Tag Archive for: Requirements & Requirements Management Page 4

Tag Archive for: Requirements & Requirements Management

Jama Connect® Named as the 2025 TrustRadius Top Rated Winner in Requirements Management

Jama Connect Named as the 2025 TrustRadius Top Rated Winner in Requirements Management

We are thrilled to announce that Jama Connect has been honored as a 2025 TrustRadius Top Rated Award winner in the “Requirements Management” category! This recognition underscores our commitment to delivering industry-leading tools that empower teams to efficiently manage requirements and associated processes. But what makes this achievement particularly meaningful is that this award is based entirely on the candid feedback of those who use Jama Connect in real-world scenarios.

Why the TrustRadius Top Rated Award Matters

The TrustRadius Top Rated Awards are among the most trusted accolades in the B2B technology space. Unlike analyst-driven awards, these honors are determined exclusively by verified customer reviews. To win, products must meet strict criteria, including a high volume of positive reviews, consistent high ratings, and a strong trScore, which evaluates reviews for quality, recency, and depth.

Earning this recognition signifies that Jama Connect excels in meeting the needs of our users, as acknowledged by the very people who rely on our solution to deliver remarkable outcomes.

Reflecting on the Value of Jama Connect

Jama Connect is a trusted partner for teams navigating complex development projects across industries. Whether it’s supporting product innovation in aerospace, ensuring compliance in highly regulated medical fields, or improving efficiency in agile software development, Jama Connect provides the tools necessary for collaboration, traceability, and success.

Here’s what some of our customers have to say about their experience:

“Jama Connect has the best UI compared to DOORS, Codebeamer, and [PTC Integrity]. It’s the clearest to use with the best usability. For example, making traces between requirements is as straightforward as clicking a button. The trace matrix view is highly configurable to show anything you need.” (Verified User, Medical Device Company)

“We are using Jama Connect to be more than just a requirements management tool – we are using Jama Connect as the single source of truth to contain not just the requirements, but also the why and how the system is the way it is. It helps us engage stakeholders, both junior and senior, due to its user-friendly interface.” (Chris Armstrong, Lead Systems Engineer, JFD)

“We use Jama [Connect] for centralized requirements administration of sector-wide projects and development. The intuitive review module and quick-marking features make managing requirements seamless.” (Verified Professional, Oil & Energy Company)

These testimonials illustrate Jama Connect’s powerful impact on our users’ workflows and show why teams across the globe trust us as their go-to solution for requirements management.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Software Development

Customer Feedback Drives Our Innovation

At Jama Software, we consider user feedback to be a critical component of our development process. We consistently listen to customers and translate their insights into actionable improvements. One reviewer highlighted this commitment, stating:

“We pretty much use it (Jama Connect) for the entire software development lifecycle and utilize its review/approval and baselining system for our controlled documents.”

Our agility and dedication to continuous improvement help ensure that Jama Connect remains a market leader to support evolving customer needs.

Why Organizations Choose Jama Connect

What differentiates Jama Connect is not just its robust features but the way it revolutionizes how teams manage the product lifecycle. By bringing stakeholders together and enabling clear, traceable processes, we make it easy for organizations to focus on outcomes, even in the most challenging and regulated environments. Key benefits include:

  1. Live Traceability™: A hallmark of Jama Connect, this feature enables teams to maintain real-time visibility into the interconnections between requirements, decisions, and test cases, ensuring that everyone is working with up-to-date information.
  2. Streamlined Regulatory Compliance: Simplify alignment with frameworks like ISO 26262 and FDA 21 CFR Part 11 using Jama Connect’s built-in templates and automated tracking.
  3. Collaboration at Scale: Empower distributed teams with tools like stakeholder commenting, intuitive workflows, and export functionality to foster engagement and decision-making.

These features have been widely acknowledged by our customers, including one who shared:

“The export tools to PDF and Word for our regulatory needs have saved us a ton of time. We use Jama Connect for risk management, validation, and planning. It’s well organized and helps streamline collaboration across teams.”

RELATED: The Benefits of Jama Connect: Supercharge Your Systems Development and Engineering Process

What’s Next for Jama Connect?

Winning the 2025 TrustRadius Top Rated Award inspires us to continue innovating and elevating the Jama Connect experience. We are actively working on updates that incorporate more automation, deeper analytics, and enhanced user experiences, helping customers tackle emerging challenges with efficiency and confidence.

We’re always listening to your feedback and using it to make Jama Connect even better. Our goal is to keep evolving alongside your needs and ensure it stays the go-to tool for requirements management.

Experience the Future of Requirements Management

This recognition solidifies why thousands of professionals trust Jama Connect to guide their projects to success. If you haven’t yet discovered what sets our platform apart, now is the time.

Whether you’re seeking to improve compliance, streamline product development, or simplify communication across teams, Jama Connect has the solution you need.

A Heartfelt Thank You

To our incredible community of users, thank you for making this milestone possible. Your trust and feedback inspire us to push boundaries and continue delivering tools that help your teams thrive. This achievement is as much yours as it is ours, and we look forward to supporting you for years to come.

Here’s to more innovation, collaboration, and success together.
Start your free trial of Jama Connect today!

Construction’s Next Leap: AI as a Strategic Partner

Jama Software is always looking for news that would benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article from AEC Business, titled “Construction’s Next Leap: AI as a Strategic Partner”, and written by Aarni Heiskanen and published on May 24, 2025.

Construction’s Next Leap: AI as a Strategic Partner

In this episode of the AI AEC Show, Aarni Heiskanen welcomes back René Morkos, PhD, the visionary founder and CEO of ALICE Technologies, to explore the latest advances in artificial intelligence for construction scheduling and project optimization.

The Shift: Generative AI Comes to Construction

Since their last conversation, René highlights the most significant change in the construction tech landscape: the rapid rise of generative AI and large language models (LLMs). These tools are fundamentally altering how project data is accessed, analyzed, and leveraged across the industry.

René explains how ALICE Technologies has embraced this transformation by developing two AI-driven scheduling agents. These agents don’t just generate optimized schedules—they can also interact conversationally with planners, offering insights into delays, critical tasks, progress updates, and more. This represents a leap from static scheduling tools to dynamic, intelligent collaboration.

RELATED: Expert Perspectives: The Shift Towards Systems Engineering in the Architecture, Engineering, and Construction (AEC) Industry

Breaking Down Data Silos

One persistent challenge in construction is fragmented and unstructured data. AI offers a promising way forward. René points to solutions like Trunk Tools, which allow users to query entire project datasets in natural language—”Show me the change orders” or “Summarize this RFI”—without needing to manually sift through files.

This democratization of data access, powered by AI, is eliminating a long-standing bottleneck in construction project management.

A Platform for Optimization

René also discusses how ALICE’s platform not only helps plan construction projects but actively explores “what-if” scenarios—testing and comparing thousands of possible construction strategies. This simulation-based approach enables teams to reduce risk, save time, and improve project outcomes with confidence.

RELATED: Six Key Challenges in the Architecture, Engineering, Construction, and Operations (AECO) Industry and How to Solve Them with Jama Connect>sup>®

The Road Ahead

Looking forward, René envisions an increasingly automated construction planning ecosystem. As he puts it, we’re moving toward a future where the question is not just “what’s the plan?” but “what’s the best possible plan, and how do we know?” AI will provide the answers.

Takeaway: AI is not just a support tool—it’s becoming a decision partner in designing, scheduling, and executing construction projects.

Self-Hosted and Cloud: Flexible Deployment Options for Your Requirements Management with Jama Software

Self-Hosted and Cloud: Flexible Deployment Options for Your Requirements Management with Jama Software

Efficient requirements management is vital for the success of any organization, especially in industries like aerospace, defense, and government, where compliance, security, and accuracy are paramount. Jama Software provides a sophisticated and adaptable requirements management solution, ensuring that your teams stay ahead in competitive and highly regulated fields.

But did you know that Jama Connect® isn’t only available as a cloud solution? Depending on your organization’s unique needs, you can also choose a self-hosted deployment option. This flexibility is the perfect answer for industries requiring strict data sovereignty, air-gapped environments, or regulatory compliance.

While Jama Connect is well-known for our cloud deployment option, we actually originated as a self-hosted product more than twenty years ago. And two decades later, we remain committed to delivering the best platform and customer experience for our self-hosted and cloud customers.

Curious about which deployment option best suits your business? This post will break down when to choose Jama Connect Cloud versus the self-hosted deployment. We’ll also answer frequently asked questions to help you make informed decisions.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

When to Choose Jama Software Cloud vs. Self-Hosted

Jama Connect Cloud and Jama Connect Self-Hosted both empower effective requirements management. However, certain use cases demand one option over the other.

Jama Connect Cloud

Best for organizations that value ease of deployment, automatic updates, and seamless access. Key benefits include:

  • Automatic Updates and Maintenance: Benefit from the latest features and security enhancements without manual effort.
  • Anywhere, Anytime Access: Teams can access data on-demand, enabling global collaboration without roadblocks.
  • Cost Efficiency: Eliminate the need for large IT infrastructure spendings; we handle hosting for you.
  • Geographically Distributed Hosting: To ensure reliability and security, Jama Software hosts data in highly secure and strategic cloud locations. For customers in the US, we host data in Oregon, with a backup in Ohio. For EMEA customers, data will not leave the EU in line with GDPR. Two copies of the data is hosted in Ireland, with a backup in Germany. Jama Connect add-ons – Jama Connect Interchange™ and Jama Connect Advisor™ – can also be hosted in the US or EU.

Ideal for industries like tech startups, mid-sized enterprises, and companies prioritizing agility and scalability in requirements management.

Jama Connect Self-Hosted

Organizations working in highly regulated industries often need tighter control over their data. This deployment ensures robust security and customization on your own infrastructure. Benefits include:

  • Data Sovereignty: Maintain control of sensitive data and ensure compliance with local regulations.
  • Air-Gapped Environments: Operate without internet connectivity, ideal for sectors like aerospace and defense that mandate offline solutions.
  • Regulatory Compliance: Handle development processes under strict standards like ITAR, ECJU, and EAR.

Ideal for industries such as government, aerospace, and defense, where security and compliance are non-negotiable.

Jama Connect Deployment Options

Jama Connect ensures that your needs are met, whether you lean toward cloud solutions or prefer in-house deployment. Here’s how Jama Connect offers robust flexibility in deployment:

Cloud Deployment

Our cloud-based SaaS solution takes the burden of infrastructure management off your shoulders. It ensures faster setup, seamless updates, and scalability as your teams grow. Collaborate easily across distributed teams while we manage the heavy lifting of security and operational efficiency.

Self-Hosted Deployment

Need control down to the last detail? Self-host Jama Connect within your IT infrastructure. This option provides your team with complete autonomy over data, operational configuration, and security measures. Your infrastructure, your rules.

Do you have questions about configuring a self-hosted deployment? Our experts are here to help. Schedule a consultation to explore the best option for your business.

RELATED: Jama Connect Amazon Web Service (AWS) GovCloud US Hosting

FAQ: Common Questions About Jama Software Deployment Options

Still not sure which deployment is right for you? Below are answers to some frequently asked questions.

Is switching between Jama Connect Cloud and Self-Hosted possible?

Yes, we offer migration support to ensure your data transitions smoothly between deployment types when upgrading or restructuring operations.

Do both deployments support compliance with industry standards?

Absolutely! Whether cloud-based or on-premises, Jama Connect supports compliance with requirements like ISO 26262, DO-178C, DO-254, and other critical regulatory standards. Your choice of deployment will not limit compliance functionality.

What level of IT support is required for the self-hosted deployment?

Self-hosted deployments require your organization to manage backups, updates, and server maintenance. However, we provide technical guidance to your IT teams to ensure a smooth setup.

Does the cloud option support multi-location teams?

Yes! With the cloud deployment, all team members, regardless of their geographic location, can work collaboratively without latency or access issues.

What security measures are in place for both deployment options?

  • For Cloud: Ongoing updates, SOC2 certification, and AWS GovCloud hosting ensure enterprise-grade security.
  • For Self-Hosted: You’ll adhere to your internal security protocols (including CMMC security requirements) and configurations.

Jama Software Provides a Smarter Approach to Requirements Management

When it comes to requirements management, there’s no “one-size-fits-all.” Jama Connect adapts to your unique organizational needs, whether you need a hands-off cloud solution or an air-gapped, team-managed infrastructure.

Experience seamless collaboration, reduce compliance risks, and ensure stakeholder alignment across your organization with Jama Software. Are you ready to optimize your requirements management process?

Explore our deployment options and see how Jama Connect aligns with your vision of compliance, security, and efficiency.

Learn More About Jama Software’s Deployment Options

Empowering Complex Medical Device and Life Sciences Development with Responsible AI and Machine Learning
Empowering Complex Medical Device and Life Sciences Development with Responsible AI and Machine Learning

Artificial intelligence (AI) and machine learning (ML) are transforming industries across the globe, and the medical device and life sciences sectors are no exception. Today, the development of complex medical devices is being accelerated and optimized with the integration of responsible AI. From enhanced product design to improved compliance and streamlined workflows, AI is allowing teams to accelerate their workflows.

This blog aims to explore the expected impact of AI on medical device development — including current industry trends, regulatory considerations, and how companies like Jama Software are empowering organizations to leverage AI responsibly.

Types of AI Medical Devices

AI medical devices are rapidly transforming healthcare by introducing advanced diagnostic, therapeutic, and monitoring capabilities. Among the 950 AI-powered medical devices currently identified, several core categories stand out:

  1. Diagnostic Tools: AI-driven diagnostic devices are designed to assist in identifying diseases and conditions with greater accuracy and efficiency. These include imaging systems equipped with machine learning algorithms to detect abnormalities in X-rays, MRIs, and CT scans, as well as AI software for analyzing pathology reports or genetic data. Such tools are especially beneficial in early disease detection, reducing diagnostic errors, and improving patient outcomes.
  2. Monitoring Devices: Another significant category is AI-enabled monitoring devices. These systems continuously track patient vitals, such as heart rate, blood pressure, glucose levels, or oxygen saturation, and can alert healthcare providers to early warning signs of complications. Wearable sensors and remote patient monitoring platforms powered by AI are playing a crucial role in providing real-time health insights, especially for chronic disease management.
  3. Therapeutic Systems: AI-powered therapeutic devices support or enhance treatment strategies. Examples include robotic surgery platforms with AI for precise surgical execution, as well as AI software that tailors treatment plans using patient-specific data. These systems are helping doctors optimize therapies and deliver more effective and personalized care.
  4. Decision Support Applications: AI-based decision support tools are designed to assist clinicians in making informed decisions. These devices analyze vast amounts of medical data to provide evidence-based recommendations or predict potential complications. They are widely used to guide treatment strategies and manage complex conditions with a data-driven approach.

By focusing on these categories, it becomes clear that AI medical devices are not only advancing the standard of care but also addressing critical gaps in healthcare delivery through innovative applications of artificial intelligence.

Medical device manufacturers are leveraging AI and ML in several groundbreaking ways. The U.S. Food and Drug Administration (FDA) has already approved over 950 AI-enabled medical devices as of mid-2024. This reflects a dramatic rise over the past decade and highlights the growing adoption of AI technologies. Here are key areas where AI is making a difference in medical device development:

Current Regulations for AI and ML in Medical Device Development

While the potential of AI is evident the successful adoption of these technologies requires adherence to evolving regulatory frameworks. The FDA has been actively addressing the need for guidelines in this space, ensuring a balance between innovation and safety.

FDA Guidance and Regulations

The FDA oversees AI-enabled devices through various pre-market pathways, including:

  • Premarket Notification (510(k))
  • De Novo Classification
  • Premarket Approval (PMA)

To accommodate the complexities associated with adaptive AI/ML-enabled devices, the FDA has released multiple resources, such as the 2024 Artificial Intelligence and Machine Learning Action Plan, which outlines the agency’s vision for regulatory oversight. Key highlights include:

  • Development of Good Machine Learning Practices (GMLP).
  • Introduction of frameworks for Predetermined Change Control Plans, allowing for post-market updates to AI systems without requiring new approvals.
  • Enhanced transparency for AI-powered medical devices.

New FDA Guidance: To learn more about recent guidance provided by the FDA, read these two articles:

Global Considerations

Beyond the U.S., regulatory developments in Europe, including the EU AI Act and MDR compliance, are impacting how organizations worldwide approach AI implementation in medical devices.

Staying compliant demands robust traceability, stringent risk management protocols, and adherence to data security standards.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

Trends and Insights for AI-Powered Medical Device Development

The trajectory of AI in medical device development is poised to grow exponentially, driven by several key trends:

Shift to Software-Defined Devices

Medical devices are increasingly becoming software-centric. Traditional hardware is giving way to platforms that can be continuously enhanced through software updates.

Integration of Generative AI

Generative AI algorithms are now being used by medical device manufacturers to create simulations, generate testing data, and optimize device designs. Companies like NVIDIA are spearheading this trend with platforms supporting robotics and digital surgery.

Rise of Collaboration and Ecosystem Growth

Partnerships between MedTech companies, academic institutions, and tech giants are fueling innovation. Startups like Moon Surgical and Aidoc demonstrate how collaborations can lead to cutting-edge AI implementations in laparoscopy and diagnostic tools.

Broader Applications Beyond Radiology

While radiology remains at the forefront, AI is expanding rapidly into fields like:

  • Neurology: Detecting brain activity anomalies.
  • Cardiology: Spotting arrhythmias through AI-powered stethoscopes.
  • Oncology: AI-enabled tools for precision cancer diagnosis.

RELATED: Industry-leading Practices Modernize Legacy Public Health Software System, a Deloitte Customer Story

Jama Software’s AI Initiatives for Medical Device Development

With the rise of AI-enabled medical devices, Jama Software is focused on how organizations can incorporate AI applications in their product development processes to improve quality and accelerate development. Here are a few example use cases Jama Connect® is focused on:

Jama Connect Advisor™

Jama Connect Advisor analyzes your product requirements against industry standards such as INCOSE Rules and EARS Notation, then recommends improvements. This fast, accurate analysis and advice helps your requirements align with engineering-focused natural language and best practices.

Benefits of using Jama Connect Advisor:

  • Improves the quality, accuracy, and usability of your requirements across your organization.
  • Assists development teams in standardizing the process and language of requirement authoring.
  • Saves time for authoring, reviewing, and updating requirement statements.
  • Helps deliver programs and projects on time and on budget.
  • Reduces the risk of late-stage errors.

Test Case Intelligence

Streamline verification and accelerate to market with AI-generated test cases derived from requirements.

Jama Connect Test Case Intelligence features using AI and showing how the functionality appears and performs.

Intelligent PDF Parsing

Quickly parse PDFs and Office files, match to existing IP, or generate new requirements for review and collaboration. AI enhances reuse, speeds RFPs, streamlines supply chain collaboration, and boosts product quality.

Example of the use of AI to intelligently parse out information from a PDF to import into Jama Connect.

Learn more about Jama Software’s AI initiatives by visiting: https://labs.jamasoftware.com/

Transforming the Future with Responsible AI

Integration of AI and ML is already accelerating and changing medical device development. From enabling groundbreaking technologies to revolutionizing patient care, AI is laying the foundation for the medical devices of tomorrow. However, success in this domain requires balancing innovation with compliance, backed by robust tools that alleviate complexity.

Jama Software’s AI solutions empower organizations to tackle these challenges head-on, reducing risks, streamlining workflows, and ensuring quality at every step of medical device development.

Want to see how AI can streamline your product development?

Book your free demo today and experience the power of AI in revolutionizing requirements management for medical devices.

Improve Traceability and Enhance Coverage with Live Trace Explorer™

Engineering teams today face growing challenges in maintaining requirement coverage, managing risks, and making informed, data-driven decisions,  all while working with siloed tools and tight deadlines. Simply meeting the minimum traceability requirements isn’t enough to stay competitive.

Live Trace Explorer™ helps teams visualize end-to-end trace relationships, identify gaps, validate coverage, and ensure quality in real time. With advanced filtering capabilities, you can focus on what matters most to keep your projects on track, compliant, and aligned with traceability best practices.

In this session, host Francis Trudeau will show you how Live Trace Explorer enables engineering teams to visualize trace relationships, validate coverage, pinpoint gaps, and ensure quality, all in real-time. You’ll also learn how advanced filtering capabilities help you focus on what matters most, while aligning your traceability practices with industry best practices.

What You’ll Learn:

  • The vision behind Live Trace Explorer and its evolution
  • How to use filtering to enhance clarity, control, and support traceability best practices
  • Strategies for leveraging traceability to manage risk and ensure compliance
  • This is your chance to gain actionable insights, contribute to the evolution of traceability tools, and stay ahead in managing risk and compliance.

VIDEO TRANSCRIPT

Francis Trudeau: My name is Francis Trudeau, and I’m a Product Manager at Jama Software. I’m also a curious Scout leader who thrives in the great outdoors and enjoys a good story. Now, picture me as a hiker standing at the foot of a mountain, and that mountain represents the path of development, the climb towards a vision that guides our every step. My specific role is to give you a clearer, elevated view, helping you navigate your projects from start to finish, measuring progress, and managing risks along the way. The summit of the mountain represents that ideal, managing the development process through data. In other words, making decisions based on available information, think metrics, graphics, trend lines, dashboards, etc. But like any true vision, it’s not just a destination. It’s a challenge. Can we even get there? Is there a taller peak hidden behind this one? That mystery is part of the adventure.

In today’s webinar, I invite you to tag along on this journey. I’ll show you the progress we’ve made so far, offer a glimpse of the path ahead and share how you can contribute to making this vision a reality. So we are set for a journey, and our first milestone along the way is the Live Trace Explorer, which is essentially a visual dynamic representation of the V-Model for evaluating coverage, addressing gaps and managing associated risks. Focusing on the diagram, each tile represents a component or set connected with trace paths. These paths are gray if there are no relationships between the items in adjacent tiles and they turn green and red to indicate the number of valid or suspect relationships between those tiles.

On the right side, the verifications and validations branch shows the number of test cases linked to items within the container on its left no matter where they appear in the project. At the bottom of each tile, you’ll find a metric representing the ratio of those test cases included in a test plan.

On the requirements side, the top part of each tile displays stats including the number of items by type and any open conversations. In the bottom half, you’ll find coverage metrics, essentially the ratio of existing relationships to expected ones as defined by the Traceability Information Model.

Overall, the Life Trace Explorer is meant to expose the coverage completeness as the ratio of existing over expected relationships and a measure of the validity of relationships by exposing a metric of suspect relationships between related items included in two adjacent tiles. By creating a diagram for a simple project, one can easily get a big picture of a project, spot gaps, and keep track of progress. Beautiful, isn’t it? Are we there yet?

Well, not quite. As we catch our breath and take in the view, it becomes clear that the view, while impressive, is a little foggy. We’ve reached a breathtaking lookout. The elevated view is structured, informative, even beautiful, but for many of the customers we’ve consulted, the information still feels cloudy. Yes, the coverage percentage and suspect indicators are valuable. They give us a sense of direction, but there’s a key limitation. The Life Trace Explorer currently measures everything without distinction. In real projects, not every item should count towards coverage. To get a metric that truly reflects reality, we need the ability to focus, to filter in only the relevant items and filter out the noise. Only then can we sharpen the view and get a clearer, more meaningful measure of completeness.

RELATED: Requirements Traceability Benchmark

Trudeau: Let’s take a look at a few real examples customers have shared with us. The first one is about filtering out items that shouldn’t be included in coverage. For instance, many teams keep items in their project that were originally considered but later rejected. They’re still useful for historical context, but they don’t need to be part of the coverage calculation. The same goes for draft items. They’re still in progress and not ready to be measured yet.

The second example is about narrowing the scope. Sometimes teams want to measure coverage or track suspect links only for a specific slice of the project. A good example is when using prioritization methods like MoSCoW, where a team may only want to focus on must-have items.

Another example is when tailoring views for different stakeholders, say admins, primary users, or partners, and only showing what’s relevant to each group. Now, Jama Connect® is highly configurable, so these are just a few common examples. What matters here is that the filtering we’ve added to the Live Trace Explorer works with any picklist field and only picklists for now. So with that in mind, let’s jump into Jama Connect and see how it works.

Here we are in the ACME demo project. The Traceability Information Model or TIM flows simply from left to right, starting with higher-level needs, then moving down to requirements and designs. Each of these is validated and verified by test items. It’s a straightforward setup that follows the logic of the V-Model.

To begin, we’ll generate a diagram for the entire project and open the Trace Score™ calculator so we can keep track of the metrics used in the calculation. Our first filter will focus on the design items. Right now, we have three designs, and the coverage is showing 66%. Let’s take a closer look. In our project, each design has a status chosen from a picklist: draft under review, approved or rejected. One of them is currently marked as rejected. We’re going to apply a filter to ignore rejected designs. To do this, open the configuration settings, open the configuration applied to the specification tiles, click the funnel icon to set the filter, set the rule using the picklist field for design status, in the second drop-down choose is not equal to, then select rejected, set the filter, and apply. We now have two items instead of three. Coverage for the items that matter is 100%, and the Trace Score is updated accordingly. Also, notice the funnel icon. It shows that a filter is now applied to this item type in this tile.

Next, let’s move to the requirements. At ACME, we use the MoSCoW method to prioritize them. Suppose we want to focus only on the must-have items. We’d apply a similar filter as we did for designs. Here we have four requirement items, but only one is marked as must. Back in the diagram, we follow the same steps to set the filter. Before I hit apply, you can probably guess the item count will drop to one, but watch what happens with the suspect and coverage metrics. We now notice a clear coverage gap with the designs. On the verification side, test cases are linked, but they’re not included in a test plan yet. As for the suspects, there are three needs pointing to this must requirement, and one of those needs has changed, which makes the relationship suspect.

For our last example, let’s look at those needs. Each one is tagged with one or more user groups. Let’s say we only want to measure the needs relevant to partners. We go back to the configuration panel. Since this is a multi-select picklist, our rule options are contains and does not contain. We choose the content and select a partner. Before I hit apply, pay attention to the suspect links, the test metrics, and open conversations. See that all these related metrics are refreshed to only consider information from filtered items.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Trudeau: To wrap up, this configured filtered diagram gives us a Trace Score specifically for the partner’s needs, focusing on must requirements and excluding rejected designs. Finally, we can save this configuration, for example, as ACME for Partner, so we can return to it later.

That was a quick tour of how Live Trace Explorer filtering works, a simple, flexible way to sharpen your focus and configure what you actually want to measure. Now let’s talk about what’s next. Filters will be available to all cloud customers in Jama Connect 9.24 scheduled for release in the coming weeks. In July, Live Trace Explorer will be part of our customer-validated cloud rollout, and note that this version is based on Jama Connect 9.22, so filters won’t be included in that CBC release. For self-hosted customers, Live Trace Explorer with filtering will be available later this fall. Our team remains fully dedicated to the future development of Live Trace Explorer, and this includes further refinements on filters, specifically developing nested filters, supporting and or clauses for more than one filtering rule. Remember in the demo when I excluded rejected designs, what if I wanted to exclude draft or rejected designs? The nested filters will allow for this sort of logic.

Beyond these near-term improvements, we are exploring ideas inspired by customer feedback, ways to make Live Trace Explorer even more configurable and actionable. Driving action is about clicking a metric to drill into a filtered trace view, showing only items with missing coverage, suspect links or open conversations. Tailoring is about tailoring the diagram layout itself, hiding irrelevant tiles or reordering them for clarity or to reveal suspect status between different locations. We’re also looking beyond the diagram towards future metrics that can help you manage your projects with confidence.

When the team brainstormed avenues for the Live Trace Explorer, many possible metrics were envisioned. Trend lines over time to tell the story of your project and identify bottlenecks. Coverage gaps per item owner to visualize specific user. What about an item status breakdown? Is this worth monitoring? And what do you think of the relationship health for visualizing change and rework? Is a measure of aging for suspects interesting? What about test execution status? Not just test coverage? These are just a few examples, and of course, we’re always looking for more ideas, but the metrics that really matter are the ones aligned with your goals. I guess the question is, what do you want to manage? What do you want to measure?

Jama Connect is already helping teams bridge requirements and testing, but we want to support you further with insights that reflect your priorities, your goals, and your way of working, so here’s my invitation. Join us in this journey. If the idea of managing the development process through data resonates with you, if you’re excited about defining and evolving the right metrics, if you want a map and compass of your mountain climb, a way to see not just where you are but where you’re going, then let’s keep the conversation going. Reach out to your customer success manager, ask to connect with product management, and help shape the future of Live Trace Explorer and the tools that power your work.

WATCH THE ENTIRE WEBINAR HERE:
Improve Traceability and Enhance Coverage with Live Trace Explorer™

Navigating the New DOGE Impacted FDA: How MedTech Companies Can Build a Competitive Advantage

Navigating the New DOGE Impacted FDA: How MedTech Companies Can Build a Competitive Advantage

The Center for Devices and Radiological Health (CDRH) is a key branch of the FDA that is responsible for ensuring the safety and effectiveness of medical devices. Companies interact with the CDRH through premarket submissions, quality inspections, recalls, and a variety of other activities.

In 2025, the Department of Government Efficiency (DOGE) was established to streamline federal operations, reduce redundancy, and improve cost-effectiveness across agencies. While its goals are rooted in efficiency, the implementation has led to substantial structural and operational shifts that will have a profound impact on the industry.

For companies developing medical devices, understanding these changes is essential for navigating the evolving regulatory landscape. This blog will help you learn all about those changes and provide actionable strategies to stand above the competition while navigating the new frontier.

Key Changes to CDRH Under DOGE

Workforce Restructuring

One of the most immediate and highly publicized impacts has been a reduction in staffing. The CDRH has experienced layoffs, hiring freezes, and a mandated attrition ratio. These changes have affected teams working on new technologies, slowing down review processes and resulting in a reduction in internal expertise.

Budget and Operational Adjustments

DOGE reforms have also reduced discretionary funding, increasing the CDRH’s reliance on user fees from industry sponsors. This shift has created operational bottlenecks, particularly in areas not directly supported by these fees, such as early-stage innovation and public health initiatives.

Regulatory Process Reforms

With fewer staff and resources, the CDRH has had to adjust some of its regulatory workflows. It has been reported that pre-submission meetings are less frequent, and review timelines have lengthened. While the agency remains committed to scientific rigor, the capacity to provide interactive feedback has diminished.

RELATED: Jama Connect® for Medical Device & Life Sciences Development Datasheet

Strategic Reforms Planned for the CDRH

Proposed Guidance Still Moving Forward

Despite the challenges mentioned above, CDRH plans to continue advancing its strategic priorities. The FDA has released its 2025 guidance agenda which includes the following amongst a larger list of items:

  • Cybersecurity in Medical Devices: Updated guidance on quality system considerations and premarket submissions.
  • AI Lifecycle Management and Change Control Plans: Recommendations for predetermined change control plans.
  • Use of Real-World Evidence in Regulatory Decisions: Revised guidance to support regulatory decision-making.
  • Updated Q-Submission Program Guidelines: Updates to improve feedback and meeting processes for device submissions.

These initiatives reflect CDRH’s ongoing commitment to modernization, even amid structural constraints resulting from DOGE actions.

AI Use in Submissions: A New Frontier

In another move to improve efficiency and modernize the agency, the FDA has begun using Elsa, a generative AI tool to assist in the scientific review of medical device submissions. This tool will help automate repetitive tasks such as document parsing and data extraction, allowing human reviewers to focus on more complex portions during the evaluation. The rollout is expected to be complete by mid-2025, with early results showing promise in reducing review times and improving consistency.

Proven Strategies for Navigating the Changes

For those in the medical device industry, these changes present both challenges and opportunities. Companies that embrace the changes and take a proactive approach to interacting with the FDA will find themselves at the forefront of the new era.

Here are some key approaches to consider:

  • Prioritize Proactive Regulatory Planning: A clear and complete regulatory plan is a vital piece of every new product development project. It will be especially important now as you should prepare for longer review times and less interaction with reviewers. Build extra time for regulatory approvals and work with regulatory consultants to anticipate and address obstacles.
  • Maintain Clear Communication with the FDA: Given the FDA’s reduction in resources, clear and targeted communication is more important than ever. Leveraging the FDA’s pre-submission program allows you to gain valuable insights early in the submission process. Regular interaction will help build rapport with the agency while addressing concerns before they delay approvals.
  • Collaborate Across Teams to Document All Product-Related Information: Interdepartmental alignment is critical when interacting with the FDA. Your product development, QARA, and manufacturing teams must communicate effectively to address compliance needs and streamline decision-making. Working together to tell a cohesive and complete story about your device will be imperative when interacting with reviewers. It will be especially important in the future as AI tools may flag inconsistencies or gaps more rigorously than human reviewers.
  • Leverage Digital Transformation: Investing in digital tools is no longer optional for medical device product development teams. Modern platforms help teams track requirements, manage testing, and maintain documentation seamlessly. Digital platforms also ensure traceability, streamlining compliance audits, and reducing risks of regulatory missteps. Additionally, automated workflows and AI-powered solutions can reduce manual effort and free up critical resources to do what they do best, designing life-changing technologies.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

How Jama Software Can Support Your Success

When navigating regulatory pressures, Jama Software is the trusted partner MedTech companies need. Our platform empowers organizations to overcome compliance challenges while maximizing efficiency. Here’s how Jama Connect will help you navigate the changes at the FDA:

  • Simplify Regulatory Compliance: Jama Connect® simplifies compliance with FDA regulations by providing complete traceability throughout product development. Built-in templates for ISO 13485, ISO 14971, and FDA requirements help teams comply effortlessly with the regulations.
  • Reduce Submission Errors: Errors in FDA submissions can lead to costly delays and loss of potential revenue. Jama Software’s traceability matrix ensures all requirements are accounted for and verified, reducing the likelihood of mistakes that can delay review times or even result in resubmissions.
  • Accelerate Time-to-Market: Our real-time collaboration and requirement management tools optimize project workflows, reducing rework and enabling faster decisions. This means your products reach the market sooner, even when facing FDA review delays.
  • Improve Risk Management: With Jama Connect’s risk management capabilities, teams can capture failure modes and hazard analyses for medical devices, ensuring adherence to safety requirements under FDA guidelines.
  • Stay Aligned Across Teams: Jama Connect’s centralized platform fosters alignment between engineers, designers, and quality assurance teams. Eliminate silos, improve team collaboration, and keep every stakeholder fully informed at all stages of development.
  • Create a Competitive Advantage in the New Era of MedTech: The DOGE-era FDA brings unprecedented change to the MedTech industry. With the right strategies and tools, your organization can turn these challenges into opportunities to build resilience, operational efficiency, and create a competitive edge.

To streamline product development, tackle complex compliance requirements, and stay ahead in the fast-evolving MedTech landscape, consider partnering with Jama Software. Curious how Jama Software can help your team thrive? Learn More Today.

 

Ticking clock wearing graduation hat against blue background with the topic showing a tutorial video about categories for milestones.

Jama Connect® Features in Five: Categories for Milestones

Milestone Tracking Made Simple with Jama Connect’s Categories Feature

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of Jama Connect’s powerful features… in under five minutes.

In this Features in Five session, Patrick Knowles, Senior Solutions Architect at Jama Software, demonstrates how Jama Connect’s Categories feature streamlines milestone tracking, boosts transparency, reduces risks, and ensures compliance.

VIDEO TRANSCRIPT

Patrick Knowles:  Hello, I’m Patrick Knowles, Senior Solutions Consultant for Aerospace and Defense at Jama Software. In this video, I’ll demonstrate how teams can use Jama Connect’s Categories feature to improve visibility of deliverables at key development milestones throughout an airborne system’s product development cycle. This approach helps increase transparency, reduce risk, and ensure timely delivery of critical data.

When developing a complex system of systems such as an aircraft like an eVTOL, teams heavily rely on milestones. Tracking what is due at each milestone and certification stage can be a complex web of documents, schedules, and loose threads. Jama Connect’s Categories feature simplifies this by clearly organizing what’s due and when. This boosts transparency for engineering teams and reduces the risk of missed deadlines, as well as ensuring compliance with standards like ARP-4754 for systems such as an eVTOL.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Aerospace

Knowles: Solution. An organization administrator can set up milestone-specific Categories in Jama Connect. These Categories are assigned to the information due at each stage of a program, enabling teams to create filters, dashboards, and reviews for clear visibility. Unlike tags or other manual methods, Categories provide a structured error-resistant way to manage milestone data, reducing risks like copy-paste mistakes. Let’s open Jama Connect and learn how to enable this strategy in the tool.

The first step is to ensure Categories is enabled within the project. An organization administrator will enter the admin tab within their Jama Connect instance. From there, they will navigate to the category section of the tab and turn the toggle that enables Categories. After Categories is enabled, the administrator will begin to develop the specific Categories that will enable the team to track each milestone. The administrator will add a system development phase category by selecting add and populating the name. This will serve as the parent category, which the rest of the lifecycle milestones will be grouped underneath. From here, the administrator will add the rest of the milestones as individual Categories and move them under the system development phase parent.

It is a best practice in this case to use the move functionality rather than the copy functionality to keep the Categories trees simple and clean. Additionally, when complying with regulatory standards and requirements, it is best to clearly align your milestone. The milestones used throughout the rest of this example are derived from the ARP-4754B and its systems requirements process. This method can be expanded to any number of other regulatory docu ments as well. With all of the milestones created, the administrator has one last step to complete, assigning the parent system development phase category to the appropriate projects or enabling it to be globally accessible.

RELATED: Jama Connect for Air, Land, Sea, and Space Datasheet

Knowles: After your team’s organization administrator has completed the creation of the milestone Categories, it is time to implement within the project. First, a user will go into a project and begin to categorize components, sets, and folders that belong to each of the Categories. It is easiest to categorize top-down from components, sets, and folders, and then to batch manage Categories of each of the item types within the logical organizers. With the organizers categorized, the user can then manage the Categories of the individual items within each organizer.

Now that the hard work is done, it is time to harvest the fruits of the labor. The simplest way to do this is to open the Categories tab in the project and select any of the milestone Categories. With one click, the user will see all the items associated with that milestone. However, this isn’t the only way to visualize the information. A best practice for viewing Categories is to set up filters. By developing filters that narrow in on the information due at the upcoming milestone, a team can target that work and ensure it is effectively completed. Once a filter is created, the user can even utilize it to narrow down the project’s explorer by right-clicking on the filter and selecting apply filter to explorer. This will automatically sort the explorer to only display the information within the specific filter. Additionally, a team can use this filtering to help expedite exports or reports related to this narrowed down amount of information.

RELATED: Innovating Aviation with Jama Connect and Vertical Aerospace

Knowles: At Jama Software, we strive to ensure our customers are able to successfully implement and develop their products through the use of Jama Connect. Lifecycle milestones are no small feat, and the team here at Jama Software knows that. Creating a user-friendly and maintainable approach to developing and tracking data due at each lifecycle milestone is the driving force behind this Jama Connect features inside. By tracking data deliverables for lifecycle milestones in Jama Connect with Categories, a team will increase transparency, reduce the potential for error, and improve their data delivery process at Lifecycle Milestones. Through simple organization administration setup, a team can quickly align the work they are developing in Jama Connect to lifecycle milestones and improve their current processes. To find out more about tracking developmental milestones with Categories in Jama Connect, please visit our website at jamasoftware.com.

To view more Jama Connect Features in Five topics, visit:
Jama Connect Features in Five Video Series

Innovating Aviation with Jama Connect® and Vertical Aerospace

In this blog, we overview our customer story, “Innovating Aviation with Jama Connect® and Vertical Aerospace.”

Vertical Aerospace Achieves New Heights with Jama Connect®

Vertical Aerospace is revolutionizing the aviation industry with sustainable, cutting-edge aircraft like the VX4. To meet ambitious goals and regulatory demands, they turned to Jama Connect. By integrating this powerful platform, Vertical Aerospace achieved seamless certification compliance, improved collaboration, and accelerated their innovation process. With Jama Connect’s Live Traceability™ and intelligent project management capabilities, they’ve streamlined complex workflows and stayed ahead in an industry demanding nothing less than first-rate precision and speed.

Discover how Vertical Aerospace transformed their development process and realized their vision for sustainable aviation.

Key Benefits Vertical Aerospace Experienced:

  • Smooth Certification Compliance: Simplified handling of configuration changes.
  • Enhanced Collaboration: Merged data for smarter decisions.
  • Streamlined Workflow: Eliminated bottlenecks for efficiency.
  • Tailored Flexibility: Customized tools for specific needs.
  • Faster Innovation: Delivered results with expert support.

Watch the video HERE or click below to see how Jama Connect can help your team succeed.

 

RELATED: Jama Connect for Airborne Systems

VIDEO TRANSCRIPT

Kirsty Boyd: Here at Vertical, we are pioneering electric aviation. We’re transforming how the world moves, and through that, we’ve created the VX4. The VX4 is a masterclass in eVTOL aircraft built specifically for sustainable travel and the use case in order to move people faster, better, leaner, more efficiently. For certification, we have to be very black and white. We have to really understand our limitations, our performance of our aircraft. The decisions in the design process that go into those solutions needs to be very well understood. And as you go through the process, things change. Configuration management is a massive part of what we try and do, and we have to be able to prove to the regulator that we’ve identified what those changes are, we’ve dealt with them in an appropriate way, and that we’ve got traceability from top to tail of that.

Karl Mulcahy: So Jama Software is the name of our company, and Jama Connect is the name of our platform. Our platform helps customers to embrace live traceability across the product development lifecycle and ensure that innovation succeeds. It’s a collaborative platform to bring everybody together to make sure that we combine data sources and intelligently make better decisions about our projects, to help you identify gaps in your traceability, to help remove bottlenecks, but ultimately to help bring your industry expertise to companies like Vertical Aerospace and help realize their innovation faster.

Kirsty Boyd: Vertical understood that we needed requirements management in order to certify the platform. And so we did a trade study to analyze different tools that were available in industry. We were looking at cost, efficiency, how flexible they were, how we could tailor them, and we down-selected Jama Connect.

Karl Mulcahy: So Jama Connect helps to bring our industry expertise to forefront. And what that means is we can help provide common ways of working that we’ve used with other clients and working with industry bodies to help streamline compliance or certification mandates.

Kirsty Boyd: We’re trying to do something completely and utterly new here. We don’t have an option for second-rate. We have to use incredibly intelligent partnering in order to meet our timescales, our deadlines, our technology advancement. We don’t have a choice but to go for first-rate partnering.

Karl Mulcahy: Personally, I’m very proud to work with Vertical Aerospace. It’s something that’s brand new in terms of the industry. I know Vertical are at the forefront of the industry. My little boy does ask me a lot what I do for a living. I tell him I work with rockets and planes and to show him this maybe at some point, I’m sure he’s going to be very excited to see it. And maybe one day, he’ll ride in one too.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Aerospace

The Evolution of FDA Design Controls (21 CFR 820.30) and How Jama Software Supports Compliance

History of US Regulation

The US medical device industry is governed by a complex framework of regulations designed to ensure the safety and effectiveness of products. A thorough understanding of this history provides valuable insights into the development of 21 CFR 820.30 and its critical importance to the industry.

General Background

Medical devices have long played a pivotal role in modern healthcare, but the need for regulatory oversight only became apparent as unsafe and ineffective products led to accidents that caused massive human casualties, including losses of life. These risks are what drive the creation and enforcement of industry regulations. Early regulatory efforts focused primarily on pharmaceuticals, with little attention paid to devices until significant public health incidents highlighted their potential risks.

The Federal Food, Drug, and Cosmetic Act (FD&C Act)

Enacted in 1938, the FD&C Act marked a turning point in U.S. healthcare regulation. Initially focused on drugs and food safety, the Act introduced basic oversight for medical devices. However, it was not until the 1976 Medical Device Amendments that the FDA’s authority to regulate devices was significantly expanded due to another massive healthcare tragedy. These amendments established a classification system based on risk and required premarket approval for high-risk devices.

Quality System Regulation (QSR)

The QSR, introduced in 1996, revolutionized medical device regulation by emphasizing quality management throughout the product lifecycle. It expanded the FDA’s focus from inspecting end products to evaluating manufacturers’ processes, requiring the implementation of comprehensive quality systems. Central to the QSR are the design controls outlined in 21 CFR 820.30, which ensure that products are developed with quality and safety embedded in every stage.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

Introduction of Design Controls

Design controls were added to the QSR to address the growing complexity of medical devices and the risks associated with poor design practices. These controls mandate a systematic approach to device development, from initial planning to post-market monitoring. They are required for all Class II and III devices, as well as select Class I devices such as software or devices with measuring functions.

Class I – General Controls (Gloves, bandages)

  • Least regulated, and minimal harm to user/patient
  • Includes GMP, label regulations, and enterprise registration

Class II – Special Controls (NextGen Sequencing, PCR tests)

  • Includes General Controls plus additional special controls (performance verification, labeling, post-market surveillance)
  • Premarket Notification 510(k) required, but some exemptions

Class III – Premarket Approval (HIV assay, pacemaker)

  • Highest risk and most stringent regulation.
  • Requires Premarket Approval (PMA)

Design Controls

Design controls are a cornerstone of medical device quality management, providing a structured framework to ensure medical devices meet safety, efficacy, and regulatory standards.

Purpose of Design Controls

The overarching goal of design controls is to integrate quality into the design and development process. They help manufacturers:

  • Mitigate potential risks before products reach the market.
  • Deliver devices that reliably meet user needs and perform as intended.
  • Ensure alignment with regulatory requirements, reducing the likelihood of non-compliance.

Design controls are not merely a regulatory requirement but a best practice that enhances quality, reduces development costs, and minimizes post-market issues.

RELATED: INBRAIN Chooses Jama Connect® to Provide Clarity, Stability, and Confidence in Quality Control for Neural Implant Systems Development

10 Sections of Design Controls

The 10 sections outlined in 21 CFR 820.30 provide a comprehensive framework for managing the design and development process:

1. Design and Development Planning

This section requires manufacturers to establish a detailed plan outlining development activities, responsibilities, and deliverables. Key considerations include:

  • Identifying project milestones.
  • Assigning roles and responsibilities.
  • Allocating resources effectively.

2. Design Input

Inputs define the requirements the device must meet, including user needs, regulatory standards, and intended use. Effective design input processes involve:

  • Collaborating with stakeholders to gather comprehensive requirements.
  • Prioritizing critical features.
  • Ensuring inputs are clear, measurable, and verifiable.

3. Design Output

Outputs represent the tangible results of the design process, such as specifications, drawings, and manufacturing instructions. To ensure quality, outputs must:

  • Be traceable to design inputs.
  • Include acceptance criteria.
  • Meet requirements for functionality and safety.

4. Design Review

Formal reviews are conducted at defined stages to evaluate progress and identify potential issues. These reviews involve cross-functional teams and should:

  • Assess compliance with inputs and outputs.
  • Document findings and corrective actions.
  • Provide a platform for collaborative problem-solving.

5. Design Verification

Verification confirms that design outputs meet the specified inputs. Activities may include testing, inspections, and analyses. Manufacturers must:

  • Use objective evidence to support verification.
  • Maintain thorough documentation of results.

6. Design Validation

Design Validation ensures that the devices conforms to user needs/intended uses at production equivalent units. Activities may include testing, inspections, and analyses. Manufacturers must:

  • Conducting usability testing with end-users.
  • Comparing performance against real-world scenarios.
  • Documenting validation results for regulatory review.
  • Performing a risk analysis to ensure patient safety.

7. Design Transfer

Transitioning from design to production requires careful planning to ensure manufacturing processes align with design specifications. Key steps include:

  • Collaborating with stakeholders to gather comprehensive requirements.
  • Developing detailed production procedures.
  • Training staff on new processes.
  • Conducting pilot runs to identify potential issues.

8. Design Changes

Any changes to the design must be systematically evaluated for their impact on the device’s safety, performance, and regulatory compliance. Effective change control processes involve:

  • Identifying the need for changes early.
  • Conducting risk assessments for proposed modifications.
  • Updating documentation accordingly.

9. Design History File (DHF)

The DHF is a compilation of records that demonstrate compliance with design controls. It should include:

  • Evidence of adherence to each section of 21 CFR 820.30.
  • Documentation of design reviews, verifications, and validations.
  • A complete history of design changes.

10. Traceability in Design Controls

Traceability is a critical aspect of design controls, linking design inputs, outputs, verification, and validation activities. Comprehensive traceability matrices:

  • Simplify compliance audits by providing clear documentation.
  • Ensure that all requirements are addressed and verified.
  • Support efficient change management processes.

THIS HAS BEEN A PREVIEW – TO READ THIS EBOOK IN ITS ENTIRETY, VISIT:
The Evolution of FDA Design Controls (21 CFR 820.30) and How Jama Software Supports Compliance

Navigating IEC 62443: Strengthening Cybersecurity in Industrial Automation & Control Systems

Understanding IEC 62443

IEC 62443 is a comprehensive set of standards aimed at securing Industrial Automation and Control Systems (IACS) against cybersecurity threats. It provides guidelines for designing, implementing, and maintaining secure industrial automation systems, ensuring the integrity, availability, and confidentiality of these critical infrastructures.

Structure

This IEC series is organized into several parts, each focusing on different aspects of IACS security:

  1. General: Introduces fundamental concepts, models, and terminology related to security.
  2. Policies and Procedures: Focuses on establishing and managing security
  3. Components and Requirements: Specifies technical security requirements for IACS components and secure product development practices.
  4. Profiles: Defines industry-specific cybersecurity requirements and provides a structured approach to implementing measures based on cybersecurity profiles.
  5. Evaluation: Describes assessment methodologies to ensure consistent and reproducible evaluation results concerning the requirements of individual parts.

RELATED: Mastering ISO/IEC 27001: A Guide to Information Security Management

Key Components

  1. IEC 62443-1-1: Covers terminology, concepts, and models, laying the foundation for understanding the standards.
  2. IEC 62443-2-1: Provides guidance on establishing security programs for asset owners, aligning with standards like ISO/IEC 27001.
  3. IEC 62443-3-3: Specifies system security requirements and security levels, detailing technical requirements for systems
  4. IEC 62443-4-1: Focuses on secure product development lifecycle requirements, outlining how to develop secure products.
  5. IEC 62443-4-2: Defines technical security requirements for IACS components, ensuring components meet specific security standards.

Recent Developments

This IEC series is continually evolving to address emerging cybersecurity challenges. Recent updates include:

  1. IEC 62443-1-5: Introduced in September 2023, this technical specification outlines the scheme for IEC 62443 security profiles, providing a structured approach to implementing cybersecurity measures based on defined profiles.
  2. IEC 62443-2-1: The second edition, released in August 2024, updates the security program requirements for IACS asset owners, aligning with evolving industry practices and emerging threats.
  3. IEC 62443-2-4: The second edition, published in December 2023, revises the requirements for IACS service providers, ensuring that integrators meet current cybersecurity capabilities across various domains.
  4. IEC 62443-6-1: Released in March 2024, this technical specification introduces a security evaluation methodology for IEC 62443-2-4, aiming to ensure consistent and reproducible assessment results.consistent and reproducible assessment results.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Impact on Industrial Automation

This standard has a significant impact on industrial automation by establishing a structured framework for cybersecurity in industrial control systems (ICS) and operational technology (OT) environments. Here’s how it influences the industry:

  1. Enhances Cybersecurity in Industrial Automation: IEC 62443 provides comprehensive guidelines to protect industrial networks, control systems, and automation components from cyber threats. It helps in mitigating risks associated with unauthorized access, malware attacks, and insider threats.
  2. Establishes a Risk-Based Approach: The standard encourages risk assessment and mitigation strategies based on the specific threats and vulnerabilities of an automation system. This ensures tailored security measures rather than a one-size-fits-all approach.
  3. Defines Roles & Responsibilities: IEC 62443 categorizes the responsibilities of different stakeholders in industrial automation, including:
    1. Asset owners (e.g., manufacturing plants, energy companies)
    2. System integrators (those designing and configuring industrial systems)
    3. Product suppliers (hardware and software vendors) Each entity must implement security controls based on its role in the automation.
  4. Promotes Secure System Development & Lifecycle Management: The standard provides guidance on secure development, configuration, and maintenance of industrial automation components, ensuring security is embedded from design to decommissioning.
  5. Improves Compliance & Regulatory Alignment: Many governments and industries are aligning cybersecurity regulations with IEC 62443, making it essential for organizations to adopt the standard to stay compliant with industry best practices and legal requirements.
  6. Encourages Interoperability & Secure Communication: By enforcing secure communication protocols and access controls, IEC 62443 ensures that automation systems can safely interact with IT networks, cloud services, and IIoT (Industrial Internet of Things) applications without compromising security.
  7. Supports Business Continuity & Resilience: A strong cybersecurity framework reduces downtime caused by cyber incidents, ensuring uninterrupted industrial operations and minimizing financial losses.

THIS HAS BEEN A PREVIEW – TO READ THIS EBOOK IN ITS ENTIRETY, VISIT:
Navigating IEC 62443: Strengthening Cybersecurity in Industrial Automation & Control Systems