Tag Archive for: ISO 14971

ISO 13485

In this blog post, we will cover key components of the important medical device standard ISO 13485 and cover steps for successful adherence. 

In the complex world of medical device development, teams not only face challenges of innovation, but also a shifting regulatory environment and evolving standards.

Balancing the competing interests of customers and stakeholders with the guidance and regulations from different entities across global boundaries presents challenges that even the most organized and methodical teams may struggle to meet.

In this environment, systems thinking can greatly improve the ability of medical device development teams to get products from the idea stage to market. By breaking down complex problems into manageable pieces, teams can better evaluate their systems and streamline and strengthen processes.

Using an applied systems approach will also help resolve inefficiencies in the development process and produce the outputs necessary for the design history file (DHF).

A growing number of organizations and teams are already pursuing a general systems approach by applying the guidance in ISO 13485:2016. This standard helps define a framework for the Quality Management System (QMS) for medical device development and pushes the development process naturally toward a systems approach. But for those teams that have not yet adopted the standard, adding one more document or piece of guidance to the overall process can feel like another layer of complication.

It doesn’t have to be. Adopting this standard can help standardize and systematize the medical device development process. Though it may look daunting at first, once adopted, ISO 13485 can streamline processes and position organizations for a better outcome with regulatory requirements.

RELATED: How to Executive a Successful Design Review When Building Medical Devices

The Purpose of ISO 13485

The standard was developed by the International Organization for Standardization (ISO) to outline the standard for a Quality Management System (QMS) for the design and manufacture of medical devices.

The ISO defines “medical device” as “a product, such as an instrument, machine, implant or in vitro reagent, that is intended for use in the diagnosis, prevention and treatment of diseases or other medical conditions.” It is a stand-alone document designed for use by organizations of any size involved in any stage of medical device development, from design to production to installation to service of devices. Both internal and external parties can use the standard to support the auditing process.

ISO 13485 is the most common standard for quality management in the field of medical device development across the globe. Adoption of the standard indicates a commitment to the highest quality and safety across the development process, and it provides a foundation for QMS requirements.

While not required by all government entities, the standard does provide a good foundation for addressing regulations such as the EU Medical Device Directive and the EU Medical Device Regulation. In 2018, the FDA proposed a rule that would align US FDA 21 CFR 820 with ISO 13485:2016; this rule would make this standard the mandatory QMS for medical devices.

Note: The rule was set for release in 2019; however, as of December 2020, the rule was still forthcoming. Check for current guidance.

RELATED: Your Guide to Selecting a Medical Device Development Platform

Requirements for ISO 13485 Adherence

Though adoption of ISO 13485 may look complicated or daunting, in reality, adhering to the standard helps eliminate some of the ad hoc nature of requirements and systems in the medical device field.

With increasing worldwide adoption of ISO 13485 by both companies and government entities, the medical device industry should start to realize some harmonization and consistency of processes and systems. This standardization will help streamline the industry overall and allow important innovations a smoother and potentially faster route to market.

The requirements to obtain ISO 13485 certification start with a QMS. ASQ defines a Quality Management System as “a formal system that documents the structure, processes, roles, responsibilities and procedures required to achieve effective quality management.” The QMS must include documentation that defines the overall scope and implementation of the QMS; important documentation includes Quality Policy, Quality Objectives, and Quality Manual.

Bottom Line These documents should be sure to address customer requirements. In addition, organizations need to create mandatory and additional processes and requirements necessary for all stages of development. Examples of documents required by ISO 13485:2016 can be found here.

Key Takeaways from Our Complete Guide

  • ISO 13485 and systems thinking go hand-in-hand; teams will find that adoption of ISO 13485 directs them toward systems thinking.
  • Adoption of this standard will streamline processes and position medical device teams for better regulatory outcomes.
  • ISO 13485 is a stand-alone document; however, it closely aligns with ISO 9001:2008 and EN ISO 13485.
  • ISO 13485 and ISO 14971 are related, but ISO 14971 is more focused on risk management – the two standards can be used in tandem.
  • This standard is not mandatory; teams can develop a Quality Management System (QMS) without the standard as long as it meets regulatory requirements. However, adoption of the ISO 13485 will create a QMS that is ideally positioned to meet the requirements of various regulatory and legislative entities, including the EU.

Jama Software’s Complete Guide to ISO 13485 for Medical Device Development covers requirements for adherence, the difference between ISO 13485 and other medical device standards, and steps for successful adoption and certification.

Download The Complete Guide to ISO 13485 for Medical Device Development to untangle everything there is to know about this important standard.


ISO StandardsIf you’ve worked in product development for any time at all, you’ve probably heard the term “ISO” used in conjunction with the terms “standards” and “compliance” (along with a variety of four- and five-digit numbers).

But what does that all mean, and how does it affect you? In this article, we will provide you with a basic guide to understanding ISO standards.

What is ISO and What are ISO Standards?

The International Organization for Standardization is a nongovernmental organization. It consists of a network of standards bodies from 165 member countries (currently), with one body representing each member country. The American National Standards Institute (ANSI), for example, represents the United States. The organization maintains a central office in Geneva, Switzerland, to oversee this network.

Because “International Organization for Standardization” is a mouthful and would have different acronyms in different languages, the organization’s founders chose ISO—derived from the Greek ‘isos’, meaning equal—as its official abbreviation. As the group’s website proclaims: “Whatever the country, whatever the language, we are always ISO.”

ISO’s purpose is to help unify standards on an international basis. ISO standards are designated by the term ISO followed by a number, like ISO 9001. In some cases, ISO standards share a numeric code with an industry association, as in the case of ISO/IEC 12207. IEC stands for the International Electrotechnical Commission, which prepares and publishes international standards for electrical, electronic, and related technologies.

Nearly 800 ISO technical committees and subcommittees are tasked with standards development. As of June 2021, ISO has published some 23,886 international standards covering almost all aspects of technology and manufacturing.

What Are the Benefits of ISO Standards?

ISO forms a bridge that links the public and private sectors. Many of its member institutes are either departments of their national governments or mandated by them. Other member organizations are rooted solely in the private sector, having been set up by industry association partnerships within their country. ISO helps these diverse bodies reach consensus on solutions that meet both the requirements of business and the broader needs of society.

ISO standards help make the world a safer place and give consumers confidence that the products they buy are safe, reliable, and of high quality. Regulators and governments count on ISO standards to help develop better regulation, knowing they have a sound basis thanks to the involvement of globally recognized experts.

Finally, compliance with ISO standards gives companies an advantage in the marketplace. ISO certification provides assurance to potential customers that the company adheres to industry best practices. In many industries, companies require that their suppliers are certified to certain relevant ISO standards.

RELATED POST: How to Perform Better Impact Analysis on Upstream and Downstream Relationships

How Does ISO Design New Standards?

The ISO process for creating a new standard begins when an alliance of industry associations or consumer groups submits a request. ISO then recruits subject matter experts and industry stakeholders to form a technical committee or subcommittee. This committee executes a two-round drafting process and then takes a formal vote on the second draft. This second draft is called the Final Draft International Standard (FDIS). If the FDIS is approved, it is certified by the central secretariat, and ISO publishes it as an official international standard.

As technologies and best practices evolve, industry associations may request an update of an ISO standard. Different versions of the standard are distinguished by the year the revision was published appended to the standard designation. For example, the latest version of ISO 9001 is ISO 9001:2015.

What ISO Standards Are Related to Product Development?

ISO 9001

The ISO 9000 family of quality management standards is easily the most popular set of industry standards in the world. Of these, ISO 9001 is the only one to which companies can be certified.

ISO 9001 describes how to put a Quality Management System (QMS) in place to better prepare your organization to produce quality products and services. Today, over one million companies in more than 170 countries are certified to ISO 9001:2015.

ISO/IEC 12207

ISO/IEC 12207, Systems and software engineering – Software lifecycle processes aims to define all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.

First introduced in 1995, ISO/IEC 12207 establishes a common framework for software life cycle processes with well-defined terminology that can be referenced by the software industry. It defines the processes, activities, and tasks to be applied during the acquisition of software products or services, as well as during the supply, development, operation, maintenance, and disposal of software products and to the software portion of firmware, as well.

ISO/IEC 12207 also provides a process that can be employed for defining, controlling, and improving software life cycle processes.

ISO 8887

ISO 8887 specifies the requirements for the preparation, content, and structure of technical product documentation (TPD) of the design output for the cycles of manufacturing, assembling, disassembling, and end-of-life processing of products. It describes the TPD needed at the critical stages of the design process.

Beyond those requirements, the standard also identifies and describes methods and conventions appropriate to the preparation of documentation necessary to realize a design, including the application to multiple life cycles. ISO 8887 also incorporates guidance on the ultimate reusing, recovering, recycling, and disposing of the components and materials used.

ISO/TS 16949

Based on ISO 9001, ISO/TS 16949 is a technical specification (TS) aimed at the development of a quality management system that provides for continual improvement within the automotive industry. First published in 1999, it emphasizes defect prevention and the reduction of variation and waste in the automotive industry supply chain and the assembly process.

According to the British Standards Institution (BSI), the ISO/TS 16949 standard was created by the International Automotive Task Force (IATF) to help streamline this process. It focuses on the avoidance of errors and defines the requirements for the development, production, and installation of automotive-related products. Today, certification is required by almost all Tier 1 companies, many of whom require their Tier 2 and Tier 3 suppliers to certify. As a result, over 50,000 certifications have been issued to date against this standard.

ISO 26262

ISO 26262, Road vehicles – Functional safety applies to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars. Introduced in 2011, this standard addresses possible hazards caused by malfunctioning behavior of E/E safety-related systems, including the interaction of these systems.

With the increased number and interaction of electronic systems within passenger vehicles, this standard is being adopted rapidly within the automotive industry.

ISO 13485

Unlike many ISO standards, ISO 13485, Medical Device Quality Standards, is a single document and does not belong to a family. It was originally published in 2003 and revised in 2016.

ISO 13485 puts a quality management system in place for the production of medical devices and equipment and is very specific to the health industry. It is often implemented with ISO 9001 to show that an organization is qualified to do business in the medical device field.

ISO 13485  is a regulated standard against which over 25,000 certifications have already been issued.

RELATED POST: Checklist: Selecting a Requirements Management Tool

How ISO Affects the Product Development Process

Product developers sometimes ask, “What are the differences between standards and requirements?”

According to Merriam-Webster, a requirement is “something wanted or needed; a necessity” or “something essential to the existence or occurrence of something else.” Other definitions include “a necessity or prerequisite” and “something required or obligatory.”

Webster’s defines a standard as “something set up and established by authority as a rule for the measure of quantity, weight, extent, value, or quality” or “something established by authority, custom, or general consent as a model or example.” In other words, a standard is a principle, example, or measure used for comparison—a benchmark used to evaluate suitability for a purpose.

To meet a requirement, a thing, person or organization must do exactly what the requirement says. To meet a standard, a thing, person or organization must meet the minimum requirements of the standard and align with its intent. Standards typically allow some leeway for tailoring to individual organizational practices and obligations.

As mentioned earlier, many corporate and governmental customers want their suppliers to adhere to certain ISO standards, especially in industries that are multi-tiered or highly regulated. Certification to applicable standards is often a contractual requirement within those industries.

Is ISO Compliance Required by Law?

The ISO standards themselves are not legally binding. There are no laws that compel companies to meet or be certified to any ISO standards.

However, national regulators may refer to ISO standards as examples of good practice. For example, a building regulation might say you must comply with certain local regulations and that one way of complying with those is to comply with a given ISO standard.

Also, while not legally bound, many companies find certification to certain ISO standards is a necessity if they wish to compete for contracts within their industry or with specific customers.

Want the inside scoop? See what users are saying about Jama Connect

What is ISO Certification?

In this guide, we’ve talked frequently about ISO compliance and ISO certification. So, what’s the difference?

Compliance simply means that your product or process conforms to the requirements of the ISO standard. ISO certification, on the other hand, is the result of a formal procedure and thus a bit more complicated.

ISO itself does certify companies directly. Instead, specific certification bodies perform the task of auditing and then certifying an organization’s compliance with a given ISO standard. These bodies, often known as registrars, must themselves be certified under a separate standard, ISO/IEC TS 17021.

During the certification process, the registrar audits the organization to ensure that its operations are in compliance with processes outlined in the current ISO standard. Where inconsistencies or “non-conformities” are found, the organization must typically create a program for correcting these problems before the registrar will issue a certificate.

Once an organization is granted certification, it receives a certification mark that can be used on its company stationery, websites, etc.

When it comes to ISO standards governing ongoing business practices, like ISO 9001 for example, approval is typically valid for a period of three years. After that, the company must recertify to the current form of the standard.

Applying ISO Standards in Lifecycle and Requirements Management

What tools can help meet ISO standards in the realm of product lifecycle management? Jama Software provides several.

First and foremost of these is our flagship product, Jama Connect. For example, let’s say your organization is seeking certification to ISO 9001. To achieve that certification, you need to demonstrate you have put in place a defined, repeatable process for assuring quality. Jama Connect is a tool built specifically for requirements management and requirements traceability. Not only does Jama Connect simplify the tracking and tracing of requirements, it also makes it simpler and easier to maintain and demonstrate a robust quality process. That’s because Jama Connect automates so much of your requirements management process.

We’ve also built guides that will help you build compliance with specific ISO standards. If you work in the automotive sector, you may want to check out our guide for ISO 26262 compliance. Likewise, if you work in the medical device field, be sure to get a copy of our Guide to ISO 13485 for Medical Device Development.

Finally, to learn more about choosing the right requirements management tools to help your company attain or maintain ISO certification, download our Requirements Management Buyer’s Guide.


In 2016, the Jama Software team proudly announced that we had received a certification from internationally-recognized testing body TÜV SÜD. Jama Connect™ was certified as a software tool for development of safety-related products according to ISO 26262 (up to ASIL D) and IEC 61508 (up to SIL 3). It was especially noteworthy, as Jama Software was one of the first vendors to be both SaaS and agile to have received this certification. 

Three years later, we are excited to announce we have extended the scope of our certification from TÜV SÜD. Jama Connect is now also certified as a software tool for development of medical devices according to IEC 62304 and railway applications according to EN 50128.

This new certification gives medical device developers and railway application developers confidence that Jama Connect has been evaluated and qualified for defining, building and testing products that have to meet critical functional safety requirements. 

We recently talked with Christian Nowak, Functional Safety Expert at TÜV SÜD, to discuss what is required to receive such certifications and what they mean for our customers. 

Jama Software: Can you explain, generally, how the certification process is completed 

Christian NowakFor a software tool certification, we are focusing our assessment on the development processes and the validation approach and evidences provided by our customers. An important activity is the on-site audit at the customer’s premises. The first audit was conducted in 2016 as part of the original certification and we performed a three-day re-audit in June 2018 at Jama Software’s headquarters in Portland, OR. 

During the initial audit we looked at the organization’s processes in the light of the functional safety standards’ requirements for developing and maintaining safety-relevant software. The recent re-audit included sample checks to see if these processes are being followed based on the evidences created.  

We also discussed and assessed modifications and improvements of processes, which play an important role for verification and validation especially in the context of the Agile development approach at Jama Software. 

RELATED: 3 Ways Products Became More Complex in the Last Five Years

JS: What is required in addition to the on-site audit?  

CN: The on-site activities are usually supported by off-site reviews of the documentation evidences generated by the customer. Due to the agile development approach at Jama Software leading to frequent releases, our assessment approach had to be adapted and is following this pace.  

In other words, we are regularly assessing the modifications Jama Software is applying remotely and updating our certification report accordingly. In a way, our assessment approach has, in this case, also become “agile.”  

JS: What does this certification mean for our customers? How can they benefit from these certifications?  

CNEvery Jama customer who is attempting to adhere to the mentioned standards for developing safety-related systems, hardware or software must provide documentation evidences addressing the requirements defined in the standards.  

Those requirements also consider the software tools that are used for the development of safety-related systems, hardware or software. The idea is that systematic faults should be avoided not only in the actual developed systems, hardware or software, but also in the software tools used for the development.  

By undergoing a successful third-party certification by an accredited testing body like TÜV SÜD, Jama Software demonstrates that they are following adequate development processes and performing adequate validation activities for preventing systematic faults. 

Thus, Jama customers can use the TÜV SÜD certificate as an argument for software tool qualification in projects where increased confidence in the software tool is required. They do not have to spend all the efforts for qualifying the tool themselves; they only have to make sure that they are following the safety manual that Jama Software is providing for each release. 

RELATED: Watch a demonstration of the Jama Connect for Automotive Solution

JS: What is the value for organizations developing products in accordance with these standards?   

CN: In some industry fields, functional safety standards are mandatory to be complied with – in others, product liability is a main driver. In general, the quality, reliability and of course the safety of those products are being improved, which helps avoiding recalls, sanctions, and worse – consumer injury. 

JS: How long is the certificate valid for? 

CSGenerally, a TÜV SÜD functional safety product certificate is valid for five years. During this timeframe, TÜV SÜD is however regularly monitoring the adherence to the requirements by accompanying the agile development remotely as mentioned before and by returning every two years for an on-site audit.    

JS: Is TÜV SÜD involved in the development of the functional safety standards?  

CN: Yes, TÜV SÜD is actively participating in the standardization committees. Please note that just recently the second edition of the automotive functional safety standard was released (ISO 26262:2018). 

RELATED: Learn more about ISO 26262 and automotive electronics development

JS: How long does the tool certification process take, on average?  

CNWell, this depends on the maturity of the existing development processes, the complexity of the tool and the experience of the company with functional safety when we start with the assessment. I would say the initial certification can be achieved within six months, but it can also take much longer if many iteration loops are required. 

To learn more about how Jama Connect can help your team simplify compliance, streamline development, and speed time to market, download our solution overview.


ISO 14971

Last week, Jama Software launched Jama Connect® for Medical Device Development, which helps teams speed time-to-market without compromising quality or compliance.

In our experience working with more than 200 medical device developers, we’ve realized how important it is to create best practices for risk management under ISO 14971, the FDA’s mandatory standard for risk assessment throughout the product development lifecycle.

In this post, we’ll outline the main clauses of ISO 14971 and explain how Jama Connect can help medical device developers build better, safer products that satisfy ISO 14971.

What is ISO 14971?

ISO 14971 is an international standard that sees risk management as a product lifecycle process encompassing the development, production, and post-production stages. Jama Connect offers a straightforward approach to managing risk according to ISO 14971 in one platform. The standard was updated in 2019, providing more guidance on risk management and adding more detailed requirements.

Managing Risks & Requirements for ISO 14971

Risk management is an inextricable part of the medical device development process. For medical device developers, risks are a core principle of product development and should be tied together in one powerful platform.

Many medical device companies continue to depend on Excel to capture risk data, but Excel simply can’t provide the end-to-end traceability necessary for satisfying ISO 14971. That’s where Jama Connect comes in: It allows teams to easily connect risks, requirements, and testing in one system where requirements and test results stay live in real-time.

Jama Connect and ISO 14971

Jama Connect guides compliance with Clauses 4 through 7 of ISO 14971, which covers how risk should be managed throughout the product development process.

RELATED: Understanding Integrated Risk Management for Medical Device

Risk Management Plan

Clause 4 of ISO 14971 concerns how risk is organized and administered for your product line. It requires the formation of a Risk Management Plan throughout the development lifecycle.

The Risk Management Plan is the record of a planned process for risk management: who does what and when, how risks are scored, etc. It’s a component of the Risk Management File, which contains all the outputs for risk.

Clause 5: Risk Analysis

Clause 5 of ISO 14971 requires that medical device developers identify potential hazards and hazardous situations. Each hazardous situation and its potential consequences must be evaluated. Jama Connect helps teams satisfy Clause 5 by defining device-specific hazards and capturing risk probability and severity.

Jama Connect offers risk management item templates to capture important information about the risk analysis process, including a description of the device, intended use, and the scope of the analysis.

Teams can identify and evaluate potential hazards, sequences of events, hazardous situations, and harms in a single item type.

Clause 6: Risk Evaluation

Clause 6 requires the evaluation of risk for each hazardous situation and the definition of acceptability criteria for determining when risk reduction is required. To satisfy Clause 6, teams take the inputs from Clause 5 and determine the risk level for each hazardous situation.

In Jama Connect, risk acceptability criteria can be customized for a particular product line or medical device classification in the risk management item.

RELATED: Understanding FDA Medical Device Class and Classifications, and its Impact on Requirements Management

Clause 7: Risk Control

Clause 7 requires risk control measures to be developed, implemented, and verified across the product development lifecycle. Risk control measures could include product design, preventative measures in the product, and labeling. Residual risk must be evaluated against acceptability criteria, and risk control measures must be reviewed in case additional risks have been introduced inadvertently.

The risk evaluation item lets users identify risk control options for a specific hazardous situation, such as inherent safety by design, protective measures in the medical device or manufacturing process, and safety information.

Risk control measures, implementation verification, and verification of risk control effectiveness can also be accounted for in the risk evaluation item. Links to system requirements and verifications in Jama Connect can easily be created from the risk item to demonstrate traceability from hazardous situations to risk controls.

Clause 8: Residual Risk

Clause 8 requires an evaluation of the medical device’s overall residual risk. If the overall residual risk is unacceptable, it must be demonstrated that the medical benefit outweighs the residual risk.

When defining risk control measures, teams can capture those measures in Jama Connect and link them directly to risks before updating the rankings to determine the residual risk level.

With traceability through all phases of risk, users can quickly identify potential pitfalls in the product development process and address them before they become bigger barriers to success.

The Bottom Line

ISO 14971 requires a cohesive, well-documented narrative of your product’s lifecycle to assure the FDA that the device is safe, effective, and compliant. Any decisions or actions that aren’t documented could keep your product from reaching the market or result in a recall.

Finding and fixing errors early in the product lifecycle saves money, speeds time to market, and improves product quality. Jama Connect allows medical device developers to review risks and risk controls holistically so that teams can operate with confidence.

From a compliance perspective, the Jama Connect for Medical Device Development illuminates the risk management and product development process, while simultaneously generating the required documentation to support that narrative.

For a deeper dive into ISO 14971 and how Jama Connect for Medical Device Development offers a comprehensive way to manage risk and requirements throughout development, download our white paper, “Application of Risk Analysis Techniques in Jama Connect to Satisfy ISO 14971.

Product development

Close gaps in product development with Jama Connect™ and LDRA

Interested in closing gaps in your product development lifecycle? It’s no secret that developers of mission-critical software are facing increasingly complex system requirements and stringent standards for safety and efficacy. That’s why Jama Software has partnered with LDRA to deliver a test validation and verification solution for safety- and security-critical embedded software. LDRA has been a market leader in verification and software quality tools for over 40 years. They serve customers across the aerospace and defense, industrial energy, automotive, rail, and medical device industries.

Integrating TÜV SÜD-certified Jama Connect with the LDRA tool suite gives teams bidirectional traceability across the development lifecycle. This transparency helps development teams build higher-quality products and get to market faster while mitigating risk. Whether teams are working from a standards-based V model or applying an Agile, Spiral, or Waterfall methodology, employing Jama Connect in concert with the TÜV SÜD- and TÜV SAAR-certified LDRA tool suite closes the verification gaps in the development lifecycle, helping to ensure the delivery of safe and secure software.

Let’s dive into some details to understand the value of using Jama Connect and the LDRA tool suite.

Requirements and test cases form the bond between Jama Connect™ and LDRA

Product managers and engineers use Jama Connect to manage requirements and testing from idea through development, integration, and launch. Managing requirements in the Jama Connect platform allows users to align teams, track decisions, and move forward with confidence that they are building the product or system they set out to build.

LDRA imports Jama requirements and test cases, mirroring the structure and levels of traceability established from the decomposition of stakeholder requirements down to software requirements and test cases. With the Jama artifacts in the LDRA tool suite, traceability down to the code can be realized and verification and validation of requirements can begin.

During the Jama test case import, the user can choose the type of test case it corresponds to (e.g. unit test, system test, code review test) and let LDRA create a test artifact that will invoke the proper part of the LDRA tool suite and realize that test case type.

Part of realizing Jama test cases in the LDRA tool suite includes the ability to follow the steps defined in the Jama test case description (e.g. inputs, outputs, expected results). Test cases executed by the LDRA tool suite can be executed either on a host machine, in a virtual environment, or on the actual target hardware. Verification results are captured, and Pass/Fail status results are produced. The verification results can then be exported from the LDRA tool suite into the Jama test case verification status field.

By way of the Jama Test Run feature, the change in verification status and included user notes can be logged and committed. Additionally, if the user desires, the LDRA tool suite verification results can also be exported into the Jama requirement verification status field, giving the Jama user additional touch points to analyze.

Another benefit of the integration is Jama’s ability to create, link, assign, track, and manage defects discovered during testing with the LDRA tool suite.

Partnering with standards and safety experts on product development

Many industries and their applications have safety-critical requirements drawn from process standards like ISO 14971 and ISO 26262. These requirements demand a higher level of visibility and traceability that can be achieved with the Jama-LDRA integration.

LDRA is heavily involved in the international standards body. They help lead the DO-178 standard in the aerospace market for safety in avionics. LDRA is also a significant contributor to the MISRA software coding standard and other standards like CERT. Their tool suite is ISO 9001:2008-certified as a quality management system and TÜV SÜD- and TÜV SAAR-certified.

The Jama-LDRA partnership benefits not only LDRA customers in the military and aerospace needing to comply with standards like DO-178B/C, but also one of the fastest-growing industries, and the one that keeps LDRA the busiest: the automotive industry and their need to comply with ISO 26262. The Jama-LDRA partnership also addresses applications for safety and security in the medical device industry (IEC 62304), rail (EN 50128), and industrial controls and energy (IEC 61508).

RELATED: Increasing Efficiency in Testing and Confidence in Safety Standard Compliance

Certification and code analysis

LDRA helps users achieve certification in standards like DO-178B/C, DO-331, ISO 26262, Future Airborne Capability Environment (FACE), IEC 61508, and others. The LDRA tool suite lays out a set of objectives for the relevant process standard, along with corresponding artifact placeholders and sample template documents. This guiding project structure with built-in progress metrics gives the user an intuitive understanding of what is required to achieve certification and the day-to-day gains toward that goal.

A major key benefit to customers is LDRA’s ability to perform on target hardware testing or Run-For-Score (RFS). These customers have a very strict process for achieving certification wherein step-by-step testing is followed and results are logged and eye-witnessed.

LDRA also has its own proprietary code analysis engine. Starting with static code analysis, a debugging method that examines the source code before the program is run, LDRA generally finds potential coding flaws and security vulnerabilities prior to code compilation. Once the code has been compiled, testing can be further complemented by LDRA’s dynamic testing, structural coverage, and unit testing.

Build with certainty

The complementary capabilities and automation offered by Jama and LDRA deliver a powerful solution for the development and test verification of software systems in the product development lifecycle. Whatever software development approach your team chooses to employ, requirements- combined with Jama’s product lifecycle management capacities can help you deliver safe, compliant products on time and on budget.

To learn more about test management with Jama, take a deeper look at our solution and download the datasheet.

To learn more on the topic of test management, we’ve compiled a handy list of valuable resources for you!

Every company that produces medical devices has to plan for that time when they must present compliance evidence to the FDA auditor. Often the most difficult and time-consuming aspect of this process is sorting through the available documentation produced by the design and development team, including outputs from multiple software tools. Even in that best-case scenario (likely you have the added challenge of having to fill a few holes in the paper trail), assembling and delivering documentation that is comprehensive in its demonstration of risk management can be an arduous task.

When the auditor is reviewing the design and development history of your medical device they want to see the full story, from the original concept though post-production. They want to see all the angles from which you’ve examined your product, from internal actions items and decisions, to incorporation of market feedback, to safety analysis of similar products. And within that story, auditors want proof that you’ve taken action to ensure that risks that can’t be eliminated fall into an acceptable range.

Everyone–including the auditor!–wants a smooth audit process, to ensure the safety of the patient. So how can you easily produce comprehensive documentation and pass your compliance audit?

In our work with medical device companies, we’ve come up with these recommendations for using Jama in your development process. These techniques allow you to show full traceability between risks and design controls, making the task of proving compliance less daunting, less time-consuming, with the added benefit of having a positive impact on your product quality.

Use Jama to execute your risk management process

First, we recommend that you manage all design controls (requirements, risks, design specs and tests) in Jama, and synchronize data from other developer tools, such as JIRA, using the Jama Integrations Hub. This foundational set up will ensure end-to-end traceability and also ensure that all of your data is available for your audit documentation.

Also in this Jama instance, capture and manage specific medical device data pertinent to a future compliance audit, such as intended use of your product, patient and user needs, your risk management plan and any other information that defines the device, your product objectives, and information about similar products in the market.

Just like you manage requirements with Jama’s collaboration tools, you can also use Jama to execute your risk management process. This provides the team one area where they can go to understand how to document risks and what information needs to be collected, and prevents confusion around process that is vital for your FDA submissions.

To do this, we suggest you track risks as individual items. Complete a preliminary estimate of the risk by defining the probability of occurrence of the harm and the severity of that harm, and use the calculated risk priority number to assess if the risk is acceptable. As you define mitigations, use relationships to illustrate those in Jama, and then update the risk priority number post-mitigation.

Use Jama’s Review Center for both risk and design controls reviews, inviting feedback from subject matter experts and stakeholders. When anyone has questions about why a risk was estimated in a certain way, these reviews are the source of truth for why decisions were made. Using Review Center, along with documenting this information in the project space, allows teams to collaborate on risk definition (and add more as they arise), discuss mitigation plans and verification of test results, to collaborate on solutions and to finalize and document decisions.

When telling the story of your medical device’s development lifecycle to the FDA, it can be a struggle to organize the information in a cohesive manner. And if documentation is missing or decisions and action items aren’t recorded, these gaps could result in your product never reaching the market—or being pulled from the shelves. Using Jama creates much of the needed evidence and is an easy step to take that will save time and money in the long run.

More on managing risk in medical devices using Jama

Want to know more about how Jama manages risk in Jama? Check out this video to understand more. And if you’re ready to see how Jama can help you manage the development of your medical device start a free trial.


We’d love to hear how your teams manage documentation for compliance audits. Do you have stories about how your company passed audits for ISO 14971, ISO 13485 or 21 CFR Part 11? Our medical devices team is curious to hear about your methods for streamlining your submission process for compliance audits.