Tag Archive for: Product Development & Management Page 9
Tag Archive for: Product Development & Management
The Top Six Things You Should Know About
In the quest for innovation, product testing, compliance, and safety certifications remain key to accessing markets and gaining customers. No one wants to buy a product, service, or process that hasn’t been thoroughly vetted by an independent body. In the context of global markets, few certifications carry the importance or significance of those from TÜV SÜD, but in the United States, the various companies that are part of the TÜV Association are not widely known. So, what is TÜV SÜD, and why is it so important to product development?
1: What does TÜV SÜD stand for?
“TÜV” stands for “Technischer Überwachungsverein,” which translates to “Technical Inspection Association” in English. There are several independent companies that are part of the TÜV Association; TÜV SÜD is headquartered in Munich and employs approximately 25,000 people around the globe.
2: What type of company is TÜV SÜD?
TÜV SÜD is focused on protecting people and the environment through rigorous testing, certification, auditing, and advisory services. The company helps ensure regulatory compliance of new and updated technologies, especially in automotive innovation and development, and it functions as a notified body in Europe for medical devices. The TÜV companies trace their origins back to the 1860s when they were first formed to oversee the safety of steam engines.
3: What is the difference between TÜV SÜD and TÜV Rheinland?
TÜV SÜD and TÜV Rheinland are different companies that both provide similar services. All TÜV companies are at least 25.1% owned by the TÜV Association. There are currently six main members of the TÜV Association, all of whom are denoted by the brand “TÜV” plus the regional suffix, such as SÜD or Rheinland. The other TÜV companies include TÜV Nord, TÜV Thüringen, TÜV Saarland, and TÜV Austria.
A TÜV SÜD Certification assures governing bodies and consumers that a product, service, or process has passed relevant safety testing and meets relevant compliance requirements. The certification process is rigorous and comprehensive and involves multiple steps, including steps to review requirements and establish processes followed during development.
5: Why is achieving TÜV SÜD Certification so important?
TÜV Certification is recognized internationally as a sign of quality and thorough review—similar to an ISO or UL certification. Although it originated in Germany, it is regarded globally as evidence that your product, service, or process has attained high standards of safety, quality, and sustainability. With a TÜV SÜD Certification, you can achieve access to additional markets and give your customers peace of mind.
6: Is Jama Connect® certified by TÜV SÜD?
Jama Connect received its first TÜV SÜD certification in 2016. Jama Connect is TÜV SÜD certified for developing safety-related products according to ISO 26262 (up to ASIL D) and IEC 61508 (up to SIL 3). Jama Software is the first vendor that is both SaaS and Agile to receive the certification. In 2019, Jama Software completed additional certification for Jama Connect as a software tool for the development of medical devices according to IEC 62304 and railway applications according to EN 50128.
Don’t neglect important certifications. Even if you are already pursuing other certifications, the TÜV SÜD Certification could be an important addition to your automotive, medical, or railway products and services. Jama Connect can help you meet the requirements tracing and process needs that will set you up to achieve the TÜV SÜD Certification and expand to new markets and customers. To learn more, contact us.
https://www.jamasoftware.com/media/2022/03/TUV-SUD-NEW.png5121024McKenzie Jonsson/media/jama-logo-primary.svgMcKenzie Jonsson2024-07-22 03:00:452024-07-22 15:21:19The Top Six Things You Should Know About TÜV SÜD
SysML is Not Enough: Why You Still Need a Requirements Management Tool
All engineering process models (Agile, waterfall, spiral development, V-model, concurrent engineering, iterative…) describe managing requirements as the most critical key to success. Well-understood requirements provide a single connection point for communication across the engineering teams. Using a Systems Modeling Language (SysML) tool alone to manage requirements instantly creates a silo between engineering teams.
Requirements, tests, architectures, and risks are utilized by every stakeholder when developing a new product or building or modernizing a new system. Customers generate needs and requirements and care what the development status of those are and whether the development team is following the necessary process especially if it requires contract adherence or must meet regulatory laws or industry standards.
Software, hardware, and testing teams also access requirements to be able to analyze, develop, and test. Additionally, they are creating requirements at their given subsystem level too.
Systems Engineers work across all levels of requirements and coordinate the other engineering disciplines. NASA best describes it as, “Systems engineering is a holistic, integrative discipline, wherein the contributions of structural engineers, electrical engineers, mechanism designers, power engineers, human factors engineers, and many more disciplines are evaluated and balanced, one against another, to produce a coherent whole that is not dominated by the perspective of a single discipline.” – NASA
As you can imagine functionality such as configuration management of requirements, traceability between needs, requirements, tests, risks, and architecture are necessary. Systems engineers have been using various tools and even manual techniques for decades to do this.
SysML is a graphical modeling language that is used within some systems modeling tools (such as Dassault’s Catia Nomagic) that enables systems engineers to perform “engineering” of the system. SysML “supports the specification, analysis, design, verification, and validation of a broad range of systems and systems-of-systems.” – Wikipedia
SysML is only a decade old; already a new, more complex version has recently been released; and SysML is yet to be widely adopted. It is widely thought to hold promise for the discipline of model-based systems engineering (MBSE). It is not the only language in use for MBSE though; LML and OPM are examples of modeling languages too, being used within other systems modeling tools.
However, a SysML model is difficult even for those trained in the language. Some indicate the learning curve is steep and the mechanics in the tools are difficult as cited in a recent article by Technology Strategy Partners. Additionally, the variety of tools that support SysML don’t consider themselves as a replacement for a true requirements management tool either. Capabilities from a dedicated requirements management tool such as Jama Connect have built-in collaboration, configuration management, baselines, managing traceability across multiple levels of objects, managing the verification and validation activities, controlling access and change to objects using role-based permissions, and showing real-time workflow states at the object level.
“What SysML lacks is its usage during key Systems Engineering (SE) phases like detail design or implementation phases wherein specific solutions like CAD, Software coding or network design for embedded systems are used,” said Kiran Jacob, Dassault Systems.
Also challenging is usage by software teams during later-stage design phases. Communication of the model (its requirements) becomes critical when needing to validate requirements with the customer, with product managers, and with other engineering disciplines outside of the SysML Scribe (tool jockey). The greater responsibility of the systems engineer as a cross-disciplined communicator requires the use of tools outside of the SysML tool to communicate. Effective communication of requirements is best represented in dedicated requirements management tools.
In conclusion, while SysML and other modeling languages offer significant promise for the discipline of model-based systems engineering, they are not without their challenges. The complexity of SysML, along with its steep learning curve and the limitations of the tools supporting it, often hinders its effectiveness in later stages of design and implementation. As such, relying solely on SysML can create silos within engineering teams, impeding the critical communication and coordination necessary for successful systems engineering.
Effective requirements management remains the cornerstone of any engineering process, ensuring all stakeholders — from customers to software and hardware teams — are aligned and informed. Dedicated requirements management tools, such as Jama Connect, offer robust features like collaboration, configuration management, and traceability, which are essential for managing the multifaceted aspects of modern engineering projects. These tools facilitate clear communication of requirements, verification, and validation activities across all engineering disciplines, thereby supporting the holistic, integrative approach championed by systems engineering.
Ultimately, the synergy between specialized requirements management tools and SysML can provide a comprehensive solution, leveraging the strengths of both to enhance the efficiency and success of engineering projects. As the field continues to evolve, adopting a balanced approach that incorporates the best practices and tools from both domains will be key to navigating the complexities of modern systems engineering.
https://www.jamasoftware.com/media/2024/07/2024-7-11-sysml-not-enough.jpg512986Cary Bryczek/media/jama-logo-primary.svgCary Bryczek2024-07-18 03:00:442024-07-10 11:08:10SysML is Not Enough: Why You Still Need a Requirements Management Tool
In this blog, we recap our webinar, “Expert Perspectives: A Deep Dive Into Risk Management and Designing for Cybersecurity & Patient Safety” – Click HERE to watch it in its entirety.
Expert Perspectives: A Deep Dive Into Risk Management and Designing for Cybersecurity & Patient Safety
Welcome to our Expert Perspectives Series, where we showcase insights from leading experts in complex product, systems, and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future of their fields.
With more than 30 years of experience and a mission to elevate knowledge and proficiency in medical device risk management, Bijan Elahi has worked with both startups, and some of the largest medical device companies worldwide.
In this presentation on Risk Management and Designing for Cybersecurity & Patient Safety, Bijan covers:
Significance of a comprehensive risk management approach, including safety & security, for medical devices
Interfaces between safety and security risk management processes, and how they interact/complement each other
Upcoming industry trends that impact risk management (safety, security) like AI/ML, rise in connected devices, wearables devices
Below is a preview of our webinar. Click HERE to watch it in its entirety.
The following is an abbreviated transcript of our webinar.
Kenzie Jonsson: Welcome to our Expert Perspective series where we showcase insights from leading experts in complex product, systems, and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future of their fields. I’m Kenzie your host, and today I’m excited to welcome Bijan Elahi, a world-renowned expert on safety risk management for medical technology. With more than 30 years of experience and the mission to elevate knowledge and proficiency in medical device risk management, Bijan has worked with both startups and some of the world’s largest medical device companies. Without further ado, I’d like to welcome Bijan who’ll be presenting on risk management and designing for cybersecurity and patient safety.
Bijan Elahi: Hello. My name is Bijan Elahi. I’m delighted to be speaking to you about cybersecurity and medical device risk management. Before I start, I’ll briefly introduce myself. I am a technical fellow, a professor, and the founder of MedTech Safety, an education and advisory company. To give you a little background about myself, I come from the industry and have been a medical device product developer for most of my career. Most of the products that I have developed have been class III implantable devices such as pacemakers, defibrillators, and deep brain simulators. Now I’ve also developed a kidney dialysis system, which includes disposables. I’m based in Florida, but I teach and advise worldwide. Risk management is my passion. I have trained over 10,000 individuals worldwide in the latest knowledge and best practices in risk management.
Elahi: The companies that have benefited from my training range from small start-ups to the largest MedTech companies in the world. And here’s the sampling. I am also active in academia, for example, at Delft University of Technology and Eindhoven University of Technology in the Netherlands where I teach a graduate course to doctoral students in engineering. I am also an affiliate professor at Drexel University Graduate School of Biomedical Engineering and Health Science, where I teach safety risk management for medical devices. And lastly, I’m a contributor to the standard ISO 14971, and the author of two very popular books on medical device risk management published by Elsevier Publishing in the UK under the label of academic press. My publisher tells me that my books are bestsellers in the genre of medical books for them, and they’re available at all major booksellers such as Amazon.
So now let’s talk about cybersecurity and safety risk management. The threat of cybersecurity on medical devices is a rising concern as there’s an ever-increasing interconnectivity, interoperability, and reliance on digital technologies. Medical devices such as pacemakers, insulin pumps, and imaging systems often contain sensitive patient data and are integral to patient care. Cyber attacks on these devices can lead to severe consequences, including tampering with the device functions, unauthorized access to patient information, and destruction of critical healthcare services. The potential for harm is significant. For example, incorrect diagnosis, treatment delays, or even direct physical harm to patients. As cyber threats become more sophisticated, we need robust security measures, smart designs, and continuous monitoring to protect these vital components of modern healthcare systems. The safety impact of cybersecurity exploits must be considered in the overall residual safety risk of medical devices.
Safety risk management is distinguished from cybersecurity risk management. Safety risk management is primarily concerned with the safety of patients, users, and the performance of medical devices. This involves identifying, evaluating, and controlling the risks of harm to patients or users due to device malfunctions, use errors, or adverse interactions with the human body. The focus is on ensuring that the device functions safety and effectively under normal and fault conditions. On the other hand, cybersecurity risk management is focused on protecting the device and its data from malicious cyber-attacks and unauthorized access, which may have nothing to do with safety. Many hospital systems are currently under ransomware attacks with the intention of financial exploitation. Security risk management involves implementing measures to protect the data confidentiality, integrity, and availability of healthcare systems. Although these topics are distinct, there is an overlap between them.
Elahi: As mentioned before, there are different exploits that cyber attackers seek. Some are not safety-related. For example, private patient data, software codes or algorithms, financial data, money, et cetera. A famous example is the WannaCry cyber attack, which unfolded in May of 2017 causing widespread disruption across the globe. It all started on the 12th of May 2017 when many organizations began to notice that their computer systems were being encrypted and locked by ransomware demanding payment in Bitcoin to unlock them. The ransomware known as WannaCry exploited invulnerability in Microsoft Windows. The attack affected hundreds of thousands of computers in over 150 countries. Major organizations and institutions were hit, including the UK’s National Health Service, also known as NHS, FedEx, and many others. The impact on the NHS was particularly severe because medical staff were unable to access patient records leading to significant disruptions in healthcare services.
As you can see, this was a cyber attack with the intention of financial exploitation, but it ended up having a patient safety impact as well. A comprehensive risk management strategy for medical devices must integrate both safety and security measures. This ensures not only that devices are safe from operational risks, but also that they are protected against growing threats of cyber attacks, thereby safeguarding patient health and data integrity in a holistic manner. An interesting side note to the WannaCry story is that this vulnerability was known by Microsoft and they had released a security patch in March of 2017, two months before the cyber attack, but many hospitals and organizations have not applied the patch and remain vulnerable. This is a common issue even today, and many medical devices and healthcare systems remain vulnerable despite the available protections.
https://www.jamasoftware.com/media/2024/07/Interview-with-an-Expert-Series-Final-Template.png10801920Bijan Elahi/media/jama-logo-primary.svgBijan Elahi2024-07-16 03:00:512024-07-12 11:50:23Expert Perspectives: A Deep Dive Into Risk Management and Designing for Cybersecurity & Patient Safety
Jama Connect® Features in Five: Azure DevOps Integration
Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.
In this Features in Five Integration Series video, Susan Manupelli, Solutions Architect at Jama Software® – will demonstrate the Azure DevOps integration with Jama Connect®.
VIDEO TRANSCRIPT
Susan Manupelli: Hello, and welcome to the Features in Five Integration series. My name is Susan Manupelli, and I’m a Senior Solutions Architect at Jama Software. Today, we will be walking through Azure DevOps integration. We make it possible for you to integrate Jama Connect with your preferred best-of-breed software to achieve Live Traceability™ across the end-to-end development cycle.
Live Requirements Traceability is the ability for any engineer at any time to see the most up-to-date and complete upstream and downstream information for any requirement, no matter the stage of systems development or how many siloed tools and teams it spans. This enables significant productivity and quality improvements, dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market.
Manupelli: Before I demonstrate the integration, I’d like to share a slide that depicts the flow of information. The top represents our process as defined in Java Connect through relationship rules. At the bottom, we’re depicting Azure DevOps. This slide illustrates an implementation task in the form of a user story that syncs up into Jama Connect, as well as a defect created in Jama Connect that syncs down to Azure DevOps. The beauty of this integration is that developers can stay in their tool of choice, in this case, ADO. Product owners can stay in Jama Connect, yet both sides have access to the details of the task. More importantly, the task and related status become part of what’s Live Traceable in Jama Connect. Let’s demo this.
Here we are in Jama Connect. The integration can be configured as a bidirectional sync, so it doesn’t matter whether I create the task in Jama Connect or ADO. First, we’ll decompose a software requirement into a development task that’s in the form of a user story. Here we have a login requirement software requirement. I’m gonna go ahead and add a related downstream user story, which will bring up the form to create a new user story. Notice the editor template feature in Jama Connect prepopulates these with standard user story verbiage. So as a user, I need to log in so that I can view my account. We’re gonna go ahead and set the status to new, and then we’re gonna save and close.
Jama Connect is prompting me to where I wanna save this, so I am going to go ahead and save this where the user stories live in my hierarchy. Notice that upon saving, automatically, the relationship widget indicates the fact that I have traceability, and I could see that traceability back to the software requirement. Within seconds, this user story will flow into ADO.
And you can see that it’s completed already. The integration URL has been populated, and I can navigate this URL, which will open up the item ADO. Let’s take a look. Here we are in ADO. You can imagine the developer has been assigned to implement the user story. They may add some context to the description. They may go ahead and add a comment, And they may go ahead and indicate that they’re starting to work on this user story by changing the status to active.
Notice that the developer can traverse a URL back to Jama Connect to see the requirements that are driving the user story. These links are handy, but the real advantage is the fact that the changes the developer made within seconds will be visible to anyone working in Jama Connect. Let’s flip back to Jama Connect and take a look. Notice the changes the developer made are now visible here in Jama Connect. The product owner can view and respond to the developer’s comment, and notice that the status has also been updated.
Manupelli: The updated status is reflected in a trace view that we can see here automatically, as well as any dashboard reports we have for user stories. So that’s Live Traceability in action. As a reminder, this thing can be configured by directional. So if your process varies and you create user stories in ADO, we support that use case as well.
Here we are in ADO. Let’s create a new user story. Let’s give it a title and give it a description, and let’s go ahead and save this. Within fifteen seconds, this user story will flow into Jama Connect. Here we are back in Jama Connect’s dashboard. Notice the widget showing these stories that are missing upstream relationships? That new user story has shown up here. Let’s open it.
Now let’s relate to existing and find the requirement that the user story fulfills, and we’re gonna go ahead and relate. Notice the traceability is updated automatically. This completes the traceability between the requirement and the user story.
Thank you for watching this Feature in Five session on the Azure DevOps integration for Jama Connect. If you are an existing customer and wanna learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please visit our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process.
https://www.jamasoftware.com/media/2024/07/FIF-Azure-Dev-ops.png10801920Susan Manupelli/media/jama-logo-primary.svgSusan Manupelli2024-07-12 03:00:052024-09-26 14:58:44Jama Connect® Features in Five: Azure DevOps Integration
In this blog post, we summarize our Whitepaper titled “How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries” – Written by Kevin Dibble and Jama Software. Click HERE to read the full thing.
How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries
Learn how automotive and semiconductor teams use requirements management tools to support meeting ISO/SAE 21434 while increasing visibility, collaboration, and review-cycle efficiency.
Security threats such as malware, ransomware, and data breaches impact many industries, but with expanded connectivity in the automotive and semiconductor sectors, increased urgency exists to safeguard against fast evolving risks.
Research shows that 91% of vehicles are connected, and that number is expected to rise to 96% by 2030. With more automobiles and semiconductor devices being connected, attack surfaces (cybersecurity vulnerabilities) are expanding quickly, and the ISO/SAE 21434 standard aims to understand and safeguard against potential threats.
However, managing a cybersecurity case within the standard requires many steps, and cross-team visibility and collaboration are often challenging. As a result, some teams are turning to requirements management tools to help improve visibility and increase transparency in review cycles.
If you haven’t used a formal requirements management tool before, understanding the benefits, advantages, and how it works helps determine if it’s right for your team.
Why manage a cybersecurity case in a requirements management tool?
A cybersecurity case is a structured argument supported by the evidence of work products to detail why risks found within the Threat Analysis and Risk Assessment (TARA) are reasonable.
Creating a cybersecurity case for ISO/SAE 21434 is a complex process with many moving parts. Using a requirements management tool has many benefits, including improved traceability, easier collaboration, and improved functionality for reviews.
Here are several ways a tool can help.
1. Improved collaboration between OEMs and tier 1 and 2 suppliers. A requirements management tool, such as Jama Connect®, supports requirements interchange format (ReqIF), which can be used for bidirectional communication of requirements, item definitions, and more. Using the tool, you can support improved collaboration workflows.
2. Provides “trace as you go” visibility. You don’t want traceability to be an afterthought handled by your requirements engineer at the end of the project, especially when that project is complex. A purpose-built requirements management tool, like Jama Connect, allows you to create requirements tracing to parent requirements, design blocks for requirements allocation, and more. It supports a trace-as-you-go methodology.
3. Access impact analysis to handle midstream project changes more effectively. Jama Connect provides access to an impact analysis, a powerful capability supporting the trace-as-you-go approach. Running an impact analysis as project changes happen midstream allows for greater understanding and visibility.
4. Automatically generate test coverage reports. With Jama Connect, you can allocate requirements to design blocks or interconnect the requirements management system to design tools. Using tools like Design Architect provides powerful analytics and test coverage reports that are automatically generated.
5. Connect tools and avoid disjointed tooling challenges. Disconnected tools are often a source of visibility issues. Jama Connect links disparate tools and offers a “toolchain view” for more seamless tool functioning and visibility, like with the Design Architect example above.
6. View exactly where you’re at in a project in real-time. As you move through the management of a case, it’s important to see where you are in the process so you can stay on track. Jama Connect can provide analytics that clearly indicate where you’re at in a project, including allocated requirements, tests that have been covered, and more.
How does a requirements management tool fit with the ISO/SAE 21434 standard?
Traceability, collaboration, and improved review processes are all benefits of a purpose-built requirements management tool, but to understand how it works, it helps to have an example. In the details below, we’ve used the Jama Connect platform as an example to see how it works – from product-dependent cybersecurity management to threat analysis and risk assessment methods.
ISO/SAE 21434 is organized by clauses and subclauses, broken out below.
The right requirements management tool will enable your teams to optimize the development process in many of the above areas. Specifically, here’s a breakdown of how the Jama Connect platform supports each of them, as indicated by the box’s color.
Green. These areas are fully supported and recommended to be implemented in Jama Connect. For example, when viewing section 9 in the chart above under the “Concept” heading, Jama Connect supports the item definition, cybersecurity goals, and cybersecurity concept.
Yellow. These are optional and can be implemented in Jama Connect. For example, you’ll see subclauses 5.4.3 “Information sharing” and 5.4.4. “Management systems” fall into this category.
Yellow-green. These are partially supported in the tool. In other words, Jama Connect can support some of the requirements but not all of them. As an example, 10.4.1 “Design” and 10.4.2 “Integration and verification” are included in this category.
Red boxes. These are not recommended for support in Jama Connect and are usually handled with an in-house tool instead—in that some are processes that expand throughout the organization, and some are activities or work products suited for alternative best-of-breed tools. The progression of these work products can, however, be brought back to Jama Connect to reflect status through the Cybersecurity case. An example is the areas under the “post-development phases, including 12 “Production” and 13 “Operations and maintenance.”
One of Jama Connect’s most powerful capabilities is supporting the green and yellow categories through document building and generation. The tool supports the process of building and reviewing documentation with real-time collaboration as well as creating documentation with a single click and no post-processing.
https://www.jamasoftware.com/media/2024/07/2024-06-05-managing-cybersecturity-case-whitepaper-1.jpg5121024Kevin Dibble/media/jama-logo-primary.svgKevin Dibble2024-07-09 03:00:502024-07-03 12:47:08How to Manage Cybersecurity in Jama Connect® for Automotive and Semiconductor Industries
.
Navigating the Shift: From Machinery Directive 2006/42/EC to Machinery Regulation EU 2023/1230
Change is inevitable, especially in regulatory frameworks governing industries. In Europe, the transition from the Machinery Directive 2006/42/EC to the new Machinery Regulation EU 2023/1230 marks a significant step forward in ensuring safety, innovation, and harmonization in the machinery sector. This transition brings both challenges and opportunities for manufacturers, regulators, and stakeholders alike. The new regulation will go into effect in January of 2027. In this blog post, we’ll delve into the key aspects of this transition and explore its implications.
Enacted in 2006, the Machinery Directive 2006/42/EC aimed to harmonize safety standards for machinery across the European Union (EU). It established essential health and safety requirements (EHSRs) that machinery must meet before being placed on the EU market or put into service. The directive provided guidelines for manufacturers to ensure that their machinery was designed and constructed to be safe for use.
Challenges and Limitations
While the Machinery Directive 2006/42/EC was a milestone in ensuring safety standards, over time, certain challenges and limitations became apparent. Rapid technological advancements, emerging risks, and inconsistencies in interpretation and application highlighted the need for a more robust regulatory framework.
The Machinery Regulation EU 2023/1230
A Step Forward: Recognizing the need for an updated and enhanced regulatory framework, the EU introduced the Machinery Regulation EU 2023/1230. This new regulation builds upon the foundation laid by its predecessor while addressing the shortcomings identified over the years.
Key Changes and Enhancements:
Scope Expansion: The Machinery Regulation EU 2023/1230 expands the scope to cover a wider range of products, including certain partially completed machinery and safety components. This broader scope ensures that all relevant products are subject to uniform safety standards.
Risk Assessment and Mitigation: The new regulation emphasizes a risk-based approach to safety, requiring manufacturers to conduct comprehensive risk assessments throughout the machinery’s lifecycle. This proactive approach aims to identify and mitigate potential hazards more effectively.
Digitalization and Connectivity: With the rise of Industry 4.0, the Machinery Regulation EU 2023/1230 addresses the integration of digital technologies and connectivity in machinery. It sets out requirements for cybersecurity, data protection, and interoperability to ensure the safe and secure operation of digitally enabled machinery.
Market Surveillance and Enforcement: Enhanced market surveillance measures and stricter enforcement mechanisms are integral parts of the new regulation. Authorities are empowered to monitor compliance more closely and take swift action against non-compliant products, safeguarding the safety of end-users.
Implications and Considerations: The transition from the Machinery Directive 2006/42/EC to the Machinery Regulation EU 2023/1230 presents both challenges and opportunities for stakeholders. Manufacturers need to adapt their processes and products to meet the updated requirements, investing in research, development, and compliance measures. Regulatory bodies must ensure smooth implementation and provide guidance to facilitate the transition for businesses.
The transition from the Machinery Directive 2006/42/EC to the Machinery Regulation EU 2023/1230 signifies a proactive response to evolving challenges and opportunities in the machinery sector. By embracing enhanced safety standards, risk-based approaches, and digitalization, the EU aims to foster innovation while prioritizing the safety and well-being of users. As stakeholders navigate this transition, collaboration, adaptability, and adherence to best practices will be essential for ensuring a smooth and successful implementation of the new regulatory framework.
Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by McKenzie Jonsson and Matt Mickle.
https://www.jamasoftware.com/media/2024/06/2024-5-21-navigating-the-shift-machinery-regulation.jpg512986Jama Software/media/jama-logo-primary.svgJama Software2024-06-27 03:00:162024-06-21 12:11:33Navigating the Shift: From Machinery Directive 2006/42/EC to Machinery Regulation EU 2023/1230
In this blog, we recap our webinar, “IVDR Common Errors: Navigating Notified Body Expectations” – Click HERE to watch it in its entirety.
IVDR Common Errors: Navigating Notified Body Expectations
Explore the notified body process and IVDR technical documentation with experts Margot Borgel, Director of IVD Global Regulatory Affairs at RQM+, and Vincent Balgos, Director of Medical Device Solutions at Jama Software®.
You will gain a thorough understanding of these topics and more:
The notified body’s approach to technical reviews
Key considerations from the notified body’s perspective
Common mistakes made when compiling technical documentation
Below is a preview of our webinar. Click HERE to watch it in its entirety.
The following is an abbreviated transcript of our webinar.
IVDR Common Errors: Navigating Notified Body Expectations
Margot Borgel: Hello, everybody. I am Margot Borgel. I’m the Director of IVD Global Regulatory Affairs for RQM+. My role at RQM+ is to support clients in their IVD regulatory journey. So this includes making sure that our projects are meeting regulatory requirements, and providing regulatory leadership to other RQM+ consultants and CRO team members. I provide regulatory support and guidance through the entire product lifecycle from design concept through clinical studies, regulatory submissions, and approvals.
A little bit about me is that I joined RQM+ after four years at BSI Notified Body, where I was a member of the IVD technical team, specifically working on IVDR, IVDD, and UKCA certifications. I’ve worked with many different IVDs across most technologies and many, many device manufacturers. Prior to that, I spent about eight years in the industry for an IVD manufacturer. In that organization, I performed duties in research and development, manufacturing, technical support, and product transfer, as well as manufacturing.
Just a little bit about RQM+. RQM+ is a global MedTech service provider, that provides expertise across the full product lifecycle for both medical devices and IVD companies. We provide end-to-end solutions across the complete medical device product life cycle. And that includes many different aspects of the MedTech life cycle. We have a variety of different business units that support different projects, so regulatory and quality consulting, laboratory services, clinical trial services, reimbursement, and technology as well with our Fern.ai solution.
So we’re here today to talk mostly about IVDR technical files. So we’re going to first go through IVDR technical review and certification by the Notified Body. Then we’ll get into how a Notified Body is going to approach a tech file review. And common errors that are seen during that technical file review process.
Borgel: Okay, so the first thing we have to do before we can really get into this is talk about the IVDR transition timeline. So the timelines have recently been updated. They were approved a few weeks ago by the EU Commission. And so I’m just going to go through those very quickly. We have a date of application which passed 26 May of 2022. We’re about two years past that now. But there is some transitional provisions for devices that are currently certified either by the Notified Body or self-certified under IVDD with a declaration of conformity signed before that May 2022 date. So, basically, from the last transition provisions, everything has been pushed out by 2.5 years.
So for Class D devices and devices with existing IVDD certificates, the new transition deadline is the 31st of December 2027, and then each class is pushed out another year. So Class C is 31st December 2028, and Class B and Class A sterile are 31st December 2029. But there are some provisions that come along with this. The main one that is brand new is that you must lodge a formal application with a Notified Body two and a half years before those final deadlines. So May 2025 for Class D and existing IVDDs. May 2026 for Class C and May 2027 for Class B and Class A sterile. On top of that, there are some other provisions, mainly that you must be complying with the IVDR PMS and vigilance requirements as of the 2022 date of application. You cannot put any new products on the market except under IVDR. All Class A devices must be IVDR compliant. And then, recently added, is that you must have an IVDR-compliant QMS system in place by May of 2025.
Okay, so as an IVD manufacturer under IVDR, there are a lot of obligations for manufacturers. This is covered in Article 10 of the IVDR. One of those requirements is that you will maintain and keep up-to-date technical documentation for your device.
And so what does that look like? The requirements are pretty consistent across classes, with a few differences as you have lower-risk and higher-risk devices. But for all devices, you must have that compliant QMS system. You must have a tech file meeting Annex II requirements. And you must meet all of the GSPRs. You must have a performance evaluation plan and report and PMPF plan. For Class A devices, you’re self-declared so you don’t have to worry about Notified Body requirements. But all other devices, from Class A sterile up to Class D, require a Notified Body assessment and certification. Class A and Class B devices need a post-market surveillance report, whereas Class C and D need periodic safety update reports. The difference in content is pretty small, but there are some differences in where you put those documents, who you provide them to, and things like that.
And then Class C and D also require a summary of safety and performance. If you have a companion diagnostic that would fall under Class C, you’re also going to need to do an EMA consultation for that CDx. And for Class D devices, you’ll need to adhere to common specifications, or potentially go through expert panel review. And you’ll need to interact with the EU Reference Labs, which includes product verification and batch release.
This slide is just an overview of all of the technical documentation that is required under IVDR. I’m not going to go into every single thing on this list right now, but that’ll be here for your information. And it’s mainly covered in Annexes II and III of the IVDR.
Borgel: Okay, so, now, I’m going to talk a little bit about Notified Body processes. Each Notified Body is going to have its own nuance to this process, but this is generally how it will go. So you, as the manufacturer, will submit your application to the Notified Body. There will be some back and forth there as you talk about your devices, what classifications they are, what kind of groups are going to get set up, and things like that. And once that’s all situated, you will sign a contract, and then you’ll be officially under contract with the Notified Body. They will do what’s called an application review. This is covered in Annex IX of the IVDR. They’ll basically just make sure they have everything that they need, that they agree with the classifications that you’ve provided, that they have assigned the right codes to your devices, and things like that.
After that is complete, the actual conformity assessment activities will start. So QMS audit and technical review, different Notified Bodies are going to do this slightly differently. Some don’t have any constraints. They can do one or the other at the same time, separately. There are no contingencies. Others have some requirements that the QMS audit happen either before or after the tech review, or that you have to have certain aspects of your technical file complete before the QMS audit occurs. And that’ll be something you’d discuss with your Notified Body. Once those two things are complete, there’ll be a certificate recommendation and then some sort of a review and approval process. So this is like a panel review at some Notified Bodies or a decision-maker review. And then, after that, the certificate will be issued.
When we break down that technical review into a little bit more detail, this is what it looks like. So you submit the documentation to the Notified Body. Most Notified Bodies do what’s called a completeness check, where they just look at what you’ve submitted and make sure they have all the documents they need, and sort out any deficiencies. If it’s a Class D device, you’ll need to make sure that you’re meeting certain requirements for those. So, mainly, have you met common specifications, or is it a first-of-type Class D without common specs? So then we’ll get into tech review. That will go through three rounds of questions, typically, for most Notified Bodies, where you’ll be able to resolve deficiencies in your technical file. That’ll go back and forth. While that’s happening, if you do have a Class D, that first-of-type expert panel review process will be ongoing.
https://www.jamasoftware.com/media/2024/06/IVDR-Common-Errors-Navigating-Notified-Body-Expectations-3.png9001600Jama Software/media/jama-logo-primary.svgJama Software2024-06-25 03:00:112024-06-21 11:46:53IVDR Common Errors: Navigating Notified Body Expectations
Ensuring Quality and Reliability in Automotive Software Development: An Overview of ASPICE 4.0
ASPICE (Automotive SPICE) 4.0 is a process assessment model tailored specifically for the automotive industry to ensure the quality and reliability of software and system development processes. It is part of the larger ISO/IEC 330xx family of standards and is derived from the general SPICE (Software Process Improvement and Capability determination) framework.
Key Features of ASPICE 4.0
Process Reference Model (PRM): ASPICE 4.0 defines a set of processes relevant to automotive software and system development. These processes cover the entire lifecycle from requirements elicitation to maintenance. The PRM provides a comprehensive overview of essential activities and outcomes expected in each process.
Process Assessment Model (PAM): The PAM provides detailed guidance on assessing the maturity of these processes. It includes indicators for evaluating the performance and capability of each process, helping organizations identify strengths and areas for improvement.
Capability Levels: ASPICE 4.0 defines a six-level capability model, ranging from Level 0 (Incomplete) to Level 5 (Optimizing). Each level builds on the previous one, with Level 1 focusing on basic performance, and higher levels emphasizing increasingly sophisticated process management and continuous improvement.
Automotive-specific Focus: Unlike general SPICE models, ASPICE 4.0 addresses the unique requirements of automotive systems, including compliance with safety standards such as ISO 26262. It emphasizes processes that are critical for developing safe, reliable, and high-quality automotive software and systems.
Traceability and Compliance: ASPICE 4.0 ensures that all processes are well-documented and traceable, facilitating compliance with regulatory and industry standards. This traceability is crucial for audits and assessments, providing a clear linkage between requirements, design, implementation, and verification.
Scalability and Flexibility: The model is designed to be scalable, allowing organizations of different sizes and complexities to adopt and implement its processes. It provides flexibility to tailor the processes based on specific project needs while maintaining the core principles of quality and reliability.
Benefits of ASPICE 4.0
Improved Quality: By following structured and well-defined processes, organizations can enhance the quality of their software and systems, reducing defects and failures.
Risk Management: ASPICE 4.0 helps in identifying and mitigating risks early in the development process, particularly those related to safety and compliance.
Customer Confidence: Adherence to ASPICE 4.0 standards demonstrates a commitment to quality and reliability, fostering trust and confidence among customers and stakeholders.
Competitive Advantage: Organizations that achieve higher capability levels can differentiate themselves in the market, showcasing their proficiency in delivering high-quality automotive solutions.
With ASPICE 4.0, there are several changes to the previous version, including:
A revised process landscape to better cover essential development activities of modern mechatronic systems and to reflect modern collaboration models more accurately, addressing increasing complexity due to digitization, automation, and artificial intelligence (AI).
Figure 2 – Automotive SPICE process reference model – Overview
image source: Invensity
Inclusion of processes to address Machine Learning (MLE.1 – MLE.4) and hardware development (HWE.1 – HWE.4), as well as adding a validation process for the overall system (VAL.1) and a support process for data management in machine learning (SUP.11).
image source: Invensity
Strategy documents are now required from Capability Level 2 instead of Level 1, changing their role and the approach to managing versus executing processes.
image source: Invensity
A shift from focusing on “Work Products” to “Information Items”, which emphasizes the main results of processes as indicators rather than specific documents, and combining base practices that consider traceability and consistency into a common base practice.
A push towards maximum repeatability and reproducibility of assessment results to reduce subjectivity and eliminate redundancies, leading to more efficient assessments and avoiding misinterpretations. Additional terminology to keep aligned with other standards.
A new Training model focusing on varying degrees of knowledge necessary and specialties:
Jama Connect for Automotive is designed to help you get ramped up quickly with a single platform, training, and documentation aligned to industry standards and regulations including ISO21434:2021, ISO 26262:2018, and ASPICE, while applying a proven systems engineering approach to product development.
Download this solution overview to find out what’s included in Jama Connect for automotive, including:
Frameworks aligned to key industry regulations
Procedure and configuration guides specific to automotive manufacturing activities
Consulting and training customized to your teams’ automotive product development processes
Note: This article was drafted with the aid of AI with additional content, edits for accuracy, and industry expertise by Matt Mickle and McKenzie Jonsson.
https://www.jamasoftware.com/media/2024/06/2024-6-18-ensuring-quality-and-reliability-ASPICE.jpg512986Jama Software/media/jama-logo-primary.svgJama Software2024-06-18 03:00:252024-06-17 15:26:30Ensuring Quality and Reliability in Automotive Software Development: An Overview of ASPICE 4.0
Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Innovation News Network, titled “Benefits of the Inflation Reduction Act for Solar PV Manufacturing” – originally published on March 18, 2024.
Benefits of the Inflation Reduction Act for Solar PV Manufacturing
The US Inflation Reduction Act (IRA) has been a significant catalyst in the economic landscape, particularly within the solar photovoltaic (PV) manufacturing industry.
This article will explore the beneficial impact of the IRA on this green technology sector, considering the financial implications, the stimulation of technological advancement, and the prospects under the current legislation.
We will unravel the intricacies of this relationship, setting a foundation for a comprehensive understanding of the future trajectory of the solar PV manufacturing industry in the context of the IRA.
Understanding the Inflation Reduction Act
To fully grasp the impact of the Inflation Reduction Act on solar PV manufacturing, a comprehensive understanding of this legislation is necessary.
The act’s interpretation is rooted in the law’s intent to curb inflation by manipulating economic strategies and regulating financial practices, which brings a focus to its economic implications.
At its core, the IRA aims to stabilize pricing and enhance the dollar’s purchasing power, inadvertently promoting the affordability of renewable energy technologies like solar PV manufacturing.
The legal provisions of the act are its foundational pillars, governing its implementation and enforcement. They outline the responsibilities of key stakeholders, the rights of affected industries, and the penalties for non-compliance.
For the solar PV manufacturing sector, the act’s provisions could potentially reduce production costs and foster competitiveness.
However, like any significant policy shift, the act also brings Implementation Challenges. These can include industries needing to adapt to new economic conditions or potential resistance from sectors negatively affected by the act.
The solar PV manufacturing industry may need to invest in operational adjustments to fully exploit the benefits of the act.
Drawing upon the legal provisions and economic implications of the IRA, we can explore its tangible effects on the solar PV manufacturing sector.
The act, through its policy implementation, has instigated several changes in this sector, notably in job creation, trade relations, environmental impact, and market competition.
The IRA has been instrumental in job creation within the solar PV manufacturing industry. It has stimulated this growth by providing tax incentives for manufacturing companies to enhance their workforce. This policy implementation has bolstered the industry and helped reduce unemployment rates.
Trade relations have also been impacted by the IRA. The act has fostered a more favorable trading environment for solar PV manufacturers by reducing inflationary pressures on imported raw materials. This has enhanced the competitiveness of US manufacturers in the global market, improving the country’s trade balance in the process.
Regarding environmental impact, the IRA has indirectly boosted the use of renewable energy sources. By making solar PV manufacturing more economically viable, the act has encouraged the production and use of solar panels, thereby reducing greenhouse gas emissions.
Lastly, the act has spurred market competition. The reduced inflation rates have made it more cost-effective for new businesses to enter the solar PV manufacturing sector. This has increased the number of manufacturers, promoting a more competitive market and a wider range of options for consumers.
Financial benefits of the IRA
Delving into the financial benefits of the Inflation Reduction Act, we observe a significant enhancement in the economic viability of the solar PV manufacturing sector. The IRA offers multiple rewards that collectively contribute to the growth and prosperity of this industry.
One of the most compelling benefits is the provision of tax incentives. These incentives lower the tax burden for solar PV manufacturers, freeing up capital that can be reinvested in the business.
This leads to investment growth, another key benefit of the IRA. Increased investment enables manufacturers to expand their operations, purchase new equipment, and hire more employees, fostering business expansion.
In addition to tax incentives and investment growth, the IRA promotes cost efficiency. By reducing the inflation rate, the act increases the purchasing power of manufacturers. This allows them to acquire raw materials and other necessities at lower costs, thereby improving the bottom line and encouraging economic stability.
Moreover, economic stability is further enhanced as the IRA helps to stabilise the value of the dollar. This is crucial for solar PV manufacturers, who often deal in international markets. A stable dollar value reduces the risk of currency fluctuations, providing a more predictable business environment.
IRA and technological advancements
Building on the economic implications, the Inflation Reduction Act also catalyzes technological advancements in the solar PV manufacturing industry.
By providing financial incentives, the IRA stimulates technological investments, leading to accelerated innovation in solar PV technology. These investments are crucial for research and development, enabling companies to explore new, efficient methods of solar PV production.
The IRA implications on technological advancements are significant. The policy’s effectiveness in encouraging investments has been reflected in increased technological breakthroughs, improved production processes, and enhanced solar panel efficiency.
These advancements not only strengthen the industry’s competitive edge but also contribute to environmental sustainability by promoting cleaner energy sources.
However, advancement challenges persist. The rapidly evolving nature of technology necessitates continuous investment and innovation. Despite the financial benefits provided by the IRA, the high costs associated with advanced technology development and implementation can pose a hurdle.
Therefore, while the IRA has been instrumental in fostering growth and innovation, addressing these challenges requires strategic planning and sustained commitment.
Moreover, the effectiveness of the IRA in driving technological advancements is contingent on a supportive regulatory environment. Policymakers must ensure that the IRA’s provisions align with the industry’s evolving needs, encouraging continued investment and innovation.
A dynamic policy framework can help maintain the momentum of technological progress, ensuring the solar PV manufacturing industry’s long-term competitiveness and sustainability.
Looking ahead, the Inflation Reduction Act holds promising potential for the future growth and development of the solar PV manufacturing industry.
It is expected to usher in advancements in various dimensions, including job creation, market expansion, environmental impact, global competition, and sustainable development.
The IRA could stimulate job creation by allocating funds for research, development, and manufacturing processes in the solar PV industry. This would not only increase employment but also enhance the skills of the workforce in this thriving sector.
Market expansion is another potential benefit of the IRA. With reduced inflation, the purchasing power of consumers is likely to increase, leading to heightened demand for solar PV products. This would pave the way for the expansion of the solar PV market.
The table below encapsulates the future prospects under the IRA for the solar PV manufacturing industry:
Additionally, it could enhance global competition by providing the US solar PV industry with a competitive edge.
Lastly, the IRA could foster sustainable development by promoting environmentally friendly and sustainable practices in the industry. These prospects under the IRA paint a bright future for the solar PV manufacturing industry.
https://www.jamasoftware.com/media/2024/06/spotlight-ad-8.jpg5121024Jama Software/media/jama-logo-primary.svgJama Software2024-06-13 03:00:292024-07-10 15:51:50Benefits of the Inflation Reduction Act for Solar PV Manufacturing
Jama Connect® Features in Five: TestRail Integration
Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.
In this Features in Five Integration Series video, Steven Pink – Senior Solutions Architect at Jama Software® – demonstrates integrating test results from TestRail with Jama Connect®.
VIDEO TRANSCRIPT
Steven Pink: Hello and welcome to the Features in Five Integration Series. My name is Steven Pink and I’m a senior solutions architect at Jama Software. Today we’re going to be walking through a live demonstration of integrating test results from TestRail with Jama Connect.
We make it possible for you to integrate Jama Connect with preferred best-of-breed software to achieve live traceability across the end-to-end development cycle. Live requirements traceability is the ability for any engineer at any time to see the most up-to-date and complete upstream and downstream information for any requirement no matter the stage of systems development or how many siloed tools and teams it spans. This enables significant productivity and quality improvements and dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market.
The goal of integrating with a testing tool like TestRail is to better visualize test coverage for our requirements. Jama Connect can help in identifying and calling out gaps in test coverage, while also visualizing and reporting on the test results, utilizing the filters, dashboards, and exportable reports.
Integration with TestRail starts by mirroring TestRail’s hierarchy of test suites, test sections, test cases, and test results in Jama Connect. We use sets of test cases to mirror the test suites and folders to mirror the test sections within those suites.
As we transition into Jama Connect, I want to point out how we’re relating our test results and test cases from TestRail to the requirements being authored and captured in Jama Connect. As we look at this relationship diagram, we see our software requirements and our user stories relate to the custom test cases being managed over in TestRail. This is a very common scenario for many of our customers where certain teams might be utilizing a different tool for testing, and we need to integrate those results back with the requirements managed in Jama Connect. We can author a test case directly within Jama Connect or within TestRail.
Pink: So we’re going to start out by authoring a test case in Jama Connect. This demo suite would mirror a suite in TestRail, and this folder would mirror a section in TestRail. I’m going to author a new test case within this folder. We’ll call this example test case. Once I’ve saved this test case, we’ll trace it to the requirement that it covers within this project. I’m going to choose one of my example software requirements.
So now I’ve created a test case with a relationship to the software requirement that it covers. We’ll notice this integration URL is populated automatically and allows us to jump to the mirror of that test case that’s been created in TestRail. Once I’ve signed into TestRail, we’ll be able to see that that test case is mirrored into TestRail.
It is in that demo suite and in section A. If we want to run this test case, I’m going to go to my test runs and results and create a new test run. It’s going to be based on that demo suite, and we’re going to include all test cases, which is just one in this example. This example test case is now showing untested. And if I were to look back in Jama Connect, we’ll see for my example test case under the relationships tying back to that software requirement. As soon as we come in here and run our test execution, let’s say we update this to past or failed, this result is going to get sent back to Jama Connect automatically.
Pink: We can also see on the test case itself, there’s an easy link back into Jama Connect. So if our test runners working in TestRail would like to see requirement coverage and traceability, they’re able to easily click the link from TestRail and go back into Jama Connect and explore that traceability and coverage. I’ll use that link right now to go back to our test case in Jama Connect. And now we’ll see because we’ve executed that test case, there’s an associated test run, and that test run is showing the result of past. We can visualize all of this through our trace views, our dashboards, and our custom export templates within Jama Connect. So this is a great reason to be syncing and integrating these results so that we can visualize through the trace view which of these requirements have test cases in place, which requirements might have gaps in testing, as well as being able to drill down and see those test results, even being able to show status of those test results and the status of the defects associated.
Thank you for watching this Features in Five session on integrating test results between Jama Connect and TestRail. If you’re an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please visit our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process.
.
image source: Invensity
