the company at Jama for about 11 years and worked as a consultant for most of that time. And now my team handles most of the consulting and development of solutions for automotive and semiconductor. And I live out in Europe, in Amsterdam. Came over here to help start up our European headquarters. And I’m joined today by Florian Rohde


RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive


Florian Rohde: Absolutely. Thanks, Matt. So I’m in the automotive industry for about 20 years. I started as an intern at Bosch, and then I started as a junior test engineer at a company called Siemens VDO, which then was incorporated into Continental. Back in the day, we were building electric power steering systems. So highly safety critical components in your car. So I got grounded into functional safety right from the beginning. I spent about seven, eight years at that company, both in Germany and in Romania. And then in 2012, I joined a startup called Tesla Motors, and that is bringing the interesting parts to our discussions here, I guess.

So in 2012, Tesla had about 2,000 employees worldwide. I was the first member and the founder of a team for vehicle software validation. So every software release, every software functionality on the vehicle level went through my signature for about six years. I counted over 700 releases in that time to the end customer and way more software that went through our test systems in that time. And after six years there at Tesla, I was one year at NIO as a director of integration of smart components. And starting 2019, actually, I became a consultant advisor all around SDV, software-defined vehicles, and basically trying to facilitate the communication between what you can call the old world and the new world. So the new players on the market and established 100-year-old OEMs because I speak both languages. I’ve been in both worlds. So I’m helping both sides, helping the new players really to understand regulatory things and scaling and things like that and helping the established players really to understand the role of software in today’s and tomorrow’s vehicles.

Mickle: Well, I know that when we started to talk about having this chat, one of the things that you’d mentioned is that you’re hearing quite often in the industry about challenges, especially as people are trying to shift into this modern way of working with software-defined vehicles. There’s still a lot of challenges around variant handling and configuration management. You have some strong background in handling some of those things, especially while you worked at Tesla. How would you say that your approach had to change when you started to think in a more software-defined vehicles perspective when it comes to variant management?

Rohde: Yeah. I think in general, there’s a lot of challenges. Variant management is one of them. But I think let’s focus on that for the purpose of this talk. Let’s not focus on engineering culture or software skill sets and so on. That’s, for sure, other topics we can talk about. But today, let’s talk about variant management, configuration management, etc. So on one hand, I see gigantic numbers of configurations out there when you look at legacy OEMs. And somebody told me just Ford F-150 numbers, they were like hundreds of thousands or even higher than that. So on one hand, you see the companies struggling with the variety of variants actually of their product. But then on the other hand, you also see R&D teams struggling with those variants, both in how to handle them on the development side of things, but even more so on the testing side of things, especially… So I’m a test engineer, originally. And for test engineers, additional variants are usually a nightmare because it just means basically one-on-one growth of your testing efforts.

So there is a problem that needs to be solved and it’s on two sides. It’s one, how do you solve that problem in your product itself? And the other thing is, how do you solve that problem in your tool chain? So things like what you’re doing on the requirement side of things, specification, and so on. Let’s look at the product for now. So Tesla had a different approach to this problem. They actually made themselves agnostic to the variety of variants. What does that mean? That means they developed their product software first and they were designing the software in a way that it can handle pretty much an endless amount of variance. Of course, and we can talk about that, there’s challenges to the validation of things. There’s challenges to how you handle software updates. There’s challenges how you handle releases. But we had a pretty good process in place to do so. But the alpha and omega of the whole thing is that there’s a system in place that allows the software to handle the variance without being handcuffed to some process from the past.


RELATED: Strategies for Mitigating Software Defined Vehicle (SDV) Development Risks and Reducing Costly Recalls


Mickle: Okay. So a lot of the challenges that I hear, and maybe some of what you hear, is especially around the alignment of the software with the hardware in terms of releases, considering those are evolving at different paces. So since the software is evolving so fast and handling multiple configurations, how do you account for that with what you’re doing with either tooling or the product?

Rohde: Right. So I think there’s a consensus in industry by now that the hardware has to be able to accommodate new software features over time. Or in other words, it has to be designed for a little more than it originally offers at start of production. There’s still a lot of hesitance around legacy carmakers because it’s a financial discussion, right? So I don’t think from technical point of view, anybody would disagree that the hardware should be overdesigned by, let’s say, 20% so the software can start evolving over time and creating new cool stuff. But it’s always a question how you actually finance that.

The good news here is that actually, hardware and compute power becomes more reasonable in pricing. So we’re not talking about dollars per bytes in memory anymore. We started talking about dollars per gigabytes, right? So we can actually make that happen a little easier. But obviously, there’s a strong legacy of hardware driving the timelines, and then the software goes on the hardware to make the functionality work as designed and then go into the car as a component. So now in the next generation of cars, you hear a lot the term of decoupling. So you’re decoupling software from hardware. What does that actually mean? That means that on the technical side of things, you have to find ways to have your software actually handling the car’s compute resource and not as a conglomerate of several separate ECUs. So we’re talking about zonal architecture at one point in the future, we’re talking about high compute power architecture, HPCs.

But on the other hand, it also means organizationally and structurally. So when I go back and look at the Tesla example, Tesla has one software that runs on all their cars. And the cars are, for sure, not all the same hardware. As a matter of fact, I like to sparkle that in here right now because a lot of people think Tesla holds the variance low, but that’s not the case. Yes, they have only four or five models in the field, five actually by now. But they actually perform some sort of a facelift statistically every week. So while in a traditional car-making you wait for about three to four years before you put in a flurry of hardware changes, and in between, the car stays more or less unchanged. What we experience at Tesla is that every week, there’s some new hardware going into the car. So there’s some new costs down available. There’s something better available. There’s some replacement parts available. It goes in right next week. And that means that you have thousands and thousands of different variants of Teslas driving out there, even though from the outside, they all look the same.

So what we did is we decoupled the software in a way that it’s “smart enough” to handle all these variants. So the way that works is there’s a package and that package of software contains all different options and variants, and it also contains the information who is allowed to play with who, so what variant is allowed to play with what variant of the other car component and so on based on our validation and release process.

But in general, in a very simplified way, the car knows what it is, and that’s already a huge difference to a lot of legacy carmakers. So the car has a digital information about its components in hardware and in software and in mechanics. And based on that information, it receives the software package and it builds its own personalized update out of that. And it’s talking to the components and updates the components with the right versions based on the information it has. This information is on the other hand also mirrored up into what they call the mothership, so the server area. So that information is available in real-time, and I’d like to talk about that a little bit because I think it’s extremely valuable, for example, for the validation and release process to set your priorities.

So let’s say I only have time to do one combination. So I would like to reach most people with my release today. Of course, I’ll do the next combination tomorrow and the day after. But today, I have only time for one and I want to reach the most people. So I can go and I can actually look what combinations are out there that are relevant for this release and I can prioritize my validation on that. Actually, at one point, we went so far that we even took time zones into consideration that we say, “We can validate all of this large area of the fleet, but hey, that will be midnight or 1 AM by the time they get it. So they will not install it for another eight hours or something like this. So let’s focus somewhere else.” So all this information is making it extremely powerful to manage your priorities and both in research… Sorry. And both in development and in validation.


CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Expert Perspectives: A Conversation About Variant and Configuration Management in Software Defined Vehicle Development


Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from MedTech Dive, titled “FDA Seeks Feedback On Health Equity for Medical Devices” – originally published on August 6, 2024, and written by Nick Paul Taylor.

FDA Seeks Feedback On Health Equity for Medical Devices

The agency plans to develop a framework for when devices should be evaluated in diverse populations to support marketing authorization.

Dive Brief:

  • The Food and Drug Administration is seeking feedback on health equity for medical devices to inform a potential regulatory approach to the topic, the agency said Monday. The paper is open for comment until Oct. 4.
  • In the discussion paper, the FDA shared its thinking on how sponsors can select study populations that adequately reflect the intended use for a particular medical device.
  • The discussion paper is part of a broader focus on health equity, one of the Center for Devices and Radiological Health’s strategic priorities, that also includes advice on diversity action plans.

RELATED: Jama Connect® for Medical Device Development


Dive Insight:

The FDA framed the discussion paper as a response to the “urgent public health need for innovative technologies that help to reduce barriers to achieving health equity.” Seeking to address that need, the CDRH has committed to developing “a framework for when a device should be evaluated in diverse populations to support marketing authorization” as part of its strategic focus on health equity.

Running clinical trials that generate results consistent with how a device will perform in the real world is a way to improve health equity. Acknowledging that generating clinical data “can be complex,” the agency said it has focused its discussion paper on “a few important considerations that may be relevant for FDA’s evaluation of clinical evidence.”

The paper outlines factors that may help sponsors and investigators develop study objectives. To inform early trial design, the FDA recommends asking how the burden of disease and how the prognosis of a disease varies across a device’s intended use population. Sponsors can also ask how a device may introduce, exacerbate or mitigate differences in outcomes across the study population.

Another section of the document describes considerations related to the FDA’s evaluation of safety and effectiveness. The FDA reviews marketing authorization filings to determine whether there is reasonable assurance the device will be safe and effective in the intended population. As such, the agency is looking at whether clinical data “are generalizable to, and representative of, the intended use population.”

The FDA said it “considers it important to understand a sponsor’s rationale regarding the relevance of the provided clinical data to the intended use population.” The rationale could cover the processes used to select and enroll study populations, the agency said, or help the FDA understand difficulties a sponsor encountered when trying to obtain data from certain populations.


RELATED: Intelligent Engineering Management with Jama Connect® Live Trace Explorer™


In the final section of the paper, the FDA describes example scenarios intended to prompt feedback on its assessment of the benefits and risks of devices. The section features a table that shows how the FDA may respond depending on whether the evidence suggests there are differences in patient populations and health outcomes, as well as whether the sponsor included specific populations in the clinical study.

In some cases, clinical trial sponsors may choose to design studies with “enriched” populations, meaning they intentionally enroll people from groups where differences are expected. The table suggests sponsors that fail to enrich study populations to reflect the intended use may face difficulties at the FDA if the available information suggests differences in patient populations.

The FDA said the absence of enriched populations may “introduce uncertainty” on the applicability of the data to the intended use population.

 

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Med Device Online, titled “What You Should Know About The FDA’s New Final Rule On LDTs” – originally published on May 14, 2024, and written by Mahnu V. Davar, Philip R. Desjardins, Abeba Habtemariam, and Phillip V. DeFedele, Arnold & Porter.

What You Should Know About The FDA’s New Final Rule On LDTs

On May 6, 2024, the U.S. Food and Drug Administration (FDA or the agency) published its highly anticipated final rule, which was formally published in the Federal Register on May 6, revising the regulatory definition of an in vitro diagnostic (IVD) product to explicitly capture IVDs manufactured by laboratories.

This follows the absence of proposed congressional action and the FDA’s review and consideration of comments to the October 2023 proposed rule (described in our prior Advisory on this subject) resulting in modifications to its phaseout policy and continued exercise of enforcement discretion for certain tests. In connection with the final rule, the FDA also issued two draft enforcement policies for certain tests offered in response to emergent situations or public health emergencies (PHEs). Despite the potential for legal challenges to the final rule, clinical laboratories should begin thinking about strategies for evaluating whether their laboratory-developed tests (LDTs) are subject to the FDA’s phaseout policy, determining the extent of FDA requirements that apply to such LDTs, and engaging with the FDA.

What Did the Final Rule Do?

The final rule amended the definition of an IVD in 21 C.F.R. § 809.3 to make clear that these products are devices as defined under the Federal Food, Drug and Cosmetic Act (FDCA), and may also be biological products under the U.S. Public Health Service Act, “including when the manufacturer of these products is a laboratory.” Although not a substantial rewrite of the IVD definition, this added phrase makes FDA’s position clear that LDTs are subject to regulation as, at a minimum, devices.

Why Does This Matter?

Historically, the FDA exercised enforcement discretion for LDTs, declining to impose its device authorities over such tests in most instances. For purposes of this enforcement discretion policy, the agency defined LDTs as IVDs intended for clinical use that were designed, manufactured, and used within a single clinical laboratory certified under the Clinical Laboratory Improvement Amendments of 1988 (CLIA) that meets CLIA regulatory requirements to perform high complexity testing. As such, LDT manufacturers that generally operated outside FDA oversight will now be expected to come into compliance with FDA requirements and controls applicable to their tests. In consideration of this substantial operational and compliance burden, the preamble to the final rule details a phaseout policy under which FDA will gradually end its general LDT enforcement discretion policy in five phases over a four-year period.


RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences


What Tests Are Subject to the Phaseout Policy?

The phaseout policy generally applies to LDTs as defined above, as well as “IVDs offered as LDTs,” meaning tests that are manufactured and offered as LDTs by CLIA-certified laboratories that meet CLIA requirements to perform high complexity testing and that are used within such laboratories, even if they do not fall within FDA’s historical understanding and definition of an LDT because they are not designed, manufactured, and used within a single laboratory. Thus, the policy technically applies to a broader range of tests than those that actually meet the FDA’s definition of an LDT. However, despite this breadth, the final rule makes clear that the phaseout policy does not extend to IVDs manufactured or used outside of a laboratory, including collection devices.

Consistent with the proposed rule, FDA made clear that certain tests would be excluded from the phaseout policy and subject to immediate regulation since they were never eligible for enforcement discretion:

  • Direct-to-consumer tests
  • Tests intended as blood donor screening or human cells, tissues, and cellular and tissue-based products donor screening tests required for infectious disease testing under 21 C.F.R. § 610.40 and 21 C.F.R. § 1271.80(c), respectively, or required for determination of blood group and Rh factors under 21 C.F.R. § 640.5
  • Tests intended for actual or potential emergencies or material threats declared under Section 564 of the FDCA

Further, the final rule confirmed that the FDA would continue exercising enforcement discretion (and thus not apply device requirements) to the following tests originally described in the proposed rule:

  • “1976-Type LDTs” (i.e., tests that use manual techniques without automation performed by laboratory personnel with specialized expertise, use components legally marketed for clinical use, and are designed, manufactured, and used within a single CLIA-certified laboratory meeting CLIA requirements for high complexity testing)
  • Human Leukocyte Antigen (HLA) tests that are designed, manufactured, and used within a single CLIA-certified laboratory meeting CLIA requirements for high complexity histocompatibility testing and used for HLA allele typing in connection with organ, stem cell, and tissue transplantation, HLA antibody screening and monitoring, or conducting real and “virtual” HLA crossmatch tests
  • Tests intended solely for forensic or law enforcement purposes
  • Tests used solely for public health surveillance when intended solely for use on systematically collected samples for analysis and interpretation of health data for disease prevention and control and the test results are not reported to patients or their healthcare providers

Notably, in consideration of comments and other feedback, FDA decided to continue to exercise full or partial enforcement discretion for the following tests:

  • LDTs manufactured and performed within the Veterans Health Administration or the Department of Defense (full enforcement discretion continues)
  • LDTs approved by the New York State Clinical Laboratory Evaluation Program (enforcement discretion continues for premarket review requirements)
  • Non-molecular antisera LDTs for rare red blood cell antigens where such tests are manufactured and performed in blood establishments, including transfusion services and immunohematology laboratories and where there is no alternative available to meet the patient’s need for a compatible blood transfusion (enforcement discretion continues for premarket review requirements and all Quality System (QS) requirements other than the recordkeeping requirements at 21 CFR 820 (Subpart M))
  • Currently marketed IVDs offered as LDTs that were first marketed prior to the date of issuance of the Final Rule (May 6, 2024) and that are not modified or are modified in certain limited ways (enforcement discretion continues for premarket review requirements and all QS requirements other than the recordkeeping requirements at 21 CFR 820 (Subpart M))
  • LDTs manufactured and performed by a laboratory integrated within a healthcare system to meet an unmet need of patients receiving care within the same healthcare system (enforcement discretion continues for premarket review requirements and all QS requirements other than the recordkeeping requirements at 21 CFR 820 (Subpart M))

For those tests subject to only partial enforcement discretion, the final rule makes clear that all other requirements would apply as they are phased-in under the general phaseout policy for all IVDs offered as LDTs.

What Is The Phaseout Policy?

The phaseout policy consists of the following five stages, which start on May 6, 2024:

Stage 1: FDA will end the general enforcement discretion policy as to medical device safety reporting, correction, and removal requirements, and QS complaint file requirements one year after the publication of the final rule. Thus, manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion must come into compliance with these requirements by May 6, 2025.

Stage 2: FDA will end the general enforcement discretion policy as to all other medical device requirements, except for QS and premarket review requirements, two years after publication of the final rule. Therefore, manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion must come into compliance with these requirements by May 6, 2026.

Stage 3: FDA will end the general enforcement discretion policy as to the following QS requirements three years after the publication of the final rule: (1) design controls (21 C.F.R. § 820.30); (2) purchasing controls (21 C.F.R. § 820.50); (3) acceptance activities (21 C.F.R. §§ 820.80 and 820.86); (4) corrective and preventative actions (21 C.F.R. § 820.100); and (5) records requirements (21 C.F.R. Part 820, Subpart M). As such, manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion or partial enforcement discretion as to certain QS requirements must come into compliance with these requirements by May 6, 2027.

Stage 4: The FDA will end the general enforcement discretion policy as to premarket review requirements for high-risk IVDs (i.e., Class III IVDs or IVDs subject to Biologics License Application requirements) three and a half years after publication of the final rule. Manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion or partial enforcement discretion as to premarket requirements must come into compliance with these requirements by November 6, 2027. Notably, on its media call regarding the final rule, the FDA stated that it intends to complete the reclassification of certain Class III IVDs to Class II IVDs in advance of this deadline, thus lessening the number of PMAs that will be submitted. We further discuss this initiative and its potential relation to the final rule in our related Advisory on this topic.

Stage 5: The FDA will end the general enforcement discretion policy as to premarket review requirements for all remaining IVDs requiring FDA review unless otherwise noted by the FDA (i.e., some Class I and all Class II IVDs) four years after publication of the final rule. Manufacturers of all IVDs offered as LDTs that are not subject to the FDA’s continued exercise of full enforcement discretion or partial enforcement discretion as to premarket requirements must come into compliance with these requirements by May 6, 2028.

Overview Of Test Types And Status

What About The Draft Public Health Emergency Guidance?

Although the draft PHE policies both address certain tests offered in response to emergent situations or public health emergencies, one relates to tests offered prior to issuance of a declaration under Section 564 of the FDCA while the other relates to tests offered during a declared emergency. These are notable because the FDA explains in the final rule that its general enforcement discretion policy for LDTs never applied to tests intended for emergencies, potential emergencies, or material threats declared under Section 564 because false results can have serious implications for disease progression, public health decision-making, and patient care. Instead, after all previous declarations under Section 564, the FDA has generally expected LDTs to comply with applicable requirements of the FDCA and FDA regulations. However, FDA has adopted, and may continue to adopt, specific enforcement discretion policies for such tests.

FDA’s draft Enforcement Policy for Certain In Vitro Diagnostic Devices for Immediate Public Health Response in the Absence of a Declaration under Section 564 sets forth FDA’s enforcement policy for “immediate response” tests for use in an emergent situation (i.e., the period of time between detection of the exposure or outbreak and either resolution of the exposure or outbreak or issuance of an applicable Section 564 declaration). Notably, the policy only applies to premarket review requirements and does not extend to tests with home specimen collection or at-home tests.

Under the policy, FDA does not intend to object to the offering of “immediate response” tests when:

  • The test is manufactured and offered by laboratory manufacturers meeting certain criteria
  • The test has been appropriately validated
  • FDA is notified
  • Appropriate transparency is provided
  • The test is labeled for prescription use only
  • There is no applicable Section 564 declaration

If no applicable Section 564 declaration is made within 12 months of the start of an emergent situation, FDA anticipates that the public health rationale for the enforcement policy will no longer apply at that time. FDA would then expect the laboratory manufacturer to cease offering the immediate response test or seek approval/clearance/authorization. FDA does not intend to object to the continued offering of an immediate response test while the premarket submission is prepared, submitted, and under FDA review so long as the laboratory manufacturer submits the submission within 12 months from the date of the first offering of the immediate response test.

FDA’s draft Consideration of Enforcement Policies for Tests During a Section 564 Declared Emergency, when finalized, will describe the factors FDA plans to assess in deciding whether to issue an enforcement policy regarding test manufacturers’ offering of certain devices (i.e., unapproved tests and unapproved uses of approved tests) for the diagnosis of disease or other conditions during a declared emergency. FDA intends to assess, among other things:

  • The need for accelerated availability of such tests
  • The known or potential risks of such tests
  • The availability of appropriate alternative tests that are authorized or approved
  • The availability of sufficient mitigations to address the risks of false results

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


What’s Next?

FDA intends to conduct webinars, publish guidance documents, provide templates, and participate in conferences to help laboratories understand and comply with applicable devices. We also think it likely that the FDA will increase inspections of laboratories offering IVDs as LDTs where the agency has identified or received concerns regarding their quality or accuracy and will start enforcing the FDCA against laboratories and similar entities perceived to be abusing the agency’s Research Use Only/Investigational Use Only policy or not complying with Investigational Device Exemption (IDE) requirements. As we noted in our Advisory on the October proposed rule, the FDA also has identified a number of test types that the agency believes present a higher risk of patient harm when run as LDTs (according to the agency, these include tests such as non-invasive prenatal screening).

Pre-submission meetings, pre-IDE meetings, and other FDA engagements related to data generation, regulatory pathway clarification, and classification will likely increase. The industry will need to closely watch the steps the FDA takes to lessen the burden of the final rule, such as the noted reclassification process, as well as any potential personnel or structural changes, and future funding requests. As the final rule preamble discussion notes, the alignment of the phaseout policy to coincide with the next round of Medical Device User Fee Amendments reauthorization suggests that the agency understands that it will have to carefully evaluate the burden of this exceptional expansion of FDA authority in terms of protecting the public health while not slowing down the availability of key diagnostic advancements to aid patient care.

We anticipate that laboratories and other affected entities will consider pursuing legal action against the agency, arguing that the FDA lacks authority to regulate LDTs and seeking to enjoin the agency from implementing the final rule. The preamble discussion attempts to anticipate and resolve a number of the key challenges raised in comments to the proposed rule, such as important legal questions about FDA authority under the Federal Food, Drug, and Cosmetic Act, interstate commerce concerns, limits on regulation of state-licensed actors, and many other salient issues. FDA clearly is of the view that public health exigencies outweigh the litigation risks, and the final rule phaseout policy and other enforcement discretion positions are sufficient to balance the interests of industry, patients, and the agency.

It remains to be seen what actions Congress may take now that the FDA has articulated a final position on this topic. Although Congress has taken an interest in the regulation, and lack thereof, of LDTs, including holding a recent hearing, a legislative solution that would potentially supersede the final rule is uncertain, if not unlikely in the near term. Therefore, given the current state of affairs, it is important for laboratories offering LDTs to begin strategizing on how they will address the final rule and FDA’s phaseout policy.

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Benefits of the Inflation Reduction Act for Solar PV Manufacturing” – originally published on March 18, 2024.

Benefits of the Inflation Reduction Act for Solar PV Manufacturing

The US Inflation Reduction Act (IRA) has been a significant catalyst in the economic landscape, particularly within the solar photovoltaic (PV) manufacturing industry.
This article will explore the beneficial impact of the IRA on this green technology sector, considering the financial implications, the stimulation of technological advancement, and the prospects under the current legislation.

We will unravel the intricacies of this relationship, setting a foundation for a comprehensive understanding of the future trajectory of the solar PV manufacturing industry in the context of the IRA.

Understanding the Inflation Reduction Act

To fully grasp the impact of the Inflation Reduction Act on solar PV manufacturing, a comprehensive understanding of this legislation is necessary.

The act’s interpretation is rooted in the law’s intent to curb inflation by manipulating economic strategies and regulating financial practices, which brings a focus to its economic implications.

At its core, the IRA aims to stabilize pricing and enhance the dollar’s purchasing power, inadvertently promoting the affordability of renewable energy technologies like solar PV manufacturing.

The legal provisions of the act are its foundational pillars, governing its implementation and enforcement. They outline the responsibilities of key stakeholders, the rights of affected industries, and the penalties for non-compliance.

For the solar PV manufacturing sector, the act’s provisions could potentially reduce production costs and foster competitiveness.

However, like any significant policy shift, the act also brings Implementation Challenges. These can include industries needing to adapt to new economic conditions or potential resistance from sectors negatively affected by the act.

The solar PV manufacturing industry may need to invest in operational adjustments to fully exploit the benefits of the act.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


IRA’s impact on solar PV manufacturing

Drawing upon the legal provisions and economic implications of the IRA, we can explore its tangible effects on the solar PV manufacturing sector.

The act, through its policy implementation, has instigated several changes in this sector, notably in job creation, trade relations, environmental impact, and market competition.

The IRA has been instrumental in job creation within the solar PV manufacturing industry. It has stimulated this growth by providing tax incentives for manufacturing companies to enhance their workforce. This policy implementation has bolstered the industry and helped reduce unemployment rates.

Trade relations have also been impacted by the IRA. The act has fostered a more favorable trading environment for solar PV manufacturers by reducing inflationary pressures on imported raw materials. This has enhanced the competitiveness of US manufacturers in the global market, improving the country’s trade balance in the process.

Regarding environmental impact, the IRA has indirectly boosted the use of renewable energy sources. By making solar PV manufacturing more economically viable, the act has encouraged the production and use of solar panels, thereby reducing greenhouse gas emissions.

Lastly, the act has spurred market competition. The reduced inflation rates have made it more cost-effective for new businesses to enter the solar PV manufacturing sector. This has increased the number of manufacturers, promoting a more competitive market and a wider range of options for consumers.

Financial benefits of the IRA

Delving into the financial benefits of the Inflation Reduction Act, we observe a significant enhancement in the economic viability of the solar PV manufacturing sector. The IRA offers multiple rewards that collectively contribute to the growth and prosperity of this industry.

One of the most compelling benefits is the provision of tax incentives. These incentives lower the tax burden for solar PV manufacturers, freeing up capital that can be reinvested in the business.

This leads to investment growth, another key benefit of the IRA. Increased investment enables manufacturers to expand their operations, purchase new equipment, and hire more employees, fostering business expansion.

In addition to tax incentives and investment growth, the IRA promotes cost efficiency. By reducing the inflation rate, the act increases the purchasing power of manufacturers. This allows them to acquire raw materials and other necessities at lower costs, thereby improving the bottom line and encouraging economic stability.

Moreover, economic stability is further enhanced as the IRA helps to stabilise the value of the dollar. This is crucial for solar PV manufacturers, who often deal in international markets. A stable dollar value reduces the risk of currency fluctuations, providing a more predictable business environment.

IRA and technological advancements

Building on the economic implications, the Inflation Reduction Act also catalyzes technological advancements in the solar PV manufacturing industry.

By providing financial incentives, the IRA stimulates technological investments, leading to accelerated innovation in solar PV technology. These investments are crucial for research and development, enabling companies to explore new, efficient methods of solar PV production.

The IRA implications on technological advancements are significant. The policy’s effectiveness in encouraging investments has been reflected in increased technological breakthroughs, improved production processes, and enhanced solar panel efficiency.

These advancements not only strengthen the industry’s competitive edge but also contribute to environmental sustainability by promoting cleaner energy sources.

However, advancement challenges persist. The rapidly evolving nature of technology necessitates continuous investment and innovation. Despite the financial benefits provided by the IRA, the high costs associated with advanced technology development and implementation can pose a hurdle.

Therefore, while the IRA has been instrumental in fostering growth and innovation, addressing these challenges requires strategic planning and sustained commitment.

Moreover, the effectiveness of the IRA in driving technological advancements is contingent on a supportive regulatory environment. Policymakers must ensure that the IRA’s provisions align with the industry’s evolving needs, encouraging continued investment and innovation.

A dynamic policy framework can help maintain the momentum of technological progress, ensuring the solar PV manufacturing industry’s long-term competitiveness and sustainability.


RELATED: Jama Connect® for Traceable MBSE™


Future solar energy prospects under the IRA

Looking ahead, the Inflation Reduction Act holds promising potential for the future growth and development of the solar PV manufacturing industry.

It is expected to usher in advancements in various dimensions, including job creation, market expansion, environmental impact, global competition, and sustainable development.

The IRA could stimulate job creation by allocating funds for research, development, and manufacturing processes in the solar PV industry. This would not only increase employment but also enhance the skills of the workforce in this thriving sector.

Market expansion is another potential benefit of the IRA. With reduced inflation, the purchasing power of consumers is likely to increase, leading to heightened demand for solar PV products. This would pave the way for the expansion of the solar PV market.

The table below encapsulates the future prospects under the IRA for the solar PV manufacturing industry:

The IRA could bring about positive environmental impacts by encouraging cleaner energy production, thus reducing greenhouse gas emissions.

Additionally, it could enhance global competition by providing the US solar PV industry with a competitive edge.

Lastly, the IRA could foster sustainable development by promoting environmentally friendly and sustainable practices in the industry. These prospects under the IRA paint a bright future for the solar PV manufacturing industry.

Understanding ISO/IEC 27001: A Guide to Information Security Management

In today’s interconnected world, the importance of securing sensitive information cannot be overstated. Organizations face numerous threats to their information assets, ranging from cyberattacks to data breaches. To address these challenges, many businesses turn to internationally recognized standards for information security management, with ISO/IEC 27001 standing out as a cornerstone in this field.


RELATED: A Guide to Understanding ISO Standards


Overview of ISO/IEC 27001:

ISO/IEC 27001 is a globally recognized standard that provides a systematic approach to managing sensitive information, ensuring the confidentiality, integrity, and availability of data within an organization. Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), this standard outlines best practices for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

Key Principles:

  • Risk Management: ISO/IEC 27001 is fundamentally built on the concept of risk management. Organizations are required to identify and assess information security risks, implement controls to mitigate those risks, and continuously monitor and review the effectiveness of these controls.
  • PDCA Cycle: The Plan-Do-Check-Act (PDCA) cycle is at the core of ISO/IEC 27001. Organizations plan their ISMS, implement the plan, check its effectiveness through monitoring and measurement, and act to continually improve the system.

Scope and Requirements:

  • Scope Definition: Organizations must clearly define the scope of their ISMS, specifying the boundaries and applicability of the standard within their operations.
  • Risk Assessment: A comprehensive risk assessment is a critical component. This involves identifying assets, evaluating vulnerabilities and threats, and determining the potential impact of information security incidents.
  • Control Objectives and Controls: ISO/IEC 27001 provides an Annex A, which includes a set of control objectives and controls covering various aspects of information security, such as access control, cryptography, and incident management. Organizations choose and implement controls based on their specific risk profile.

Implementation Process:

  • Leadership and Commitment: Senior management plays a crucial role in the successful implementation of ISO/IEC 27001. Leadership commitment ensures that information security is integrated into the organization’s culture and business processes.
  • Documentation: Proper documentation is essential to demonstrate compliance with the standard. This includes the Information Security Policy, risk assessment reports, and records of monitoring and measurement activities.
  • Training and Awareness: Employees need to be aware of their role in maintaining information security. Organizations should provide training programs to enhance the awareness and competence of personnel.

Certification Process:

  • Third-Party Certification: Organizations can undergo a certification process conducted by accredited certification bodies to validate their compliance with ISO/IEC 27001. This certification provides assurance to stakeholders, customers, and partners that the organization has implemented a robust ISMS.

Benefits of ISO/IEC 27001:

  • Risk Reduction: By identifying and addressing potential risks, organizations can significantly reduce the likelihood of security incidents.
  • Enhanced Reputation: ISO/IEC 27001 certification enhances an organization’s reputation, demonstrating a commitment to information security best practices.
  • Legal and Regulatory Compliance: Adherence to ISO/IEC 27001 helps organizations comply with various legal and regulatory requirements related to information security.
  • Competitive Advantage: Certification can be a differentiator in the marketplace, giving organizations a competitive edge by assuring customers of their commitment to information security.

Continual Improvement:

  • Monitoring and Review: Regular monitoring and review of the ISMS ensure its ongoing effectiveness. This includes conducting internal audits and management reviews to identify areas for improvement.
  • Feedback Loop: ISO/IEC 27001 emphasizes the importance of feedback mechanisms, ensuring that lessons learned from incidents or changes in the business environment are incorporated into the ISMS.

RELATED: Best Practices Guide to Requirements & Requirements Management


Conclusion

ISO/IEC 27001 provides a robust framework for organizations to establish and maintain an effective Information Security Management System. By adopting this standard, businesses can mitigate risks, enhance their reputation, and demonstrate a commitment to safeguarding sensitive information in an ever-evolving digital landscape. As information security continues to be a top priority, ISO/IEC 27001 remains a valuable tool for organizations seeking a comprehensive and internationally recognized approach to managing information security.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matti Gray, Mandi Walker, and McKenzie Jonsson.

In this blog, we recap our webinar, “Key Systems Engineering Skills: Critical Thinking and Problem Framing” – Click HERE to watch it in its entirety.

Key Systems Engineering Skills: Critical Thinking and Problem Framing

Elevate your team’s success by exploring the role of critical thinking in a system engineering competency model.

In this insightful session, Chris Unger, Retired GE Healthcare Chief Systems Engineering Officer and Principal at PracticalSE LLC, and Vincent Balgos, Director of Medical Device Solutions at Jama Software®, discuss how critical thinking and decision-making skills are integral to systems engineering.

In this insightful session, you will learn:

  • Explore the vital role of critical thinking and decision-making in systems engineering.
  • Learn practical techniques for decision framing and closure.
  • Gain insight on how systems engineers should manage design decisions on a project.
  • See a simple model of how and when to engage with stakeholders in design decisions.

Below is an abbreviated transcript of our webinar.

Chris Unger: We’re going to talk today about a follow-up to the last webinar, where I’m going to talk about some of the most important systems engineering skills, critical thinking, and problem framing. So, how do skills in general, and soft skills, fit into improving systems engineering? So, in prior talks, I’ve suggested you keep your processes very simple but make them effective, and that’s easy to say but hard to do. That means you have to understand the system of the SE processes, how they connect, and where the diminishing value of the processes, the source process heading off, happens. As an example, a topic could be a technical risk, or it could be a trade-off between different possible solutions. So, we want to understand how those to the risk management and the decision process interact.

In order to do that, the best systems engineers have to have really good judgment. In addition, we have to influence people. Being simplistic, hardware and software engineers design things, things do what they’re told. I know it’s oversimplified, but our deliverables are instructions on how the software and hardware engineers do things. So, the best systems engineers here have an area of depth that they’re experts in, so they bring some technical credibility. They have systems of breadth, they understand all the systems processes and how they interact, and they have great interpersonal skills. Today I’m going to focus on how you achieve a balanced and optimized design, how you focus on your cost versus risk, and doing that through basically decision making.

So, first I want to talk about the Helix Model. So, the Helix Project was a project funded by the government and, the US government, and their concern was for big aerospace and NASA projects you tend to produce a major, billion-dollar development every 10 years, and then you do 10 years of support. So, people often move on. They were worried about how you create the truly brilliant leader systems engineers from a team that may be a little bit sparse. They developed this model up here in the front and simplistically, you start with things you learn in school, how to do good mechanical engineering, electrical engineering, and software engineering techniques. You then go into an organization, and so you spend the first five years learning about your company. Things like, well, if you’re going to be doing a say glucose monitor, what does blood chemistry look like? What does a sensor look like? What’s a workflow? So, you become a good organization-specific mechanical engineer.

Then you learn about lifecycle. How do you go from womb to tomb, from customer needs to disposal and disposition with all the regulations across the world in terms of chemical safety? So, after five, maybe 10 years, you understand your domain, you understand the lifecycle and you understand your technology. What differentiates after that? What they found was the skills on the bottom half of this page, the Systems Mindset, so big picture thinking, and paradoxical mindset. You’ve all heard that joke about fast, good and cheap, pick two of the three. Well, that’s the world in which systems engineers live. We make trade-offs between things that are inherently conflicting. The other thing is, we’ve got to make decisions quickly, so you’ve got to have a flexible comfort zone. You’ve got to be willing to wait till you have the critical information but make a decision without all the information you want.


RELATED: A Path to Model-Based Systems Engineering (MBSE) with Jama Connect®


Unger: In terms of the middle column, Interpersonal Skills, just the obvious stuff as I mentioned. You’ve got to influence the other engineers to make a good decision. Then finally here in Technical Leadership, balanced decision-making, and risk-taking. So, I had a general manager one time say, “We’re in the business of managing risks, not avoiding risks.” The least-risk program is also a boring one, but you also don’t want to take moonshots and everything. So, you really want to balance. It’s another case of a paradoxical mindset. Balance risk-taking with hitting a schedule predictably. So, these are the kinds of skills that really differentiate as systems engineering leaders, 10 to 15 years into your career. I’m going to talk more about these, decision-making, stakeholder management, and barrier-breaking.

So, I put together a very simple Systems Engineering Competency Model. I started with the NASA handbook and the NASA lifecycle. I simplified it, into that they had scope and requirements management separated, and I actually agree with those being different. But in reality, on the size of programs that we typically implemented, the people who did one typically did the other. Same thing, the architecture and the design, those were typically the same people. So, you have the upfront design, you have implementation. So, managing the subsystems actually do the implementation of what the design asks them to do, and you integrate it, such that you find your defects early. Then you manage all the lifecycle, the serviceability, manufacturability, disposability, and all the “ilities.”

Then leadership, obviously, there the interpersonal skills. This was developed for GE Healthcare, so I just picked it from our existing leadership skillset and I simplified it. What you’ll notice here is I put down at the bottom, critical thinking, as a technical skill. For many executives, and for other functional engineers, critical thinking is important, but as I mentioned, since we deliver instructions and designs to other engineers, framing decisions, taking vague things from product management and marketing, and turning them into clearer problems or functions to solve, I consider that a core technical excellence of systems engineering. But that’s vague. How do I actually measure that? So, I came up with this fairly simple set of observable behaviors. So, first of all, framing problems takes an ambiguous problem identifies the critical stakeholders, and turns them into a clear problem a more junior engineer can solve.

So, first, let’s talk about framing the problem. Even an entry-level person has to be able to understand a problem that’s been framed for them. But as you get to more senior people, the 10 to 15-year level, you have to be able to frame a complex problem, see around corners, use foresight to sort out essentials from the detail, and identify risks and emergent behavior that need to be incorporated in the decision, that other engineers might not see. Even at the strategist level, you can take a complex and ambiguous problem clarify the ambiguity, and turn it into simply just a complex and interconnected problem.

So, if we’re talking about maybe the 10 to 15-year-old person, not the most senior executives, you’ll be able to take a complex problem, identify ahead of time problems other people don’t see, and capture that. Balance cost, schedule, technical risk, and team capabilities, and make a trade-off based on sound evidence and data. Balance your intuition, when you don’t have all the data with waiting and gathering data where you need it. Then finally, making the decision is maybe the easy part. You have to make sure the team follows your leadership. Take accountability for making the right decisions, delegate where you can, and then ensure that the entire team buys into the decisions that the team or you have made. So, that’s the theory.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


Unger: Let’s talk about how we manage design decisions. First of all, why? Why is this a critical skill? By identifying the critical design decisions, it allows the team to focus on the most important thing, and separate out the core from the distractions. It helps teams identify work items. So, for example, one time when I was working with the ultrasound team in Japan, we had a bunch of really experienced engineers and they were working on a new ultrasound probe. It had moved an active component into the probe and there was a thermal issue. They were talking in Japanese for about five, 10 minutes when I was asked to frame the problem and I said, “Yeah, you’re talking too fast and too much. This is not that easy. Come back to me and tell me what you’re actually doing.”

They were figuring out how to measure the thermal properties in the lab. I said, “Well, imagine you had a probe that was safe, with maybe 39°C, but that was uncomfortable to handle. Have you worked with the application people on how much value? If you spent $50 more and took the temperature down by 1°C, would that be worth a trade-off? The team, “Oh, that’s interesting.” They were actually focused on the technical feasibility, not the real market and customer acceptance problem. So, by doing this upfront, you can make sure that you have a complete work process for the team. Then once you’ve made the decision, it minimizes rework by making sure the decisions stay closed.

Now, this decision list and prioritization should start early. It would be comfortable to wait until you know everything, but that’s too late. So, it’s a living document. Don’t wait to get started until you have enough information to make a good plan. Start with what you know, and then build out as you continue. So, one of the first things I talk about is, what is a decision? As an example, I’ve had teams come to me saying, “The operating system selection is a decision.” It’s like, “No. It’s actually not typical. It’s typically a collection of decisions.” So, I draw this little arrow here. It’s basically a decision is a point in which you select between different paths going forward and you pick one way versus another. So, deciding whether to include a stretch item in scope or not is a decision. Deciding between very specific designs and implementing a feature is a decision. Setting a critical to-quality parameter or balancing between different parameters, so cost versus reliability or cost versus performance, is a decision.


CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Key Systems Engineering Skills: Critical Thinking and Problem Framing


Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Expanding EV infrastructure in the US: Both on- and off-road” – originally published on November 20, 2023.

Expanding EV Infrastructure in the US: Both On- and Off-Road

The expansion of electric vehicle infrastructure in the US has been challenged by various issues, from governance to location. Here, we explore the issues and how they can be combated.

The evolution and expansion of electric vehicle (EV) infrastructure, encompassing both on-road charging stations and off-highway electrification, is a burgeoning topic in the United States. This issue has been characterized by significant regional disparities, with varying levels of availability across different parts of the country.

Furthermore, it is marked by distinct challenges that arise in urban versus rural settings as well as on- and off-road contexts. The role of government support and policy direction also comes into play in shaping this landscape.

As interest in electric vehicles continues to surge, understanding the intricacies behind their supporting infrastructure becomes increasingly crucial. Off-highway electric vehicles have their own unique set of requirements when it comes to charging infrastructure, presenting numerous design and manufacturing challenges.

Looking ahead, predicting future trends within this area is challenging due to its rapidly evolving nature but nonetheless vital for planning and strategizing growth trajectories within this realm.

Availability of EV infrastructure in the US

The uneven distribution of electric vehicle charging stations across the United States underscores a significant disparity, with coastal areas generally boasting greater availability than their counterparts in the Midwest and rural regions.

This can be attributed to several factors, including regional disparities in both population density and average income level, which directly influence infrastructure cost and consumer adoption rates of EV technology.

For instance, densely populated urban centers, particularly those along the coasts such as New York City or San Francisco, tend to have higher per capita incomes. These areas are more likely to invest in expensive EV technology and support the infrastructure costs associated with establishing charging stations.

The increased presence of these facilities subsequently encourages more consumers within these regions to adopt electric vehicles due to decreased concerns over charging time.

In contrast, regions characterized by lower population densities or average income levels –such as many Midwestern states and rural areas – are typically less equipped with EV charging infrastructure. This results from a combination of factors: reduced consumer demand for EV technology due to financial constraints; longer distances between destinations that increase concern over charging times; and higher per-unit infrastructure costs arising from the need for more extensive grid enhancements in less developed areas.

As such, despite growing national interest in reducing carbon emissions through transitioning towards electric vehicles, these challenges contribute significantly towards regional disparities in the availability of EV charging stations across America.

Thus, it is imperative that future efforts aimed at expanding this crucial segment of green transportation infrastructure consider these distinctive geographical characteristics and obstacles.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


The challenges of expanding EV charging infrastructure

Significant stumbling blocks surface when scrutinizing the surge in electric vehicle utilization, particularly pertaining to potential power supply problems, prohibitive price points of charging stations, and a paucity of policies promoting progress. These issues include:

Infrastructure costs

The establishment of an extensive network of charging stations necessitates substantial capital outlay from both public and private sectors. The latter’s involvement is critical since government funding alone may not suffice.

Technological limitations

Current technology restricts rapid mass-charging capabilities, potentially leading to power grid stress during peak demand periods. This limitation necessitates additional investments in technology development and grid reinforcements.

Public awareness

Despite growing interest in electric vehicles, many potential users remain uninformed about their benefits or how to utilize existing EV infrastructure effectively.

Sustainability concerns

While electric vehicles significantly reduce greenhouse gas emissions compared to conventional fuel cars, the production process itself can have a substantial environmental footprint, largely due to battery manufacturing processes.

The availability of EV infrastructure in rural and urban areas

Differences in the accessibility and utilization of EV charging stations between rural and urban areas present a nuanced challenge in promoting wider adoption of this sustainable mode of transportation. Rural EV adoption faces obstacles such as a lack of public charging infrastructure due to less population density and greater travel distances.

Moreover, financial considerations play into these disparities as well; the high cost associated with the installation and maintenance of charging stations may not be justified by the potential low usage in rural settings. This situation leads to EV accessibility being heavily skewed towards urban regions where there is higher demand.

On the other hand, urban planning challenges also arise in expanding EV infrastructure within cities. The densely populated nature of urban environments results in space constraints for installing new charging stations. Available funding also becomes a critical factor – adequate EV infrastructure funding is necessary for both the construction and operation of sufficient charging facilities to meet growing demands.

Additionally, differences between these two types of geographies are reflected not only on human mobility but also have an impact on the environment.

While increased use of electric vehicles can significantly reduce greenhouse gas emissions in densely populated cities, achieving similar outcomes in rural areas can prove much more difficult due to their unique characteristics.

Government support

In light of these challenges, it is noteworthy to mention the initiatives taken by American governmental bodies to bolster the proliferation and accessibility of charging amenities for electric vehicles. The US Government has employed a mixture of methods to support this development:

Federal incentives

At the federal level, several incentives have been introduced over recent years to encourage EV adoption. For instance, the Electric Drive Vehicle Battery and Component Manufacturing Initiative provided $2bn in grants for manufacturing of advanced batteries and electric drive components.

Private partnerships

On top of direct funding, the US government also fosters private partnerships aiming at enhancing electric vehicle infrastructure. An example would be the ‘EV Everywhere Grand Challenge’, launched by the Department of Energy (DOE), which works with national laboratories, universities, private industries, and other governmental agencies to increase availability of high-speed charging stations across country.

Infrastructure financing

Additionally, there are efforts directed at infusing capital into public charging infrastructure through financing programs like the Clean Cities Alternative Fuel Vehicle Deployment Initiatives which allocated millions towards building EV charging stations nationwide.

Technological advancements and environmental impact

Given that environmental impact is a key driver behind the shift towards electric vehicles, governmental policies are expanding physical infrastructure but also investing in research & development for technological advancements that could reduce emissions further while improving EV range and battery life.

Developing off-highway EV charging infrastructure

The development of charging facilities for electric vehicles designed for non-highway use represents a unique and complex challenge, necessitating innovative solutions and strategies. Off-highway adaptations require not only the installation of charging stations in remote or less accessible areas but also the incorporation of infrastructure financing to support their construction and maintenance.

Technological advancements have been pivotal in addressing these challenges, making it feasible to develop energy-efficient charging systems that can withstand harsh environmental conditions while providing reliable service. These advancements range from solar-powered charging stations to smart grid technologies that optimize electricity usage during off-peak hours.

Investing in this type of infrastructure is critical for promoting sustainable solutions within the transportation sector, particularly in industries such as mining, agriculture, and construction where off-road vehicles are prevalent. The integration of renewable energy sources with charging infrastructure offers dual benefits: reducing greenhouse gas emissions associated with traditional fossil fuel-based power generation and extending the reach of EV technology into areas beyond urban centers.

Furthermore, public-private partnerships offer potential avenues for securing necessary funding without placing undue financial burden on local communities or individual businesses.

As such, developing an efficient and resilient off-road EV charging network requires a holistic approach incorporating technological innovation, targeted investment strategies, and sustainability considerations.


RELATED: Jama Connect® for Automotive


The challenges of designing and manufacturing off-highway EVs

Designing and manufacturing electric off-highway vehicles presents unique challenges, with research indicating that a significant one is ensuring these machines can withstand the rigors of heavy-duty applications, an issue reported by 60% of manufacturers. Battery longevity is a critical concern in this regard since off-road vehicles often operate in extreme conditions that could quickly diminish battery life.

Similarly, terrain adaptability is another challenge. Electric vehicles must be designed to handle diverse terrains, from rocky landscapes to sandy dunes, without compromising on performance or energy efficiency.

Material sourcing poses yet another problem due to the need for lightweight but highly durable materials for construction. This brings us to durability concerns which are paramount because, unlike regular city electric cars, off-highway EVs have to endure harsher operational conditions requiring them to be more robust and longer-lasting.

Finally, cost efficiency continues to be an obstacle as developing high-performance, yet affordable electric off-highway vehicles remains a struggle for many manufacturers, due to the high costs associated with batteries and other essential components.

The future of EV infrastructure both on- and off-road

Transitioning from the challenges of designing and manufacturing electric off-highway vehicles, it is pivotal to envision what the future holds for EV infrastructure. This includes both on- and off-road contexts, as each comes with its unique set of considerations pertaining to infrastructure financing, renewable energy integration, vehicle-to-grid technology, and battery disposal methods.

The future landscape of EV infrastructure will likely be shaped by a variety of factors. The pace at which this change occurs may largely hinge upon infrastructure financing – securing sufficient funds to create an expansive network of charging stations that facilitate higher EV adoption rates. As more consumers opt for electric vehicles, there will be an increased demand for reliable and accessible charging facilities.

Therefore, investment in this sector is crucial not only for supporting current users but also promoting further uptake.

Simultaneously, the integration of renewable energy sources into these infrastructures represents a crucial aspect. By harnessing power from sustainable resources such as solar or wind energy, the environmental impact can be further mitigated while optimizing energy usage overall.

Moreover, vehicle-to-grid technology presents another promising avenue where electric cars do not just draw power but can feed surplus back into the grid during peak demand hours – thereby acting as mobile energy storage units. This could revolutionize how electricity grids operate while offering additional revenue streams for EV owners.

Lastly are considerations regarding battery disposal methods. With growing numbers of electric vehicles on- and off-road comes increased volumes of spent batteries which necessitate effective recycling or disposal strategies to minimize environmental harm and potential resource losses.

Thus, these aspects collectively indicate a multifaceted future wherein technological advancements must go together with strategic planning and responsible practices.

The US Government’s solutions offer hope

In conclusion, the path to an electrified future, both on- and off-road, resembles a vast and uncharted road. Despite challenges such as regional disparities in charging station availability, hurdles in infrastructure expansion, and manufacturing complexities for off-highway vehicles, progress is being made.

The US Government’s support, alongside innovative solutions, offers hope that these obstacles can be overcome. As the dawn breaks on this new era of transportation, one cannot help but feel a sense of anticipation for what lies ahead – a highway illuminated by the promise of sustainable mobility.

 

 

 

 

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Why penetration testing is critical to every robust cyber security strategy” – originally published on November 2, 2023.


Foreward by Josh Turpen – Chief Product Officer, Jama Software®

A big “Thank You!” to Chris Dickens for a great article. As part of our security program here at Jama Software, we have a layered approach to security tests and scans. Scans are done on every build, automated tests are run on every build, and active PEN tests are done multiple times per year. As the only SOC 2 Type 2 product in the space, we have set a high bar for ourselves because we know the importance of security to our customers.


Why Penetration Testing is Critical to Every Robust Cyber Security Strategy

Chris Dickens, Senior Solutions Engineer at HackerOne, outlines an effective penetration testing strategy.

Digital transformation has become an essential requirement for any business that wants to remain competitive in an increasingly digital global landscape.

However, it’s not always straightforward. In many cases, digitizing key processes can expose businesses to a wide array of new cyber security risks they aren’t used to, potentially leading to damaging breaches, attacks and/or loss of sensitive data if they aren’t careful.

In order to protect against such threats, a well-rounded cyber security strategy needs to be put in place alongside any digital transformation initiative.

However, cyber security isn’t a ‘one and done’ activity, strategies must be continuously evaluated and tested to ensure they remain effective.

Cyber criminals constantly evolve their attacks, so cyber security must also evolve. Whatever works now will likely be outdated in just a few weeks or months.

One of the best ways to stay ahead is through regular penetration testing (pentesting), which can give companies a fast, accurate snapshot of the current state of their cyber defences. This point in time activity features ethical hackers putting themselves into the shoes of malicious actors in an attempt to breach a system’s security for the purpose of vulnerability identification.

Typically, both humans and automated programs are used to research, probe, and attack a network using various methods and channels known to be used by cybercriminals.

But too many still don’t fully understand how pentesting works, or how they can effectively implement it into their wider security strategy.


RELATED: Unlocking the Potential: The Importance of Software Defined Vehicles Explained


How has pentesting changed?

The era of secretive, closed-door penetration testing is a thing of the past. In those days, you had to depend on the skills and schedules of usually big companies, enduring long waits, and limited insight into the results and tester’s actions.

Nowadays, penetration testing has evolved significantly. It often commences within a few days and is typically conducted on a smaller scale more frequently. This transformation is credited to innovative platforms that offer real-time transparency into the testing process and a more inclusive approach when bringing testers on board.

The emphasis is now on results and experience from the ethical hacking community rather than formal education and certification. The creation of new AI-based hacking methods and willingness to test source code has also greatly improved the output.

While this may sound quite daunting for the business involved, pentesting is an incredibly effective way to discover major vulnerabilities in their security before they can be exploited, which is critically important for keeping sensitive data safe.

Arguably, penetration testing’s best advantage, however, is its thorough coverage and documentation. Due to its in-depth and refined testing, in most cases, vulnerabilities are discovered and documented, including details on how the bug can be exploited, its impact on an organisation’s compliance, and advice on how to remediate the issues.

Unlike other offensive security engagements, pentesting also allows organisations to test internal systems alongside unfinished applications – this is especially useful when leading up to a new product announcement or organisation acquisition.

Using pentests to inform both present and future security strategies

As mentioned, pentesting is a great way for businesses to gauge the effectiveness of their existing security defences at that moment in time.

However, too many organisations tend to treat it as though it’s the beginning and the end of the process, which it isn’t.

Pentesting is a tool, not a strategy, and as valuable as they are, pentests are only useful if the results are translated into an effective overall security strategy for the future.

An effective modern pentesting strategy should contain the following elements:

  1. Establish key security priorities- First and foremost, businesses must determine what they need to protect. While it’s impossible to protect everything all the time, key assets should be prioritized based upon the damage the asset would cause if it was to be compromised. Typically, highly sensitive information such as proprietary IP, competitive and legal information, and personally identifiable information (PII) will be top of the list.
  2. Get security buy-in from all employees- A sustainable security culture requires buy-in at all levels of an organization, from the executive board to the reception desk. If every employee takes responsibility for company security, it’s much easier to build a model where risks are shared, and teams across the company can scale securely.
  3. Use pentesting as a regular security touchpoint- Regular penetration testing is a great way to promote a more proactive approach to security. All too often, organizations aim to meet only the minimum requirements for compliance – and believe themselves to be secure, which is a highly risky strategy. By contrast, combining regular pentests with bug bounty programs provides a continuous feedback loop that allows companies to quickly identify new vulnerabilities and deal with them before they come to the attention of malicious actors.
  4. Make robust cyber security a strategic differentiator- A recent study by PwC found that 87% of global CEOs are investing in cyber security as a way of building trust with customers. If the lifeblood of the digital economy is data, its heart is digital trust. Organizations with a sound security strategy can quickly turn it into a strategic differentiator for their brand, which is invaluable in highly competitive business sectors and industries.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive


The best cyber security strategies can quickly adapt to change

Modern enterprise security is not easy. As more businesses embrace digital transformation and cloud computing becomes the new normal, reliance on IT is at an all-time high.

Consequently, even a small data breach can potentially have a devastating impact. On top of this, attack surfaces are exponentially larger than they were just a few years ago and continue to grow at an alarming rate.

The best practice approach for security teams is to color outside of the lines by infusing new and independent thinking. With this in mind, penetration testing offers much more than just a scan and definitely more than a tick-box compliance requirement.

By developing a cyber security program that employs an agile approach, organizations can prioritize flexibility and make rapid changes when needed.

Engaging ethical hackers enables organizations to deploy an army of specialized experts that will work around the clock to identify vulnerabilities and conduct pentests for both regulatory compliance and customer assessments. In today’s highly competitive and volatile business environment, few organizations can afford to forego such a crucial security advantage.

Contributor Details
Chris Dickens – Senior Solutions Engineer, HackerOne