Tag Archive for: Regulatory Compliance

IEC 15288

A comprehensive look at ISO/IEC/IEEE 15288 goals, standards, and tools to achieve compliance.

Product development is evolving quickly; over the past few years, it’s become increasingly complex. A study of nearly 300 design and engineering professionals found that 92% of respondents say they’re experiencing at least one form of increased complexity. Moreover, 76% say they’re experiencing at least three.

A set of standards, such as those found in ISO/IEC/IEEE 15288:2015, can help manage increased complexities using established frameworks. But if you aren’t familiar with the standards, you might have many questions such as: What is ISO/IEC/IEEE 15288:2015? What organizations use it? And how can it help with product development?

We’ve created a guide to help answer these questions so you can determine whether using this standard is right for your organization and explore other tools that can help.

RELATED: A Guide to Good Systems Engineering Best Practices: The Basics and Beyond

Why was ISO/IEC/IEEE 15288:2015 developed?

Building a new system is a large undertaking that involves a variety of moving parts and components. The success of any project, of course, relies on those parts working in synergy and solving for any potential disconnects. That’s why having a common set of practices can help. ISO/IEC/IEEE 15288:2015 was designed to create a standard reference of activities to be executed within a specific system engineering process. The standards are designed for those in systems engineering leadership, such as:

  1. Systems Architects
  2. Systems Developers
  3. Project Managers
  4. Computer Scientists

The standards are commonly used to guide internal work on systems development but can also be used as an external reference. For example, if you work with a partner, you might use ISO/IEC/IEEE 15288:2015 to help create agreements about how work is completed.

Building a New System is Growing More Complex

A recent study of almost 300 design and engineer professionals found that not only are engineering systems getting more complex, but many organizations aren’t equipped with the right tools to manage the intricacies of complex system development.

  • 92% of respondents reported experiencing at least one form of increased complexity.
  • 76% report dealing with three or more increased measures of complexity.
  • 25% report their products are becoming more complex in five or more ways.

How is ISO/IEC/IEEE 15288:2015 used?

During product and system development, you’re working to solve a specific customer challenge. Using ISO/IEC/IEEE 15288:2015 helps you accomplish this goal by providing a framework for your processes. But how exactly are standards typically used? Here are a few examples.

  • Used by an organization. An organization might use ISO/IEC/IEEE 15288:2015 to create an environment of desired processes. An infrastructure or method, procedures, technologies (and more) typically support these processes.
  • Used by the project. You might decide to use what is found in ISO/IEC/IEEE 15288:2015 as internal standards to support the deployment of an existing environment or offer a new system or service. In addition, standards are used to judge the performance of a project in a specific environment.
  • Supports partner agreements. Agreements are the foundation of any successful relationship, including those with suppliers or other external parties. You might partner with a supplier, for example, to select relevant processes and activities within the standards and create agreements based on those elements.
  • Used to evaluate processes. ISO/IEC/IEEE 15288:2015 can serve as a process reference model to determine whether your existing processes support a specific goal around process improvements.

As you can see, you have flexibility when using standards. You can implement all frameworks or just a few of them. ISO/IEC/IEEE 15288:2015 can serve as a starting point, selecting what fits best for your project, processes or organization to guide your decisions.

To learn more about what’s included in each of the six parts of ISEO/IEC/IEEE 15288 and how Jama Software can help, download our Comprehensive Guide here. 

What is the Urgency Behind Automotive Cybersecurity?

From a Market Perspective:

As automobiles are growing increasingly connected, digitized, and complex, automotive cybersecurity has become top of mind. Made up of hundreds of “tiny computers” – each with its own networks and servers – a singular vehicle is open to millions of opportunities for cyber-attack.

In fact, computers control almost every system in a vehicle, from steering to brakes, to the engine itself. Electric Vehicles (EV) have even more opportunities for cyber-attacks, as a standard EV runs over 100 million lines of code.

Without proper precautions and protection, an automobile’s data can be stolen – or worse, hackers can take remote control of the car.

From a Regulatory Perspective:

UNICE WP.29 is a global forum (comprised of 58 states) for road vehicles, agricultural vehicles, and some off-road vehicles. This governing body sets mandatory homologation requirements for member-states. Original Equipment Manufacturers (OEMs) are also required to comply to put new vehicles on the road.

Adopted by UNICE, UN R155 requires developers of automotive parts or vehicles to have a Cybersecurity Management System (CSMS). Additionally, UN R156 is a regulatory requirement for a Security Update Management System (SUMS).

Implementation of ISO 21434 fulfills the requirements for a CSMS according to R155. These requirements apply to the vehicle and all components of the vehicle that access vehicle internal communication buses.

UN R155 and R156 – Who Does This Apply to and When Does it Take Effect?

Starting in January 2021, all passenger cars, vans, trucks, and buses have been required to comply with UN R155 and R156. Additionally, Japan has indicated that it plans to apply these regulations to all automobiles that are entering the market. The Republic of Korea has adopted a stepwise approach, introducing the provisions of the regulation on cybersecurity in a national guideline in the second half of 2020, and proceeding with the implementation of the regulation in a second step.

Starting in July of 2022, the European Union (EU) will mandate the regulation on cybersecurity for all new vehicle types and will become mandatory for all new vehicles produced from July 2024 (including components).

Given the widespread use of UN Regulations in the automotive sector around the world, the broad adoption of these regulations across the world is expected, among and beyond the 54 Contracting Parties to UNECE’s 1958 Agreement.

Learn more about simplifying validation: 5 Challenges in Automotive Product Development

Ease the Challenges of Validating Product Development with Jama Connect for Automotive

Jama Connect for Automotive is designed to help those in the automotive industry get ramped up quickly with a single platform, training, and documentation aligned to industry standards and regulations including ISO 26262:2018 and ASPICE, while applying a proven systems engineering approach to product development.

Key components of Jama Connect for Automotive include:

  • Frameworks aligned to key industry regulations
  • Procedure and configuration guides specific to automotive manufacturing activities
  • Document export templates aligned with the automotive industry
  • Functional Safety Kit reduces time required for platform validation
  • Consulting and training customized to your teams’ automotive product development processes

A Single Platform for Building Safety-Critical Products

Requirements Management

Manage and validate complex systems requirements while eliminating the risks and inefficiencies associated with documents-based and legacy systems.

Hazard Analysis & Risk Assessment

Meet functional safety standards and identify and mitigate hazards earlier in development, helping teams avoid frustrating and costly late-stage design changes.

Procedure and Configuration Guides

Accelerate adoption and improve functional safety compliance using procedure and configuration guides developed for the automotive industry.

Standard Frameworks

Accelerate adoption and improve compliance using frameworks aligned to key industry regulations: ISO 26262:2018 and Automotive SPICE (ASPICE) – a process maturity framework derived from ISO IEC 15504 standard.

Test Management

Align tests and requirements, run test cases, and instantly log connected defects when tests fail.

Export Templates

Support the automotive product development process with export templates developed for the automotive industry.

Learn more about simplifying validation: A Complete Guide to Automotive Safety Integrity Levels (ASIL)

Functional Safety Kit for Automotive Development Teams

ISO 26262 stipulates that automotive developers must validate their software tools to ensure that they are suitable for use in developing safety-related items.

The Functional Safety Kit for Jama Connect is designed to reduce the time required for validation by providing a complete list of Jama Software’s internal mechanisms, workflows, and usage scenarios that we have certified by the internationally recognized testing body, TÜV SÜD, for every product release.

The Functional Safety Kit comes with process documentation, critical workflows/safety manual, and a TÜV SÜD certificate and report indicating that Jama Connect is suitable for use in the development of safety-related software according to EN 50128 – IEC 61508 and ISO 26262 up to SIL 3 or ASIL D.

Download our entire Jama Connect for Automotive Guide HERE

2022 Airborne Predictions

In many ways, 2021 was a continuation of the changes brought about in 2020, a year that’s been described as “unprecedented” and “unparalleled.” In a unique way, 2021 has offered us an idea of evolving innovations and technology on the horizon for teams across industries. These changing conditions will present a variety of new landscapes and will offer unique challenges, opportunities, and more than likely, many surprises.   

As we enter a new year of further changes, Jama Software asked select thought leaders – both internal and external – across various industries for the trends and events they foresee unfolding over the next year and beyond.  

This is the fourth part of our five-part series. In this blog, we asked for feedback on product and systems development trends anticipated for the airborne product and systems development industry in 2022 and beyond.  

First, we’ll hear from Cary Bryczek – Principal Solutions Architect at Jama Software, Michael Soden – Lead Product Manager for Safety Analysis at Ansys, and Mazen El Hout – Product Manager for Embedded Software for A & D at Ansys. Then, we hear from Vance Hilderman – Chief Technical Officer at AFuzion Inc.

Read our other 2022 Industry Predictions here: Part One – Engineering Predictions, Part Two – Medical Device Predictions, Part Three – Automotive Predictions, and Part Five – Insurance Development Market Predictions.

Airborne Predictions 2022 Part I:  

Design Trends

Q: What product, systems, and software development trends are you expecting to take shape in 2022?

Cary Bryczek, Jama Software: In 2022 we will see even more new space launch companies and unmanned aircraft systems (UAS) both enter the market as new companies and those that are already in the market will receive more funding. The commercial demand and competition among companies is driving some very exciting technologies to mature at a rapid pace.  

Q: What are the biggest trends you’re seeing in your industry right now? How will they impact A&D product, systems, and software development? 

Ansys: Regarding commercial aviation, major trends include the rise of the new air mobility to transport passengers in jammed cities. Those air-taxi services would require air vehicles capable of taking off and landing vertically. Some of them are piloted and others fully autonomous. Most of them rely on fuel-alternative propulsion systems, such as full electric or hybrid propulsion, which means completely new energy and system architectures that should be safe and performant.

Also, fixed-wing transport aircraft are moving in the autonomous direction with single pilot aircraft initiatives at some aircraft manufacturers with high impacts on cockpit display systems. In the defense industry, autonomous systems are also gaining attention with the use case of manned fighter jet supported by unmanned loyal wingman, or a swarm of drones doing formation, involving the use of artificial intelligence and machine learning techniques to extend capabilities of traditional methods of developing control systems and software. 

Tool Innovation

Q: From an A&D engineering toolset perspective, what are some of the processes you think forward-thinking firms will be working to leverage or incorporate into their process and why? 

Ansys: Key development processes include Model-Based System Engineering, Model-Based Safety Analysis, and Code Generation, to cope with the increasing complexity of next generation systems and reduce their time to market and cost of development. Model-based Design leads to harmonized safety analysis with system and software designs. In addition, cloud-based computing is becoming essential to benefit from high performance computing services and effective storage, easier maintenance, and better collaboration.  

Q: In terms of product and systems development, what do you think will remain the same over the next decade? What will change? 

Cary Bryczek, Jama Software: It is such an exciting time for technology right now and a lot of what consumer, aerospace systems and defense systems will see in the next decade is already here. We will just see that technology is being incorporated into more and more systems. AI capabilities will do more and more of the heavy lifting such as data parsing so that systems such as the Mars Reconnaissance Rover (MRO) can provide selective data back to engineers faster. The explosion of data is at the heart of everything. It is both a boon and a burden. Those companies that learn to exploit the sheer amount of data being captured from every device and system will be faster to bring their technology to market. Data privacy challenges will likely remain the same as they are now with political climates and some now talking about de-globalization.  

RELATED POST: Webinar Recap – Transformative Airborne Systems Development


Q: What changing regulatory guidelines do you anticipate having an impact on companies in 2022? 

Ansys: Several regulations are impacting new systems design. First, the regulations related to the usage of AI and machine learning inside autonomous air vehicles are driven by standardization such as European Organization for Civil Aviation Equipment (EUROCAE) where Ansys contributes with major industrial players. Regulations related to VTOL aircraft with advanced controls, controls are published as special conditions and mean of compliance by certification authorities (eg EASA). Additionally, many other regulations and special conditions are related to Hybrid Electric and Hydrogen propulsion.

In terms of safety standards, there is a new revision of safety standard: SAE ARP4761 A (including Model-Based Safety Analysis), expected to be published in 2022 extending safety analysis methods and the DO-356, describing cybersecurity methods and consideration for airborne systems. As for engineering standards, the Object Management Group is releasing a new version 2 of SySML on system modeling language, which will transform the way engineers create their systems design. 

Q: How do you foresee regulations shifting in Air and Space Product and Systems Development over the next decade?  

Cary Bryczek, Jama SoftwareRegulators in the EU, US, and China will all be trying to find ways to accelerate changes to their existing regulations in order to keep pace with the rate of aircraft (manned and unmanned) technology change and new development. The most challenging of regulations center around the safe operation of unmanned aircraft systems (UAS) as well as classification of new types of aircraft that use existing airframes but now use different propulsion and avionics systems. Aircraft of today and tomorrow just don’t fit neatly into the regulatory bodies existing definitions. For space systems and operations, there are no less than 42 ISO standards alone under development. Many of these center around space debris, interference, and quality measures. 

Biggest Challenges

Q: What are some of the biggest challenges you think A&D engineering firms will be working to overcome in 2022? 

Ansys: Building sustainable and performant system architectures without safety compromises is a big challenge we see at the product design level.  More and more autonomous and connected systems imply more vulnerability in the systems, therefore cybersecurity is mandatory to prevent cyberattacks.  Electronics reliability for autonomous vehicles is another important element to consider when dealing with the physics of failure. Finally, a key element to boost productivity and innovation is to provide scalable and cloud accessible engineering tools, for a more collaborative and distributed way of working. 

Q: Any major disruptions to Air and Space Product and Systems Development industry you’re anticipating in 2022? 

Cary Bryczek, Jama SoftwareThe COVID Pandemic will remain a major disruptor across the board. Supply chains are highly complex with manufacturers juggling multiple suppliers and subcontractors to design and integrate the products. Just in time materials processes which prior to covid were a best practice is now one cause of delays. Larger companies will seek to produce components themselves or acquire the companies that can do this for them. 


Q: What sorts of process adjustments do you think development teams will need to make to be successful in 2022? 

Cary Bryczek, Jama Software: Regulatory training at all levels of both engineering and business staff will be important. Digital engineering tools and approaches are being pushed into both engineers and project managers’ hands at an increasing pace. Understanding not only how to use them but how to use them within the highly complex regulatory landscape in an efficient manner will be key. 

Q: What do you think will remain the same in your industry throughout 2022? 

Ansys: The full electric air mobility, even though it seems very promising, will most likely not be fully mature in 2022, in terms of technology, regulations, and infrastructure. 

Q: What do you predict for regulation in the A&D industry in 2022? Will those trends still be prevalent 5 years from now? 10 years? 

AnsysMany regulations for the use of AI in embedded software related to the certified context will emerge leading to fully autonomous flight for small/medium aircraft. 

Evolving Landscape

Q: What do you think will be some of the differentiators between a company surviving to see 2030, and those that do not? 

Cary Bryczek, Jama Software: The companies that will successfully survive to 2030 are those who are able to A) continuously perform rapid impact analyses during any phase their product’s lifecycles as requirements change and disruptions to supply chains take place. Companies that do not have robustly integrated design and lifecycle data or only utilize manual processes are at a higher risk of failure when the product they bring to market is late or are at the mercy of delays to their supply chains. B) Companies will need to walk a careful tightrope of exposing enough of their project to the outside world to attract much needed investment funding and yet still keep their intellectual property secret. C) Companies will need to invent new ways to retain their talent to prevent evaporation of knowledge and their specific expertise.  

Q: Where do you see Jama Software fitting in as the product development landscape evolves, and what can our customers expect as 2022 approaches? 

Cary Bryczek, Jama SoftwareThe gap between the customer and business stakeholders and engineering groups historically has been where the engineering side is a black box. The proliferation of digital engineering strategies is now making the box more transparent. The practice of requirements management as a now collaborative effort across teams enables faster communication between teams and faster validation of requirements – Validation of the RIGHT requirements not to be confused with product validation. Requirements today must traverse many tools in the digital ecosystem. In 2022 more Jama Software customers will integrate requirements with tools in their digital ecosystem enabling higher degrees of collaboration and efficient analysis. 

RELATED POST: Aerospace Compliance – When Failure Is Not An Option

Airborne Predictions 2022 Part 2:  

Vance Hilderman, CTO, AFuzion Inc:  

“It was the best of times; it was the worst of times.”   

Surely, Charles Dickens was the earliest aerospace forecaster when he wrote those famous words decades before the Wright brother’s first flight.  But was Dickens really channeling the Covid pandemic and today’s aerospace unprecedented changes?  Likely not, but the “more things change, the more they remain the same” holds true.  

Every two or three years I’m asked to predict next year’s aerospace news. I always chuckle, then provide a disclaimer, “In one baseball season, Ted Williams failed to get on base almost 60% of the time; that made his season the world’s best.” That’s right: 40% success in baseball, and entrepreneurship, is a winning season. With that disclaimer at heart, here’s my “winning season for 2022” predictions: 

  1. Supply chain issues are not going away soon. The aviation In-sourcing trend occurring BEFORE Covid is now going to accelerate due to added long-distance supplier (read “offshore”) disruptions. Aero companies will bring back development and manufacturing even faster – expect a record pace giving advantage to those with automated processes and tools already under their control.  
  2. Autonomous passenger flight is still a decade away. Sorry – I know that’s not the news you want to hear. Truly great strides have been made and we’re now “40%” of the way there. Safety, airspace management, and certification authority acceptance are all still “in work.” But fear not: if you’re healthy with a 20-year life expectancy remaining, you will see autonomous passenger flights. Absolutely your children will. 
  3. eVTOL (electric Vertical Takeoff & Landing) aircraft REALLY are coming. If you can’t spell “eVTOL” or “UAM” you’re taking that Covid isolation too far. But 90% of today’s eVTOL players won’t succeed.  Watch for 20-25 of last year’s players to not be in the game at the end of 2022.  Who will succeed? Easy: two groups of eVTOL players will succeed:  1) Those early companies with solid funding already received and actually flying aircraft (even if near-final-prototypes), and 2) Longstanding manufacturers with prior success mass-manufacturing either cars or regular aircraft.    

If you’re not in group #1 or #2, we simply wish you the best and celebrate your optimism. 

  1. Covid forced remote work to be a reality, with great harm to those lacking defined processes and management structures supportive of remote work. In 2022, those aerospace companies with strong planning and remote development capabilities will further distance themselves from competitors. Companies embracing automated (and even semi-automated, but substantially less continuous manual intervention) will see profits and market share increase. Aviation automation tool vendors and aircraft/avionics developers with strong automation culture will be powering the decade ahead, starting in 2022.  
  2.   After a decade of struggles, experts now say Lockheed is in the driver’s seat, passenger seat, and all the other seats when it comes to fighter jets. And for buyers with ample (read “huge”) budgets, the F-35 is an easy choice. But add improved radar, improved stealth, and improved missiles, and the fighter jet itself is a platform, not the end-all. Ask yourself: what kind of computer or device are you using to read this article right now? Does it really matter or is the software and content more relevant?  Exactly.  
  3.   Yesterday’s shortening time-to-market will seem like a joke compared to 2022’s massively intensifying pressures.  New companies, new industries, and even countries new to aviation are all forcing greatly decreased product launch times.  Companies providing tools to assist with efficiency (such as AFuzion’s and Jama Software’s  DO-178C software development frameworks will see greatly increased sales but also even greater competition (details here: https://afuzion.com/plans-checklists/). 
  4. And my final forecast: all the smart people who predicted an end to Covid in 2021 and 2022 (Bill G, are you reading? 😉) will see their predictions to have been as correct as the majority of their prior predictions (really now, “email spam will be eliminated by 2006” –  go Google that one – too much time on private jets with other interests).  Folks, I predict Covid and its variants will be with us for years.  We’ll manage -humans are often frail but adaptable.  We’ll get our collective international acts together and form a more cohesive international Covid travel management policy and most of us will be flying as we were before. Except much less business travel (and more pleasure!)  because all the predictions above (Read #1 through #6) will REDUCE the need for business travel.  

There you have it:  hoping I beat Ted Williams record-breaking 40%+ success rate.  And that means I hope to see you wherever you are someday, but hopefully for pleasure, not just business! 

Thanks for tuning into our 2022 Predictions Series! To see some of the incredible products, software, and systems our customers are building with Jama Connect, visit our CUSTOMER STORIES PAGE 


MDR - Medical Device RegulationsIn this post, we pull out key takeaways from a recent whitepaper written in conjunction with Beanstock Ventures on the new EU medical device regulations (EU MDR) and how they might impact medical device development. 

As medical device technologies have rapidly advanced in recent years, regulations governing definitions, testing, and post-market activities have struggled to keep up. The pace of change and adoption of these technologies has made it difficult for governments and agencies to create the kind of inclusive and expansive rules that will ensure safety.

In response to this expanding market, the European Union released new guidance governing medical devices. With the release of Medical Device Regulation (MDR) 2017/745/EU, in 2017, the EU has issued the first updated regulations in more than 20 years. The new Medical Device Regulation (MDR) 2017/745/EU addresses software as a medical device [SaMD], as well as other products. It also places stringent requirements for compliance with post-market activities and post-market surveillance. While enforcement of these new regulations was scheduled to begin in May 2020, it was postponed until May 2021 due to the COVID-19 pandemic. What do these new regulations mean for the medical device industry? Experts from Beanstock Ventures explain what you need to know for EU MDR compliance.

RELATED POST: Ensuring FDA Compliance for Your Digital Health Solution

Key Takeaways:

  • The EU Medical Devices Regulation (MDR) has replaced the EU Medical Device Directive effective 26 May 2021.
  • The EU MDR is greatly expanded to cover more devices, including Software as Medical Device, implantable devices, contact lenses, and many digital health technologies. It also promotes a lifecycle approach to regulation.
  • EU MDR requires improved device traceability by introduction of a unique identification system, or UDI (see section 05), for medical devices approved for use in the EU. To keep track of devices through every lifecycle stage, a device identifier (UDI) will be assigned, and all production series will be marked with a production identifier.

EU Medical Devices Regulation (MDR), adopted by the European Parliament and Council as REGULATION (EU) 2017/745 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 5 April 2017, has replaced the former EU Medical Device Directive (MDD) and went into effect 26 May 2021. After this date, the MDR is applicable for all medical devices sold (developed or imported) in the European Union.

The most important changes in the EU MDR include:

  • Increased scope of medical device definition;
  • New classification rules (including Rule 11 that specifically addresses software);
  • Increased scope of general safety and performance requirements, technical documentation, and clinical data and evaluation requirements;
  • Introduction of traceability and identification system and database; and
  • Increased post-market product surveillance.

To learn more about EU MDR, download the full whitepaper

Design Control

Design Controls have been an FDA Quality System Regulation since 1997. Having worked on developing products in the regulated medical device industry for over 35 years, I have compiled a list of the five key takeaways for implementing design controls and achieving success in commercializing medical devices:

  1. Design Controls not only help achieve regulatory compliance, they help develop better products
  2. Design Inputs lay the foundation for product development, building a good foundation
  3. Don’t underestimate the power of Bidirectional Traceability
  4. Know the difference between Verification and Validation
  5. Risk Management is a vital part of Design Controls

#1 – Design Controls not only help achieve regulatory compliance, they help develop better products

Many companies think that design controls are a burden to development organizations imposed by the FDA, and it’s the price to pay for playing in the medical device field. However, what is often overlooked is that design controls only define the basic minimum requirements necessary to develop a product that can…

  • …meet the needs of the user.
  • …be designed to be safe and effective.
  • …be reliably manufactured.
  • …be verified and validated.
  • …maintained and updated throughout the product lifecycle.

These are all things that any development organization should do to successfully deliver products to market. I like to say that if you are doing the right things in product development, compliance comes for free!

#2 Design Inputs lay the foundation for product development, building a good foundation

The FDA defines design inputs as the physical and performance requirements of a device

that are used as a basis for device design. To generate adequate design inputs, the foundation upon which product development is built, the user needs must first be well understood. These needs, ideally written with the voice of the user, must then be translated into design requirements. In contrast to the user needs, these design requirements should be written using the voice of the engineer, and as such should be measurable and testable. Furthermore, design requirements should be traceable to a specific user need, risk control, or standard that necessitates the existence of said design requirement.

Research has shown that, on average, companies that are successful at developing products spend about 25% of the product development time on the generation of user needs and the subsequent design requirements. The return on this investment of time and resources reduces the need for rework and redesign, and ultimately leads to higher customer satisfaction. Failing to make the investment ensures that design inputs are complete and correct is analogous to building a house on quicksand, where the flaws in the foundation can cause issues throughout the construction and subsequent (likely short) lifetime of the house. Issues with requirements will impact development, verification, validation, and user acceptance of the product, so spending the time to get requirements right will be well worth the effort.

RELATED: Three Ways to Proactively (vs Reactively) Incorporate Design Controls in Medical Device Product Development

#3 Don’t underestimate the power of Bidirectional Traceability

In an audit, the trace matrix should be valued as a friend! Having and maintaining bi-directional traceability throughout the product lifecycle provides a number of benefits:

  • Effecting project tracking
  • Thorough change impact analysis
  • Ease of making future changes
  • Re-use of elements of the design
  • More effective issue resolution

To derive these benefits, the relationship between the following entities should be established:

  1. User Needs and Design Requirements
  2. User Needs and Validation
  3. Design Requirements and lower-level requirements
  4. Design Requirements and Verification
  5. Lower-level requirements and verification
  6. Lower-level requirements and Design Outputs
  7. Risk Controls and Design Requirements

In creating a trace matrix that has views to show all the bi-directional relationships of each of the elements described above can help answer most questions from an auditor.  With this level of traceability, I can trace from a user need all the way through implementation and test.

#4 Know the difference between Verification and Validation

The terms “Verification” and “Validation” often get combined and abbreviated to V&V; however, these activities are vastly different.

Verification is confirmation by examination and provision of objective evidence that specified requirements have been fulfilled. It is design-centric and answers the question “Did I build the product right?” Verification also entails gathering objective evidence that the design behaves as intended through the use of observation (visual inspection), measurement (values and tolerances), testing (function) or analysis (reviews).

Validation is confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use can be consistently fulfilled. Unlike Verification, this is a user-centric term, and answers the questions “Did I build the right product?” and “For whom is this the right product?” Validation entails gathering objective evidence that the design satisfies the user needs through the use of Usability Studies/Human Factors Studies, Clinical Evaluation/Clinical Studies, Customer Surveys, and through Analysis of Verification Data.

Knowing the difference between Verification and Validation is of quintessential importance for ensuring customer satisfaction and regulatory acceptance of the product.

#5 Risk Management is a vital part of Design Controls

The elements of design controls are Planning, Design Inputs, Design Outputs, Design Reviews, Design Verification, Design Validation, Design Changes and the Design History File. So, what happened to Risk Management? Risk is mentioned in Design Control Regulation (QSR 820.30) all of one time, under Design Validation. The statement simply reads “Design validation shall include software validation and risk analysis, where appropriate.”

Fortunately, the FDA Design Control Guidance elaborates on requirements for risk management. The guidance includes this paragraph:

Risk management begins with the development of the design input requirements. As the design evolves, new risks may become evident. To systematically identify and, when necessary, reduce these risks, the risk management process is integrated into the design

process. In this way, unacceptable risks can be identified and managed earlier in the

design process when changes are easier to make and less costly.

The takeaway from this is that although risk management is just cursively mentioned in the QSR Design Control regulation, the intent of the regulation is that Risk Management be practiced starting from the point where design inputs are known and practiced throughout the product life cycle.  You cannot be compliant to the design control regulation without having an adequate risk management file.


Design Control regulations have been around since 1997, but many manufacturers still have problems complying with design controls. Focusing on the best practices outlined above will derive the most benefit from implementing Design Controls, will lead to a more predictable development cycle, and ultimately result in higher-quality products that can be enhanced and maintained throughout their lifecycle.

Compliance Management

Behind every successful product and product launch lies a complicated process that can involve multiple oversight agencies, cross-functional teams, and stakeholders. Within an organization’s governance, risk management, and compliance (GRC) framework, product teams must pursue market innovation while remaining in compliance. Staying in compliance with the vast array of rules, procedures, and contract clauses that govern product development can be a full-time job, and lack of management can lead to delays and failures that result in lost revenue, damaged reputation, or even legal action.

With so much on the line, every development project should have a process within the GRC framework to monitor compliance risk and compliance activities along the way. Unfortunately, compliance management can be difficult to integrate into the full design process, and compliance delays can hold up a product launch. Product teams often need a better way to integrate compliance management into the development process. Those teams that include compliance management in their processes can reduce the risk of failure—and potentially improve their speed to market.

What is compliance management, and how does it help product teams ship on time?

Compliance can refer to a variety of different laws, guidelines, standards, processes, procedures, or other controlling documents, including contracts. Compliance management refers to the intentional process by which designated team members or compliance officers monitor and control design, development, launch, and fulfillment to ensure that all legal, contractual, and procedural requirements are met.

Ideally, compliance management involves both people and a system that is fully integrated across functions of the organization. The more integrated the compliance management in the development lifecycle, the more likely it is to detect potential compliance issues before they cause long-term harm to companies or consumers.

A fully integrated compliance management system can help your product team ship on time or early by keeping all compliance factors top of mind during the design, development, and fulfillment process. When teams are ensuring compliance throughout the entire development lifecycle, unforeseen delays and consumer issues are less likely to derail product success.

To fully integrate compliance management, teams need a development process that includes touchpoints for assessing compliance. The process should include activities such as:

  • Standard operating procedures
  • Safety and security procedures
  • Reporting and documentation
  • Internal and external audits

Integrating all of these activities will help ensure that teams are fully prepared to establish compliance with applicable standards, regulations, and laws before launch, reducing the possibility of costly delays or failures.

RELATED: A Guide to Understanding ISO Standards

What is compliance control?

Compliance control is a set of guidelines and policies designed to provide a framework for compliance to product teams and stakeholders. These guidelines and policies apply to everyone involved in compliance management—from board of directors to compliance officers or compliance managers to team members.

Common internal compliance controls can include the following:

  • Published standards, policies, and operating procedures
  • Training and documented completion of training
  • Internal audits
  • Contracts

External compliance controls are those that originate anywhere outside the company:

  • Laws and regulations
  • Industry standards
  • External audits
  • External risk assessments

What is a compliance management system?

A compliance management system is a program that integrates written documents, processes, functions, controls, tools, and anything else that helps organizations comply with regulations and reduce risks to consumers that arise due to violation of applicable law. While a comprehensive compliance management system will include appropriate tools such as software, it will also clearly define the roles of various stakeholders, including:

  • Team members
  • Compliance officers or compliance managers
  • Board of directors
  • Internal auditors

The compliance management system will also define processes for:

  • Assessing and responding to consumer complaints
  • Addressing results of a compliance audit
  • Providing relevant compliance training as appropriate
  • Keeping informed of regulatory change
  • Taking corrective action when products are found in violation

RELATED POST: How to Perform Better Impact Analysis on Upstream and Downstream Relationships

Why is maintaining compliance so important for product teams working in regulated industries?

Former US Deputy Attorney General Paul McNulty has stated, “If you think compliance is expensive, try non-compliance.” In any industry, non-compliance can lead to fines, product failures, and lawsuits—not to mention the cost of lost reputation, customers, and business.

For teams working in regulated industries, maintaining compliance is especially important as there are often unique safety and regulatory issues at hand. In industries such as automotive, aerospace, and medical devices, one product that fails to meet regulatory or legal standards could potentially lead to the kind of product failure that results in loss of property or human life.

Studies by the Ponemon Institute reveal that non-compliance can cost as much as 2.65 times what compliance costs. What’s more, the institute found that non-compliance costs increased by 45% between 2011 and 2017.

What are best practices for compliance management?

While the specific practices for compliance management will vary according to industry, there are some best practices for compliance management that any product team can use to ensure a successful product launch.

  • Identify compliance officers: If your company doesn’t have a dedicated compliance officer, identify someone on your team who can at least serve as an ad hoc compliance officer. Identifying the right person (or people) early in the development process will give a central point of contact so that no one is wondering who is in charge of compliance.
  • Learn relevant requirements: All members of the team should at least have a familiarity with the regulatory and legal environment around product development. In addition, everyone should subscribe to government and industry mailing lists or websites to stay up-to-date on changes to regulations. One study found that regulatory monitoring saved companies an average of $1.03 million.
  • Create a central repository of requirements: Rather than simply documenting requirements that are relevant only to one team or project, companies should create a central source of information for all compliance requirements, including internal procedures and standards. With one central source for all teams to access and contribute to, teams are less likely to miss requirements in the development process.
  • Establish traceability between requirements and standards, regulations, and other relevant compliance documents: By documenting traceability between the compliance requirements and project artifacts, product teams create a robust analysis tool that can provide invaluable detail and information for audits and reviews.
  • Implement tools that support compliance management: While there’s no substitute for having human input and control over compliance management, there’s no question that having the right tools can make compliance a more manageable task. The right tool will support product teams by providing a central source for traceability, requirements management, analysis, documentation, and all related activities.

What makes a compliance program effective?

A comprehensive and effective compliance program will:

  • Reduce costs: When teams have a program in place for comprehensive compliance management, it’s almost inevitable that the team or company will save money overall.
  • Improve risk management: Evaluating and assessing risks throughout the lifecycle will improve risk management across the development lifecycle. Good compliance management will help teams identify and assess risks early in the development process.
  • Keep product development well within organizational GRC framework: An effective compliance program will keep development in compliance with internal controls and the overall organizational GRC framework.
  • Improve speed to market: When compliance is fully integrated into product design and development, the risk of delays drops, and chances of shipping on time or early increase.

RELATED POST: Checklist: Selecting a Requirements Management Tool

What tools and software can help product teams maintain compliance during the application lifecycle?

A compliance management solution is an important piece of any compliance management system. Within the overall framework of a compliance management system, a compliance management solution will support workflows, self-assessments, surveys, and issue remediation. In addition, intuitive dashboards and charts can provide real-time insights into compliance processes. 

How can Jama help teams working in highly regulated industries, like medical and aerospace, maintain compliance during the application lifecycle?

Jama Connect gives product teams the tools they need to integrate compliance management into the design lifecycle. By tracking requirements and giving teams the traceability they need, Jama Connect simplifies compliance management by integrating it fully into the application lifecycle. To learn more about Jama Connect, contact us for a demo.


If you haven’t already, check out Part I of our ASPICE 101 blog series to learn about what the standard is and why it’s important to automotive development, and Part II, where we examine the similarities and differences between ISO 26262 and ASPICE. In this post, we take a look at the goals of ASPICE and the different compliance levels.

Fundamentally, the goal of ASPICE is to define best practices for development of embedded software for vehicles.

Given that a modern vehicle can involve hundreds of millions of lines of code, creating some objective “best practices” can only benefit the teams working on this code. And it’s not just how much code is required that adds complexity — it’s also the fact that companies increasingly work across geographic and industry boundaries. When looking for suppliers, having some objective standards of assessment can be useful.

ASPICE is based on the V-Model — a model that requires logical decomposition of requirements and rigorous evaluation through testing at each stage of development. This model benefits both suppliers and system integrators by giving opportunity to eliminate problems in early development stages and providing a framework for ideation and development.

ASPICE V-ModelIt also ensures continuous innovation and product development. On the left side of the V-Model are initial phases of product development.

  • Requirement Analysis: Discovering, listing, and prioritizing client requirements
  • System Design: Mapping client needs and putting them into a viable work model
  • Architecture Design: Organizing requirements into logical operations
  • Module Design: Creating software requirements that match system requirements and developing service units
  • Coding: Designing and implementing units; this is the point of the V

On the right side of the V-Model are the secondary phases of product development:

  • Unit Testing: Determining if code and design match and standards and requirements are met
  • Integration Testing: Evaluating software architecture and service units
  • System Testing: Integrating everything into the full system and testing
  • Acceptance Testing: Performing final tests

The advantage of the V-model is that it promotes testing and improvement throughout the development cycle. For each point along the V, there is a corresponding testing phase and additional traceability and management processes. Suppliers who follow this ASPICE model can earn certifications according to standardized achievement phases; the ASPICE standard is scored in levels from zero to five, which clients can use to evaluate the proficiency of the development team.

ASPICE levels are as follows:

LEVEL 0 | Basic

Teams at Level 0 are still developing processes or systems. They can, at most, “partially” achieve ASPICE requirements. These teams should focus most of their efforts on managing basic tasks.

LEVEL 1 | Performed

Teams achieving Level 1 either nearly or completely deliver standard ASPICE requirements, but likely have gaps in their processes.

LEVEL 2 | Managed

Level 2 teams can reliably deliver work products and almost or completely achieve ASPICE standards.

LEVEL 3 | Established

At Level 3, teams have established and set performance standards and are engaged in continuous improvement to constantly evaluate and learn.

LEVEL 4 | Predictable

Level 4 teams measure, record, and analyze outcomes; evaluate outcomes and processes objectively; and consistently meet performance standards.

LEVEL 5 | Innovating

Level 5 teams have reached a stage where they are not only consistently delivering high performance and quality products, but also engaging and investing in continuous improvement. These teams also analyze performance standards for quantitative feedback and causal analysis resolution.

ASPICE does not prescribe tools or techniques for teams, but rather gives a framework for examining the approach to internal development methods. The ASPICE standard is mostly generic and largely tool and process “agnostic” — that is, it gives a framework for evaluating the process and outcomes, but does not dictate the best processes or methods for every team. Because every team is different, this generic approach can help bring order and improvement to any team operating in any automotive system or space.

ASPICE levels look daunting, and for a start-up or young team, the idea of achieving Level 5 might seem out of the question. However, it’s important to note that Levels 4 and 5 are aspirational; most teams that achieve these levels are part of very large corporations. Level 2 is a more realistic initial target, and by the time teams are at Level 3, they are functioning at a standard broadly considered “excellent.”

How ASPICE Affects Automotive Development

The world of automotive development is only becoming more complex.

Some factors that are increasing complexity:

Consumer demand: A connected world means that consumers want seamless connectivity across their entire lives. The lines between work, home, and leisure are increasingly blurry, and consumers who still need vehicles to get from point A to point B will want all of those pieces of their lives to be integrated — even behind the wheel.

Increasing regulation: With the increasing complexity of auto systems and a focus on reducing climate impact, auto manufacturers will have to comply with new and possibly shifting regulations across different entities.

Rapid innovation: Technology continues to change and innovate at a breakneck pace. With systems increasingly integrated into automobiles, manufacturers will have no choice but to keep up with innovation. In fact, as of 2019, 80% of product innovation in automotive comes through software development

Fortunately, ASPICE can help auto suppliers and original equipment manufacturers (OEMs) respond to this increasing complexity in multiple ways:

Control the process: ASPICE gives teams clear guidance for evaluating and controlling their development processes, which can help ensure product quality, shorten time to market, and reduce costs.

Streamline supplier selection: By clearly defining levels of achievement, ASPICE can help OEMs assess and evaluate suppliers. If suppliers achieve Level 2 or 3 in ASPICE, OEMs can be fairly certain they are getting quality products.

Reduce costs and improve time to market: Because ASPICE is more concerned with process than with specific regulations or safety guidelines, using the standard can help teams reduce costs and improve efficiency, thereby improving overall market competitiveness.

How to Ensure Compliance with ASPICE

Most automotive developers are rigorously working towards ASPICE compliance and there are many advantages to aiming for it.

1.) It’s possible that compliance will be required some time in the future, so working toward it now is a positive step in preparation.

2.) Automotive development is only getting more complicated, not less, and development will continue to require teamwork across industries, companies, and geographies. Working within the ASPICE standard will help ensure consistency.

3.) Working within ASPICE will give teams a competitive edge over other suppliers and OEMs who are not yet using the standard.

But knowing that compliance is desired and actually achieving it are two different things. How can teams ensure compliance with the ASPICE standard?

Start with an honest assessment.

Teams can’t know where to go until they know where they are. A good place to start is to draft current processes and compare them to the ASPICE V-model. This effort can provide good insights into current levels compliance and where improvements can be made.

Confront the gaps and missing pieces.

Most teams will have some gaps in their processes or procedures. Likewise, some teams will have unclear separation between steps in the V-Model. Look at the gaps and assess how to close them, and identify where additional steps should be introduced.

Include stakeholders.

Be sure that all stakeholders have complete visibility into the ASPICE compliance efforts, and clearly define the resources those stakeholders can provide where necessary.

Test every phase.

Testing is vital to ASPICE compliance. Be sure to include rigorous testing at every phase in the process.

Operate under the new guidelines.

Once the plan is in place, implement it immediately.

Reassess and improve.

After completing a new product under the new ASPICE compliant processes, reassess, evaluate, and look for ways to improve. This constant focus on improvement is what allows teams to achieve higher levels of ASPICE compliance.

ISO 26262 vs. ASPICEIf you haven’t already, check out Part I of our ASPICE 101 blog series to learn about what the standard is and why it’s important to automotive development. In this post, we take a look at ISO 26262 vs. ASPICE and examine the similarities and differences between these two important automotive standards.

ISO 26262 vs. ASPICE for Automotive Compliance

Of course, automotive companies already use ISO 26262, and introducing yet another automotive compliance piece into a very full process may feel overwhelming. It’s understandable why companies would be asking if they need to adhere to both ASPICE and ISO 26262 when they are already focused on ISO 26262 compliance.

The answer, in short, is that while there is no regulatory requirement to use ASPICE, using the model can greatly benefit companies that want to stay competitive in the automotive industry. According to the Project Management Institute, 47% of project failures can be traced back to poor requirements; any guidance or set of standards that can help mitigate that risk is worth the implementation effort.

While ASPICE and ISO 26262 are complementary and do overlap in places, they ultimately serve different purposes. ISO 26262 covers functional safety standards for vehicles. It incorporates safety analysis methods that account for random and systematic errors in electrical and electronic systems and is broadly adopted worldwide. ASPICE is the current standard for software best practices in the automotive industry. It covers how to conduct software and systems design whether or not safety is a concern.

The best approach for automotive development teams is to consider both ASPICE and ISO 26262 guidelines.

ISO 26262 vs. ASPICE: Similarities and Differences

There are several key distinctions between ASPICE and ISO 26262:

ISO 26262 vs. ASPICE

Stay tuned for our next post in the ASPICE 101 blog series where we discuss goals, requirements, and levels of ASPICE compliance. 

ISO StandardsIf you’ve worked in product development for any time at all, you’ve probably heard the term “ISO” used in conjunction with the terms “standards” and “compliance” (along with a variety of four- and five-digit numbers).

But what does that all mean, and how does it affect you? In this article, we will provide you with a basic guide to understanding ISO standards.

What is ISO and What are ISO Standards?

The International Organization for Standardization is a nongovernmental organization. It consists of a network of standards bodies from 165 member countries (currently), with one body representing each member country. The American National Standards Institute (ANSI), for example, represents the United States. The organization maintains a central office in Geneva, Switzerland, to oversee this network.

Because “International Organization for Standardization” is a mouthful and would have different acronyms in different languages, the organization’s founders chose ISO—derived from the Greek ‘isos’, meaning equal—as its official abbreviation. As the group’s website proclaims: “Whatever the country, whatever the language, we are always ISO.”

ISO’s purpose is to help unify standards on an international basis. ISO standards are designated by the term ISO followed by a number, like ISO 9001. In some cases, ISO standards share a numeric code with an industry association, as in the case of ISO/IEC 12207. IEC stands for the International Electrotechnical Commission, which prepares and publishes international standards for electrical, electronic, and related technologies.

Nearly 800 ISO technical committees and subcommittees are tasked with standards development. As of June 2021, ISO has published some 23,886 international standards covering almost all aspects of technology and manufacturing.

What Are the Benefits of ISO Standards?

ISO forms a bridge that links the public and private sectors. Many of its member institutes are either departments of their national governments or mandated by them. Other member organizations are rooted solely in the private sector, having been set up by industry association partnerships within their country. ISO helps these diverse bodies reach consensus on solutions that meet both the requirements of business and the broader needs of society.

ISO standards help make the world a safer place and give consumers confidence that the products they buy are safe, reliable, and of high quality. Regulators and governments count on ISO standards to help develop better regulation, knowing they have a sound basis thanks to the involvement of globally recognized experts.

Finally, compliance with ISO standards gives companies an advantage in the marketplace. ISO certification provides assurance to potential customers that the company adheres to industry best practices. In many industries, companies require that their suppliers are certified to certain relevant ISO standards.

RELATED POST: How to Perform Better Impact Analysis on Upstream and Downstream Relationships

How Does ISO Design New Standards?

The ISO process for creating a new standard begins when an alliance of industry associations or consumer groups submits a request. ISO then recruits subject matter experts and industry stakeholders to form a technical committee or subcommittee. This committee executes a two-round drafting process and then takes a formal vote on the second draft. This second draft is called the Final Draft International Standard (FDIS). If the FDIS is approved, it is certified by the central secretariat, and ISO publishes it as an official international standard.

As technologies and best practices evolve, industry associations may request an update of an ISO standard. Different versions of the standard are distinguished by the year the revision was published appended to the standard designation. For example, the latest version of ISO 9001 is ISO 9001:2015.

What ISO Standards Are Related to Product Development?

ISO 9001

The ISO 9000 family of quality management standards is easily the most popular set of industry standards in the world. Of these, ISO 9001 is the only one to which companies can be certified.

ISO 9001 describes how to put a Quality Management System (QMS) in place to better prepare your organization to produce quality products and services. Today, over one million companies in more than 170 countries are certified to ISO 9001:2015.

ISO/IEC 12207

ISO/IEC 12207, Systems and software engineering – Software lifecycle processes aims to define all the processes required for developing and maintaining software systems, including the outcomes and/or activities of each process.

First introduced in 1995, ISO/IEC 12207 establishes a common framework for software life cycle processes with well-defined terminology that can be referenced by the software industry. It defines the processes, activities, and tasks to be applied during the acquisition of software products or services, as well as during the supply, development, operation, maintenance, and disposal of software products and to the software portion of firmware, as well.

ISO/IEC 12207 also provides a process that can be employed for defining, controlling, and improving software life cycle processes.

ISO 8887

ISO 8887 specifies the requirements for the preparation, content, and structure of technical product documentation (TPD) of the design output for the cycles of manufacturing, assembling, disassembling, and end-of-life processing of products. It describes the TPD needed at the critical stages of the design process.

Beyond those requirements, the standard also identifies and describes methods and conventions appropriate to the preparation of documentation necessary to realize a design, including the application to multiple life cycles. ISO 8887 also incorporates guidance on the ultimate reusing, recovering, recycling, and disposing of the components and materials used.

ISO/TS 16949

Based on ISO 9001, ISO/TS 16949 is a technical specification (TS) aimed at the development of a quality management system that provides for continual improvement within the automotive industry. First published in 1999, it emphasizes defect prevention and the reduction of variation and waste in the automotive industry supply chain and the assembly process.

According to the British Standards Institution (BSI), the ISO/TS 16949 standard was created by the International Automotive Task Force (IATF) to help streamline this process. It focuses on the avoidance of errors and defines the requirements for the development, production, and installation of automotive-related products. Today, certification is required by almost all Tier 1 companies, many of whom require their Tier 2 and Tier 3 suppliers to certify. As a result, over 50,000 certifications have been issued to date against this standard.

ISO 26262

ISO 26262, Road vehicles – Functional safety applies to safety-related systems that include one or more electrical and/or electronic (E/E) systems and that are installed in series production passenger cars. Introduced in 2011, this standard addresses possible hazards caused by malfunctioning behavior of E/E safety-related systems, including the interaction of these systems.

With the increased number and interaction of electronic systems within passenger vehicles, this standard is being adopted rapidly within the automotive industry.

ISO 13485

Unlike many ISO standards, ISO 13485, Medical Device Quality Standards, is a single document and does not belong to a family. It was originally published in 2003 and revised in 2016.

ISO 13485 puts a quality management system in place for the production of medical devices and equipment and is very specific to the health industry. It is often implemented with ISO 9001 to show that an organization is qualified to do business in the medical device field.

ISO 13485  is a regulated standard against which over 25,000 certifications have already been issued.

RELATED POST: Checklist: Selecting a Requirements Management Tool

How ISO Affects the Product Development Process

Product developers sometimes ask, “What are the differences between standards and requirements?”

According to Merriam-Webster, a requirement is “something wanted or needed; a necessity” or “something essential to the existence or occurrence of something else.” Other definitions include “a necessity or prerequisite” and “something required or obligatory.”

Webster’s defines a standard as “something set up and established by authority as a rule for the measure of quantity, weight, extent, value, or quality” or “something established by authority, custom, or general consent as a model or example.” In other words, a standard is a principle, example, or measure used for comparison—a benchmark used to evaluate suitability for a purpose.

To meet a requirement, a thing, person or organization must do exactly what the requirement says. To meet a standard, a thing, person or organization must meet the minimum requirements of the standard and align with its intent. Standards typically allow some leeway for tailoring to individual organizational practices and obligations.

As mentioned earlier, many corporate and governmental customers want their suppliers to adhere to certain ISO standards, especially in industries that are multi-tiered or highly regulated. Certification to applicable standards is often a contractual requirement within those industries.

Is ISO Compliance Required by Law?

The ISO standards themselves are not legally binding. There are no laws that compel companies to meet or be certified to any ISO standards.

However, national regulators may refer to ISO standards as examples of good practice. For example, a building regulation might say you must comply with certain local regulations and that one way of complying with those is to comply with a given ISO standard.

Also, while not legally bound, many companies find certification to certain ISO standards is a necessity if they wish to compete for contracts within their industry or with specific customers.

Want the inside scoop? See what users are saying about Jama Connect

What is ISO Certification?

In this guide, we’ve talked frequently about ISO compliance and ISO certification. So, what’s the difference?

Compliance simply means that your product or process conforms to the requirements of the ISO standard. ISO certification, on the other hand, is the result of a formal procedure and thus a bit more complicated.

ISO itself does certify companies directly. Instead, specific certification bodies perform the task of auditing and then certifying an organization’s compliance with a given ISO standard. These bodies, often known as registrars, must themselves be certified under a separate standard, ISO/IEC TS 17021.

During the certification process, the registrar audits the organization to ensure that its operations are in compliance with processes outlined in the current ISO standard. Where inconsistencies or “non-conformities” are found, the organization must typically create a program for correcting these problems before the registrar will issue a certificate.

Once an organization is granted certification, it receives a certification mark that can be used on its company stationery, websites, etc.

When it comes to ISO standards governing ongoing business practices, like ISO 9001 for example, approval is typically valid for a period of three years. After that, the company must recertify to the current form of the standard.

Applying ISO Standards in Lifecycle and Requirements Management

What tools can help meet ISO standards in the realm of product lifecycle management? Jama Software provides several.

First and foremost of these is our flagship product, Jama Connect. For example, let’s say your organization is seeking certification to ISO 9001. To achieve that certification, you need to demonstrate you have put in place a defined, repeatable process for assuring quality. Jama Connect is a tool built specifically for requirements management and requirements traceability. Not only does Jama Connect simplify the tracking and tracing of requirements, it also makes it simpler and easier to maintain and demonstrate a robust quality process. That’s because Jama Connect automates so much of your requirements management process.

We’ve also built guides that will help you build compliance with specific ISO standards. If you work in the automotive sector, you may want to check out our guide for ISO 26262 compliance. Likewise, if you work in the medical device field, be sure to get a copy of our Guide to ISO 13485 for Medical Device Development.

Finally, to learn more about choosing the right requirements management tools to help your company attain or maintain ISO certification, download our Requirements Management Buyer’s Guide.

IATF 16949

Throughout this automotive blog series, our experts have described numerous ways that Jama Connect can support and accelerate product development for automotive suppliers and OEMs and drive compliance to key safety standards like ISO 26262. Now let’s look at how requirements management and this focus around functional safety fit into the larger view of organizational quality management systems (QMS) aligned with IATF 16949:2016.

International Automotive Task Force (IATF) 16949

The IATF 16949 standard defines the components of an automotive industry aligned quality management system to provide a harmonized structure for companies to implement and meet their customers and the broader markets expectations for quality and consistency of organizational processes.  IATF 16949 also fully aligns with the structure and application of ISO 9001:2015 and is focused on seven Quality Management Principles:

  1. Customer Focus
  2. Leadership
  3. Engagement of People
  4. Process Approach
  5. Improvement
  6. Evidence-based Decision Making
  7. Relationship Management

While ISO 26262 defines functional safety and focuses at the project or product level, IATF 16949 is a broad-based organizational standard that defines a way of working for various functions throughout the business.  A good example of the contrast in scope is the text of section of IATF 16949:  “The organization shall ensure that design and development planning includes all affected stakeholders within the organization and, as appropriate, its supply chain.”

Jama Connect for Automotive

While different in scope and scale, there are certainly several key tenants in both standards that mean a requirements management tool like Jama Connect® for Automotive is critical not only for compliance – but for efficient execution that drives value for customers. Here are three topics to consider:

RELATED: Watch a demonstration of the Jama Connect for Automotive Solution

Requirements Matter

To assure the first principle of Customer Focus, requirements must be central to any quality management system implementation. The standard explicitly accounts for items like review of requirements and feasibility assessment, evidence of customer-waived requirements, and communication of changes to ensure impacts are accounted for in downstream operations. Maintaining tight control of requirements, including reviews and versioning, creates the foundation that a robust quality management system can build upon.

Safety and Quality Go Hand in Hand

Product safety is specifically outlined in Section of the IATF 16494 standard – and although it’s not prescriptive, it does align implicitly with ISO 26262 and acknowledges that safety is a key measure of quality and conformance of products and processes. Key areas of alignment between safety and quality standards, and supported by Jama Connect for Automotive, which will accelerate or strengthen a quality management system include:

  • Technical safety requirements
  • System architectural designs
  • Hardware design and verification
  • Software design and verification
  • Hazard Analysis and Risk Assessment (HARA)
  • Project management
  • Change control
  • Confidence in the use of software tools

Stakeholder Engagement is Critical

To meet the requirements of a strong quality management system, particularly in the automotive sector, requires both internal and external stakeholder engagement – and puts a particular focus on the role of top management.  With this focus, maintaining strong alignment and communication within the organization and with the supply chain is crucially important. Organizations may bring stakeholders into a formal review process or may exchange information through industry standard protocols such as ReqIF [link to Part III blog], in order to ensure optimal QMS performance. Regardless of method or specific process – maintaining clear documentation, managing change, capturing approvals and/or electronic signatures at appropriate milestones, and maintaining overall traceability of quality and safety data are all key to success in this complex web of internal and external stakeholders.

Jama Connect for Automotive includes a fully functional framework that teams can use to start getting value immediately as a component of a quality management system aligned to IATF 16949:2016. This includes complete documentation for how to complete each process most efficiently in Jama Connect for Automotive. Industry-specific Professional Services are also included to guide customers through the inevitable customizations needed by each organization.

To learn more about how Jama Connect for Automotive can help your team simplify compliance, streamline development, and speed time to market, download our solution overview.