Tag Archive for: Product Development & Management

In this blog, we recap our whitepaper, “Applications of Systems Engineering in Healthcare” – Download the complete paper HERE.

Applications of Systems Engineering in Healthcare

When it comes to healthcare, time to market is one of the most crucial aspects of success or failure. However, medical product development teams face several challenges that slow product development, and in the quest to speed up the process, some teams are turning to systems engineering to improve the process.

In this whitepaper, we’ll look at the challenges healthcare development teams face, the difference between market-driven and contract-driven industries, and how the power of simplicity can help healthcare systems engineering teams strike a perfect balance to adapt, innovate, and succeed.

The Challenges of Healthcare Systems Development

To understand how systems engineering can help, it’s important to first look at the challenges development teams face.

First, teams must balance time demands with the need to launch products that are both safe and effective. Today, the time to define requirements has increased by 29%, and unplanned requirements churn has increased by 81%, resulting in about 70% of medical products being delivered late.

The shifting regulatory landscape presents more challenges, including the increased cost of adherence to such regulations as Software as a Medical Device (SaMD), Software in a Medical Device (SiMD), Medical Device Regulation (MDR), and In Vitro Diagnostic Regulation (IVDR). At one of the top medical device development firms, for example, their product developers had to monitor approximately 8,000 regulations. Ensuring that products meet quality, safety, and performance standards has a significant financial impact; getting it wrong can cost billions of dollars. Across the industry, non-routine quality events cost between $2.5 and $5 billion per year.

In addition to increasing design complexity, there is also an increase in process complexity. Software development teams have gone from between 20 and 40 people to hundreds of people. Artificial intelligence (AI), machine learning (ML), and other new technologies represent complexity inside devices. Organizations are getting more complex as well, with a heavy focus on acquisition, which means constantly integrating new teams and cultures, sometimes dispersed across the globe.

Systems engineering can help product developers in healthcare manage these complexities and streamline development to keep them competitive in a rapidly changing market.


RELATED: The Complete Guide to the Systems Engineering Body of Knowledge (SEBoK)


Market-Driven vs. Contract-Driven

To understand how systems engineering can improve speed to market, it’s important to first understand the difference between a “market-driven” and a “contract-driven” industry.

In a market-driven industry, the first mover tends to get the lion’s share of the profits. Market-driven industries have many customers, and the stakeholders are internal to the business. Budget, time, and requirements are negotiated within the organization.

In a contract-driven industry, success means satisfying the contract. Budget and time are fixed by the contract with one (or very few) customers. In this scenario, requirements are a key commitment negotiated within formal design control.

The two different industry models present very different requirements challenges. In a market-driven industry, requirements are an internal business tool that helps communicate across business functions. They must be validated, but the development team decides on timing and features. If a team member develops a new, innovative feature, everyone can agree to take extra time to develop it. In a contract-driven industry, that likely wouldn’t be possible given the constraints of the contract.

Systems engineering can help the market-driven industry turn ambiguous needs into clear and feasible solutions to be implemented by hardware and software teams.

Systems Engineering: From Needs to Solutions

Product developers in a market-driven industry receive a lot of input from the various stakeholders within the organization. Their task is to turn that input into marketable products that work seamlessly on day one, day fifty, and years later. The key value produced is the seamless integration of those products into every customer’s workflow and work systems. Every installation and every service event must produce a uniform, high-quality, high-performing product.

Within those constraints, developers need to optimize the business value. When there are multiple options, marketing will inform the team of the customer value of these options. The implementation teams will pass on the delivery and product costs of those functions. The role of systems engineering is to make trade-offs between those and optimize the business impact based on the cost of implementing them. Associated with that is managing technical risks and scaling costs by risk.

The key value of systems engineering is making sure design decisions are identified and closed predictably with one voice across the team. Decisions are framed, the options are agreed to, the decision criteria are agreed to, and the final decision is closed, and stays closed even as stakeholders change. Once the team has a frozen design, integration or quality problems can be found and resolved prior to moving on to the next phase. By creating time to react, teams allow themselves space to adjust design early in the program rather than rushing to fix quality issues before shipping.

Winning products happen when systems thinkers are effective. When everyone across the program engages in systems thinking, the team will maximize the creativity of the entire program.

RELATED: How to Overcome Three of the Biggest Challenges in Medical Device Development


What is Systems Engineering in Healthcare?

As a process example, at one leading US-based medical device development company, engineering teams start with the end customer’s performance requirements, such as delivering excellent image quality in their imaging
products or the proper humidity and temperature for neonatal products. As part of delivering that essential performance, teams must ensure safety and regulatory compliance.

Their product teams also put a high emphasis on usability, ensuring that their products are easy to use and delight the customer. The teams define the right implementation requirements and reliability strategy, and they ensure that their products can be installed and serviced properly.

While there is tremendous diversity in products and programs across most medical device and life sciences companies, there are several commonalities across the product teams as well. Teams have common program milestones and a common systems’ lifecycle based on the V-model with iteration and Agile built in.

What differs in product teams are the levels of safety hazards and FDA risk. Teams develop everything from anesthesia technology, which could easily kill a patient, to ultrasound, which is non-ionizing equipment operated with light, handheld probes. To accommodate these different levels of risk, teams adjust the process rigor so that higher-risk modalities have higher process rigor.

Additionally, systems engineering teams can look very different across the world. Many organizations operate in different locations with different cultures and different organizational sizes. Systems engineering teams can vary from fewer than ten engineers to over one hundred engineers. The scale of the programs can range from just a few engineers over a few months to many hundreds of engineers applied to a program that might last three years and is based on technology developed over the prior decade. (Even in that research phase, teams should apply some systems engineering thinking.) Organizations can be product-centralized or decentralized within an organization.


TO LEARN MORE, DOWNLOAD THE COMPLETE WHITEPAPER HERE:
“Applications of Systems Engineering in Healthcare”


 

 

 

 

 

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from IndustryWeek, titled “Cybersecurity Concerns for Manufacturers in 2024” – written by Dennis Scimeca and originally published on January 15, 2024.

Cybersecurity Concerns for Manufacturers in 2024

The more networked and data-centric manufacturing becomes, the more manufacturing leaders ought not consider cybersecurity as something that only concerns the IT department. New SEC reporting rules and high-profile hacks against manufacturers with multimillion-dollar price tags last year curtly demonstrate the point.

Org-wide planning provides the best defense against cyberattack. Knowing what to expect in 2024 and taking proactive steps against threat actors may make the difference between publicly admitting your company wasn’t prepared and accordingly losing money and prestige, or not.

Educate Your Workforce

Human beings decidedly provide the weak links in cybersecurity hygiene. Erecting digital gates and demanding identification checks do nothing if your employees hand over virtual ID cards without realizing they’ve done it.

“Cyberattacks in 2024 will look EXACTLY as they have in the previous three-to-four decades. Most will involve social engineering. About a third will involve unpatched software or firmware. About 10-to20 percent will involve weak password issues. Those three root attack methods will make up 99% of the attacks against most people and organizations,” says Roger Grimes, data-driven defense evangelist at KnowBe4.

“To defend against them, aggressively focus more on preventing social engineering,” he adds. “This means deploying technical cyber defenses that prevent social engineering from reaching users. Because technical defenses will never be perfect, you must train your users in how to recognize the signs of social engineering, how to defeat it, and how to appropriately report it.”

Recognize OT as an Attack Surface

In addition to the best practice, general cybersecurity hygiene pertinent to any business, manufacturers must contend with the vulnerability of their operational technology (OT). Every networked machine on the floor provides a possible avenue for intrusion into your larger IT system.

“Lack of segmentation between IT and OT environments and lack of awareness into these systems provide key avenues for threat actors to cause impacts and outages. Organizations need to mitigate as much risk as possible by focusing on quality backups of not just corporate data, but OT configurations and data needed to restore systems, all with secure encryption,” says Tom Marsland, VP of technology at Cloud Range.

The question of whether to place responsibility for OT cybersecurity within the IT department, or instead to spin out a separate OT group, is not just organizational says Marty Edwards, Deputy CTO for OT/IoT at Tenable.

“CFOs and CISOs will look at the cost-benefit analysis of investing in IT vs. OT security, and they’ll see there’s more benefit to investing in OT than IT in 2024 that at any point until now. For every $1 spent in OT, organizations get more than what they get with $1 in IT security investment. OT investments buy down your risk much more so than IT security,” Edwards says.

Amir Hirsh, head of Tenable OT Security, wants manufacturers to acknowledge how green initiatives that involve OT monitoring can increase cybersecurity risks.

“With the growing attention and increase of costs and penalties around energy usage and carbon emissions, companies will turn to smarter management of their operations, which will increase OT-based sensor deployment and controls. We’ll see more and more IoT and OT devices in smart buildings, factory management and building management systems. These trends will expose companies to further risk as they will expand their attack surface and often connect these environments to the internet,” Hirsh says.


RELATED: Five Advantages of Cloud Over On-Premises for Your Requirements Management and Traceability Solution


AI: Cybersecurity, Friend and Foe

Integrating AI into OT carries specific risks and benefits, says Chaz Lever, senior director of security research at Devo.

“As we move into 2024, it’s imperative for manufacturers to place a strong emphasis on the security of their AI implementations. AI represents a new attack surface, and in the case of OT, attacks on AI systems could result in impacts that cross the cyber-physical barrier. Great care needs to be undertaken to make sure AI interacting with OT systems guards against the myriad of potential AI threats (e.g., prompt injection, adversarial examples, model inversion, etc.),” Lever says.

AI also has the potential to help protect OT systems through its integration into security operations. AI’s capability of sifting through massive quantities of security data and isolating high-priority alerts is becoming increasingly sophisticated. This enables AI to augment the capabilities of analysts in monitoring systems, conducting forensic investigations and proactive threat hunting,” Lever adds.

Kurt Markley, managing director for the Americas at Apricorn, points out that bad actors may also use AI to create ransomware tools, the most popular avenues for attack against manufacturers. Generative AI-powered ransomware attacks doubled against healthcare, municipalities and education orgs between August 2022 and July 2023, says Markley.

Manufacturers could be next on the list. Protecting critical data mitigates the risk.

“While almost all IT leaders say they factor in data backups as part of their cyber security strategies, research we conducted [in 2023] found that only one-in-four follow a best practice called the 3-2-1 rule, in which they keep three copies of data on two different formats, one of which is stored offsite and encrypted. Furthermore, this same research found that more than half of respondents kept their backups for 120 days or less, far shorter than the average 287 days it takes to detect a breach,” says Markley.

“The likelihood that AI-driven ransomware will impact far-higher numbers of organizations, it will be more important than ever in 2024 that organizations have a strong cyber resiliency plan in place that relies on two things: encryption of data and storage of it for an appropriate amount of time. IT leaders need to embrace the 3-2-1 rule and must encrypt their own data before bad actors steal it and encrypt it against them,” Markley adds.

Beware the Cloud?

Touted for many years for scalable data architectures and cost-effectiveness compared to on-premises infrastructures, manufacturers like Nissan have learned the cloud also carries cybersecurity risks. Don’t think that offloading data to the cloud means offloading related cybersecurity concerns to your cloud technology provider.

“It’s estimated that 30% of cloud data assets contain sensitive information. All that data makes the cloud a juicy target and we expect that 2024 will continue to show that bad actors are cunning, clever, and hard-working when it comes to pursuing data. The industry has seen triple the number of hacking groups attacking the cloud, with high-profile successes against VMware servers and the U.S. Pentagon taking place [in 2023],” Markley says.

As IT teams spend more on moving and storing data in the cloud, organizations must spend the next 12-to-24 months auditing, categorizing and storing it accordingly. They need to gain deeper visibility into what data they have stored in the cloud, how data relates to each other, and if it is still meaningful to the operations of the organization. In doing so, they are advised to create specific security policies about how, where and for how long they store their data. These policies, when actively enforced, will help organizations better protect their most valuable asset – their data,” he adds.


RELATED: When Evaluating Product Development Software Tools, Not All Cloud is Equal


Think Forward for Best Protection

Effective cybersecurity’s layered, multi-faceted structure and accompanying price tag make it attractive for manufacturers to deprioritize, but the sooner they get on board with proper cybersecurity hygiene the sooner they can stop worrying about ever cutting a fat ransomware demand check…or what they’re going to tell the SEC in the annual 10-K filing.

“Ultimately, it’s crucial for security teams to collaborate closely with their organizational leadership to find an optimal equilibrium between security, user convenience, and technological innovation,” says Lever.

Grimes provides a checklist for basic, first cybersecurity steps:

  • Patch all software and firmware, especially anything on CISA’s Known Exploited Vulnerability Catalog list.
  • Use phishing-resistant multifactor authentication (MFA).
  • If you can’t use MFA, use a password manager which will create and use long and complex, different passwords for every site and service you use.

“The organizations that focus on these core, necessary defenses correctly and don’t get sidetracked by a hundred other less useful shiny objects will significantly decrease cybersecurity risk,” Grimes says. “The organizations that don’t, will likely be hacked.”

Ready, Set, Launch: Welcoming the New Jama Software® User Community

We are excited to announce the launch of our new Jama Software® User Community! Hosted on Higher Logic’s Vanilla platform, this community will be based on their successful framework model and will serve as an improved hub for collaboration, discussion, and support. To learn more about the history of Jama Software®’s user community, which was first created in 2015, visit Empowering Customer Success: The Vital Role of Support and User Communities.

In preparation for the launch of this exciting new space, we interviewed Amanda Jennewein – Senior Manager of Customer Support at Jama Software, to find out what existing and new user community members can expect from this transition.

What were the main reasons or goals for relaunching the Jama Software Customer Community?

Amanda Jennewein: Launching the new Jama Software® User Community is a strategic initiative aimed at improving customer engagement and satisfaction, driving innovation, and strengthening the company’s brand presence in the digital space.

  • Enhanced Customer Engagement: Our goal is to strengthen customer relationships and create a supportive ecosystem by fostering a sense of belonging and collaboration. Building a vibrant online community allows customers to engage with each other, share experiences, and exchange best practices.
  • Knowledge Sharing and Support: As we recently shared, a community is valuable for users to access documentation, tutorials, and troubleshooting guides. By centralizing knowledge and expertise, Jama Software empowers customers to find solutions independently and receive support from peers and experts within the community.
  • Feedback Collection and Product Improvement: The community provides a channel for customers to provide feedback, suggest enhancements, and vote on feature requests. By soliciting input directly from users, we gain valuable insights into customer needs, preferences, and pain points, which can inform product development and roadmap prioritization.
  • Customer Success and Adoption: A thriving community contributes to customer success by facilitating collaboration, learning, and adopting Jama Software products and solutions. We aim to drive user satisfaction, retention, and advocacy by promoting engagement and self-service support options.
  • Brand Building and Thought Leadership: Hosting a vibrant community reinforces our position as a software development and requirements management leader. By curating valuable content, facilitating discussions, and showcasing customer success stories, we strengthen our brand reputation and thought leadership within the industry.

When will the new community be available for users to see?

Jennewein: The new community was officially launched on March 18, 2024. Users can now join the new community and explore its features.


RELATED: Jama Software® Discovery Center


What improvements can users anticipate from our new community?

Jennewein: The migration to Higher Logic Vanilla represents a significant upgrade for the Jama Software Customer Community, offering improved usability, performance, collaboration tools, and integration possibilities. These enhancements allow users to anticipate a more engaging and productive community experience.

  • Enhanced User Experience: Vanilla offers a modern and intuitive user interface, making it easier for community members to navigate, discover content, and engage with others. The platform’s clean design and user-friendly features create a more enjoyable and efficient user experience.
  • Improved Performance and Reliability: Vanilla’s infrastructure is designed to deliver better performance and reliability than the previous platform. Users can expect faster page loading times, smoother browsing experiences, and minimal downtime, ensuring uninterrupted access to community resources and discussions.
  • Streamlined Content Discovery: Vanilla provides robust search functionality and content categorization tools, enabling users to find relevant discussions, articles, and resources quickly. Advanced search filters and tags make locating specific topics of interest easier, facilitating knowledge sharing and collaboration within the community.
  • Federated search: Vallina connects to other tools to surface relevant content, regardless of where it lives.
  • Enhanced Customer Support Integration: Further integration of the community with customer support processes and systems to streamline issue resolution, facilitate peer-to-peer support, and provide faster access to assistance. Automation and self-service options will empower users to find solutions independently and reduce their dependency on traditional support channels.

Will users from our previous community notice any significant changes? Will they still be able to find the same information as before?

Jennewein: Overall, the structure and organization of the new customer community will prioritize usability, accessibility, and engagement, aiming to provide a valuable and enriching experience for users seeking support, knowledge sharing, and collaboration within the Jama Software community.

You can see the Vanilla Success Community here, https://success.vanillaforums.com/

  • Homepage: The homepage serves as the central hub of the community, featuring essential announcements, latest discussions, and popular topics. It provides a snapshot of community activity and directs users to relevant sections and resources.
  • Discussion Categories: Discussions are typically organized into categories or topics based on themes, product features, or user needs. Precise categorization helps users find discussions relevant to their interests and expertise, promoting participation and knowledge sharing.
  • Digital Onboarding Guide: A dedicated section for articles, guides, tutorials, and other resources.
  • Q&A: Users can ask and answer questions within a community to facilitate self-service support and develop brand advocated.
  • Ideation: Provide feature requests while collaborating with peers by voting and commenting on ideas.
  • Events and Announcements: Information about upcoming events, webinars, product updates, and community announcements may be featured prominently to keep users informed and engaged.
  • User Profiles and Recognition: User profiles allow community members to personalize their experience, showcase their expertise, and connect with peers.
  • Search Functionality: Robust search functionality lets users quickly find relevant discussions, articles, and resources. Advanced search filters and tagging systems improve the discoverability and accessibility of content.
  • Community Guidelines and Support: Clear guidelines and rules for community participation help maintain a positive and respectful environment. Support resources, FAQs, and help documentation should be readily available to assist users and address any issues they encounter.
  • Verticalized Resources: Solution spaces for Automotive, Medical Devices & Life Sciences, Robotics, and Airborne Systems will be available to customers who have purchased additional licenses. These spaces offer industry resources, downloadable materials, and specific discussion areas.
  • Additional Downloadable Resources: Customers may purchase additional licenses to access downloadable content for:
    • Data Exchange
    • Jama Validation Kit (JVK) – Test cases and coverage reports
    • Functional Safety Kit (FSK) – ISO certifications, defects, and safety manuals.
    • Jama Connect Interchange™

How will the new community be moderated and managed to ensure a positive experience for members?

Jennewein: To ensure a positive experience for members, the new community will be moderated and managed through a combination of proactive measures, clear guidelines, and responsive support.

  • Clear Community Guidelines: Clear guidelines and rules for community participation help maintain a positive and respectful environment.
  • Designated Moderators: The community will have moderators responsible for overseeing discussions, enforcing community guidelines, and addressing any issues or concerns members raise. These moderators will be experienced and knowledgeable individuals who can maintain a respectful and inclusive environment within the community.
  • Prompt Response to Concerns: Our community encourages its members to report any concerns or violations of community guidelines to the moderators. Upon receiving such reports, the moderators will promptly investigate the issue thoroughly and take appropriate action to address the concern. This may involve removing inappropriate content, issuing warnings, or taking other necessary steps to ensure that our community remains a safe and welcoming place for all.
  • Transparent Communication: Moderators will communicate openly and transparently with community members, explaining decisions and actions. Transparent communication helps build trust and confidence among members and demonstrates a commitment to fairness and accountability.
  • Educational Initiatives: Besides taking enforcement actions, moderators will also undertake educational initiatives to encourage positive behavior and cultivate a culture of respect and collaboration among community members. This may include providing guidance on best practices for constructive communication, conflict resolution, and effective participation.

RELATED: Carnegie Mellon University Software Engineering Program Teaches Modern Software Engineering Using Jama Connect®


How will we address and resolve issues or concerns raised within the customer community?

Jennewein: Support resources, FAQs, and help documentation will be available to assist users and address any issues they encounter in partnership with moderators and the Online Community manager.

What plans does the company have for any additional future growth and evolution of the customer community?

Jennewein: The company’s plans for future growth and evolution of the customer community are focused on creating a vibrant, inclusive, and value-driven ecosystem that empowers users, fosters collaboration, and drives customer success with Jama Software products.

  • Expansion of Community Features: Continuously evaluate and introduce new features and functionalities to enrich the community experience.
  • Community Advocacy and Ambassador Programs: Identify and cultivate community advocates and ambassadors passionate about Jama Software products and actively contribute to the community. Recognize and reward these advocates for their contributions and empower them to champion the community, share their experiences, and advocate for the brand.
  • Feedback-driven Iterative Improvements: Continuously solicit feedback from community members through surveys, polls, and feedback forums to identify areas for improvement and prioritize future enhancements. Use this feedback to inform iterative updates and enhancements to the community platform, ensuring that it evolves in alignment with user needs and expectations.
  • Content Expansion and Diversification: Invest in expanding and diversifying the content available within the community, tailoring content to address community members’ evolving needs and interests, covering a broad range of topics related to Jama Software products and industry trends.

Conclusion

We are always working to improve and refine our customer experience, aiming to provide excellence in every interaction. If you are a current customer and would like to learn more, please contact your customer success manager or consultant. If you are not yet a client, please visit our website at jamasoftware.com to learn more about our platform and how we can help optimize your development process.

Important: Password Change Required for returning members to access the New Community Site

With the new site launch, returning members must update their password to access the new community site. This is an important step that needs to be taken for security reasons. We appreciate your cooperation. To change your password and gain access to the new Community site, please visit: community.jamasoftware.com

 

This image portrays a webinar on the topic on Traceable Agile.

In this blog, we recap our webinar, “Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery” – Click HERE to watch it in its entirety.

In this insightful session, Professor Paul Meadows MSc, PMP, CSM and Steven Meadows, Principal Solutions Lead at Jama Software®, explore Traceable Agile™, as well as best practices in terms of Agile processes, helping you ensure that your team is achieving the right balance between quality and speed.

You will learn about:

  • Best Practices and Tooling: Learn about the best practices in implementing effective agile processes and recommended tooling to enhance your team’s performance.
  • Balancing Speed and Quality: Strategies to ensure your software delivery is both fast and shipped with fewer defects
  • Implementing Traceable Agile: Dive deep into Traceable Agile, a methodology that promotes speed while maintaining a comprehensive historical and current view of your development process, enabling early issue detection.
  • Real-World Applications: Gain insights into how Traceable Agile is being implemented in various industries, and the benefits it has on software and hardware integration.

Below is an abbreviated transcript of our webinar.

Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


Professor Meadows: Well, first of all, I’d like to say thank you for inviting me to the webinar. Steven, I’m looking forward to this. Just in terms of my background, I’ve first of all completed a full career in the British Army and since then I’ve over 20 years of project management experience, really based in mostly world-class, global enterprises, building and managing project management offices, developing and executing project management policies and standards. I’ve got a master’s degree in project management from Liverpool University. I’m a certified project management professional with the Project Management Institute and I’ve been a certified scrum master for over eight years.

I’ve taught project management for Columbia University in New York City and I am currently the lead faculty professor for the master’s degree in project management at NYU, also in New York City.

Steven Meadows: Great, thanks for that introduction. Just as a brief introduction for myself here, my name is Steven Meadows. I’m a principal solutions lead and I represent my company Jama Software and we’ll be touching on what Jama Software is and the solutions that we offer shortly. I also have around about 12 to 13 years experience in solution architecture, solution implementation. I’m also certified in Agile development using Jira software as well as Jira project administration too. So I’ve helped out or helped a lot of different Agile teams implement Agile solutions and implement while using tools. I do briefly want to introduce Jama Software, our company, and also solutions that we develop.

So Jama Software really provides a suite of solutions that spans the entire product and systems development lifecycle, things like capturing and managing requirements’ traceability to ensuring collaboration across different departments and different teams throughout the software development lifecycle. Also, across other verticals as well. Now you’ll see some of the verticals on this slide that we support, including regulated industries like medical device and aerospace and defense, as well as pure software development and industrial manufacturing too.

Now, some of the ways that we really help our customers realize value with our tools by reducing development cycle times, increasing process efficiency, gaining visibility and control and so on. So with that then, Professor Meadows is now going to provide an overview on Agile, the Agile Manifesto, and some of the principles as well.


RELATED: Requirements Traceability Benchmark


Professor Meadows: Thanks Steven. So here we are on the Agile overview page. We’re going to talk about some of the benefits, but as Agile development methodologies and frameworks become more and more the choice of organizations as we see here, they recognize the significant productivity improvements that can be achieved. It’s important here though, Steven, to really draw the distinction between waterfall requirements management and Agile requirements management. As we know, the strength of Agile is in the collaborative development that’s achieved with constant stakeholder and development team interaction over the more traditional approach where requirements are captured upfront largely and changes are not only unwelcome but actually considered disruptive.

And where they do occur generally they have to follow a fairly formal process of review and approval before they’re accepted. So in today’s very dynamic marketplaces, you can see clearly this is not going to help organizations achieve and maintain competitive advantage. So the four foundational values we see here were developed as part of the Agile Manifesto way back in 2001, and they’re really designed to efficiently elicit requirements and turn those requirements into functioning software. It’s about responding to change over following a plan.

And when you look at that in the context of the value placed in working software over comprehensive documentation, we really start to get to understand the challenges that emerge in trying to make sure our stakeholders and their needs are being met by what we deliver. This becomes even more complex when we start to look at the 12 Agile principles in more detail next. Before we move on to there, let me give you a little bit more detail about these values though. So individuals and interactions over processes and tools. Well this value itself emphasizes the importance of focusing on people and obviously their interactions with the team rather than solely relying on processes or tools.

But I don’t want to underestimate the value of processes and tools and we will definitely talk more about that through this webinar. This one really highlights the significance of effective communication, collaboration, and teamwork in delivering successful outcomes. Agile teams prioritize building strong relationships and that’s really one of the strengths that’s looked for as you build a team is that ability to build strong relationships and really fosters open communication, empowering individuals to make decisions that contribute really to the overall project success. Moving on to working software over comprehensive documentation.

Again, this is another one of those values we’re going to dig a lot deeper into through this webinar. But this value really underscores the importance of delivering functional software that meets the needs of the customer over extensive documentation, is the way it’s worded. And while documentation itself has its place in software development, tangible results are in the form of working software. Agile teams strive really to deliver value early and often. Today we’re seeing continuous delivery in many of the firms you’ve implemented successful Agile.


CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery


Understanding IATF 16949: A Quick Guide to Automotive Quality Management

In the ever-evolving landscape of the automotive industry, ensuring product quality and safety is paramount. One key standard that plays a crucial role in this pursuit is IATF 16949. In this article, we will delve into the intricacies of IATF 16949, exploring its significance, key elements, and benefits.

What is IATF 16949? IATF 16949, or the International Automotive Task Force 16949, is a globally recognized quality management standard specifically designed for the automotive sector. This standard is based on ISO 9001 and incorporates additional requirements tailored to the automotive industry. IATF 16949 was developed by the International Automotive Task Force (IATF) to promote quality, consistency, and continual improvement throughout the automotive supply chain.

This image portrays some of the automotive elements involved in the IATF 16949 regulation.

Key Elements of IATF 16949:

  • Customer Focus: IATF 16949 places a strong emphasis on meeting and exceeding customer requirements. This includes understanding customer needs, providing defect-free products, and consistently delivering high-quality services.
  • Process Approach: The standard adopts a process-oriented approach to quality management. Organizations are encouraged to identify, manage, and optimize key processes to enhance efficiency and effectiveness in meeting objectives.
  • Risk Management: IATF 16949 requires organizations to identify and address potential risks within their processes. This proactive approach helps in preventing issues, ensuring product safety, and maintaining a robust quality management system.
  • Supplier Quality Management: Recognizing the interconnected nature of the automotive supply chain, IATF 16949 places a significant focus on supplier quality management. Companies must work closely with their suppliers to ensure that quality standards are consistently met throughout the supply chain.
  • Continuous Improvement: The standard promotes a culture of continual improvement, urging organizations to regularly assess and enhance their processes. This commitment to ongoing refinement helps companies stay ahead in a competitive market.

Benefits of Implementing IATF 16949:

  • Global Recognition: Achieving IATF 16949 certification provides organizations with global recognition, enhancing their credibility and opening doors to new business opportunities.
  • Improved Efficiency: By adopting the standard’s process-oriented approach, organizations can streamline their operations, reduce waste, and enhance overall efficiency.
  • Enhanced Customer Satisfaction: Meeting IATF 16949 requirements ensures that products and services consistently meet or exceed customer expectations, leading to higher satisfaction levels.
  • Risk Mitigation: The focus on risk management helps organizations identify potential issues before they escalate, reducing the likelihood of defects and recalls.
  • Competitive Advantage: IATF 16949 certification provides a competitive edge in the automotive industry. Many OEMs (Original Equipment Manufacturers) prefer working with suppliers who adhere to this globally recognized standard – and many companies are required to comply.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive


Who is required to comply with IATF 16949?

Companies that are part of the automotive supply chain, including manufacturers, suppliers, and service providers, may be required to comply with IATF 16949. This includes organizations involved in the production of automotive parts, components, and assemblies.

Key stakeholders in the automotive industry, such as original equipment manufacturers (OEMs) and their suppliers, often seek IATF 16949 certification to demonstrate their commitment to quality and compliance with industry standards. Certification to this standard is often a prerequisite for becoming a supplier to major automotive companies.

It’s important for organizations in the automotive sector to assess their specific contractual requirements and the expectations of their customers to determine whether compliance with IATF 16949 is necessary for their business. Certification to IATF 16949 is typically achieved through a third-party audit process conducted by accredited certification bodies.

What is a Quality Management System?

A Quality Management System (QMS) is a comprehensive framework of policies, processes, procedures, and records that an organization establishes and maintains to ensure its products or services consistently meet or exceed customer expectations. The primary goal of a QMS is to enhance customer satisfaction by consistently delivering high-quality products or services while also meeting regulatory requirements. It encompasses various elements such as quality planning, control, assurance, and improvement. A well-implemented QMS helps organizations identify and document their processes, set quality objectives, and monitor performance against these objectives. It often involves the use of standardized methodologies, documentation, and quality tools to foster a systematic approach to quality management, ensuring that every stage of the product or service lifecycle is controlled, measured, and continually improved upon. Certification to internationally recognized QMS standards, such as IATF 16946 and ISO 9001, provides external validation of an organization’s commitment to quality and can enhance its credibility in the marketplace.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


How can Jama Connect® help?

Jama Connect® is a powerful tool that plays a pivotal role in assisting teams in meeting the requirements of a QMS within various industries, particularly those with stringent regulatory standards.

Here are several ways in which Jama Connect facilitates compliance with QMS requirements:

  • Documenting and Managing Requirements: Jama Connect provides a centralized platform for documenting and managing requirements throughout the product development lifecycle. It allows teams to create, review, and collaborate on requirements, ensuring clarity and consistency. This centralized approach enhances communication among team members, reducing the risk of misunderstandings and improving overall requirement management efficiency.
  • Enabling Risk-Based Thinking: The platform supports risk-based thinking by providing tools to identify, assess, and mitigate risks associated with product development. Teams can systematically evaluate potential risks, assign risk levels, and implement mitigation strategies. This proactive approach aligns with the risk management requirements of QMS standards, contributing to safer and more reliable product development.
  • Assisting with Change Management Processes: Change management is a critical aspect of QMS, and Jama Connect streamlines this process. Teams can efficiently capture and evaluate proposed changes, assess their impact on requirements and other project elements, and implement changes in a controlled manner. This ensures that changes are documented, reviewed, and tracked, promoting transparency and accountability in the change management process.
  • Enabling Traceability of Processes and Products: Jama Connect offers robust traceability features, allowing teams to establish and visualize relationships between requirements, tests, and other project artifacts. This traceability is crucial for demonstrating compliance with QMS standards, as it provides a clear linkage between various stages of the development process, from initial requirements to final product validation.
  • Easy Documentation for Evidence for Audits: Jama Connect simplifies the documentation process required for audits. The platform enables teams to generate comprehensive reports, traceability matrices, and documentation trails that serve as evidence of compliance with QMS standards. This facilitates smoother and more successful audits, as auditors can easily review and verify the necessary documentation.
  • Supporting a Continuous Improvement Process: Continuous improvement is a fundamental principle of QMS, and Jama Connect supports this by providing analytics and insights into project performance. Teams can analyze data on requirements, testing, and other project metrics to identify areas for improvement. This data-driven approach fosters a culture of continuous improvement, aligning with the principles of QMS standards.
  • Supporting a Customer Focus with Traceability to Customer Needs: Jama Connect helps maintain a strong customer focus by establishing clear traceability from requirements to customer needs. This ensures that the final product aligns with customer expectations and requirements. The platform’s traceability features provide a visual representation of how each requirement contributes to meeting customer needs, strengthening the customer-centric approach advocated by QMS standards.

IATF 16949 is a critical standard for the automotive industry, emphasizing quality management, risk mitigation, and continuous improvement. Organizations that invest in achieving and maintaining IATF 16949 certification position themselves as reliable partners in a highly competitive and demanding market, ensuring the production of high-quality automotive products.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matt Mickle and McKenzie Jonsson.

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Med Device Online, titled “Decoding The FDA’s Draft Guidance On Computer Software Assurance For Medical Devices & Bio/Pharma” – written by Hemadri Doma, Tolmar Inc. and originally published on February 6, 2024.

Decoding The FDA’s Draft Guidance On Computer Software Assurance For Medical Devices & Bio/Pharma

The current state of validation is seen as a hindrance to quicker deployments, with an emphasis on adhering to thorough documentation practices instead of building systems that align effectively with their intended use.

A risk-based approach to validation has been around for some time. However, life sciences companies have been challenged with identifying software risks and the desired level of validation effort. Simultaneously, medical device manufacturers have expressed a desire for greater clarity regarding the FDA’s expectations for software validation.

In a rapidly evolving landscape of technology and regulation, the FDA released a draft guidance on computer software assurance in 2022 that promises to reshape the validation of automated data processing system and quality system software in the pharma/medical device industry and to enhance the quality, availability, and safety of medical devices. In this article, I will walk you through the key elements of the guidance, providing valuable insights for professionals navigating the complexities of automated processes and quality system software.

Guidance Supersedes Section 6 Of Software Validation Guidance Of 2002

The forthcoming guidance is set to supersede Section 6 of the general principles of software validation guidance from 2002, signaling a paradigm shift in the approach to validating automated data processing system and quality system software. This guidance provides crucial recommendations applicable to the requirements of 21 CFR 820.70(i), focusing on automated processes integral to production and quality systems.

Understanding The Regulatory Scope

The guidance emphasizes the necessity for manufacturers to validate software used in production or the quality system for its intended use. However, it explicitly excludes software as a medical device (SaMD) or software in a medical device (SiMD) from its scope. The document prompts manufacturers to thoroughly assess whether the regulatory requirement applies to their specific software.

A central theme revolves around a risk-based approach, urging manufacturers to delve into the intended use of individual features, functions, and operations within their software. The guidance recognizes the complexity of software used in production or the quality system, often comprising multiple intended uses. It encourages manufacturers to conduct different assurance activities tailored to these specific elements based on a meticulous risk assessment.

The guidance outlines the components of a robust record of assurance activities, stressing the need for objective evidence. It recommends capturing the intended use, risk determination, details of assurance activities conducted, issues found, and a conclusion statement declaring the acceptability of results.

The guidance distinguishes between process risks and medical device risks. Process risks pertain to potential compromises in production or the quality system, while medical device risks focus on the potential harm to patients or users. The document emphasizes the FDA’s concern for software features, functions, and operations that pose both high process risk and a consequential medical device risk, aligning assurance activities with the severity of potential issues.

Manufacturers are encouraged to leverage existing process controls throughout production, particularly for lower-risk software features. The guidance emphasizes the importance of data and information collected by the software for continuous monitoring and issue detection post-implementation. It highlights the use of computer system validation tools, iterative testing cycles, and continuous monitoring as integral elements of a comprehensive assurance approach.


RELATED: Jama Connect® for Medical Device & Life Sciences Development Datasheet


Establishing The Appropriate Testing Methods5

FDA always recommended leveraging all the vendor documentation when we were using computer system validation (CSV); now, in computer software assurance (CSA), FDA is strongly recommending leveraging all the vendor documentation and performing the remaining portion of testing in scripted and unscripted testing that is not covered in vendor testing.

FDA introduced new nomenclature for testing methods in CSA, scripted testing and unscripted testing, which are adopted from EC/IEEE/ISO 29119-1 First edition 2013-09-01: Software and systems engineering – Software testing – Part 1: Concepts and definitions, Section 4.94 to stay aligned with current practices and standards from IEEE for software testing.

The terms IQ, OQ, PQ relate to the original general principles of software validation guidance. The discussion at that time emphasized that IQ, OQ, and PQ, while relevant from a process standpoint and process-validation perspective, may not be directly applicable when dealing with software validation cases. It’s not a situation where these terms are irrelevant or inapplicable. Manufacturers always have had the freedom to structure their processes to meet the requirements of their quality system or business objectives. The use of these terms is optional, and if they provide clarity for the organization, they are free to adopt them. However, it hasn’t been explicitly stated before that these terms are crucial or necessary in the context of software validation.

Now, let’s dive into what unscripted testing and scripted testing are in terms of current software testing and how we can adapt to CSA activities.

Unscripted Testing

Unscripted testing is a software testing approach characterized by the absence of predefined test scripts or detailed test cases.

For context, current software testing practices say we don’t need any documentation, but in regulated companies we need to have minimum documentation. You are still laying out some objectives that need to be exercised, accomplished, or captured in some way, shape, or form. And within that context, there is a lot of flexibility with regard to developing a protocol established in 21 CFR 820.70(i), which states, “When computers or automated data processing systems are used as part of production or the quality system, the manufacturer shall validate computer software for its intended use according to an established protocol.”

Unscripted testing is divided into three types:

  1. Ad hoc testing: Ad hoc testing2 is an informal and unstructured software testing type aimed at disrupting the testing process to identify potential defects or errors in the early stages. This type of testing is typically unplanned in that it does not follow any documentation or test design techniques to formulate test cases. This type of testing tests features and functions with no test plan.
  2. Error guessing: Error guessing3 is a testing technique based on the tester’s experience, where they use their expertise to speculate or guess about potential problem areas within the application. This method requires a skilled and experienced tester. This type of testing tests failure modes with no test plan.
  3. Exploratory testing: Exploratory testing4 is a manual software testing technique conducted without a formal plan, allowing testers to deviate from scripted routines (repetitive and monotonous). It empowers testers to apply their skills creatively. Successful exploratory testers need critical thinking, creativity, and strong domain and technical knowledge.

While exploratory testing may seem unplanned, it isn’t random. It involves applying knowledge and expertise. Deep knowledge of the system under test is crucial for effective exploratory testing.

Establish high-level test plan objectives (no step-by-step procedure is necessary). Benefits of exploratory testing include:

  • Identifying edge cases and unexpected defects that scripted testing might overlook.
  • Testing from a user perspective to enhance user experience and usability.
  • Encouraging critical thinking among testers, preventing monotony, and improving software quality.
  • Increasing test coverage by exploring various scenarios and uncovering new defects.
  • Testing software in its early development stages to catch bugs early, even without formalized, scripted tests.
  • Providing flexibility to try new testing techniques, contributing to overall testing improvement.

Scripted Testing

Scripted testing refers to a software testing approach where the tester follows a predefined set of written instructions or scripts during the execution of test cases. Scripted testing includes both robust and limited scripted testing.

1: Robust scripted testing

This method of testing emphasizes ensuring that the testing process is not only thorough but also capable of being repeated consistently, traces back to defined requirements, and can be audited for transparency and accountability. The focus is on establishing a strong and reliable testing framework that contributes to the overall quality and reliability of the computer system or automation under examination. The test script should contain the following at a minimum:

  • test objectives
  • test cases (step-by-step procedure) ·
  • expected results
  • independent review and approval of test cases

2: Limited scripted testing

This method of testing customizes the testing strategy based on the risk profile, utilizing scripted testing for high-risk features or operations, while employing unscripted testing for low- to medium-risk elements. The goal is to create a balanced assurance effort that addresses varying levels of risk within the computer system or automation, optimizing testing resources accordingly. The test script should contain the following at a minimum:

  • test cases (step-by step procedure) identified
  • expected results for the test cases
  • Identification of the unscripted testing applied
  • independent review and approval of test plan

Leverage Technological Advances For Automated Traceability Testing

The guidance acknowledges the advancements in digital technology, advocating for electronic records over manual or paper-based documentation for efficiency. Delve into the meticulous documentation requirements outlined in the draft guidance. Discover how advances in digital technology can streamline the documentation process. Explore the FDA’s recommendation to leverage automated traceability testing and electronic records, reducing reliance on manual or paper-based documentation.

Embrace A Risk-Based Approach

The FDA’s draft guidance on computer software assurance is a call for a risk-based approach to instill confidence in automation used for production or quality systems. The four-step approach involves identifying the intended use, determining a risk-based strategy, selecting appropriate assurance activities, and establishing a comprehensive record. The guidance also invited manufacturers to actively engage, provide comments, and seek clarity on this transformative document that aims to harmonize technology and regulatory expectations in the ever-evolving medical device industry.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


Key Takeaways From The Draft Guidance

  • Is the draft guidance only for medical device companies that use software as a part of medical device production? No, it also applies to any other software applications. This draft guidance was prepared by the CDRH, CBER in consultation with CDER, Office of Combination Products, and Office of Regulatory Affairs. Specifically, this draft guidance provides recommendations regarding the requirements outlined in 21 CFR 820.70(i).5
  • This will supersede Section 6, “Validation of Automated Process Equipment and Quality System Software”, of the FDA’s software validation guidance, but it doesn’t replace “General Principles of Software Validation.”
  • Leverage the testing that is already completed by vendors or any testing that was done as part of your SDLC; don’t repeat the testing and always take credit for whatever is already completed.
  • CSA does not replace the existing computer system validation (CSV); instead, CSA is the lean approach of doing CSV by leveraging/using the existing vendor documentation.6
  • Using screenshots to establish the record associated with the assurance activities is not necessary, as you can use any system logs, audit trails, and any other electronic sources of data generated by the system.
  • Regulated companies don’t have to wait until this CSA draft guidance becomes effective; they can start implementing CSA immediately, as per the FDA.

Conclusion

If implemented correctly, CSA has the potential to significantly impact the industry and business operations. It can lead to a substantial return on investments, reducing costs by 50% (in my experiences) and saving both time and resources. Moreover, CSA contributes to enhancing the overall quality process through the application of critical thinking.

This article reflects the author’s viewpoints, opinions, and personal experience, and does not necessarily reflect those of his company or shareholders.

About The Author:

Hemadri Doma is a seasoned life sciences professional with more than nine years of expertise in the pharmaceutical and medical device industry. He is a subject matter expert in computer systems validation (CSV), computer software assurance (CSA), data integrity, equipment validation, process automation, artificial intelligence, pattern recognition techniques, and facilities validation. He has served in roles spanning engineering, facilities, information technology (IT), QC laboratory systems, process automation, validation, and quality processes. Doma currently holds the position of QA computer system validation engineer III at Tolmar Inc.

In this blog, we recap our webinar, “Key Systems Engineering Skills: Critical Thinking and Problem Framing” – Click HERE to watch it in its entirety.

Key Systems Engineering Skills: Critical Thinking and Problem Framing

Elevate your team’s success by exploring the role of critical thinking in a system engineering competency model.

In this insightful session, Chris Unger, Retired GE Healthcare Chief Systems Engineering Officer and Principal at PracticalSE LLC, and Vincent Balgos, Director of Medical Device Solutions at Jama Software®, discuss how critical thinking and decision-making skills are integral to systems engineering.

In this insightful session, you will learn:

  • Explore the vital role of critical thinking and decision-making in systems engineering.
  • Learn practical techniques for decision framing and closure.
  • Gain insight on how systems engineers should manage design decisions on a project.
  • See a simple model of how and when to engage with stakeholders in design decisions.

Below is an abbreviated transcript of our webinar.

Chris Unger: We’re going to talk today about a follow-up to the last webinar, where I’m going to talk about some of the most important systems engineering skills, critical thinking, and problem framing. So, how do skills in general, and soft skills, fit into improving systems engineering? So, in prior talks, I’ve suggested you keep your processes very simple but make them effective, and that’s easy to say but hard to do. That means you have to understand the system of the SE processes, how they connect, and where the diminishing value of the processes, the source process heading off, happens. As an example, a topic could be a technical risk, or it could be a trade-off between different possible solutions. So, we want to understand how those to the risk management and the decision process interact.

In order to do that, the best systems engineers have to have really good judgment. In addition, we have to influence people. Being simplistic, hardware and software engineers design things, things do what they’re told. I know it’s oversimplified, but our deliverables are instructions on how the software and hardware engineers do things. So, the best systems engineers here have an area of depth that they’re experts in, so they bring some technical credibility. They have systems of breadth, they understand all the systems processes and how they interact, and they have great interpersonal skills. Today I’m going to focus on how you achieve a balanced and optimized design, how you focus on your cost versus risk, and doing that through basically decision making.

So, first I want to talk about the Helix Model. So, the Helix Project was a project funded by the government and, the US government, and their concern was for big aerospace and NASA projects you tend to produce a major, billion-dollar development every 10 years, and then you do 10 years of support. So, people often move on. They were worried about how you create the truly brilliant leader systems engineers from a team that may be a little bit sparse. They developed this model up here in the front and simplistically, you start with things you learn in school, how to do good mechanical engineering, electrical engineering, and software engineering techniques. You then go into an organization, and so you spend the first five years learning about your company. Things like, well, if you’re going to be doing a say glucose monitor, what does blood chemistry look like? What does a sensor look like? What’s a workflow? So, you become a good organization-specific mechanical engineer.

Then you learn about lifecycle. How do you go from womb to tomb, from customer needs to disposal and disposition with all the regulations across the world in terms of chemical safety? So, after five, maybe 10 years, you understand your domain, you understand the lifecycle and you understand your technology. What differentiates after that? What they found was the skills on the bottom half of this page, the Systems Mindset, so big picture thinking, and paradoxical mindset. You’ve all heard that joke about fast, good and cheap, pick two of the three. Well, that’s the world in which systems engineers live. We make trade-offs between things that are inherently conflicting. The other thing is, we’ve got to make decisions quickly, so you’ve got to have a flexible comfort zone. You’ve got to be willing to wait till you have the critical information but make a decision without all the information you want.


RELATED: A Path to Model-Based Systems Engineering (MBSE) with Jama Connect®


Unger: In terms of the middle column, Interpersonal Skills, just the obvious stuff as I mentioned. You’ve got to influence the other engineers to make a good decision. Then finally here in Technical Leadership, balanced decision-making, and risk-taking. So, I had a general manager one time say, “We’re in the business of managing risks, not avoiding risks.” The least-risk program is also a boring one, but you also don’t want to take moonshots and everything. So, you really want to balance. It’s another case of a paradoxical mindset. Balance risk-taking with hitting a schedule predictably. So, these are the kinds of skills that really differentiate as systems engineering leaders, 10 to 15 years into your career. I’m going to talk more about these, decision-making, stakeholder management, and barrier-breaking.

So, I put together a very simple Systems Engineering Competency Model. I started with the NASA handbook and the NASA lifecycle. I simplified it, into that they had scope and requirements management separated, and I actually agree with those being different. But in reality, on the size of programs that we typically implemented, the people who did one typically did the other. Same thing, the architecture and the design, those were typically the same people. So, you have the upfront design, you have implementation. So, managing the subsystems actually do the implementation of what the design asks them to do, and you integrate it, such that you find your defects early. Then you manage all the lifecycle, the serviceability, manufacturability, disposability, and all the “ilities.”

Then leadership, obviously, there the interpersonal skills. This was developed for GE Healthcare, so I just picked it from our existing leadership skillset and I simplified it. What you’ll notice here is I put down at the bottom, critical thinking, as a technical skill. For many executives, and for other functional engineers, critical thinking is important, but as I mentioned, since we deliver instructions and designs to other engineers, framing decisions, taking vague things from product management and marketing, and turning them into clearer problems or functions to solve, I consider that a core technical excellence of systems engineering. But that’s vague. How do I actually measure that? So, I came up with this fairly simple set of observable behaviors. So, first of all, framing problems takes an ambiguous problem identifies the critical stakeholders, and turns them into a clear problem a more junior engineer can solve.

So, first, let’s talk about framing the problem. Even an entry-level person has to be able to understand a problem that’s been framed for them. But as you get to more senior people, the 10 to 15-year level, you have to be able to frame a complex problem, see around corners, use foresight to sort out essentials from the detail, and identify risks and emergent behavior that need to be incorporated in the decision, that other engineers might not see. Even at the strategist level, you can take a complex and ambiguous problem clarify the ambiguity, and turn it into simply just a complex and interconnected problem.

So, if we’re talking about maybe the 10 to 15-year-old person, not the most senior executives, you’ll be able to take a complex problem, identify ahead of time problems other people don’t see, and capture that. Balance cost, schedule, technical risk, and team capabilities, and make a trade-off based on sound evidence and data. Balance your intuition, when you don’t have all the data with waiting and gathering data where you need it. Then finally, making the decision is maybe the easy part. You have to make sure the team follows your leadership. Take accountability for making the right decisions, delegate where you can, and then ensure that the entire team buys into the decisions that the team or you have made. So, that’s the theory.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


Unger: Let’s talk about how we manage design decisions. First of all, why? Why is this a critical skill? By identifying the critical design decisions, it allows the team to focus on the most important thing, and separate out the core from the distractions. It helps teams identify work items. So, for example, one time when I was working with the ultrasound team in Japan, we had a bunch of really experienced engineers and they were working on a new ultrasound probe. It had moved an active component into the probe and there was a thermal issue. They were talking in Japanese for about five, 10 minutes when I was asked to frame the problem and I said, “Yeah, you’re talking too fast and too much. This is not that easy. Come back to me and tell me what you’re actually doing.”

They were figuring out how to measure the thermal properties in the lab. I said, “Well, imagine you had a probe that was safe, with maybe 39°C, but that was uncomfortable to handle. Have you worked with the application people on how much value? If you spent $50 more and took the temperature down by 1°C, would that be worth a trade-off? The team, “Oh, that’s interesting.” They were actually focused on the technical feasibility, not the real market and customer acceptance problem. So, by doing this upfront, you can make sure that you have a complete work process for the team. Then once you’ve made the decision, it minimizes rework by making sure the decisions stay closed.

Now, this decision list and prioritization should start early. It would be comfortable to wait until you know everything, but that’s too late. So, it’s a living document. Don’t wait to get started until you have enough information to make a good plan. Start with what you know, and then build out as you continue. So, one of the first things I talk about is, what is a decision? As an example, I’ve had teams come to me saying, “The operating system selection is a decision.” It’s like, “No. It’s actually not typical. It’s typically a collection of decisions.” So, I draw this little arrow here. It’s basically a decision is a point in which you select between different paths going forward and you pick one way versus another. So, deciding whether to include a stretch item in scope or not is a decision. Deciding between very specific designs and implementing a feature is a decision. Setting a critical to-quality parameter or balancing between different parameters, so cost versus reliability or cost versus performance, is a decision.


CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Key Systems Engineering Skills: Critical Thinking and Problem Framing


Jama Connect® Features in Five: Jira Integration

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.

In this Features in Five Integration Series video, Mario Maldari – Director, Solutions Architecture at Jama Software® – will demonstrate the Jama Connect® to Jira® integration.


VIDEO TRANSCRIPT

Mario Maldari: Hello and welcome to the Features in Five Integration Series. My name is Mario Maldari and I’m the Director of Solution Architecture here at Jama Software. Today, we’ll be walking through the Jama Connect to Jira integration. We make it possible for you to integrate Jama Connect with preferred best-of-breed software to achieve Live Traceability™ across the end-to-end development cycle. Live requirements traceability is the ability for any engineer at any time to see the most up-to-date and complete upstream and downstream information for any requirement, no matter the stage of systems development or how many siloed tools and teams it spans. This enables significant productivity and quality improvements, dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market. Let’s get started.

The Jama Connect to Jira integration allows for bidirectional synchronization of data between requirements and tasks. This allows for teams such as software developers to stay in their tool of choice and enjoy the benefit of real-time updates between the two applications. Today, we’ll be covering two core use cases for the integration. We’ll be creating a defect in Jama Connect that will synchronize to Jira, and then we’ll be creating an epic in Jira that’ll synchronize over to Jama Connect. Let’s start by executing a test case at Jama Connect’s Test Center. Let’s start our test run here and we can go through and pass or fail steps accordingly. We get to an issue, we can log a defect right from the test, and we can set things like priority. Go ahead and save that defect. And we can go ahead and save and close this test.


RELATED: How to Achieve Live Traceability™ with Jira® for Software Development Teams


Maldari: Then we can open up the test record here and we can take a look at the relationships. And as expected, we will see a link to a downstream defect that we just created. Let’s take a look and open up that defect. And we can see there’s an integration URL to the corresponding defect over in Jira that was just created. And as a developer, I can see a new defect came in and I can start to work on this defect. I can also change things like priority. I can also add a comment. Any field that’s set up to participate in the integration, such as name, description, comments, priority, all of these things can be modified from Jira and that will be synchronized over into Jama Connect. And now you’ll see that there’s a Jama Connect URL here, and this will take us back to the defect that we just created in Jama Connect.

And we can see that the priority has been set below. We can see that there’s a comment that’s been added to add an attachment, and we can actually go ahead and add an attachment here, a picture of our cracked camera. And we’ll attach that to the item. So conversely, anything in Jama Connect that’s participating in the integration, any field, name, description, priority, all of these changes from the Jama Connect side will also be reflected over on the Jira side. And so if we navigate back over into the Jira defect, we’ll do that by following this URL here, we can see that our attachment came over onto the Jira defect.

Similarly, if we’re in Jira now, we’re working and we want to create an epic, we can go ahead and create an epic. Usability improvement, we can go ahead and create that. And then let’s take a look at that epic that we just created here. Similar to the defect scenario, any field that’s set up and configured in the integration will synchronize between the two applications, and that includes the name, description again, comments, and priority. Any field that’s configured will sync over. Then if I refresh this epic that I just created, you can see now that there’s a Jama Connect URL to the correspondent epic that’s just been created in Jama Connect. So I can go here into Jama Connect and I can add things like tables and further elaborate the description, and ask the development team to fill out the table for me.


RELATED: FORT Robotics Selects Jama Connect® to Replace Google Sheets for Product Development


Maldari: But more importantly, what I can do is start to establish traceability within Jama Connect now. Assuming maybe this usability improvement request came from a particular customer, I can link it to an upstream requirement, or initiative, in this case, usability improvement from the customer. And so I can start to establish traceability now, now that it’s in Jama Connect. All the work is being done in Jira on this epic, but the traceability is being established within Jama Connect. So I’m always getting the latest changes over from the Jira side participating in my traceability within Jama Connect. Let’s take a look back over to the epic in Jira, and we can see the table that I just added from Jama Connect showing up here. You can even see that there’s now an upstream link reference that gives me a reference to the traceability that I just created on the Jama Connect side.

So as you can see, the integration allows teams such as software developers to work in Jira while allowing for real-time status updates to flow over to Jama Connect and be reflected in various traceability views. This way, teams are guaranteed to have the latest status on their projects. Thank you for watching this Future in Five session on the Jira integration for Jama Connect. If you’re an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please go to our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process.


To view more Jama Connect Features in Five topics, visit:
Jama Connect Features in Five Video Series


The ‘Square Root’-Process Model for System Engineering

In the rapidly evolving field of systems engineering, the traditional V-model has served as the cornerstone for development, defining system requirements and verification processes. However, the demands of modern engineering necessitate an extension of the V-Model to reduce time-to-market and elevate customer satisfaction. This article introduces the ‘square root’ model that extends the V-model that embeds continuous feedback and integration throughout the product lifecycle. By considering production, operation, support, and end-of-life sustainability from inception, the ‘square root’ model, visually represented in the accompanying diagram, ensures that engineering efforts align with practical constraints and market needs.

Leveraging Jama Connect®‘s advanced features, we will explore how this model fosters collaboration, efficiency, and strategic foresight, setting a new standard for systems engineering excellence.

Throughout this article, when ‘product’ is mentioned, understand that it can also refer to a service, software, or system.


There are aspects in engineering and feedback loops that the V-model implies to improve the engineering assets (mainly Verification and Validation focused) at the same information abstraction level; This article will describe the need to extend the traditional V-model to ensure the estimated time-to-market can be met with ease, customer satisfaction improves each product iteration and create a better tomorrow, using Jama Connect unique features to support your engineering teams to achieve these results.

Where the traditional V-model, starting at ‘Stakeholder Requirements’ and ending at ‘Acceptance Tests’ (or ‘Validation’), describes the engineering’s team involvement in the product being engineered, it is important to understand that this is only a small part in the entire lifecycle of a product. It’s the repeatable part for that product’s new releases and it’s the part that can be used to analyze the impact of changes before that change gets implemented in production.


RELATED: A Path to Model-Based Systems Engineering (MBSE) with Jama Connect®


Design Constraints

The word “constraint” has a negative connotation; Design constraints are limitations on what designers can do with a design. These limitations are usually byproducts of having deadlines, budgets, brand guidelines (and similar guidelines, see below), laws and regulations, finite resources, and limited decision power in terms of tools and processes.

Some product engineers view design constraints in a bad light because they feel like they’re being boxed in by a brick wall, while others embrace design constraints as directional guidelines that open the doors to creativity and strategic problem-solving.

On the surface, having design constraints can indeed feel like a bad thing; however, they can be extremely useful. Being limited to certain choices doesn’t necessarily mean being limited to certain outcomes. Often enough there are alternative options that are, at least, almost as good as what you originally envisioned.

Design constraints can come from various sources, in this article we’ll talk about the constraints that focus on time-to-market, customer satisfaction, and zero waste. In other words, design guidelines come from:

  • Production;
  • Operation and Support;
  • (Ecological) Sustainability; the recycling of your product’s used materials.

These design constraints facilitate engineering with the end in mind. Your team’s early decisions during product definition must include upgradability, serviceability, and for sure: disposal, and sustainability.

Please Note: As these are complex topics by themself and not part of the core business of Jama Software, this article will only emphasize the need for feedback from these product lifecycle phases into the product definition as design constraints. Design constraints might also be known and used as Non-functional Requirements (i.e., the different ‘-bilities’, like producibility, serviceability, etc.)

Production and Manufacturing

When production and manufacturing aren’t involved from the start, your engineering team might waste valuable engineering time and effort on a product that cannot be manufactured with the means your production facilities have at their disposal. This means that the product’s entire time-to-market will need to be extended to re-engineer the product to your current production capabilities; wasting precious time and putting your competitive edge at an unnecessary risk.

As an example, a Printed Circuit Board (PCB) might require that a set of components must be aligned in the same direction and at a specified distance when wave soldered to avoid short-circuits in operation. These wave soldering characteristics can be recorded and maintained in Jama Connect as Design Constraints. Source: https://www.mclpcb.com/blog/wave-soldering-issues/

The other side of this same coin; By knowing what your production facilities can and cannot do at the start of the product definition, your teams are capable of estimating when the new bleeding-/leading-edge product they are developing needs new production means.

These insights, when considered at the beginning of the product definition, will allow your teams to research, develop, and implement the required new production techniques and have them ready when the product hits the factory shop floor. This includes having purchasing ready with new suppliers, their delivery times, required stock levels, and other input required for your factory shop floor to hit the ground running producing your new product when it completes its V-cycle.

Operation and Support

The full value of a system or product is realized in its use and operation during the expected product lifespan. Your customers want to receive a product that meets their expectations, but those expectations extend beyond a product that works on day one. Customer Satisfaction, and thus Customer Lifetime Value, is heavily influenced by the ease and availability of maintenance, servicing, and upgrades that will extend the product’s lifespan. When a customer calculates Return on Investment (ROI), they are not only considering receiving a working product, but they are also factoring in;

  • Mean Time Between Failures (MTBF, a metric for failures in repairable systems);
  • Mean Time to Failure (MTTF, a failures that require system replacement);
  • Mean Time to Repair/Recovery/Respond/Resolve (MTTR, is the average time it takes to repair/recover/respond/resolve a failure in a product, service or system, usually technical or mechanical. It includes both the repair time and any testing time. The clock doesn’t stop on this metric until the system is fully functional again); and
  • Mean Time to Acknowledge (MTTA, a metric useful for tracking your team’s responsiveness and your alert system’s effectiveness).

Reliability represent a series of metrics designed to help customers understand how often incidents occur and how quickly they, in collaboration with your Operation and Support, bounces back from those incidents. Valuable indicators to determine if their investment, and any additional investment to keep it operational, is effective.

Analysis of these reliability, MBTF, MTTF, MTTR and MTTA metrics focused on means to reduce these indicators, lead to product enhancements that improve customer satisfaction for both users (better uptime, improved performance, etc.) and decision makers (value on their investment).

E.g., the accessibility of a repairable component, to improve the MBTF, can be recorded and maintained in Jama Connect as a design constraint.

Sustainability

For sustainability, it all starts with the design. The design decisions for the product contribute 80% to the carbon footprint of the solution! How to make your products and systems ‘green’ from the start, a topic most companies struggle with.

Once your teams start to include sustainability in your product’s mission, you’ll need a structured approach, as several factors will push for different considerations. The most obvious considerations are the choice of materials and the optimizing the production process (reducing carbon emissions).

However, the repairability/serviceability of the product should be considered with a more extended lifetime vision, just like upgradeability and reusing components.

Techniques like Lifecycle Analysis (LCA, shows how much influence a product has on the environment during its entire life cycle: from raw material extraction to waste processing) exist to determine the Design Constraints necessary for the sustainability of the product being developed.

The (material) considerations that come out of an LCA (e.g. switch from fossil fuels to hydrogen) can be recorded and maintained in Jama Connect as a design constraints.

Jama Connect supports the ‘square root’-model

Collaborate with stakeholders from Production, Operation & Support and Environment, Health & Safety

Recording design constraints is not unique to a (Requirements Management, or Product Definition) application like Jama Connect; The ability to collaborate with colleagues in reviews, from the respective product lifecycle phases that normally don’t have to deal with the product definition phase (and thus don’t work in Jama Connect) is unique.

This unique feature allows your teams to engineer your products with the end result in mind, by involving the stakeholders from beyond their own engineering reach, to collaborate and achieve the optimum time-to-market, best customer satisfaction and create a better tomorrow for ourselves and future generations.

These stakeholders don’t require to be Jama Connect users to be invited and collaborate in a review within Jama Connect. Involving those stakeholders into the review process allows these stakeholders to verify their design constraints are adequately and sufficiently addressed by the requirements of your product definition.


RELATED: The Benefits of Jama Connect®: Supercharge Your Systems Development and Engineering Process


First step in sustainability; reuse as much as possible

Not only does reusing and synchronizing requirements reduce your time-to-market and improve quality, but it is also a key strategy for getting your products sustainable. Jama Connect can help reducing the struggle to build on existing work when requirements, and their corresponding test cases, are spread across documents and systems, missing Live Traceability™. Your teams must manually identify and copy related content increasing the risk of rework and gaps. Additionally, teams tend to lack visibility across efforts, causing necessary changes to not propagate across reused content, potentially impacting quality and disconnected product design efforts.

Jama Connect simplifies and enhances the process of reusing requirements and verifications by allowing you to copy selected content with its container and its traced items. Synchronization ensures visibility and enables key use cases such as parallel product definitions, common content libraries (i.e. reusable component libraries) and product variants.

Further reading
  • INCOSE (International Council on Systems Engineering): INCOSE is a professional organization dedicated to promoting and advancing the field of systems engineering. Their website (www.incose.org) offers a wealth of resources, including publications, articles, and conferences, that cover various topics in systems engineering, including the V-Model.
Other sources used

SOC2 Type2

Streamlining SOC2 Type 2 Compliance: How Jama Connect® Can Help Enable Audit Success

In today’s business landscape, technology and data play a crucial role. Therefore, it is of utmost importance to prioritize the security and privacy of sensitive information. One way to do this is by undergoing a SOC2 Type 2 audit.

A SOC2 audit provides an independent, third-party validation that a service organization’s information security practices meet industry standards stipulated by the AICPA (American Institute of Certified Public Accountants.) During the audit process, a service organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system are tested.

This audit provides customers and partners with trust and assurance regarding an organization’s data security practices. It also helps businesses in regulated industries meet compliance requirements, manage risks by identifying and mitigating security threats, and gain a competitive edge by demonstrating a strong commitment to security. Furthermore, it can drive internal improvements by enhancing policies and procedures related to data protection.

Jama Software® is the only vendor in the requirements management and traceability space that is SOC2 Type 2 compliant both on the application layer and the data center offerings. In this blog post, we’ve invited Jama Software team members Sarah Voget – Team Lead, Project Manager, Jennifer Esposti – Project Manager, and Cooper Graham – Compliance Analyst, to detail their experiences preparing for and passing the SOC2 Type 2 audit and how they will use Jama Connect® to improve future audits.

Preparing for the audit process

Tell us about your experience with SOC2 audits in the past. What tools have you used at other companies? What were some of the challenges or drawbacks to those solutions?

Sarah Voget: The biggest challenge I ran into at previous companies was that no one tool could easily compile and track evidence for recurring audits. Passing an audit requires a company to compile substantial evidence from a variety of sources in a variety of formats. For example, we upload free text answers from subject matter experts (SMEs) to specific audit questions along with supporting screenshots, policy documents, PDF reports, etc. While tools like OneDrive or Excel could keep such information somewhat organized, it was incredibly difficult to have a holistic picture of audit evidence over time. Each year during audit prep, I felt like I had to reinvent the wheel by tracking down audit evidence from a variety of systems and SMEs all over again.

Tell us how you came up with the idea of using Jama Connect® for SOC2 compliance.

Voget: When I first joined Jama Software, I attended an internal presentation about Jama Connect, where I learned about our product’s strength in end-to-end requirements tracking. A lightbulb went off in my head because that’s really what audit prep is all about. An audit is like a list of requirements that we must prove we’re meeting, and each year, we reevaluate our effectiveness at meeting those requirements. It’s critical for us to understand how we met certain requirements in the past and to continuously iterate on our security policies and procedures as they relate to those requirements. Once I made that connection, I realized the potential power of Jama Connect as an internal audit preparation and readiness tool.

Can you provide any information about how you formatted Jama Connect initially to prepare for the audit?

Voget: My first attempt at using Jama Connect for audit prep focused on the big problem I mentioned earlier: compiling huge amounts of evidence in one place where I could easily access it over time.


RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution


Lessons for future audits

Taking lessons from the first SOC2 audit using Jama Connect – what did you think could be improved on? What were the wins?

Jennifer Esposti: For the initial audit, Jama Connect was used primarily as a content management tool, which allowed us to organize and document the required evidence. This year, we wanted to expand our use to include the monthly, quarterly, and annual maintenance we do as a cross-functional team to ensure we are maintaining the necessary processes for SOC2 compliance.

Cooper Graham: In the first year run-through, we stored some critical information, such as the trust criteria and some information around the auditor questions and requests and our responses in Jama Connect, which limited those resources to those involved in the audit. The primary win was seeing the potential of the Jama Connect application for managing and tracking our SOC2 preparation. Having a foundation in the application that we could build on year-to-year rather than starting from scratch for each year’s preparation. Using additional features and elements in the Jama Connect application for collaboration and organization of our preparation.

What changes have you made from the initial SOC2 audit?

Esposti: From a project management perspective, I use the test management functionality within Jama Connect to organize the monthly, quarterly, and annual check-ins. The test cases provide a clear and consistent process for the project team to follow.

Graham: Using the test management functionality, we were able to organize and track recurring check-ins to ensure we were prepared for the upcoming audit. We were able to document more specific questions and responses that were provided during the previous audit to have a better understanding of the auditor’s asks and wants. It also gives our subject matter and individuals involved in the audit the ability to see what was previously asked to prepare for the upcoming audit.

How is Jama Connect well suited to help teams prove SOC2 compliance?

Graham: As a requirements management product, the ability to identify the requirements, track the associated testing, and include evidence or links to key artifact locations really assists in the organization for the audit and ensures nothing slips through the cracks.

How are you leveraging features in Jama Connect for this year’s audit and beyond?

Esposti: My focus this year is on using the test management functionality to organize our evidence and ensure we are performing the required tasks on a monthly, quarterly, and annual basis. For future audits, I’d like to explore ways we can use Jama Connect to track our progress year-over-year.

Graham: We are utilizing Jama Connect’s Test Management functionality in a new way this year. The ability to organize monthly, quarterly, and annual check-ins and create test plans associated with specific teams ensures that all of the pre-audit due diligence is performed. The ability to create test cases that can be reused ensures consistency for every check-in. Having everything laid out in Jama Connect allows us to identify gaps and potential improvements to test cases and collaborate more effectively with key stakeholders. In the future, we plan to use Live Traceability™ to have a better view of the SOC2 process, from requirements to testing to end results. As the Jama Connect application goes through its releases, new features and functionality are being continuously added. We’re constantly looking to see if there are new elements that would aid us in preparation for future SOC2 audits.


RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries


CONCLUSION

Meeting SOC 2 Type 2 requirements requires careful attention to detail and strong management of organizational processes. A comprehensive solution like Jama Connect can greatly assist teams in navigating this complex terrain. By centralizing and automating requirement management, Jama Connect ensures traceability, transparency, and accountability throughout the development process. Its collaborative features facilitate efficient communication and documentation, which are crucial for meeting SOC 2 Type 2 standards.

Using Jama Connect, engineering organizations can now intelligently manage the development process by leveraging Live Traceability™ across best-of-breed tools to measurably improve outcomes.

Live Traceability enables organizations to meet SOC2 Type 2 standards by effectively tracking data and processes within their systems. By utilizing Live Traceability, companies can demonstrate their compliance with SOC2 Type 2 standards through well-documented information and audit trails. This promotes transparency and accountability. Staying updated with the latest SOC2 Type 2 standards is crucial for maintaining secure operations and reducing risks. Jama Connect remains current by regularly updating its platform to adhere to the latest SOC2 Type 2 standards, ensuring companies remain compliant and secure.