G2® Once Again Names Jama Connect® the Overall Leader for Requirements Management Software
Jama Connect® was again named far and away the overall leader in the Winter 2024 G2 Grid® Report for Requirements Management Software!
In addition to the honor of being named the leader in requirements management software, we are proud to showcase that we were awarded several additional medals for Winter 2024 in requirements management, including:
Leader
Enterprise Leader
Momentum Leader
EMEA Leader
Small-Business Leader
Mid-Market Leader
Users Love Us
Download the full report to see why customers love using Jama Connect for product, systems, and software development.
Learn More About the Winter 2024 G2 Grid for the top Requirements Management Software productsHERE!
Jama Software® is honored to be acknowledged as the top requirements management solution. We’re grateful to our customers for sharing their valuable feedback on their experiences using Jama Connect. The “Users Love Us” category, in particular, is a testament to the value our industry-leading requirements management software brings to our customers, and especially for customers who have moved from a document-based approach to complex product, systems, or software developement.
“Product Design teams need a requirements management tool like Jama [Connect.] Using Jama Connect allows our software development team to have a well-organized and well-written set of requirements. It allows us to more easily maintain a baseline of features in our continuously evolving software.”
-From review collected and hosted on G2.com, Mark M. — Mid-Market
We strive to provide our customers with the best experience while using our platform. Being named as Leader in particular shows how much our users enjoy working within Jama Connect.
“Jama [Connect] is the final death blow to your grandfathers way of managing text based requirements.”
-From review collected and hosted on G2.com, Mark M. — Mid-Market
From all of us at Jama Software to all of you, thank you!
G2 scores products and sellers based on reviews, gathered from their user community, as well as data aggregated from online sources and social networks. Together, these scores are mapped on their proprietary G2 Grid®, which can be used to compare products, streamline the buying process, and quickly identify the best products based on the experiences of your peers.
https://www.jamasoftware.com/media/2024/01/2024-01-23_g2-leader-winter-2024_1024x512-1-2.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2024-01-24 03:00:532024-01-22 11:04:30G2® Once Again Names Jama Connect® the Overall Leader for Requirements Management Software
Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Why penetration testing is critical to every robust cyber security strategy” – originally published on November 2, 2023.
A big “Thank You!” to Chris Dickens for a great article. As part of our security program here at Jama Software, we have a layered approach to security tests and scans. Scans are done on every build, automated tests are run on every build, and active PEN tests are done multiple times per year. As the only SOC 2 Type 2 product in the space, we have set a high bar for ourselves because we know the importance of security to our customers.
Why Penetration Testing is Critical to Every Robust Cyber Security Strategy
Chris Dickens, Senior Solutions Engineer at HackerOne, outlines an effective penetration testing strategy.
Digital transformation has become an essential requirement for any business that wants to remain competitive in an increasingly digital global landscape.
However, it’s not always straightforward. In many cases, digitizing key processes can expose businesses to a wide array of new cyber security risks they aren’t used to, potentially leading to damaging breaches, attacks and/or loss of sensitive data if they aren’t careful.
In order to protect against such threats, a well-rounded cyber security strategy needs to be put in place alongside any digital transformation initiative.
However, cyber security isn’t a ‘one and done’ activity, strategies must be continuously evaluated and tested to ensure they remain effective.
Cyber criminals constantly evolve their attacks, so cyber security must also evolve. Whatever works now will likely be outdated in just a few weeks or months.
One of the best ways to stay ahead is through regular penetration testing (pentesting), which can give companies a fast, accurate snapshot of the current state of their cyber defences. This point in time activity features ethical hackers putting themselves into the shoes of malicious actors in an attempt to breach a system’s security for the purpose of vulnerability identification.
Typically, both humans and automated programs are used to research, probe, and attack a network using various methods and channels known to be used by cybercriminals.
But too many still don’t fully understand how pentesting works, or how they can effectively implement it into their wider security strategy.
The era of secretive, closed-door penetration testing is a thing of the past. In those days, you had to depend on the skills and schedules of usually big companies, enduring long waits, and limited insight into the results and tester’s actions.
Nowadays, penetration testing has evolved significantly. It often commences within a few days and is typically conducted on a smaller scale more frequently. This transformation is credited to innovative platforms that offer real-time transparency into the testing process and a more inclusive approach when bringing testers on board.
The emphasis is now on results and experience from the ethical hacking community rather than formal education and certification. The creation of new AI-based hacking methods and willingness to test source code has also greatly improved the output.
While this may sound quite daunting for the business involved, pentesting is an incredibly effective way to discover major vulnerabilities in their security before they can be exploited, which is critically important for keeping sensitive data safe.
Arguably, penetration testing’s best advantage, however, is its thorough coverage and documentation. Due to its in-depth and refined testing, in most cases, vulnerabilities are discovered and documented, including details on how the bug can be exploited, its impact on an organisation’s compliance, and advice on how to remediate the issues.
Unlike other offensive security engagements, pentesting also allows organisations to test internal systems alongside unfinished applications – this is especially useful when leading up to a new product announcement or organisation acquisition.
Using pentests to inform both present and future security strategies
As mentioned, pentesting is a great way for businesses to gauge the effectiveness of their existing security defences at that moment in time.
However, too many organisations tend to treat it as though it’s the beginning and the end of the process, which it isn’t.
Pentesting is a tool, not a strategy, and as valuable as they are, pentests are only useful if the results are translated into an effective overall security strategy for the future.
An effective modern pentesting strategy should contain the following elements:
Establish key security priorities- First and foremost, businesses must determine what they need to protect. While it’s impossible to protect everything all the time, key assets should be prioritized based upon the damage the asset would cause if it was to be compromised. Typically, highly sensitive information such as proprietary IP, competitive and legal information, and personally identifiable information (PII) will be top of the list.
Get security buy-in from all employees- A sustainable security culture requires buy-in at all levels of an organization, from the executive board to the reception desk. If every employee takes responsibility for company security, it’s much easier to build a model where risks are shared, and teams across the company can scale securely.
Use pentesting as a regular security touchpoint- Regular penetration testing is a great way to promote a more proactive approach to security. All too often, organizations aim to meet only the minimum requirements for compliance – and believe themselves to be secure, which is a highly risky strategy. By contrast, combining regular pentests with bug bounty programs provides a continuous feedback loop that allows companies to quickly identify new vulnerabilities and deal with them before they come to the attention of malicious actors.
Make robust cyber security a strategic differentiator- A recent study by PwC found that 87% of global CEOs are investing in cyber security as a way of building trust with customers. If the lifeblood of the digital economy is data, its heart is digital trust. Organizations with a sound security strategy can quickly turn it into a strategic differentiator for their brand, which is invaluable in highly competitive business sectors and industries.
The best cyber security strategies can quickly adapt to change
Modern enterprise security is not easy. As more businesses embrace digital transformation and cloud computing becomes the new normal, reliance on IT is at an all-time high.
Consequently, even a small data breach can potentially have a devastating impact. On top of this, attack surfaces are exponentially larger than they were just a few years ago and continue to grow at an alarming rate.
The best practice approach for security teams is to color outside of the lines by infusing new and independent thinking. With this in mind, penetration testing offers much more than just a scan and definitely more than a tick-box compliance requirement.
By developing a cyber security program that employs an agile approach, organizations can prioritize flexibility and make rapid changes when needed.
Engaging ethical hackers enables organizations to deploy an army of specialized experts that will work around the clock to identify vulnerabilities and conduct pentests for both regulatory compliance and customer assessments. In today’s highly competitive and volatile business environment, few organizations can afford to forego such a crucial security advantage.
Contributor Details Chris Dickens – Senior Solutions Engineer, HackerOne
https://www.jamasoftware.com/media/2024/01/spotlight-ad.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2024-01-18 03:00:552024-01-19 15:24:03Why Penetration Testing is Critical to Every Robust Cyber Security Strategy
What is a Software Factory?
A software factory is not a physical factory; instead, it’s a metaphorical one, signifying a structured, systematic approach to software development. It’s based on the principles of manufacturing, where standardization, automation, efficiency, and quality control are paramount. In a software factory, software is produced in a manner akin to an assembly line, where each stage of development follows a well-defined process, ensuring consistency and scalability.
Standardization: Standardized procedures and equipment are the foundation of a software factory. Because of this standardization, the development process is more predictable and controllable since every piece of software is produced using the same set of procedures.
Automation: The software factory model’s foundation is automation. Automation tools are used to speed up development, minimize errors, and reduce manual labor from code generation to testing and deployment.
Modular Architecture: Software factories employ modular architecture in a similar way to physical factories that use interchangeable parts. Reusable components are made possible by this method, which speeds up and simplifies the development of new features or apps.
Quality Control: A software factory must employ continuous integration and deployment (CI/CD) techniques. By using these procedures, code modifications are automatically tested and released, upholding strict dependability and quality criteria.
Collaboration and Communication: Coordinating the efforts of the various teams participating in the development process requires the use of effective collaboration tools and processes. By doing this, it is made sure that everyone is in agreement and that the result meets the intended goals.
Benefits of a Software Factory
Increased Efficiency: By automating repetitive tasks and standardizing processes, a software factory significantly increases the efficiency of software development.
Consistency and Quality: Standardized processes and automated testing lead to more consistent and higher-quality software products.
Scalability: The modular approach and automation make it easier to scale the development process, accommodating more features or higher volumes of software production without a proportional increase in resources or time.
Faster Time-to-Market: With streamlined processes and automation, software factories can significantly reduce the time it takes to bring a software product from concept to market.
Cost-Effectiveness: Although set up requires an initial investment, the long-term benefits of increased efficiency and reduced manual effort result in significant cost savings.
Jama Connect® aids leaders by providing robust requirements and test management, ensuring clarity and alignment throughout the project. With Jama Connect’s Live Traceability™, teams can manage requirements and tests through the systems development process for proven reduction in cycle time and improved product quality.
With the advent of the software factory, software development has undergone a paradigm change from an artisanal, handcrafted approach to one that is more methodical, efficient, and scalable. Organizations can create software more effectively, more cheaply, and with higher quality by adopting the concepts of standardization, automation, modular architecture, quality control, and effective teamwork.
Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Steven Meadows, McKenzie Jonsson, and Decoteau Wilkerson.
https://www.jamasoftware.com/media/2024/01/2024-1-16-software-factory-2.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2024-01-16 03:00:592024-01-16 10:49:08The Software Factory: A Modern Approach to Software Development
In this blog, we recap our webinar, “Critical Alignment for Security, Safety & Product Development Team” – Click HERE to watch it in its entirety.
Critical Alignment for Security, Safety & Product Development Teams
Break down silos to unite teams for the future of vehicle technology!
Safety, security, and development teams tend to work in silos due to differing objectives, tooling, and methodologies; historical contexts; educational backgrounds; and even fundamental terminology.
The increasing interconnectivity of vehicles makes it hard to separate safety and security from development. In the complex world of software, teams must break down silos, foster collaboration, and streamline documentation to ensure agile development and adapt to evolving demands.
In this webinar you will learn:
Why it’s important to have compliance teams speaking the same language
What we’re seeing and expecting from the industry to bring these specialized teams closer
How to keep security, safety, and development teams aligned using Live Traceability™
How to avoid rogue development and keep track of progress with Traceable Agile™ practices
Discover how Jama Connect® can empower Automotive and Semiconductor development teams to improve their end-to-end lifecycle and avoid costly rework.
Below is an abbreviated transcript of our webinar.
Kevin Dibble: I’d like to talk about the agenda for today and focus on the word alignment because that’s where we’re going to cover how we bring together cybersecurity teams, safety teams, product development teams, and even project management.
There’s a lot of siloing and opportunities in organizations for these specialized groups to work separately. But we’re going to talk about the importance of bringing these teams together and show some enabling technologies around live traceability and traceable Agile practices. So that’s the focus for today. But first, let’s start with the problem, and I want to isolate safety and security to begin with. So how are teams working today in these two functional areas?
With the puzzle piece in the middle, I’m trying to communicate that these teams want to work together, but the puzzle doesn’t quite fit yet. So let’s look at some of the underlying reasons why.
First, with functional safety, the standards for functional safety in automotive, ISO 26262, has been around since 2011, and the safety work’s been around even longer than that. So for OEMs, tier ones, and even some tier twos, the organizational competency, processes tool, the culture of safety are quite mature.
But on the right side, we have cybersecurity, which in automotive is a new discipline, with new standards, new audits, and assessment requirements, and requirements coming very rapidly from OEMs and tier ones worldwide.
Dibble: These teams are going through training. The processes for doing product development according to standards like ISO 21434 are new or in development still. The discipline itself is new and transforming out of IT security. And so this helps to understand perhaps some of the underlying factors of why these teams might be working separately or not working exactly on the same page.
Which leads to a silo situation. And I’ve got functional safety on the right and cybersecurity on the left. Both of those standards and both of those disciplines require automotive V-Model development, with strict requirements for documentation, quality, and compliance with the V-Model.
And so what’s happening is that the organizations pulling together these disciplines along with product development are doing some sharing in risk analysis, and basically handing requirements to product development teams, and not yet in a stage where they’re fully collaborating. And that presents some problems. And it adds some risk.
A couple of examples here are both safety and security risk-based standards for understanding how we mitigate the risk of something wearing out like hardware or defects that could cause safety issues on the one. And then on the cybersecurity side, how do we mitigate the risk of an attacker using a threat to infect or change the behavior of a system?
The controls or the mitigations for those two types of risks might result in conflicting requirements. For example, how to handle a communication channel, and I’ve given you an example right here.
Those two teams have to work together along with product to solve those differences, as well as to build an integrated system that at the end of the product release cycle we’re not finding surprises in terms of conflicting requirements and implementations that don’t work together cohesively. And so that’s one of the areas cyber and safety silos can cause problems.
Dibble: Now, we’ve heard about safety issues, recalls, and unfortunately crashes and fatalities for years. But I want to highlight some of the things that are being written in the press even recently about the threats that cybersecurity is now trying to address. From taking control of fleets of vehicles to shutting down production lines to causing safety-related hazards potentially, these are very real threats, and this is why the industry is moving so quickly to adopt the new cybersecurity standard.
To be able to tie together the disciplines of safety and security as well as product development, communication is critical. These safety analysis and threat analysis can’t happen in a vacuum. The teams have to work together, and this is where that alignment concept becomes so important.
Also, both these standards, 21434 and ISO 26262 require the establishment of communication channels between safety, security, and other disciplines like quality. So the developers of these standards certainly were aware of the need for these teams to talk and to achieve alignment.
https://www.jamasoftware.com/media/2024/01/Copy-of-compliance-made-easy.png5121024Jama Software/media/jama-logo-primary.svgJama Software2024-01-10 03:00:332024-04-05 13:30:52[Webinar Recap] Critical Alignment for Security, Safety & Product Development Teams
In this blog, we’ll recap our eBook, “What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security” – Click HERE to download it in its entirety.
What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security
A comprehensive guide to understanding ANSI/AAMI SW96:2023 and mitigating security risks
Introduction
Managing risk around a medical device’s entire lifecycle has become increasingly complex. Many devices use third-party components, which is especially true for devices that require a network to operate. This increased need for connectivity, along with other emerging threats, is putting security at the forefront of medical device industry standards.
A recent report titled “2023 State of Cybersecurity for Medical Devices and Healthcare Systems” found 993 vulnerabilities in the 966 medical products it examined—a 59% year-over year increase from 2022. Software applications, including those that medical devices relied on to work, accounted for 64% of the vulnerabilities found.
With device vulnerability increasing, new standards aim to keep up with emerging threats. As a result, ANSI/AAMI SW96:2023 was created to help protect against threats, understand risk, and guide manufacturers in taking the most appropriate actions to enhance security. However, because the standard is relatively new, many device manufacturers are still finalizing the interpretation on how this impacts their organizational processes. If you’re still working to get familiar with the standard, we’ve created a complete guide to make the task easier.
Third-party components may increase security risk, with one study finding that software alone accounted for 64% of noted vulnerabilities.
What is ANSI/AAMI SW96:2023?
ANSI/AAMI SW96:2023 guides security risk management for medical devices, aligning with the processes included in ISO 14971:2019.
The new standard addresses the entire lifecycle of a medical device, including areas such as design, production, and post-production. It’s intended for use with AAMI TIR57 Principles for Medical Device Security – Risk Management, which addresses cybersecurity analysis, and AAMI TIR97, Principles for Medical Device Security, which guides processes for managing medical devices in the post-market space.
The goal of the new standard is to support manufacturers in ensuring that medical devices are reliable, work as intended, and don’t cause harm to patients, operators, or the environment. It also focuses on mitigating any potential risks around device failure.
What is ANSI/AAMI
SW96:2023? The standard includes policies, procedures, and best practices designed to evaluate, control, and monitor potential risks involved with a medical device.
Security has always been important to medical device manufacturers, which is why considerations are included in ISO 14971:2019. However, ANSI/AAMI SW96:2023 aims to deepen security-related standards.
Addressing potential security risks throughout the entire product lifecycle, including design, production, and post-production, enables manufacturers to identify and mitigate potential risks through a more focused and proactive approach. It helps manufacturers continually identify, review, and safeguard against fast-evolving threats.
Understanding the security risk management process
As you get up to speed with ANSI/AAMI SW96:2023, the “security risk management process” section includes details for mitigating potential threats. It includes six major sections, everything from
security risk analysis to production and post-production activities. Each section contains a detailed framework, but for the sake of simplicity, we’ve highlighted a few main points for each.
The 6 Sections of Security Risk Management
Security risk analysis. It focuses on selecting product security standards, performing threat modeling, and establishing capabilities to identify and detect security vulnerabilities across a medical device’s entire lifecycle.
Security risk evaluation. Establishes a security assessment strategy and testing processes.
Security risk control. Identifies, designs, and implements security risk control measures, as well as verifying the implementation effectiveness of any security risk control measures.
Evaluation of overall security residual risk acceptability. Determine if the “security residual risk” of a device is acceptable.
Security risk management review. A security management report is prepared.
Production and post-production activities. Potential vulnerabilities are monitored to identify any new security risks. Also, it establishes processes to stay aware of new threats, creating security incident response plans and other measures to identify ongoing vulnerabilities.
Section 1: Security Risk Analysis
The security risk analysis focuses on selecting product security standards, performing threat modeling, and establishing capabilities to identify and detect security vulnerabilities across a medical device’s entire lifecycle. It covers:
Security risk analysis process: It suggests that manufacturers perform a security risk analysis, and the results are recorded in the “security risk management file.”
Intended use and reasonably foreseeable misuse: The “security risk management” file includes reference documents developed in compliance with clause 5.2 of ISO 14971. It needs to account for “the use of a medical device in a way not intended by the manufacturer, but which can result from readily predictable behavior.”
Identification of assets and characteristics related to security: You’ll also identify potential medical device vulnerabilities such as third-party components, hardware, and software.
Security risk estimation: You will estimate the associated “risks” for each of the identified security vulnerabilities and potential impacts on areas like confidentiality and integrity.
Section 2: Security Risk Evaluation
The security risk evaluation establishes a security assessment strategy and testing processes. A few areas it considers:
Evaluation of each security risk: Identify each security risk area, determining if a “security reduction” is required.
Evaluation of security risks with a potential safety impact: Consider every potential risk to determine any potential safety impacts.
This section is focused on identifying, designing, and implementing security risk control measures, as well as verifying the implementation effectiveness of any security risk control measures, including:
Security risk control option analysis: Determine if a security risk control measure is appropriate for mitigating security risks to an “acceptable level.”
Implementation of security risk control measures: Security risk measures are selected based on the prior step.
Security residual risk evaluation: After the security risk control measures are implemented, the manufacturer evaluates the security residential risk and records this evaluation in the security risk management file.
Benefit-risk analysis: If a security residual risk is found to be “acceptable” using the criteria created in the security risk management plan, and further security risk control isn’t practical, the manufacturer conducts benefits versus security risk analysis.
Risks arising from security risk control measures: The manufacturer reviews the effects of the security risk control measures to understand whether new security vulnerabilities and threats are introduced that could impact security, safety, or privacy.
Completeness of security risk controls: The manufacturer periodically reviews security risk control activities to ensure all vulnerabilities and threats are considered and security risk control activities are complete.
Section 4: Evaluation of Overall Security Residual Risk Acceptability
After the security risk controls are implemented and verified, the manufacturer determines if the overall “security residual risk” created by the medical device is acceptable.
Section 5: Security Risk Management Review
The standard recommends a review of the execution of the security management plan before releasing a new device. According to ANSI/AAMI SW96:2023, the review should ensure:
The security risk management plan has been appropriately implemented.
The “security residual risk” is at an acceptable level.
Methods are in place to gather and review details in the production and post-production phases, and leadership has reviewed and approved the plan.
Section 6: Production and Post-production Activities
The final section is focused on establishing, documenting, and maintaining a system to monitor, assemble, and review information about medical device security in the production and post-market phases. Also, it establishes processes to stay aware of new threats, creating security incident response plans and other measures to identify ongoing vulnerabilities.
https://www.jamasoftware.com/media/2024/01/2fe8f5c4-37b4-47b3-b012-1ca0b0d208a1.jpeg512986Jama Software/media/jama-logo-primary.svgJama Software2024-01-09 03:00:592024-01-17 17:10:17What You Need to Know: ANSI/AAMI SW96:2023 — Medical Device Security
2024 Predictions for Industrial and Consumer Electronics (ICE) Product Development
As the Industrial and Consumer Electronics (ICE) sector moves into 2024, we aim to gain a deeper insight into the factors driving transformation in the development of products, systems, and software and explore how teams within this sector are adapting to meet the challenges posed by these evolving complexities.
In part three of this six-part series, we asked our own industry expert Steven Meadows – Principal Solutions Lead at Jama Software®, to weigh in on the ICE product, systems, and software trends he’s anticipating in the coming year and beyond.
We like to stay on top of trends in other industries as well. Read our predictions for Automotive predictions HERE, Aerospace & Defense HERE, Medical Device & Life Sciences HERE, SoftTech HERE, and Product & Engineering Teams HERE.
Design Trends – What are the biggest trends you’re seeing in your industry right now? How will they impact ICE product development?
Steven Meadows: The Internet of Things (IoT) continues to remain at the forefront of development across consumer electronics manufacturing. ‘Smart’ products like home security systems, laptops, kitchen appliances, and tablets are manufactured with an increasing number of sensors and inputs that transfer data to different networks and applications. With more complex and integrated systems, the need for digital product development tools to ensure product quality is becoming increasingly important.
We’re seeing a shift in oil and gas companies managing requirements from documents to digital solutions. Increasingly complex projects that incorporate the setup of facilities and adherence to multiple standards have made this shift a priority.
Cloud computing, as we wrote about last year, continues to grow across the software industry. Cloud is the golden standard, allowing for more flexible, cheaper, and sustainable solutions. More and more companies increasingly rely on cloud computing for projects and daily activities without the need for managing system administration, upgrades, and security.
Biggest Challenges – What are some of the biggest challenges you think ICE companies will be working to overcome in 2024?
Meadows: Artificial Intelligence (AI) has been at the forefront of development for years and continues to evolve, allowing for more automation, self-maintenance and diagnosis, and other areas which have improved end products.
One challenge I see for industrial and consumer electronics companies to remain competitive is incorporating AI in their products to help with less costly maintenance and production lines. AI-assisted firmware development will help with this.
Regulations – What changing regulatory guidelines do you anticipate having an impact on companies in 2024?
Meadows: I have attended several conferences this year across different industries and it’s safe to say that more regulatory guidelines around artificial intelligence will be released and impact companies in 2024. This will certainly have an influence on product development and what companies can include in their products. It will be interesting to see what guardrails the government and other entities will enforce.
Tool Innovation – From an ICE engineering toolset perspective, what are some of the processes you think forward-thinking firms will be working to leverage or incorporate into their process and why?
Meadows: We’re seeing several trends across industrial and consumer electronics development. Companies at different scales, from startups to large enterprises, are placing a greater emphasis on maturing effective internal development processes and tools.
Requirements authoring has often been challenging for teams with differing experiences. Poorly defined requirements often lead to poor products and systems, more defects in the field, and costly recalls. Companies are embracing AI and machine learning in their toolset to help teams author better-quality, less ambiguous, and easily testable requirements. By applying the industry’s best-known methods for evaluating and recommending improvements across requirement statements, including the Easy Approach to Requirement Syntax (EARS) and International Council on Systems Engineering (INCOSE) guidelines, companies are noticing significant improvements with products being shipped to customers.
Our customers continue to see the value in shifting their product development process, enabled through a document-centric process, to a modern digital solution. With Live Traceability™ – and all development artifacts housed in a single source of truth inside Jama Connect® – development teams benefit from a real-time view of related artifacts and development activities. This is enabling our customers to reduce risk early on, speed time to market, as well as improve product quality.
What advice would you give to new companies entering the ICE industry?
Meadows: Make sure you place an emphasis on solid product development processes and tooling early on, even at the prototype stage. Your ideas may be great but unless you have an effective development process defined early on with the right tools to enable it, your products will ultimately suffer, and you’re introducing unnecessary risk.
https://www.jamasoftware.com/media/2023/12/2023-12-21-2024-ice-predictions-2.jpg512986Jama Software/media/jama-logo-primary.svgJama Software2023-12-21 03:00:142024-01-17 17:26:052024 Predictions for Industrial and Consumer Electronics (ICE) Product Development
In this blog, we recap our webinar, “DO-326 Airborne Security Assurance, Threat Modeling, and DevSecOps” – Watch the entire thing HERE.
Cyber vulnerabilities can have a significant impact on safety-critical systems.
Today there is an unprecedented level of digital interconnectivity in everything from vehicle sensors to rovers on the surface of Mars. The aerospace industry has a high degree of cyber connectedness where a negative impact could cause harm to not only aircraft but financial systems, company reputations, international relations, or even physical harm to humans and property.
During this informative session, Cary Bryczek, Director of Aerospace & Defense Solutions at Jama Software®, discusses how Jama Software applies a cybersecure-by-design approach to meeting DO-326A/DO-356A for aircraft systems and how this can be extended to the defense domain.
In this webinar, we covered:
Applying the Airworthiness Security Assurance Process
Threat (attack) modeling methods
Tracing security measures to requirements and tests
The role of requirements in DevSecOps tool ecosystems
DO-326 Airborne Security Assurance, Threat Modeling, and DevSecOps
Cary Bryczek: What we’re seeing today is just an unprecedented level of digital interconnectivity in seemingly every system out there. The aviation industry has a high degree of cyber connectedness where a negative impact could really cause harm to not just humans and property, but company reputations, international relations, or financial systems.
What we’re going to see today is how Jama Connect can provide a cyber secure-by-design approach to meeting the many aspects of DO-326 and DO-356, or ED-202 and ED-203 in Europe, the Middle East, and Africa (EMEA.) What we’re going to see is we’re going to apply the airworthiness security process that’s inside of DO-326, and use Jama Connect’s Live Traceability™ to trace security measures to security requirements, trace security requirements to testing, look and see how a threat analysis can all be incorporated into a single platform.
What is Cybersecurity by Design? So one of the things that we see a lot is in the tool ecosystem is a very disconnected set of processes and tools. So whether you’re tracing and using tools that do requirements identification, tracing those to verifications and hardware and software designs, or whether you’re using tools to do aircraft security analysis and tracing those to security architectures and security V&V, we’re noticing the disconnectedness of the processes in the tool ecosystem is causing product delays, cost overruns, product failures, audit failures, late identification of defects, and lack of visibility because the ecosystem is very disconnected, is taking place. There’s poor requirement coordination. Change management is hard between software and hardware, and you have a high degree of manual effort required to produce the traceability that’s required for certification. And you’re seeing this after the fact and Excel is used everywhere. Desktop tools are prevalent in the engineering of these systems, and it’s difficult to integrate desktop tools and Excel files into and across the ecosystem for product development.
Bryczek: So what is Live Traceability? Live Traceability in Jama Connect gives the ability for any engineer at any time to see the most up-to-date upstream and downstream information for any requirement, no matter the stage of the systems development or however many siloed tools it spans. Now, this Live Traceability is important because it’s required by the industry standards like we’ve seen in aviation development and Live Traceability delivers a huge productivity improvement and it reduces the risk and the delay that happens when you have a disconnected tool environment.
So we’re going to talk about DO-326. DO-326 is really a set of standards jointly developed by RTCA and EUROCAE. It came about in 2006. It includes a few separate standards. DO-326 and ED-202 really is about the airworthiness security process specification. It explains the fundamental concepts behind airworthiness cybersecurity. DO-356 and ED-203, the airworthiness security methods and considerations, this explains how to perform cybersecurity investments, how to evaluate threats, and security measures of the system. How do you apply the mitigation measures? DO-355, we’re not going to really talk about that one today, but it’s applicable to if there are changes in an already certified system. So one of the most relevant documents you’re going to start with even before you start down the path for cybersecurity, is creating your product information and security risk assessment document. You’re going to perform an analysis of this, and this analysis should be conducted according to the standards.
So what exactly is airworthiness? So airworthiness security is the protection of the airworthiness of the aircraft from intentional unauthorized electronic interaction. So existing safety processes don’t consider intentional disruption. They look at the faults and failures of an aircraft or the aircraft system on a whole. But DO-326 is specifically looking at intentional human-initiated actions with the potential to affect the aircraft due to some unauthorized access or disclosure or causing some denial or disruption of the information systems, the networks, and the software that’s running on these aircraft systems. So this also might include things like malware or infected devices or the logical effects of any external systems. So the purpose of the airworthiness security process within DO-326 is to establish that when subjected to this unauthorized interaction, the aircraft is going to remain in a condition for safe operation.
So like I said earlier, DO-326 describes the what and DO-356 is the how. I’m sure that you guys have carefully looked at both of these guidelines and these are images from the guidelines. But I just wanted to point out what we’re going to talk about today. We’re going to talk about how the airworthiness security process and threats are mapped in Jama and how you can have security assurance and the risk assessment process from DO-356, how those can be conducted in Jama Connect itself. As you know, DO-326 live in its own. You’re having supporting processes from the development of the aircraft, the development of the system, DO-178, ARP-4754 are all interacting and being conducted at the same time. So there’s no linear, do this first, do this next, do this later. All of these processes are taking place pretty much simultaneously or iteratively as you design and develop the aircraft system.
So the airworthiness security process from a basic level, it’s again, it’s the protection of the aircraft from intentional unauthorized electronic interaction. There are four steps for the basic process. We’re going to first identify the system assets and its parameters. The second step is to identify the threats for all of those assets, identify those risks for each of the threats, so what might happen, and then create controls and mitigations for those risks. You’re going to be adjudicating the degree of harm and assigning a security assurance level, the strongest being SAL3 or the least would be a SAL zero where there’s this limited or protection needs required. So there’s a way to grade those as well.
Bryczek: The inside of Jama Connect itself, this image describes essentially the architecture of what you’re going to see that what we have in the product. We have a template that you can use to facilitate this. It sits alongside of our template that’s used for ARP-4754, and DO-178, or DO-254. The orange assets essentially is the data model that we’re using to capture the different types of things in the system. So we have assets, we have vulnerabilities. Those are tied to different threat assessments or a threat assessment is performed on these types of objects. We have security measures, we have the security architecture elements, and those feed into the security requirements. This comes pre-configured out of the box. We also have an area where you going to capture the data for that kind of thing.
Having this sort of a data model enables engineers to really perform the analysis to understand, all right, which assets have I not assessed yet? What’s the workflow? Who has reviewed the threat assessment? Have the security measures been satisfied by security requirements? Have we done security testing of the system? So this sort of data model enables the traceability to be instantiated and allows engineers to really more easily create the kind of a content. So one of the benefits you see of using Jama is that the security process is not disconnected from the design and development of the aircraft system itself. It’s done alongside. So that way you have that earlier touch points between the functional aircraft, design engineers and the security engineers. So you’re building in that secure by design approach.
In this blog, we recap our eBook, “Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Aerospace” – To download the entire thing, click HERE.
Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Aerospace
Use a Single Platform to Accelerate Innovation in Aerospace Systems Development
Consistently meeting product security, reliability and safety requirements proves the top challenge for aerospace systems development lifecycles. Contract complexity, streams of new regulations and policies, in addition to the challenges presented by increasingly networked systems, add to the already onerous development processes. This can lead to unmet technical performance parameters or delayed airworthiness certification reviews which for commercial aviation today takes years, to possibly lengthen out even more.
Effective management of these shifting complexities impacts your ability to meet compliance and ultimately, critical timelines. As a result, your development teams could find themselves:
Mired in rework
Making trade-offs without context
Stuck in unproductive meetings
In this industry, aircraft and space systems development requires strict attention to safety and security requirements, as well as continuous innovation and fast paced development to remain competitive. Ineffective stakeholder collaboration and communication between suppliers, government customers, contractors, and vendors can lead to delivery delays and cost overruns.
Bottom Line: The accelerated development of safe, high-quality aerospace systems, coupled with a highly complex regulatory and contractual environment, create competing challenges, and make it difficult for teams to focus.
What if you didn’t have to compromise?
This Buyer’s Guide incorporates insights from Jama Software’s more than ten years of experience partnering with forward-thinking systems development teams. We’ve designed a platform to help aerospace systems development teams manage the systems engineering data and controls. This allows them to:
Align to industry regulations quickly
Simplify contract deliverables and certification preparations
Accelerate time to market and mission
Use these insights to better understand the challenges you’re up against and thoughtfully consider potential solutions. Plus, learn how to get the buy-in you need to undertake the kind of transformation necessary to succeed with complex systems development.
Making the Case for Change
Jama Connect for aerospace systems development helps organizations to manage systems complexity and replace documents or legacy tools with a single digital platform. When requirements, architecture, V&V, and safety analyses are managed in a centralized location, contract deliverables and certification preparations become a straightforward process and the business impact and value of the platform becomes clear across the organization. That makes executive buy-in easier.
Corrective actions can cost anywhere from $1.6 million for a small change (Gulfstream Model G–1159A and G–1159B airplanes and all Model G–IV and GIV–X airplanes to remediate the ground spoiler actuator installation) to a large corrective action that has indirect costs of lost revenue and diminished market cap at over $20 billion (Boeing 737 MAX). Those costs are especially significant considering the price tag of system development – $75 million in FAA compliance alone—and an average timeline of three to seven years for type certification alone. For a space system, a failure can mean the entire loss of a system or spacecraft; typically there is only a single system created.
If your company is not considering the importance of transitioning to a more streamlined development process, time is not on your side. Failing to act quickly can leave your organization even further behind. But to see the value a positive impact a system can have, stakeholders in an organization have to appreciate the challenges first.
This is where you come in. You can help quantify the problem within your organization and provide data to help make the case for change.
Go through the exercises in the next section using data from your organization to identify your current situation and the size of the potential opportunity.
Throughout the past decade of working with organizations developing complex aerospace systems, four common systems development pain points continuously arise for those who have yet to transform their process.
We’ll provide context around the problems and share equations with examples to help you uncover the savings from a modern systems development solution. Remember to adjust the variables according to your company’s metrics to get a more precise estimate, and rethink how your team functions.
Improving any one of these four aspects of your development process produces real savings. While the calculations on the following pages aren’t cumulative, they impact one another and can add up to significant value for your organization.
This is the potential of using a modern systems development platform. If realized, it can radically change your business and be the competitive edge you need in today’s market.
The Four Common Development Pain Points
Unproductive Work Time
Lengthy Time-to-Market
Rework
Defects
Unproductive Work time
Are your days spent in inefficient meetings, sifting through emails and document versions for historical information or waiting for reviews and approvals? You’re not alone. Many teams suffer the repercussions of archaic, siloed development. A modern process maximizes efficiency by tackling the root causes of momentum-killing delays and holdups.
Calculate how much unproductive work time is costing your business and imagine the possibilities of getting that time back. What could you do with one extra hour each day?
PRO TIP: We’ve seen long status meetings shrink or vanish when teams have the right solutions in place. Think about your team’s schedule and adjust the average time saved per person based on the time spent in meetings each week.
Lengthy Time-to-Mark
Time to market or meeting a mission deadline and quality are usually seen as compounding challenges. Understanding the impact of change, capturing decisions, communicating feedback and reusing
existing intellectual property — all aspects that can help speed time-to-market — can be improved with a modern systems development solution.
PRO TIP: Cost savings can certainly be great and have an impact on your bottom line, but don’t forget the qualitative implications. Consider what it would mean for your systems line and brand to be first-to-market with game-changing systems.
In our experience, approximately 30-50% of a given project is rework. Rework is any time spent on extra work — including mid-development changes, incorrect testing or fixing defects — and it costs your company big time. Requirements errors cause the majority of rework. Improving the ability to track requirements from definition through testing to catch changes and adjust scope can ensure
you’re building the right thing and massively reducing overall lifecycle costs.
Complete the equation below to get an understanding of the number of hours your team spends in rework and the value of that in work hours alone.
PRO TIP: If your organization is working on more than one system at a time, repeat this calculation for each and add up the savings for a holistic view.
Defects
It’s common for requirements to have a defect at some point between definition and delivery. The important thing is to have a system in place that can quickly and accurately identify defects and
track their impact up and downstream. This provides visibility into the problem as early as possible when it’s less detrimental to fix.
PRO TIP: This calculation factors in personnel hours, but you should also think about the cost of parts, delays, and missed opportunities. Plus, should defects go undetected due to sub-par requirements or testing, releasing lower-quality systems could have devastating consequences.
“A document-centric approach often requires a gatekeeper and really limits collaboration – that creates a bottleneck. With Jama Connect, all our development teams can work together from anywhere with a shared collaboration hub.” – David Cubbage, Director, LEO Satellite Engineering and Production, Telesat
This is a preview of our eBOOK, “Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Aerospace”
– To download the entire thing, click HERE
https://www.jamasoftware.com/media/2023/12/2023-12-12_aerospace-buyers-guide-1.jpg512986Jama Software/media/jama-logo-primary.svgJama Software2023-12-12 03:00:142024-01-17 17:30:34Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Aerospace
Jama Connect® Features in Five: Space Systems Framework
Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.
In this Features in Five video, Cary Bryczek – Director, Aerospace & Defense Solution at Jama Software® – we will explore the Space Systems Framework available for Aerospace & Defense teams in Jama Connect.
VIDEO TRANSCRIPT
Cary Bryczek: Hi. I’m Cary Bryczek, Director of Aerospace & Defense Solutions at Jama Software. In this video, I’m going to introduce you to our Space Systems Framework available in Jama Connect. In this video, we will explore the benefits of using our pre-built template to get started with managing requirements, test cases, and architecture using our best practices inspired by industry standards and guidance from organizations like NASA and the European Space Agency.
With space systems exponentially growing in complexity, shortening development timelines due to mission need and customer demand, and cost reductions influencing the capabilities able to be delivered with the final design. Programs need to be able to get started quickly and begin the real work of engineering the system. Development and engineering tools need to be robust enough to tackle that complexity easy enough to deploy and then not get in the way of the real work of engineering the system.
Jama Connect and our Space Framework come preconfigured with a ready-to-use template. The framework is comprised of a requirements data model that provides requirements leveling and decomposition, a verification of validation data model that provides traceability to those requirements, an architecture data model that provides mechanisms to support systems architecture system functions, and allocation of requirements, and a data organization method that follows industry guidance with the best practices of data organization in Jama Connect. Let’s see what this looks like in Jama Connect.
Bryczek: The Space Framework comes with two pre-built requirement data models. The one I’m showing now represents a full spacecraft product breakdown structure. The example shows how Jama Connect can handle the complexity of a full NASA or ESA space program. The requirements data model allows needs and requirements to be flowed down and fully traced from the stakeholder expectations, to the concept of operations, to system level requirements, down to segment element subsystem and component requirements.
This trace data model, what Jama calls the relationship model, provides a mechanism to enforce consistency and creation of data as well as a consistent method to trace that data. This allows you to do faster analysis, measurement of expected versus actual traceability, complex filtering, and easy trace matrix generation and reporting.
The left side of the screen is the exploratory and is where the data is organized. The Space Framework comes with this pre-built spec tree ready for users to start authoring content right away. You can see that it too is organized hierarchically from the highest level of abstraction at the mission level and then down to the component level. You can navigate this traceability in the tree as well.
We recognize that not every space system will be developed by a single entity that requires this combined breath of customer implementing requirements and those of the implementing organizations. Your organization might be merely developing only a component of a larger space system. For this, we have a second Space Framework for integrated systems. Let’s look at this one more closely.
Bryczek: In this CubeSat example that comes with the framework, it’s easy to see how the data is organized in the exploratory in a system, subsystem configuration. Inside each of the subsystems, you can see the specific requirements, their verifications, architecture, and design descriptions. Traceability throughout the entire project can easily be analyzed at any level.
What I’m showing is the traceability from the stakeholder expectations all the way down the decomposition tree. I can see the system requirements verification and validation test cases. I can see the architecture, the subsystem requirements, and even the test runs, these real-time trace views not only show requirements decomposition, but test covers as well as allocation to architecture.
The framework supports, as I said, not just requirements, but architectures, V & V, even risk management and security. We’ve preconfigured the way you organized that here in the tree. So if I wanted to see the system architecture, I am able to see all of the elements that are going into making up the system architecture of this CubeSat I can also see how I’ve organized by system subsystem within the tree itself. That enables me to reuse easily and do variant management in this particular CubeSat security.
So, if you need to have security requirements or if you need to do heavy cyber security and you wanna import things like NIST 800 you can easily do that kind of a thing. Risk management threats and risks moving the development cycle with security earlier in that life cycle is a big deal, or understanding how safety is influencing the design. We easily allow you to track risk management and threat analysis in Jama as well.
The intent of this is to provide ready-to-use solutions based on customer feedback, industry trends, and best practices, such as those of ESA and NASA. This enables engineers to tackle the complexity of space systems develop faster and collaborate at the speed of need. If you would like to learn more about how Jama Connect can optimize your product development processes, Please visit our website at www.jamasoftware.com. If you are already a Jama Connect customer and would like more information on the Space Framework, please contact your customer success manager or Jama Software consultant.
https://www.jamasoftware.com/media/2023/11/FIF-Space-Systems-Framework.png10801920Cary Bryczek/media/jama-logo-primary.svgCary Bryczek2023-12-01 03:00:462024-01-17 17:42:25Jama Connect® Features in Five: Space Systems Framework
In this blog, we re-cap our eBook, “The Strategic Transition: From Word and Excel to Modern Requirements Management” – Download the entire thing HERE.
The Strategic Transition: From Word and Excel to Modern Requirements Management
Unless your organization’s business model is built on a foundation of inefficiency, you should not be using disparate documents for managing requirements. Whether it’s Microsoft Word, Excel, or a combination of both, trying to wrangle your product’s requirements soley in documents carries a lot of risk and will gradually eat away at your company’s bottom line.
There was a time when using disparate documents wasn’t such a problem for managing requirements, but as products grow in complexity, those days are fading. Many companies no longer produce products that contain just hardware or software; today it’s likely a combination of both, increasing development complexity exponentially.
Integrating hardware and software means teams spanning various engineering disciplines all need to stay aligned throughout development, especially when things like safety standards and regulations are involved.
Using documents alone, will simply not be up to the task of meeting today’s complex products, systems, and software development. When you need precision, context, and accountability for your requirements, a modern requirements management solution is really the only answer.
In this eBook, we’ll detail some of the reasons why you’ll want to leave disparate documents for managing requirements in your rearview. You’ll also get an overview of the benefits you’ll gain by moving to a purpose built software solution for requirements management.
What is requirements management?
To level set, requirements management is the process of gathering, analyzing, verifying, and validating the needs and requirements for a given product or system being developed.
Successful requirements management ensures that completed deliverables meet the expectations of the stakeholders.
Microsoft Word and Excel serve many purposes, and have done so for decades. And, in terms of requirements, for early-phase documentation and coordinating simple projects, they still remain effective tools.
As the complexity of product and systems development grows, so does your list of requirements. And teams need solutions that provide simple and streamlined collaboration, not jumbled — often quickly outdated — comments and suggested edits. Teams need to be able to instantly connect to globally distributed colleagues to facilitate real-time feedback and make smarter decisions with full context around requirements. Documents simply aren’t up to the challenge.
Here are some of the key limitations for a document-based approach for storing requirements:
1. Documents are tedious to maintain
Anyone who has ever managed requirements with documents and several collaborators is familiar with the unique pains of this approach. Whether it’s Word documents that are hundreds of pages long or Excel spreadsheets with thousands of lines, keeping them fresh with updates and free of errors is extremely cumbersome and time-consuming.
2. Versioning difficulties
Collaborating on any kind of important documentation can be painstaking, especially when there’s an enormous amount of requirements involved. For instance, when reviewing requirements, it’s incredibly easy for two people to be looking at different versions of the same set of requirements, and not even know it. And even if it’s a cloud-based version of requirements, there are still plenty of opportunities for someone to unintentionally change something without getting prior approval, and that adjustment not being accounted for in future versions. Plus, online/cloud-based documents do not automatically create different IDs and versions for each requirement or highlight the changes between versions.
3. No traceability
There’s so much room for error through email chains and undisclosed updates. It’s incredibly simple, for example, to miss a tiny change that could have critical ramifications upstream or downstream.
4. Reviews are time consuming
Without traceability, review cycles with an enormous document of requirements are extremely long. You’re likely looking at scheduling lengthy meetings or passing around version after version, pulling team members away from other priorities, which is not ideal when you’re focused on getting to market quickly. And if you’re trying to manage reviews asynchronously, collaboration becomes tricky and timelines are likely to get pushed as people’s schedules shift.
5. Exhausting collaboration between teams
Sharing constantly evolving requirements files among multiple stakeholders and different teams throughout the development and testing process is risky, frustrating, and time-consuming. And with your customer demanding a perfect product, system, or software delivered ASAP, you can no longer afford that kind of inefficiency.
In this eBook, The Jama Software® Guide to Requirements Traceability, we’ll highlight the importance of tracing requirements without the headaches and risks of a traceability matrix in Excel, but also how to do so in a way that sets your organization up for future success. Learn how Live Traceability™ helps teams:
Reduce the risk of delays, cost overruns, rework, defects, and recalls
Comply with industry standards with no after-the-fact manual effort
Allows engineering teams that continue working in their chosen best-of-breed tools
Increase productivity and satisfaction of engineers
Seven Benefits of Using a Requirements Management Solution
Despite rising product complexity and regulation, most development teams do not have a sophisticated requirement management system in place. In fact, according to a recent survey, almost one third of teams have no system in place and rely on formal processes with email, documents, and shared spreadsheets.
Another 52% manage their requirements with a system which is not meant for managing requirements, like Application Lifecycle Management (ALM) or Product Lifecycle Management (PLM) systems. And only 15% have chosen to invest in a formal dedicated requirement management solution.
Using a dedicated requirements management solution allows teams to stop getting bogged down on processes and start innovating. For example MediSync, reports that investing in Jama Connect® has saved 80% of the time that would have otherwise been spent on meetings, sorting through versions of Word documents and emails, and consolidating feedback in review cycles.
Grifols saved around 80 hours per project in medical device development when using the Jama Connect Review Center. And RBC Medical saved around $150,000 per project by improving team collaboration and workflow efficiencies using Jama Connect.
Here are some of the benefits you’ll get from investing in a solid requirements management solution:
1. Version and change management
A solid requirements management solution will maintain a history of each change made to every requirement. You’ll also be able to record the rationale behind each change, and refer back to a previous version of a requirement if necessary. Some solutions contain a change proposal system that links change requests directly to requirements. And, with a formal requirements management solution, you’ll always know you’re looking at the most recent version of the requirements.
2. Requirements attributes
With a strong requirements management solution, you should be able to record several descriptive attributes for each requirement. The right requirements management software should generate several system-defined attributes such as the date the requirement was created, its current version number, and the person on the requirements should be able to view these attributes, even if only a couple of individuals are allowed to update the attributes’ values.
3. Facilitate impact analysis
A requirements management solution enables requirements tracing by letting you define links between different types of requirements, requirements and different subsystems, and individual requirements and related system components (designs, modules, tests, and user documentation). These links help you analyze the impact that the proposed change will have on a specific requirement. It’s also very helpful to have the ability to trace each functional requirement back to its origin or parent so that you know exactly where every requirement came from. And some solutions use a traceability link to raise suspect flags to a linked item whenever a change is made, so you know exactly what needs to be reviewed after a change.
4. Track requirements status
Collecting requirements in a database lets you know how many discrete requirements you’ve specified for the product. And tracking the status of each requirement during development helps communicate how things are coming along to those across the organization. So, a project manager has good insights into prior states if he or she knows that, for example, 55% of the requirements committed to the next release have been verified, 28% have been implemented but not verified, and 70% have not yet been fully implemented. This type of information gives the project manager information to anticipate the project’s progress, and relay the message to stakeholders accordingly.
5. Control access
A requirements management solution should let you bring as many people into the system as possible, and grant them permission to access the specific parts they’re working on. This helps teams across the organization feel more invested in the product being developed and its progress.
What if you didn’t have to compromise? A growing number of organizations are exploring and adopting product development solutions that manage the complexity that comes with designing connected systems. This allows them to:
Build higher-quality products
Get to market more efficiently
Capitalize on opportunities faster
Download this Buyer’s Guide: Selecting a Requirements Management and Traceability Solution to better understand the challenges you’re up against and thoughtfully consider potential requirements and test management solutions. Plus, get tips on how to get the buy-in you need to undertake the kind of change necessary to succeed with complex product development.
A requirements management solution should allow team members to discuss requirements issues electronically through a threaded conversation, in one central location, as opposed to having communication spread out across various platforms. It will automatically trigger email messages and notify effective individuals when a new discussion entry is made or when a specific requirement is modified. And it should allow team members to reach out to each other, but also contact non-project members and external users.
7. Recycling/reusing requirements
Storing requirements in a central database facilitates the reuse of them in multiple projects or sub-projects. And requirements that logically fit into multiple parts of the same product can be stored once and referenced whenever necessary to avoid duplicates. This saves a lot of time and reduces the chance of making errors.
https://www.jamasoftware.com/media/2023/11/2023-11-30_word-and-excel.jpg512986Jama Software/media/jama-logo-primary.svgJama Software2023-11-30 03:00:252024-01-17 17:46:27The Strategic Transition: From Word and Excel to Modern Requirements Management
