G2® Once Again Names Jama Connect® the Overall Leader for Requirements Management Software for Spring 2024
In the competitive landscape of requirements management solutions, Jama Connect® has once again emerged as the overall leader in the Spring 2024 G2 Grid® Report for Requirements Management Software.
G2 rates products and sellers based on reviews gathered from our user community, as well as data aggregated from online sources and social networks. They apply a unique algorithm (v3.0) to this data to calculate the Satisfaction and Market Presence scores in real-time. The Grid® Report for Requirements Management | Spring 2024 is based on scores calculated using the G2 algorithm v3.0 from reviews collected through March 05, 2024
In addition to the honor of being named the leader in requirements management software, we are proud to showcase that we were awarded several additional medals for Spring 2024 in requirements management, including:
Enterprise Leader
EMEA Leader
Europe Leader
Small-Business Leader
Mid-Market Leader
Downloadthe full report to see why customers love using Jama Connect for product, systems, and software development.
Learn More About the Spring 2024 G2 Grid for the top Requirements Management Software productsHERE!
Jama Software® is honored to be recognized as the leading requirements management solution. We are grateful to our customers for providing valuable feedback on their experiences with our product, services, and customer support. This recognition is a testament to the value our industry-leading software brings to our customers, particularly those who have transitioned from a document-based approach to complex product, systems, or software development.
“Jama Connect effectively resolved our requirements management issues” -From review collected and hosted on G2.com, Stephan T. — Mid-Market
Our goal is to provide our customers with the best possible experience when using our platform. Being named the overall Leader demonstrates how much our users enjoy working with Jama Connect.
“Product Design teams need a requirements management tool like Jama [Connect.] Using Jama Connect allows our software development team to have a well-organized and well-written set of requirements. It allows us to more easily maintain a baseline of features in our continuously evolving software.” -From review collected and hosted on G2.com, Verified User — Mid-Market
From all of us at Jama Software to all of you, thank you!
https://www.jamasoftware.com/media/2024/04/c83c454a-99fa-43e9-8669-1120177f7d08.jpeg5121024Jama Software/media/jama-logo-primary.svgJama Software2024-04-18 03:00:182024-04-16 17:15:05G2® Once Again Names Jama Connect® the Overall Leader for Requirements Management Software for Spring 2024
Jama Connect® Features in Five: Automated Testing
Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.
In this Features in Five Integration Series video, Steven Pink – Senior Solutions Architect at Jama Software® – demonstrates an integration of automated test results with Jama Connect® through a Python Script and our open REST API.
VIDEO TRANSCRIPT
Steven Pink: Hello and welcome to the Features in Five Integration series. My name is Steven Pink, and I’m a Senior Solutions Architect here at Jama Software. Today we’ll be walking through a live demo of integrating some existing automated test results with Jama Connect through a Python script using our open REST API.
We make it possible for you to integrate Jama Connect with your preferred best-of-breed software to achieve Live Traceability™ across the end-to-end development cycle. Live Requirements Traceability is the ability for any engineer, at any time, to see the most up-to-date and complete upstream and downstream information or any requirement, no matter the stage of systems development or how many siloed tools and teams it spans.
This enables significant productivity and quality improvements and dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market.
Pink: The goal of integrating automated test results is typically to better visualize test coverage for requirements. Jama Connect can identify and call out gaps in test coverage, as we see here, while also visualizing and reporting on the test results using filters, dashboards, and exportable reports.
Automated testing can be performed in a variety of ways, including the usage of automation servers and different frameworks. But regardless of the approach, all we need to integrate is to add requirement identifiers to our automated test results, so that they can be traced back to the requirements they cover and then make a call to the Jama Connect REST API to submit the latest results and traceability.
All right, now I want to talk about automated testing in Jama Connect. In this example project that we’re looking at, it’s a simple software development project where we’re gathering requirements, breaking those down into epics and stories, and then performing manual and automated tests.
In this example, our manual tests are being performed in Jama’s testing environment, but we have automated tests, that are actually automated test scripts, that we’re populating results into Jama with traceability, as a part of the automated test script, so that we have end-to-end traceability through our automated test results.
If I look at my manual test cases in the project hierarchy, we can see these manual tests have been created, some of them have been run, and results have been recorded. But if I switch over and look at my automated test cases, we’ll see there aren’t any yet. That’s because I haven’t run any automated test scripts.
Pink: Now what I’m going to do is I’m going to execute an automated test script that will record some results for a few different tests. I’m going to run this module, and it’s going to start executing. And if we give it just another minute now.
If I go to my automated test cases, I’ll refresh this and you’ll see it’ll populate. We now have four automated test results that have been populated into Jama. We can populate these items with any kind of information from those automated test results, whether that be issues that arose during the execution or execution data. We can also keep track of whether they passed or failed, if we have a specific pass or fail parameter we can track through them.
The benefit of integrating automated testing with Jama Connect is that we can keep track of our traceability proactively as we run our automated tests. If I look at any one of these automated tests, you’ll see under the relationships, because in our test script we associated the test with a user story, that traceability has been built into this proactively. So when we execute our automated test, the results populate into Jama Connect with traceability.
Thank you for watching this Features in Five session on integrating automated test results to show requirement test coverage in Jama Connect. If you are an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please visit our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process. Thanks for watching.
https://www.jamasoftware.com/media/2024/04/FIF-Automated-Testing-Integration.jpg10801920Steven Pink/media/jama-logo-primary.svgSteven Pink2024-04-05 03:00:142024-04-02 14:58:22Jama Connect® Features in Five: Automated Testing
In this blog, we recap our webinar, “Best Practices for Writing Requirements” – Click HERE for the full version.
Best Practices for Writing Requirements
“Needs.” “Features.” “Requirements.”
Regardless of what terminology your teams use to identify and define requirements, the purpose of good requirements is to create a shared understanding of the promise, functionality, appearance, and value for the products you develop across all stakeholders.
In this insightful session, our industry experts will guide participants through the different ways teams can write better requirements to remove ambiguity and improve development outcomes. In this webinar you will learn how to:
Create a simple, systematic, and standardized process that your teams can follow
Separate requirements from design and establish hierarchy
Ensure traceability of requirements during development
Below is an abbreviated transcript of our webinar.
Best Practices for Writing Requirements
Patrick Garman: Hello everyone, let me introduce myself and my co-host. I am Patrick Garman, I’m a Principal Solutions Consultant here at Jama Software, and I work with customers across multiple industries to optimize requirements management practices to help innovators succeed. Before coming to Jama Software, I had 10 years of product development experience and I’ve led teams to successful product launches in soft tech, consumer electronics, logistics, healthcare, government and public sector, and the financial services industries. And now I serve as the services lead for improving requirements quality at Jama Software. Joining me today as well is Danny.
Danny Beerens: Hi. Thank you, Patrick, for introducing me. I’m Danny Beerens, Senior Solution Consultant here at Jama Software, and I will be assisting Patrick today. I have nearly two decades of experience in system engineering, and I have successfully implemented, trained, maintained, and supported application lifecycle management application, specifically requirements management application. Throughout my career, I have worked on projects and collaborated with customers in the medical device, aerospace and defense, automotive, and semiconductor industries.
Beerens: So let’s start off today. Jama Software’s purpose is to help innovators succeed, as Patrick already mentioned. And the key to successful innovation is writing high-quality requirements for your products. We want you to walk away from this session with an understanding of why requirements are important and give you a useful framework from which to build your requirements-authoring skills. Basically, we are setting the groundwork here. We’ll expose you to the challenges in product development as they relate to requirements, and we will talk about how requirements help to bridge communication challenges. We’ll also provide you with important information and tools for authoring better requirements. So helping you write better requirements is why we are here, but what does that matter, why are we really here?
What we want and what I suspect you want too is to build safe and high-quality products, and requirements are an essential element in defining, designing, and developing great products. So yes, we want you to write better requirements, but writing better requirements is a means to a better end, a high-quality safe product, and good requirements also mean getting that great product with hopefully less communication friction, reduced rework, and building a work environment that encourages collaboration, transparency, and focuses on quality.
Beerens: So, let’s start with talking about why requirements are important. Requirements are the building blocks of product development and strong requirements lead to better products. Conversely, vague and unclear requirements cannot only lead to product issues but also to safety concerns. These quotes you see here from the US Food and Drug Administration Design Control Guidelines for Medical Device Manufacturers, and highlight the importance of quality requirement management in delivering safe products to the market. But these justifications for requirements can be applied to any industry or product. Keep in mind, that design control activities are intended to drive quality and safety into the product development process. And here, they are stating that requirements are the foundation to those safety activities.
Of course not all benefits of proper requirements management are related to safety, these also call out the impact to later product development lifecycle activities, finding that missing requirements or even ill-defined requirements can cause expensive redesign and rework, which makes sense considering the later issues are found in the product lifecycle, the more expensive the issue is to resolve, as you’ll need to circle back to previous phases to identify and address the issue at the root, and their impacts along the way. Requirements management activities are a way to avoid these issues from the start, thus reducing rework and redesign, and improving your quality. It also ensures you make the time to market. While the specific regulations and standards may vary, the same requirement management practices and principles are applicable to any industry.
https://www.jamasoftware.com/media/2024/03/Best-Practices-Webinar-Recap-Blog.png5121024Jama Software/media/jama-logo-primary.svgJama Software2024-04-02 03:00:222024-03-28 15:13:59[Webinar Recap] Best Practices for Writing Requirements
Ready, Set, Launch: Welcoming the New Jama Software® User Community
We are excited to announce the launch of our new Jama Software® User Community! Hosted on Higher Logic’s Vanilla platform, this community will be based on their successful framework model and will serve as an improved hub for collaboration, discussion, and support. To learn more about the history of Jama Software®’s user community, which was first created in 2015, visit Empowering Customer Success: The Vital Role of Support and User Communities.
In preparation for the launch of this exciting new space, we interviewed Amanda Jennewein – Senior Manager of Customer Support at Jama Software, to find out what existing and new user community members can expect from this transition.
What were the main reasons or goals for relaunching the Jama Software Customer Community?
Amanda Jennewein: Launching the new Jama Software® User Community is a strategic initiative aimed at improving customer engagement and satisfaction, driving innovation, and strengthening the company’s brand presence in the digital space.
Enhanced Customer Engagement: Our goal is to strengthen customer relationships and create a supportive ecosystem by fostering a sense of belonging and collaboration. Building a vibrant online community allows customers to engage with each other, share experiences, and exchange best practices.
Knowledge Sharing and Support: As we recently shared, a community is valuable for users to access documentation, tutorials, and troubleshooting guides. By centralizing knowledge and expertise, Jama Software empowers customers to find solutions independently and receive support from peers and experts within the community.
Feedback Collection and Product Improvement: The community provides a channel for customers to provide feedback, suggest enhancements, and vote on feature requests. By soliciting input directly from users, we gain valuable insights into customer needs, preferences, and pain points, which can inform product development and roadmap prioritization.
Customer Success and Adoption: A thriving community contributes to customer success by facilitating collaboration, learning, and adopting Jama Software products and solutions. We aim to drive user satisfaction, retention, and advocacy by promoting engagement and self-service support options.
Brand Building and Thought Leadership: Hosting a vibrant community reinforces our position as a software development and requirements management leader. By curating valuable content, facilitating discussions, and showcasing customer success stories, we strengthen our brand reputation and thought leadership within the industry.
When will the new community be available for users to see?
Jennewein: The new community was officially launched on March 18, 2024. Users can now join the new community and explore its features.
What improvements can users anticipate from our new community?
Jennewein: The migration to Higher Logic Vanilla represents a significant upgrade for the Jama Software Customer Community, offering improved usability, performance, collaboration tools, and integration possibilities. These enhancements allow users to anticipate a more engaging and productive community experience.
Enhanced User Experience: Vanilla offers a modern and intuitive user interface, making it easier for community members to navigate, discover content, and engage with others. The platform’s clean design and user-friendly features create a more enjoyable and efficient user experience.
Improved Performance and Reliability: Vanilla’s infrastructure is designed to deliver better performance and reliability than the previous platform. Users can expect faster page loading times, smoother browsing experiences, and minimal downtime, ensuring uninterrupted access to community resources and discussions.
Streamlined Content Discovery: Vanilla provides robust search functionality and content categorization tools, enabling users to find relevant discussions, articles, and resources quickly. Advanced search filters and tags make locating specific topics of interest easier, facilitating knowledge sharing and collaboration within the community.
Federated search: Vallina connects to other tools to surface relevant content, regardless of where it lives.
Enhanced Customer Support Integration: Further integration of the community with customer support processes and systems to streamline issue resolution, facilitate peer-to-peer support, and provide faster access to assistance. Automation and self-service options will empower users to find solutions independently and reduce their dependency on traditional support channels.
Will users from our previous community notice any significant changes? Will they still be able to find the same information as before?
Jennewein: Overall, the structure and organization of the new customer community will prioritize usability, accessibility, and engagement, aiming to provide a valuable and enriching experience for users seeking support, knowledge sharing, and collaboration within the Jama Software community.
Homepage: The homepage serves as the central hub of the community, featuring essential announcements, latest discussions, and popular topics. It provides a snapshot of community activity and directs users to relevant sections and resources.
Discussion Categories: Discussions are typically organized into categories or topics based on themes, product features, or user needs. Precise categorization helps users find discussions relevant to their interests and expertise, promoting participation and knowledge sharing.
Digital Onboarding Guide: A dedicated section for articles, guides, tutorials, and other resources.
Q&A: Users can ask and answer questions within a community to facilitate self-service support and develop brand advocated.
Ideation: Provide feature requests while collaborating with peers by voting and commenting on ideas.
Events and Announcements: Information about upcoming events, webinars, product updates, and community announcements may be featured prominently to keep users informed and engaged.
User Profiles and Recognition: User profiles allow community members to personalize their experience, showcase their expertise, and connect with peers.
Search Functionality: Robust search functionality lets users quickly find relevant discussions, articles, and resources. Advanced search filters and tagging systems improve the discoverability and accessibility of content.
Community Guidelines and Support: Clear guidelines and rules for community participation help maintain a positive and respectful environment. Support resources, FAQs, and help documentation should be readily available to assist users and address any issues they encounter.
Verticalized Resources: Solution spaces for Automotive, Medical Devices & Life Sciences, Robotics, and Airborne Systems will be available to customers who have purchased additional licenses. These spaces offer industry resources, downloadable materials, and specific discussion areas.
Additional Downloadable Resources: Customers may purchase additional licenses to access downloadable content for:
Data Exchange
Jama Validation Kit (JVK) – Test cases and coverage reports
Functional Safety Kit (FSK) – ISO certifications, defects, and safety manuals.
Jama Connect Interchange™
How will the new community be moderated and managed to ensure a positive experience for members?
Jennewein: To ensure a positive experience for members, the new community will be moderated and managed through a combination of proactive measures, clear guidelines, and responsive support.
Clear Community Guidelines: Clear guidelines and rules for community participation help maintain a positive and respectful environment.
Designated Moderators: The community will have moderators responsible for overseeing discussions, enforcing community guidelines, and addressing any issues or concerns members raise. These moderators will be experienced and knowledgeable individuals who can maintain a respectful and inclusive environment within the community.
Prompt Response to Concerns: Our community encourages its members to report any concerns or violations of community guidelines to the moderators. Upon receiving such reports, the moderators will promptly investigate the issue thoroughly and take appropriate action to address the concern. This may involve removing inappropriate content, issuing warnings, or taking other necessary steps to ensure that our community remains a safe and welcoming place for all.
Transparent Communication: Moderators will communicate openly and transparently with community members, explaining decisions and actions. Transparent communication helps build trust and confidence among members and demonstrates a commitment to fairness and accountability.
Educational Initiatives: Besides taking enforcement actions, moderators will also undertake educational initiatives to encourage positive behavior and cultivate a culture of respect and collaboration among community members. This may include providing guidance on best practices for constructive communication, conflict resolution, and effective participation.
How will we address and resolve issues or concerns raised within the customer community?
Jennewein: Support resources, FAQs, and help documentation will be available to assist users and address any issues they encounter in partnership with moderators and the Online Community manager.
What plans does the company have for any additional future growth and evolution of the customer community?
Jennewein: The company’s plans for future growth and evolution of the customer community are focused on creating a vibrant, inclusive, and value-driven ecosystem that empowers users, fosters collaboration, and drives customer success with Jama Software products.
Expansion of Community Features: Continuously evaluate and introduce new features and functionalities to enrich the community experience.
Community Advocacy and Ambassador Programs: Identify and cultivate community advocates and ambassadors passionate about Jama Software products and actively contribute to the community. Recognize and reward these advocates for their contributions and empower them to champion the community, share their experiences, and advocate for the brand.
Feedback-driven Iterative Improvements: Continuously solicit feedback from community members through surveys, polls, and feedback forums to identify areas for improvement and prioritize future enhancements. Use this feedback to inform iterative updates and enhancements to the community platform, ensuring that it evolves in alignment with user needs and expectations.
Content Expansion and Diversification: Invest in expanding and diversifying the content available within the community, tailoring content to address community members’ evolving needs and interests, covering a broad range of topics related to Jama Software products and industry trends.
Conclusion
We are always working to improve and refine our customer experience, aiming to provide excellence in every interaction. If you are a current customer and would like to learn more, please contact your customer success manager or consultant. If you are not yet a client, please visit our website at jamasoftware.com to learn more about our platform and how we can help optimize your development process.
Important: Password Change Required for returning members to access the New Community Site
With the new site launch, returning members must update their password to access the new community site. This is an important step that needs to be taken for security reasons. We appreciate your cooperation. To change your password and gain access to the new Community site, please visit: community.jamasoftware.com
https://www.jamasoftware.com/media/2024/03/2024-3-20-new-user-community-2.jpg512986Amanda Jennewein/media/jama-logo-primary.svgAmanda Jennewein2024-03-20 10:30:262024-03-20 10:17:10Ready, Set, Launch: Welcoming the New Jama Software® User Community
Jama Connect® Features in Five: Jira Integration
Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.
In this Features in Five Integration Series video, Mario Maldari– Director, Solutions Architecture at Jama Software® – will demonstrate the Jama Connect® to Jira® integration.
VIDEO TRANSCRIPT
Mario Maldari: Hello and welcome to the Features in Five Integration Series. My name is Mario Maldari and I’m the Director of Solution Architecture here at Jama Software. Today, we’ll be walking through the Jama Connect to Jira integration. We make it possible for you to integrate Jama Connect with preferred best-of-breed software to achieve Live Traceability™ across the end-to-end development cycle. Live requirements traceability is the ability for any engineer at any time to see the most up-to-date and complete upstream and downstream information for any requirement, no matter the stage of systems development or how many siloed tools and teams it spans. This enables significant productivity and quality improvements, dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market. Let’s get started.
The Jama Connect to Jira integration allows for bidirectional synchronization of data between requirements and tasks. This allows for teams such as software developers to stay in their tool of choice and enjoy the benefit of real-time updates between the two applications. Today, we’ll be covering two core use cases for the integration. We’ll be creating a defect in Jama Connect that will synchronize to Jira, and then we’ll be creating an epic in Jira that’ll synchronize over to Jama Connect. Let’s start by executing a test case at Jama Connect’s Test Center. Let’s start our test run here and we can go through and pass or fail steps accordingly. We get to an issue, we can log a defect right from the test, and we can set things like priority. Go ahead and save that defect. And we can go ahead and save and close this test.
Maldari: Then we can open up the test record here and we can take a look at the relationships. And as expected, we will see a link to a downstream defect that we just created. Let’s take a look and open up that defect. And we can see there’s an integration URL to the corresponding defect over in Jira that was just created. And as a developer, I can see a new defect came in and I can start to work on this defect. I can also change things like priority. I can also add a comment. Any field that’s set up to participate in the integration, such as name, description, comments, priority, all of these things can be modified from Jira and that will be synchronized over into Jama Connect. And now you’ll see that there’s a Jama Connect URL here, and this will take us back to the defect that we just created in Jama Connect.
And we can see that the priority has been set below. We can see that there’s a comment that’s been added to add an attachment, and we can actually go ahead and add an attachment here, a picture of our cracked camera. And we’ll attach that to the item. So conversely, anything in Jama Connect that’s participating in the integration, any field, name, description, priority, all of these changes from the Jama Connect side will also be reflected over on the Jira side. And so if we navigate back over into the Jira defect, we’ll do that by following this URL here, we can see that our attachment came over onto the Jira defect.
Similarly, if we’re in Jira now, we’re working and we want to create an epic, we can go ahead and create an epic. Usability improvement, we can go ahead and create that. And then let’s take a look at that epic that we just created here. Similar to the defect scenario, any field that’s set up and configured in the integration will synchronize between the two applications, and that includes the name, description again, comments, and priority. Any field that’s configured will sync over. Then if I refresh this epic that I just created, you can see now that there’s a Jama Connect URL to the correspondent epic that’s just been created in Jama Connect. So I can go here into Jama Connect and I can add things like tables and further elaborate the description, and ask the development team to fill out the table for me.
Maldari: But more importantly, what I can do is start to establish traceability within Jama Connect now. Assuming maybe this usability improvement request came from a particular customer, I can link it to an upstream requirement, or initiative, in this case, usability improvement from the customer. And so I can start to establish traceability now, now that it’s in Jama Connect. All the work is being done in Jira on this epic, but the traceability is being established within Jama Connect. So I’m always getting the latest changes over from the Jira side participating in my traceability within Jama Connect. Let’s take a look back over to the epic in Jira, and we can see the table that I just added from Jama Connect showing up here. You can even see that there’s now an upstream link reference that gives me a reference to the traceability that I just created on the Jama Connect side.
So as you can see, the integration allows teams such as software developers to work in Jira while allowing for real-time status updates to flow over to Jama Connect and be reflected in various traceability views. This way, teams are guaranteed to have the latest status on their projects. Thank you for watching this Future in Five session on the Jira integration for Jama Connect. If you’re an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please go to our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process.
https://www.jamasoftware.com/media/2024/02/FIF-Jira-Integration.jpg10801920Mario Maldari/media/jama-logo-primary.svgMario Maldari2024-03-01 03:00:552024-03-04 13:54:53Jama Connect® Features in Five: Jira Integration
The ‘Square Root’-Process Model for System Engineering
In the rapidly evolving field of systems engineering, the traditional V-model has served as the cornerstone for development, defining system requirements and verification processes. However, the demands of modern engineering necessitate an extension of the V-Model to reduce time-to-market and elevate customer satisfaction. This article introduces the ‘square root’ model that extends the V-model that embeds continuous feedback and integration throughout the product lifecycle. By considering production, operation, support, and end-of-life sustainability from inception, the ‘square root’ model, visually represented in the accompanying diagram, ensures that engineering efforts align with practical constraints and market needs.
Leveraging Jama Connect®‘s advanced features, we will explore how this model fosters collaboration, efficiency, and strategic foresight, setting a new standard for systems engineering excellence.
Throughout this article, when ‘product’ is mentioned, understand that it can also refer to a service, software, or system.
There are aspects in engineering and feedback loops that the V-model implies to improve the engineering assets (mainly Verification and Validation focused) at the same information abstraction level; This article will describe the need to extend the traditional V-model to ensure the estimated time-to-market can be met with ease, customer satisfaction improves each product iteration and create a better tomorrow, using Jama Connect unique features to support your engineering teams to achieve these results.
Where the traditional V-model, starting at ‘Stakeholder Requirements’ and ending at ‘Acceptance Tests’ (or ‘Validation’), describes the engineering’s team involvement in the product being engineered, it is important to understand that this is only a small part in the entire lifecycle of a product. It’s the repeatable part for that product’s new releases and it’s the part that can be used to analyze the impact of changes before that change gets implemented in production.
The word “constraint” has a negative connotation; Design constraints are limitations on what designers can do with a design. These limitations are usually byproducts of having deadlines, budgets, brand guidelines (and similar guidelines, see below), laws and regulations, finite resources, and limited decision power in terms of tools and processes.
Some product engineers view design constraints in a bad light because they feel like they’re being boxed in by a brick wall, while others embrace design constraints as directional guidelines that open the doors to creativity and strategic problem-solving.
On the surface, having design constraints can indeed feel like a bad thing; however, they can be extremely useful. Being limited to certain choices doesn’t necessarily mean being limited to certain outcomes. Often enough there are alternative options that are, at least, almost as good as what you originally envisioned.
Design constraints can come from various sources, in this article we’ll talk about the constraints that focus on time-to-market, customer satisfaction, and zero waste. In other words, design guidelines come from:
Production;
Operation and Support;
(Ecological) Sustainability; the recycling of your product’s used materials.
These design constraints facilitate engineering with the end in mind. Your team’s early decisions during product definition must include upgradability, serviceability, and for sure: disposal, and sustainability.
Please Note: As these are complex topics by themself and not part of the core business of Jama Software, this article will only emphasize the need for feedback from these product lifecycle phases into the product definition as design constraints. Design constraints might also be known and used as Non-functional Requirements (i.e., the different ‘-bilities’, like producibility, serviceability, etc.)
Production and Manufacturing
When production and manufacturing aren’t involved from the start, your engineering team might waste valuable engineering time and effort on a product that cannot be manufactured with the means your production facilities have at their disposal. This means that the product’s entire time-to-market will need to be extended to re-engineer the product to your current production capabilities; wasting precious time and putting your competitive edge at an unnecessary risk.
As an example, a Printed Circuit Board (PCB) might require that a set of components must be aligned in the same direction and at a specified distance when wave soldered to avoid short-circuits in operation. These wave soldering characteristics can be recorded and maintained in Jama Connect as Design Constraints. Source: https://www.mclpcb.com/blog/wave-soldering-issues/
The other side of this same coin; By knowing what your production facilities can and cannot do at the start of the product definition, your teams are capable of estimating when the new bleeding-/leading-edge product they are developing needs new production means.
These insights, when considered at the beginning of the product definition, will allow your teams to research, develop, and implement the required new production techniques and have them ready when the product hits the factory shop floor. This includes having purchasing ready with new suppliers, their delivery times, required stock levels, and other input required for your factory shop floor to hit the ground running producing your new product when it completes its V-cycle.
Operation and Support
The full value of a system or product is realized in its use and operation during the expected product lifespan. Your customers want to receive a product that meets their expectations, but those expectations extend beyond a product that works on day one. Customer Satisfaction, and thus Customer Lifetime Value, is heavily influenced by the ease and availability of maintenance, servicing, and upgrades that will extend the product’s lifespan. When a customer calculates Return on Investment (ROI), they are not only considering receiving a working product, but they are also factoring in;
Mean Time Between Failures (MTBF, a metric for failures in repairable systems);
Mean Time to Failure (MTTF, a failures that require system replacement);
Mean Time to Repair/Recovery/Respond/Resolve (MTTR, is the average time it takes to repair/recover/respond/resolve a failure in a product, service or system, usually technical or mechanical. It includes both the repair time and any testing time. The clock doesn’t stop on this metric until the system is fully functional again); and
Mean Time to Acknowledge (MTTA, a metric useful for tracking your team’s responsiveness and your alert system’s effectiveness).
Reliability represent a series of metrics designed to help customers understand how often incidents occur and how quickly they, in collaboration with your Operation and Support, bounces back from those incidents. Valuable indicators to determine if their investment, and any additional investment to keep it operational, is effective.
Analysis of these reliability, MBTF, MTTF, MTTR and MTTA metrics focused on means to reduce these indicators, lead to product enhancements that improve customer satisfaction for both users (better uptime, improved performance, etc.) and decision makers (value on their investment).
E.g., the accessibility of a repairable component, to improve the MBTF, can be recorded and maintained in Jama Connect as a design constraint.
Sustainability
For sustainability, it all starts with the design. The design decisions for the product contribute 80% to the carbon footprint of the solution! How to make your products and systems ‘green’ from the start, a topic most companies struggle with.
Once your teams start to include sustainability in your product’s mission, you’ll need a structured approach, as several factors will push for different considerations. The most obvious considerations are the choice of materials and the optimizing the production process (reducing carbon emissions).
However, the repairability/serviceability of the product should be considered with a more extended lifetime vision, just like upgradeability and reusing components.
Techniques like Lifecycle Analysis (LCA, shows how much influence a product has on the environment during its entire life cycle: from raw material extraction to waste processing) exist to determine the Design Constraints necessary for the sustainability of the product being developed.
The (material) considerations that come out of an LCA (e.g. switch from fossil fuels to hydrogen) can be recorded and maintained in Jama Connect as a design constraints.
Jama Connect supports the ‘square root’-model
Collaborate with stakeholders from Production, Operation & Support and Environment, Health & Safety
Recording design constraints is not unique to a (Requirements Management, or Product Definition) application like Jama Connect; The ability to collaborate with colleagues in reviews, from the respective product lifecycle phases that normally don’t have to deal with the product definition phase (and thus don’t work in Jama Connect) is unique.
This unique feature allows your teams to engineer your products with the end result in mind, by involving the stakeholders from beyond their own engineering reach, to collaborate and achieve the optimum time-to-market, best customer satisfaction and create a better tomorrow for ourselves and future generations.
These stakeholders don’t require to be Jama Connect users to be invited and collaborate in a review within Jama Connect. Involving those stakeholders into the review process allows these stakeholders to verify their design constraints are adequately and sufficiently addressed by the requirements of your product definition.
First step in sustainability; reuse as much as possible
Not only does reusing and synchronizing requirements reduce your time-to-market and improve quality, but it is also a key strategy for getting your products sustainable. Jama Connect can help reducing the struggle to build on existing work when requirements, and their corresponding test cases, are spread across documents and systems, missing Live Traceability™. Your teams must manually identify and copy related content increasing the risk of rework and gaps. Additionally, teams tend to lack visibility across efforts, causing necessary changes to not propagate across reused content, potentially impacting quality and disconnected product design efforts.
Jama Connect simplifies and enhances the process of reusing requirements and verifications by allowing you to copy selected content with its container and its traced items. Synchronization ensures visibility and enables key use cases such as parallel product definitions, common content libraries (i.e. reusable component libraries) and product variants.
Further reading
INCOSE (International Council on Systems Engineering): INCOSE is a professional organization dedicated to promoting and advancing the field of systems engineering. Their website (www.incose.org) offers a wealth of resources, including publications, articles, and conferences, that cover various topics in systems engineering, including the V-Model.
https://www.jamasoftware.com/media/2024/02/2024-2-29-square-root-process-model-for-system-engineering.png512986Danny Beerens/media/jama-logo-primary.svgDanny Beerens2024-02-29 03:00:372024-02-26 17:26:07The ‘Square Root’-Process Model for System Engineering
Empowering Customer Success: The Vital Role of Support and User Communities
Our customers are at the forefront of everything we do. From product roadmaps to website redesigns, all the way to new customer success offerings, we’re listening to our customers and constantly adapting to meet their needs.
One successful way we’ve done so is by establishing a robust user community. In this blog post, we’ll look at our Jama Software® user community, provide a sneak peek at our upcoming community migration, and showcase our new and highly-rated support site. Let’s get started!
What is a customer community and why is it significant?
A customer community is an online platform where customers can interact with each other and a company. Having a customer community is crucial for improving customer satisfaction, fostering engagement and loyalty, promoting innovation, and collecting valuable feedback. It is a vital aspect of contemporary customer experience strategies that helps companies build stronger relationships with their customers, leading to various business advantages.
How does Jama Software user community engagement strengthen the customer experience?
The primary goals of our user community are: to increase engagement with our customers and partners; strengthen the customer experience by enabling support, collaboration, learning, and feedback mechanisms; help users get the most value from the Jama Connect® platform; and foster community and partnership with the company as a whole.
Member of our online community have access to:
Peer Support: Jama Software’s online community provides users a platform to connect with peers who may have faced similar challenges or have expertise in specific areas. This peer-to-peer support mechanism allows users to seek advice, share best practices, and troubleshoot issues more effectively, ultimately leading to a smoother experience with the software.
Direct Access to Subject Matter Experts: By engaging with the online community, users can directly interact with Jama Software experts, including community managers, support staff, product managers, and consultants. This direct line of communication enables users to receive timely assistance, clarifications on features or functionalities, and insights into the product, enhancing and optimizing their understanding and usage of the software.
Feedback and Feature Requests: The online community is a valuable channel for users to provide feedback on their experiences with Jama Software and suggest enhancements or new features they want. By actively listening to customer feedback, Jama Software demonstrates its commitment to continuously improving its products to better meet user needs.
Learning and Knowledge Sharing: Jama Software’s online community allows users to access tutorials, training and onboarding documentation, and user-generated content to deepen their understanding of the software and its capabilities. By encouraging learning and knowledge sharing among users, the community fosters a culture of continuous improvement and empowers users to maximize the value they derive from Jama Software.
Community Events and Resources: Jama Software may organize community events such as webinars, workshops, or user forums, allowing users to engage with experts, network with peers, and gain insights into industry best practices. These events and resources enrich the user experience and foster community and belonging among Jama Software users.
What content and resources are available to community members?
Our community has a mix of public and private areas. The public areas include informational pages, introductory content, and discussion forums where non-members can browse and learn about the community’s topics, values, and conversations.
However, to access all the features in our community, users must register as members and create an account to access the full range of resources and interactive components. This login requirement promotes exclusivity, community ownership, and engagement. This process ensures a balanced approach to community involvement and privacy for our customers.
Once approved, members have access to:
Member-Only Content: Once logged in, members typically gain access to member-only content, discussion forums, advanced features, and interactive tools that are not visible to non-members. This exclusive content may include premium resources, private discussion groups, member directories, and personalized features tailored to individual preferences.
Enhanced Privacy and Security: Members can feel more confident in sharing sensitive information, discussing proprietary topics, or seeking support for specific issues, knowing that their interactions are protected within a secure environment.
Community Building and Engagement: By combining public-facing elements with restricted access, we can introduce new people to Jama Software® and showcase the community’s value to its members. At the same time, our member-only features help to foster deeper relationships, collaboration, and engagement.
How does the company gather feedback and insights from the customer community?
We gather information through our community in a variety of ways, including:
Feedback Forms, Polls, and Surveys: Jama Software may periodically distribute feedback forms, polls, and surveys to its customer community to collect structured feedback on specific topics, features, or aspects of the software, services, and overall experience. These surveys may cover user experience, product satisfaction, feature requests, and overall satisfaction with support services.
User Groups and Advocate Programs: Jama Software may establish user groups or advisory boards comprising select customers representing different industries, use cases, and user personas. These groups provide a structured forum for in-depth discussions, collaborative problem-solving, and strategic feedback sessions, allowing Jama Software to gain deeper insights into user needs and preferences.
Engagement at Events and Conferences: Jama Software engages with its customer community at industry events, conferences, and user meetups, where company representatives can interact directly with users, gather feedback in person, and gain firsthand insights into customer experiences, challenges, and priorities.
How does the customer community contribute to product development and innovation?
The online customer community provides a platform for collaboration between Jama Software and its user community. This platform allows for the exchange of ideas, feedback, experimentation, and validation.
By utilizing its users’ collective intelligence and creativity, Jama Software can accelerate product innovation and deliver solutions that better meet the needs of its customers. This significantly enhances our ability to continuously innovate and stay ahead of competitors so we can provide the best possible product for our customers.
Feedback and Feature Requests: Community members provide valuable feedback on their experiences with the software. Their feedback includes suggestions for new features, enhancements, and improvements. We gain insights into user needs, pain points, and priorities by actively listening to the feedback shared within the community. These insights directly inform product development decisions.
Co-Creation and Collaboration: The community provides a collaborative environment where both users and representatives from Jama Software can work together to create solutions for everyday challenges and explore innovative ideas.
Beta Testing and Early Access Programs: We provide beta testing programs and early access opportunities to community members to allow them to preview and provide feedback on upcoming features, prototypes, or experimental functionalities. By involving users in testing and validation, we gain valuable insights into usability, performance, and user acceptance. These insights help us to refine and iterate on new product offerings before an official release, ensuring a better user experience for everyone.
Use Case Exploration and Best Practices Sharing: Our community is a platform where users share their experiences of using the software, including their use cases, workflows, and innovative approaches. Through this platform, we get a much deeper understanding of how customers use the software to address diverse challenges and achieve their goals. This insight helps develop new features and capabilities tailored to specific use cases, improving the product’s overall functionality.
Market Research and Trends Analysis: The community is a valuable source of market intelligence for us, providing insights into emerging trends, competition, and customer requirements. By monitoring discussions, analyzing user-generated content, and engaging with community members, we’re able to stay informed about industry developments and market demands, which helps prioritize product development initiatives and identify opportunities for innovation.
Customer Advocacy and Validation: Engaged Community members often advocate for Jama Software. They spread the word about the company’s products and services within their networks and endorse new features or improvements based on their positive experiences. Their advocacy and validation play a significant role in driving adoption and retention and provide valuable validation of product direction and innovation efforts.
A new community space is coming soon!
We are excited to announce that our community is undergoing a transformation. Stay tuned for exciting news as we prepare to migrate to a new and improved platform.
In what other ways does Jama Software offer support for users of Jama Connect?
We have launched a new Support space. This new space serves as a convenient starting point for visitors to access our extensive user guide, release notes, installation information, knowledge base, and other important resources for existing users. Visitors can also easily navigate to our community space, submit a support ticket, find installation information, and more.
We are so proud to say that since its launch in November 2023, our new Support space has led to an overall 94% satisfaction rating from customers who have opened support tickets.
Recognition of Jama Software’s thorough support has also been acknowledged through the popular software and services review platform, G2®. We’re grateful to our customers for sharing their valuable feedback through G2 on their experiences using Jama Connect. The “Users Love Us” category is a testament to the value our industry-leading requirements management software brings to our customers, and especially for customers who have moved from a document-based approach to complex product, systems, or software development.
“Superb Customer Service with helpful documents, guidelines and support sessions for all Problems around the Software and furthermore the Requirement Management itself” -From review collected and hosted on G2.com, Stephan T. — Mid-Market
“Jama Connect provides a simple platform that enables little training for a user to get started and to be productive using the tool to capture requirements, design, and other program level information. Customer support is also stellar. It is nice having a human to talk to, and the responses are timely and regularly resolve open questions, and comments.” From review collected and hosted on G2.com, Verified User in Renewables & Environment — Mid-Market
Customer support plays a vital role in the success of any business. It is built upon empathy and efficiency, which are essential for creating outstanding experiences. To further improve our support services, we are implementing new Support space features such as a chatbot and a federated search on our updated Support website. This will allow our users to easily access information from various sources, including the Product User Guide, our online community, in addition to the Support Knowledge Base.
We are constantly striving to improve and perfect our methods, strive to provide excellence in every interaction, and continuously enhance the overall customer experience. If you are an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you are not yet a client, please visit our website at jamasoftware.com. To learn more about the platform and how we can help optimize your development process.
https://www.jamasoftware.com/media/2024/02/82196a71-bcfa-4e55-b187-ca08bd385036.jpeg512986Amanda Jennewein/media/jama-logo-primary.svgAmanda Jennewein2024-02-28 03:00:272024-02-26 16:34:01Empowering Customer Success: The Vital Role of Support and User Communities
Streamlining SOC2 Type 2 Compliance: How Jama Connect® Can Help Enable Audit Success
In today’s business landscape, technology and data play a crucial role. Therefore, it is of utmost importance to prioritize the security and privacy of sensitive information. One way to do this is by undergoing a SOC2 Type 2 audit.
A SOC2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA (American Institute of Certified Public Accountants.) During the audit process, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested.
This audit provides customers and partners with trust and assurance regarding an organization’s data security practices. It also helps businesses in regulated industries meet compliance requirements, manage risks by identifying and mitigating security threats, and gain a competitive edge by demonstrating a strong commitment to security. Furthermore, it can drive internal improvements by enhancing policies and procedures related to data protection.
Jama Software® is the only vendor in the requirements management and traceability space that is SOC2 Type 2 compliant both on the application layer and the data center offerings. In this blog post, we’ve invited Jama Software team members Sarah Voget – Team Lead, Project Manager, Jennifer Esposti – Project Manager, and Cooper Graham – Compliance Analyst, to detail their experiences preparing for and passing the SOC2 Type 2 audit and how they will use Jama Connect® to improve future audits.
Preparing for the audit process
Tell us about your experience with SOC2 audits in the past. What tools have you used at other companies? What were some of the challenges or drawbacks to those solutions?
Sarah Voget: The biggest challenge I ran into at previous companies was that no one tool could easily compile and track evidence for recurring audits. Passing an audit requires a company to compile substantial evidence from a variety of sources in a variety of formats. For example, we upload free text answers from subject matter experts (SMEs) to specific audit questions along with supporting screenshots, policy documents, PDF reports, etc. While tools like OneDrive or Excel could keep such information somewhat organized, it was incredibly difficult to have a holistic picture of audit evidence over time. Each year during audit prep, I felt like I had to reinvent the wheel by tracking down audit evidence from a variety of systems and SMEs all over again.
Tell us how you came up with the idea of using Jama Connect® for SOC2 compliance.
Voget: When I first joined Jama Software, I attended an internal presentation about Jama Connect, where I learned about our product’s strength in end-to-end requirements tracking. A lightbulb went off in my head because that’s really what audit prep is all about. An audit is like a list of requirements that we must prove we’re meeting, and each year, we reevaluate our effectiveness at meeting those requirements. It’s critical for us to understand how we met certain requirements in the past and to continuously iterate on our security policies and procedures as they relate to those requirements. Once I made that connection, I realized the potential power of Jama Connect as an internal audit preparation and readiness tool.
Can you provide any information about how you formatted Jama Connect initially to prepare for the audit?
Voget: My first attempt at using Jama Connect for audit prep focused on the big problem I mentioned earlier: compiling huge amounts of evidence in one place where I could easily access it over time.
Taking lessons from the first SOC2 audit using Jama Connect – what did you think could be improved on? What were the wins?
Jennifer Esposti: For the initial audit, Jama Connect was used primarily as a content management tool, which allowed us to organize and document the required evidence. This year, we wanted to expand our use to include the monthly, quarterly, and annual maintenance we do as a cross-functional team to ensure we are maintaining the necessary processes for SOC2 compliance.
Cooper Graham: In the first year run-through, we stored some critical information, such as the trust criteria and some information around the auditor questions and requests and our responses in Jama Connect, which limited those resources to those involved in the audit. The primary win was seeing the potential of the Jama Connect application for managing and tracking our SOC2 preparation. Having a foundation in the application that we could build on year-to-year rather than starting from scratch for each year’s preparation. Using additional features and elements in the Jama Connect application for collaboration and organization of our preparation.
What changes have you made from the initial SOC2 audit?
Esposti: From a project management perspective, I use the test management functionality within Jama Connect to organize the monthly, quarterly, and annual check-ins. The test cases provide a clear and consistent process for the project team to follow.
Graham: Using the test management functionality, we were able to organize and track recurring check-ins to ensure we were prepared for the upcoming audit. We were able to document more specific questions and responses that were provided during the previous audit to have a better understanding of the auditor’s asks and wants. It also gives our subject matter and individuals involved in the audit the ability to see what was previously asked to prepare for the upcoming audit.
How is Jama Connect well suited to help teams prove SOC2 compliance?
Graham: As a requirements management product, the ability to identify the requirements, track the associated testing, and include evidence or links to key artifact locations really assists in the organization for the audit and ensures nothing slips through the cracks.
How are you leveraging features in Jama Connect for this year’s audit and beyond?
Esposti: My focus this year is on using the test management functionality to organize our evidence and ensure we are performing the required tasks on a monthly, quarterly, and annual basis. For future audits, I’d like to explore ways we can use Jama Connect to track our progress year-over-year.
Graham: We are utilizing Jama Connect’s Test Management functionality in a new way this year. The ability to organize monthly, quarterly, and annual check-ins and create test plans associated with specific teams ensures that all of the pre-audit due diligence is performed. The ability to create test cases that can be reused ensures consistency for every check-in. Having everything laid out in Jama Connect allows us to identify gaps and potential improvements to test cases and collaborate more effectively with key stakeholders. In the future, we plan to use Live Traceability™ to have a better view of the SOC2 process, from requirements to testing to end results. As the Jama Connect application goes through its releases, new features and functionality are being continuously added. We’re constantly looking to see if there are new elements that would aid us in preparation for future SOC2 audits.
Meeting SOC 2 Type 2 requirements requires careful attention to detail and strong management of organizational processes. A comprehensive solution like Jama Connect can greatly assist teams in navigating this complex terrain. By centralizing and automating requirement management, Jama Connect ensures traceability, transparency, and accountability throughout the development process. Its collaborative features facilitate efficient communication and documentation, which are crucial for meeting SOC 2 Type 2 standards.
Using Jama Connect, engineering organizations can now intelligently manage the development process by leveraging Live Traceability™ across best-of-breed tools to measurably improve outcomes.
Live Traceability enables organizations to meet SOC2 Type 2 standards by effectively tracking data and processes within their systems. By utilizing Live Traceability, companies can demonstrate their compliance with SOC2 Type 2 standards through well-documented information and audit trails. This promotes transparency and accountability. Staying updated with the latest SOC2 Type 2 standards is crucial for maintaining secure operations and reducing risks. Jama Connect remains current by regularly updating its platform to adhere to the latest SOC2 Type 2 standards, ensuring companies remain compliant and secure.
https://www.jamasoftware.com/media/2024/02/2024-2-27-soc-2-type-2-1.jpg512986Jama Software/media/jama-logo-primary.svgJama Software2024-02-27 03:00:232024-02-26 15:06:25Streamlining SOC2 Type 2 Compliance: How Jama Connect® Can Help Enable Audit Success
What is a Software Factory?
A software factory is not a physical factory; instead, it’s a metaphorical one, signifying a structured, systematic approach to software development. It’s based on the principles of manufacturing, where standardization, automation, efficiency, and quality control are paramount. In a software factory, software is produced in a manner akin to an assembly line, where each stage of development follows a well-defined process, ensuring consistency and scalability.
Standardization: Standardized procedures and equipment are the foundation of a software factory. Because of this standardization, the development process is more predictable and controllable since every piece of software is produced using the same set of procedures.
Automation: The software factory model’s foundation is automation. Automation tools are used to speed up development, minimize errors, and reduce manual labor from code generation to testing and deployment.
Modular Architecture: Software factories employ modular architecture in a similar way to physical factories that use interchangeable parts. Reusable components are made possible by this method, which speeds up and simplifies the development of new features or apps.
Quality Control: A software factory must employ continuous integration and deployment (CI/CD) techniques. By using these procedures, code modifications are automatically tested and released, upholding strict dependability and quality criteria.
Collaboration and Communication: Coordinating the efforts of the various teams participating in the development process requires the use of effective collaboration tools and processes. By doing this, it is made sure that everyone is in agreement and that the result meets the intended goals.
Benefits of a Software Factory
Increased Efficiency: By automating repetitive tasks and standardizing processes, a software factory significantly increases the efficiency of software development.
Consistency and Quality: Standardized processes and automated testing lead to more consistent and higher-quality software products.
Scalability: The modular approach and automation make it easier to scale the development process, accommodating more features or higher volumes of software production without a proportional increase in resources or time.
Faster Time-to-Market: With streamlined processes and automation, software factories can significantly reduce the time it takes to bring a software product from concept to market.
Cost-Effectiveness: Although set up requires an initial investment, the long-term benefits of increased efficiency and reduced manual effort result in significant cost savings.
Jama Connect® aids leaders by providing robust requirements and test management, ensuring clarity and alignment throughout the project. With Jama Connect’s Live Traceability™, teams can manage requirements and tests through the systems development process for proven reduction in cycle time and improved product quality.
With the advent of the software factory, software development has undergone a paradigm change from an artisanal, handcrafted approach to one that is more methodical, efficient, and scalable. Organizations can create software more effectively, more cheaply, and with higher quality by adopting the concepts of standardization, automation, modular architecture, quality control, and effective teamwork.
Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Steven Meadows, McKenzie Jonsson, and Decoteau Wilkerson.
https://www.jamasoftware.com/media/2024/01/2024-1-16-software-factory-2.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2024-01-16 03:00:592024-01-16 10:49:08The Software Factory: A Modern Approach to Software Development
In this blog, we recap our webinar, “DO-326 Airborne Security Assurance, Threat Modeling, and DevSecOps” – Watch the entire thing HERE.
Cyber vulnerabilities can have a significant impact on safety-critical systems.
Today there is an unprecedented level of digital interconnectivity in everything from vehicle sensors to rovers on the surface of Mars. The aerospace industry has a high degree of cyber connectedness where a negative impact could cause harm to not only aircraft but financial systems, company reputations, international relations, or even physical harm to humans and property.
During this informative session, Cary Bryczek, Director of Aerospace & Defense Solutions at Jama Software®, discusses how Jama Software applies a cybersecure-by-design approach to meeting DO-326A/DO-356A for aircraft systems and how this can be extended to the defense domain.
In this webinar, we covered:
Applying the Airworthiness Security Assurance Process
Threat (attack) modeling methods
Tracing security measures to requirements and tests
The role of requirements in DevSecOps tool ecosystems
DO-326 Airborne Security Assurance, Threat Modeling, and DevSecOps
Cary Bryczek: What we’re seeing today is just an unprecedented level of digital interconnectivity in seemingly every system out there. The aviation industry has a high degree of cyber connectedness where a negative impact could really cause harm to not just humans and property, but company reputations, international relations, or financial systems.
What we’re going to see today is how Jama Connect can provide a cyber secure-by-design approach to meeting the many aspects of DO-326 and DO-356, or ED-202 and ED-203 in Europe, the Middle East, and Africa (EMEA.) What we’re going to see is we’re going to apply the airworthiness security process that’s inside of DO-326, and use Jama Connect’s Live Traceability™ to trace security measures to security requirements, trace security requirements to testing, look and see how a threat analysis can all be incorporated into a single platform.
What is Cybersecurity by Design? So one of the things that we see a lot is in the tool ecosystem is a very disconnected set of processes and tools. So whether you’re tracing and using tools that do requirements identification, tracing those to verifications and hardware and software designs, or whether you’re using tools to do aircraft security analysis and tracing those to security architectures and security V&V, we’re noticing the disconnectedness of the processes in the tool ecosystem is causing product delays, cost overruns, product failures, audit failures, late identification of defects, and lack of visibility because the ecosystem is very disconnected, is taking place. There’s poor requirement coordination. Change management is hard between software and hardware, and you have a high degree of manual effort required to produce the traceability that’s required for certification. And you’re seeing this after the fact and Excel is used everywhere. Desktop tools are prevalent in the engineering of these systems, and it’s difficult to integrate desktop tools and Excel files into and across the ecosystem for product development.
Bryczek: So what is Live Traceability? Live Traceability in Jama Connect gives the ability for any engineer at any time to see the most up-to-date upstream and downstream information for any requirement, no matter the stage of the systems development or however many siloed tools it spans. Now, this Live Traceability is important because it’s required by the industry standards like we’ve seen in aviation development and Live Traceability delivers a huge productivity improvement and it reduces the risk and the delay that happens when you have a disconnected tool environment.
So we’re going to talk about DO-326. DO-326 is really a set of standards jointly developed by RTCA and EUROCAE. It came about in 2006. It includes a few separate standards. DO-326 and ED-202 really is about the airworthiness security process specification. It explains the fundamental concepts behind airworthiness cybersecurity. DO-356 and ED-203, the airworthiness security methods and considerations, this explains how to perform cybersecurity investments, how to evaluate threats, and security measures of the system. How do you apply the mitigation measures? DO-355, we’re not going to really talk about that one today, but it’s applicable to if there are changes in an already certified system. So one of the most relevant documents you’re going to start with even before you start down the path for cybersecurity, is creating your product information and security risk assessment document. You’re going to perform an analysis of this, and this analysis should be conducted according to the standards.
So what exactly is airworthiness? So airworthiness security is the protection of the airworthiness of the aircraft from intentional unauthorized electronic interaction. So existing safety processes don’t consider intentional disruption. They look at the faults and failures of an aircraft or the aircraft system on a whole. But DO-326 is specifically looking at intentional human-initiated actions with the potential to affect the aircraft due to some unauthorized access or disclosure or causing some denial or disruption of the information systems, the networks, and the software that’s running on these aircraft systems. So this also might include things like malware or infected devices or the logical effects of any external systems. So the purpose of the airworthiness security process within DO-326 is to establish that when subjected to this unauthorized interaction, the aircraft is going to remain in a condition for safe operation.
So like I said earlier, DO-326 describes the what and DO-356 is the how. I’m sure that you guys have carefully looked at both of these guidelines and these are images from the guidelines. But I just wanted to point out what we’re going to talk about today. We’re going to talk about how the airworthiness security process and threats are mapped in Jama and how you can have security assurance and the risk assessment process from DO-356, how those can be conducted in Jama Connect itself. As you know, DO-326 live in its own. You’re having supporting processes from the development of the aircraft, the development of the system, DO-178, ARP-4754 are all interacting and being conducted at the same time. So there’s no linear, do this first, do this next, do this later. All of these processes are taking place pretty much simultaneously or iteratively as you design and develop the aircraft system.
So the airworthiness security process from a basic level, it’s again, it’s the protection of the aircraft from intentional unauthorized electronic interaction. There are four steps for the basic process. We’re going to first identify the system assets and its parameters. The second step is to identify the threats for all of those assets, identify those risks for each of the threats, so what might happen, and then create controls and mitigations for those risks. You’re going to be adjudicating the degree of harm and assigning a security assurance level, the strongest being SAL3 or the least would be a SAL zero where there’s this limited or protection needs required. So there’s a way to grade those as well.
Bryczek: The inside of Jama Connect itself, this image describes essentially the architecture of what you’re going to see that what we have in the product. We have a template that you can use to facilitate this. It sits alongside of our template that’s used for ARP-4754, and DO-178, or DO-254. The orange assets essentially is the data model that we’re using to capture the different types of things in the system. So we have assets, we have vulnerabilities. Those are tied to different threat assessments or a threat assessment is performed on these types of objects. We have security measures, we have the security architecture elements, and those feed into the security requirements. This comes pre-configured out of the box. We also have an area where you going to capture the data for that kind of thing.
Having this sort of a data model enables engineers to really perform the analysis to understand, all right, which assets have I not assessed yet? What’s the workflow? Who has reviewed the threat assessment? Have the security measures been satisfied by security requirements? Have we done security testing of the system? So this sort of data model enables the traceability to be instantiated and allows engineers to really more easily create the kind of a content. So one of the benefits you see of using Jama is that the security process is not disconnected from the design and development of the aircraft system itself. It’s done alongside. So that way you have that earlier touch points between the functional aircraft, design engineers and the security engineers. So you’re building in that secure by design approach.
