Requirements & Requirements Management Archives

Tag Archive for: Requirements & Requirements Management

In this blog, we recap our eB00k, “Manage by Exception: Data-Driven Practices to Improve Product, Systems, and Software Quality” – Download the complete paper HERE.

Manage by Exception: Data-Driven Practices to Improve Product, Systems, and Software Quality

Requirement errors in product development cost time and money and create potential liabilities. The expense of these errors can make up between 70% and 85% of all rework costs. When leaders don’t have data related to the execution process, teams aren’t tracing requirements back to the “‘why’,” and when there’s a lack of insight into aspects like verification coverage, you’re much more likely to encounter programs late in the development cycle, resulting in expensive problems.

This creates the all-too-familiar scenario seen in the news of product, systems, or software defects and the resulting fallout. Organizations can avoid many of these challenges by accessing the right data at the right moment — and ideally early — in the development process. As most executives and managers know, you can’t manage what you can’t measure. Using data to measure allows your teams to spot recurring patterns and abnormalities early, before they grow into larger challenges later in the development cycle.

Requirement errors in complex product, systems, and software development can consume between 70% and 85% of all project rework costs.

Why “Data-Based Management” is Critical, and How it Uncovers Gaps

Management by exception is a method that empowers your team with data focused on early warning indicators. It’s these warnings that help support faster and more informed decisions.

As a result, leaders can focus on exceptions rather than needlessly micromanaging and intervening with teams when the data shows that development is going as expected.

In other words, when using data, the goal isn’t to micromanage, but to do the opposite: leverage the data to do less micromanagement.

The result is fewer manual requests, fewer status updates, fewer test procedure specification reports, and fewer unnecessary meetings.

Data-driven practices help you automatically evaluate exceptions without needlessly relying on a person to manually hunt them down, evaluate them, and communicate about them. Instead, abnormalities and oversights are brought forward to reduce managerial workloads by minimizing unnecessary intervention and allowing more time to be spent in areas that have the greatest impact.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Examples of Exceptions in Daily Product, System, and Software Development and Requirements Management

As you adopt a data-driven approach, there are several considerations, but the first is identifying the expected or acceptable process for your research and development function.

Many organizations don’t have a defined practice; instead, operations are based on how things have always been done. Defining processes gives you greater focus.

Once you have an expected process, you can leverage the data to manage by exception but also take things a step further by managing requirements quality, traceability, and completeness. These capabilities will help predict and prevent poor outcomes in product, system, and software delivery.

A tool such as Jama Connect^® can help you successfully manage exceptions, such as in these four examples.

1. Version and Change Management – The Jama Connect dashboard shows requirements missing verification. For example, it might flag two requirements missing verifications, and if you click for more details, you can view a filtered list of those requirements. And you can ask Jama Connect to show those missing a downstream verification. The filters are a powerful way to understand and create audits for capturing those exceptions in your process.

2. Derived Requirements Missing Rationale – Using a filter, Jama Connect allows you to see if a particular requirement has a missing rationale. For example, a hardware or software engineer may create a new requirement. But when that’s done,
it’s crucial to have a solid rationale for why, especially if the requirement is not directly related to a stakeholder’s need or contractual requirement. You don’t want to introduce unnecessary capabilities that aren’t going to align with the actual user needs or have a real rationale behind them.

3. Remediate Rejected Requirements – Jama Connect has a capability called Review Center. It allows you to send requirements into a review with colleagues, which can increase the quality of the requirements and create a shared understanding. Leaders can quickly spot the rejected requirements and discuss how to move forward. With many organizations working remotely, this capability helps increase asynchronous collaboration so that working sessions and meetings can more efficiently focus on exceptions.

4. Find Poorly Written Requirements – The International Council on Systems Engineering (INCOSE) created a handbook of recommended rules to author well written requirements. For example, requirements using vague terms that are not testable could be flagged for improvement.

With Jama Connect Advisor™, powered by natural language processing, INCOSE’s best practices, and the Easy Approach to Requirements Syntax (EARS), teams can now check the quality and accuracy of their requirements.

RELATED: Requirements Traceability Diagnostic

Critical Metrics to Consider

Having data, a way to view it in context, and metrics to track it empowers your leaders to make the right decision at the right time and predict how well the project or product development will trend. Metrics are an essential part of that equation, and here are two to consider tracking.

1. Requirement Quality – Most product, system, or software failures are due to undocumented, poorly written, or misunderstood requirements. And the later in the product lifecycle the problem is discovered, the higher the cost. Measure your requirement quality, and if you need support, your Jama Software team of in-house experts can help with audit assessments, training, and other resources to help improve the quality of your requirements.

2. Traceability Score™ – Traceability is a core tenet of building complex products, but it hasn’t been measured in a standard way in the past. But if you can measure it, you can improve it.

For example, Jama Software has aggregated and anonymized over 40,000 projects and over 6,000 traceability models using Jama Connect. And we’ve defined an actual approach to measure a Traceability Score™.

Our Traceability Benchmark study shows this traceability score produces a clear correlation between quality and time to market.

It starts with setting up the expected behavior of your engineering team – the traceability model. We take the number of established relationships among the different model elements in the traceability model and divide that by the number of expected relationships defined by the project’s relationship and traceability model. This gives us the traceability score.

For example, a requirement should have three different elements:

Imagine an example where you have two of those established, but one is missing. The Traceability Score is 66%, and with that metric, you can take the appropriate action. Our above-mentioned benchmarking research showed that higher Traceability Scores™ equaled improved product quality and faster time to market.

Integration of your digital engineering tool suite is critically important. In product development, many tools such as Excel, development applications, modeling applications, testing applications, and others are used. These tools capture critical data about your product and system development lifecycle.

But if they aren’t integrated, you can’t measure critical information like your Traceability Score. As a result, managing by exception isn’t possible due to a lack of data, which risks product delays, extra costs, and even compliance and audit failures. Ensure that critical tools are integrated to support real-time data visibility.

TO LEARN MORE, DOWNLOAD THE COMPLETE WHITEPAPER HERE:
“Manage by Exception: Data-Driven Practices to Improve Product, Systems, and Software Quality”

Understanding ISO/IEC 27001: A Guide to Information Security Management

In today’s interconnected world, the importance of securing sensitive information cannot be overstated. Organizations face numerous threats to their information assets, ranging from cyberattacks to data breaches. To address these challenges, many businesses turn to internationally recognized standards for information security management, with ISO/IEC 27001 standing out as a cornerstone in this field.

RELATED: A Guide to Understanding ISO Standards

Overview of ISO/IEC 27001:

ISO/IEC 27001 is a globally recognized standard that provides a systematic approach to managing sensitive information, ensuring the confidentiality, integrity, and availability of data within an organization. Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), this standard outlines best practices for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

Key Principles:

Risk Management: ISO/IEC 27001 is fundamentally built on the concept of risk management. Organizations are required to identify and assess information security risks, implement controls to mitigate those risks, and continuously monitor and review the effectiveness of these controls.
PDCA Cycle: The Plan-Do-Check-Act (PDCA) cycle is at the core of ISO/IEC 27001. Organizations plan their ISMS, implement the plan, check its effectiveness through monitoring and measurement, and act to continually improve the system.

Scope and Requirements:

Scope Definition: Organizations must clearly define the scope of their ISMS, specifying the boundaries and applicability of the standard within their operations.
Risk Assessment: A comprehensive risk assessment is a critical component. This involves identifying assets, evaluating vulnerabilities and threats, and determining the potential impact of information security incidents.
Control Objectives and Controls: ISO/IEC 27001 provides an Annex A, which includes a set of control objectives and controls covering various aspects of information security, such as access control, cryptography, and incident management. Organizations choose and implement controls based on their specific risk profile.

Implementation Process:

Leadership and Commitment: Senior management plays a crucial role in the successful implementation of ISO/IEC 27001. Leadership commitment ensures that information security is integrated into the organization’s culture and business processes.
Documentation: Proper documentation is essential to demonstrate compliance with the standard. This includes the Information Security Policy, risk assessment reports, and records of monitoring and measurement activities.
Training and Awareness: Employees need to be aware of their role in maintaining information security. Organizations should provide training programs to enhance the awareness and competence of personnel.

Certification Process:

Third-Party Certification: Organizations can undergo a certification process conducted by accredited certification bodies to validate their compliance with ISO/IEC 27001. This certification provides assurance to stakeholders, customers, and partners that the organization has implemented a robust ISMS.

Benefits of ISO/IEC 27001:

Risk Reduction: By identifying and addressing potential risks, organizations can significantly reduce the likelihood of security incidents.
Enhanced Reputation: ISO/IEC 27001 certification enhances an organization’s reputation, demonstrating a commitment to information security best practices.
Legal and Regulatory Compliance: Adherence to ISO/IEC 27001 helps organizations comply with various legal and regulatory requirements related to information security.
Competitive Advantage: Certification can be a differentiator in the marketplace, giving organizations a competitive edge by assuring customers of their commitment to information security.

Continual Improvement:

Monitoring and Review: Regular monitoring and review of the ISMS ensure its ongoing effectiveness. This includes conducting internal audits and management reviews to identify areas for improvement.
Feedback Loop: ISO/IEC 27001 emphasizes the importance of feedback mechanisms, ensuring that lessons learned from incidents or changes in the business environment are incorporated into the ISMS.

RELATED: Best Practices Guide to Requirements & Requirements Management

Conclusion

ISO/IEC 27001 provides a robust framework for organizations to establish and maintain an effective Information Security Management System. By adopting this standard, businesses can mitigate risks, enhance their reputation, and demonstrate a commitment to safeguarding sensitive information in an ever-evolving digital landscape. As information security continues to be a top priority, ISO/IEC 27001 remains a valuable tool for organizations seeking a comprehensive and internationally recognized approach to managing information security.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matti Gray, Mandi Walker, and McKenzie Jonsson.

Jama Connect® Features in Five: Automated Testing

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect^®… in about five minutes.

In this Features in Five Integration Series video, Steven Pink – Senior Solutions Architect at Jama Software^® – demonstrates an integration of automated test results with Jama Connect^® through a Python Script and our open REST API.

VIDEO TRANSCRIPT

Steven Pink: Hello and welcome to the Features in Five Integration series. My name is Steven Pink, and I’m a Senior Solutions Architect here at Jama Software. Today we’ll be walking through a live demo of integrating some existing automated test results with Jama Connect through a Python script using our open REST API.

We make it possible for you to integrate Jama Connect with your preferred best-of-breed software to achieve Live Traceability™ across the end-to-end development cycle. Live Requirements Traceability is the ability for any engineer, at any time, to see the most up-to-date and complete upstream and downstream information or any requirement, no matter the stage of systems development or how many siloed tools and teams it spans.

This enables significant productivity and quality improvements and dramatically reduces the risk of product delays, cost overruns, defects, rework, and recalls, and ultimately results in faster time to market.

RELATED: Requirements Traceability Benchmark

Pink: The goal of integrating automated test results is typically to better visualize test coverage for requirements. Jama Connect can identify and call out gaps in test coverage, as we see here, while also visualizing and reporting on the test results using filters, dashboards, and exportable reports.

Automated testing can be performed in a variety of ways, including the usage of automation servers and different frameworks. But regardless of the approach, all we need to integrate is to add requirement identifiers to our automated test results, so that they can be traced back to the requirements they cover and then make a call to the Jama Connect REST API to submit the latest results and traceability.

All right, now I want to talk about automated testing in Jama Connect. In this example project that we’re looking at, it’s a simple software development project where we’re gathering requirements, breaking those down into epics and stories, and then performing manual and automated tests.

In this example, our manual tests are being performed in Jama’s testing environment, but we have automated tests, that are actually automated test scripts, that we’re populating results into Jama with traceability, as a part of the automated test script, so that we have end-to-end traceability through our automated test results.

If I look at my manual test cases in the project hierarchy, we can see these manual tests have been created, some of them have been run, and results have been recorded. But if I switch over and look at my automated test cases, we’ll see there aren’t any yet. That’s because I haven’t run any automated test scripts.

RELATED: The Benefits of Jama Connect^®: Supercharge Your Systems Development and Engineering Process

Pink: Now what I’m going to do is I’m going to execute an automated test script that will record some results for a few different tests. I’m going to run this module, and it’s going to start executing. And if we give it just another minute now.

If I go to my automated test cases, I’ll refresh this and you’ll see it’ll populate. We now have four automated test results that have been populated into Jama. We can populate these items with any kind of information from those automated test results, whether that be issues that arose during the execution or execution data. We can also keep track of whether they passed or failed, if we have a specific pass or fail parameter we can track through them.

The benefit of integrating automated testing with Jama Connect is that we can keep track of our traceability proactively as we run our automated tests. If I look at any one of these automated tests, you’ll see under the relationships, because in our test script we associated the test with a user story, that traceability has been built into this proactively. So when we execute our automated test, the results populate into Jama Connect with traceability.

Thank you for watching this Features in Five session on integrating automated test results to show requirement test coverage in Jama Connect. If you are an existing customer and want to learn more, please reach out to your customer success manager or consultant. If you’re not yet a client, please visit our website at jamasoftware.com to learn more about the platform and how we can help optimize your development process. Thanks for watching.

To view more Jama Connect Features in Five topics, visit:
Jama Connect Features in Five Video Series

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from Med Device Online, titled “Navigating EU MDR Compliance: Overcoming Challenges To Sustain Your Certification” – written by Hilde Viroux and Maggie Chan (PA Consulting) and Dona O’Neil (Northeastern University) and originally published on March 19, 2024.

Navigating EU MDR Compliance: Overcoming Challenges To Sustain Your Certification

Since the introduction of the EU MDR in 2017, the medical device industry has learned just how challenging obtaining initial MDR certification truly is. According to a survey of notified bodies, the number of certificates issued as of June 2023 covers roughly one-third of the applications submitted. Taking into account that it can take months to have an application approved, and then six months to two years before the certificates are issued, it is no surprise that there is a lot of fatigue with EU MDR in general. The requirements keep being updated, timelines extended, and the EU database for medical devices, EUDAMED, is still not up and running. Notified bodies are also struggling to keep up with the demand for reviews of MDR certificates, consequently impacting the ability to accurately predict certificate approval timeline and budget.

Sustaining Certification Is An Ongoing Task, Not A One-Time Finish Line

There is the misperception that obtaining the MDR certification is an end point, and budget and resources can be redirected. However, EU MDR creates a “new normal” for medical devices manufacturers. The continuous evolution of regulatory standards and frequent guidance updates creates a dynamic landscape, demanding ongoing diligence to comprehend and adhere to changing requirements. Sustaining compliance involves addressing various challenges, including establishing a streamlined process for updating all regulatory documentation, reallocating resources with specialized training for optimal risk management, aligning documentation with the latest regulatory demands, developing systems to ensure effective communication and transparency across the organization, and formulating a strategic plan that aligns with global regulations to minimize the cost of maintaining compliance across various geographical regions.

Due to the additional requirements of EU MDR, especially in the post-market phase, the cost of business year over year to maintain compliance for product in the market has increased significantly and the impact may not be well understood at the senior management level. As we go into 2024 with significant headwinds impacting the medical device industry and continuing with a soft economy, resources for EU MDR compliance are even more stringent, forcing companies to reevaluate the value proposition of their products and their long-term desire to maintain CE marks in the EU market. Moreover, manufacturers need to balance delivering innovative technology while ensuring existing products maintain the highest standards of safety and quality.

Already while working toward EU MDR compliance, manufacturers of medical devices should be thinking how to set up the organization in the post-certification phase in an efficient way. You need to think about how to establish robust processes that can adapt to evolving regulatory requirements, as well as to ensure procedures, trained resources, and systems are in place to efficiently incorporate updates/modification from the latest regulations.

RELATED: Jama Connect^® for Medical Device & Life Sciences Development Datasheet

Documentation

EU MDR and supporting guidance give strict timelines for the updates of the various documents such as the Clinical Evaluation Report (CER), the Periodic Safety Update Report (PSUR), and the Risk Management Report (RMR), all supporting the life cycle activities for medical devices. Apart from the update frequency defined in the regulation or guidance, there are external factors that may trigger an unscheduled update, such as a Field Safety Corrective Action (FSCA). Under MDD, these reports didn’t exist, or no update frequency was defined.

The RMR, CER, and PSUR are part of the technical documentation, which in turn has to be kept “continuously” up to date, putting even more pressure on the various functions to ensure the updates are aligned to avoid discrepancies in the technical documentation.

The responsibilities for dealing with the device life cycle activities per EU MDR are typically distributed over various functions who don’t operate under the same timelines or priorities. For example, the clinical teams may be dealing both with life cycle management activities such as post-market clinical follow-up and with clinical data collection for products in the pipeline, supporting innovation. Quality or medical safety may be dealing with complaints and incident reporting while they also have to generate the PSUR.

Budget

Maintaining compliance after EU MDR certification will require companies to allocate budget. The size of the budget will depend on how well the organization is prepared. If your company has looked into effective governance for management, optimized the documentation governance process, and established a centralized system to ensure communication and transparency among different stakeholders, the process may be smoother, with less resources required. Companies also can consider outsourcing some life cycle management activities. The risk with outsourcing is that some of the “know how” may be lost to the company and that critical information gained from the post-market surveillance activities is not circled back in an efficient way to the proper groups in the organization.

Additional budget for the life cycle maintenance activities will impact the cost of goods, which, in turn, impacts pricing of the devices in the market. Minimizing these costs by implementing the most efficient solution for the company may lead to a competitive advantage in the market.

Other Regulatory Bodies Soon To Follow Suit

Many other regions follow the EU when it comes to regulating medical devices. They are coming with similar requirements in both the pre- and post-market phases, specifically surrounding QMS, clinical evidence, and post-market surveillance requirements. The continuous evolution of regulatory standards and frequent guidance updates create a dynamic landscape demanding ongoing diligence to comprehend and adhere to the changing requirements. Ensuring the device documentation meets the appropriate standards will facilitate and speed up access to market in other regions than the EU. It also creates an opportunity to gain efficiencies when requirements are aligned, as it reduces rework and rewriting of submission documentation and labelling changes.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

Conclusion

A common perception is that once certification is achieved, the workload for sustaining it decreases for reasons such as the strategy has been set, less literature will need to be reviewed, and fewer PMS data sets will need to be analyzed during the update frequency. While this may be true in theory, the effort will only decrease with a streamlined process that supports strong interdependency between risk, quality, regulatory, and clinical affairs.

Sustaining compliance involves tackling diverse challenges, including establishing a streamlined approach for updating clinical and post-market documentation, reallocating resources with specialized training for consistent risk management, aligning documentation with the latest regulatory demands, and formulating a strategic plan that aligns with global regulations to minimize the cost of maintaining compliance across various geographical regions. Moreover, given the significant headwinds that the medical device industry is facing, manufacturers will have to balance delivering innovative technology while ensuring existing products maintain the appropriate standards of safety and quality put forth by international regulations.

As we progress into 2024 and swiftly approach the initial MDR implementation date of May 2024, manufacturers should be shifting their focus to how their remediation efforts can be applied to sustaining compliance: What are essential functions and where is there room to trim?

About the Authors:

Hilde Viroux is a medtech expert at PA Consulting and is an expert on the European Medical Devices Regulation. She has broad experience in regulations, quality, manufacturing, supply chain, and project management in the pharmaceutical and medical device industry. She has an MSc in medical technology regulatory affairs from Cranfield University in the U.K. and a BS in biochemistry engineering.

Maggie Chan is a life sciences and regulatory expert at PA Consulting. She focuses on leading process and operation improvement for medical device and pharmaceutical companies. She has led labeling remediation and e-labeling process design projects in compliance with global medical devices regulation for both implantable and non-implantable medical devices. She has been supporting companies by building capabilities and designing processes to ensure they comply with ISO 13485, EU MDR, 21 CFR, etc., in line with the product portfolio. She has a Master of Science in law from Northwestern Pritzker School of Law in the U.S. and a BS in biology.

Dona O’Neil is an industry EU MDR expert and an adjunct professor for Northeastern University’s master’s program in regulatory affairs. She has experience developing and implementing EU MDR clinical evidence requirements across many therapeutic areas and all device classifications. O’Neil has an MPH (healthy policy concentration) from George Washington University and is certified as a clinical research professional by SOCRA.

Jama Software is always looking for news that will benefit and inform our industry partners. As such, we’ve curated a series of customer and industry spotlight articles that we found insightful. In this blog post, we share an article, sourced from IndustryWeek, titled “Cybersecurity Concerns for Manufacturers in 2024” – written by Dennis Scimeca and originally published on January 15, 2024.

Cybersecurity Concerns for Manufacturers in 2024

The more networked and data-centric manufacturing becomes, the more manufacturing leaders ought not consider cybersecurity as something that only concerns the IT department. New SEC reporting rules and high-profile hacks against manufacturers with multimillion-dollar price tags last year curtly demonstrate the point.

Org-wide planning provides the best defense against cyberattack. Knowing what to expect in 2024 and taking proactive steps against threat actors may make the difference between publicly admitting your company wasn’t prepared and accordingly losing money and prestige, or not.

Educate Your Workforce

Human beings decidedly provide the weak links in cybersecurity hygiene. Erecting digital gates and demanding identification checks do nothing if your employees hand over virtual ID cards without realizing they’ve done it.

“Cyberattacks in 2024 will look EXACTLY as they have in the previous three-to-four decades. Most will involve social engineering. About a third will involve unpatched software or firmware. About 10-to20 percent will involve weak password issues. Those three root attack methods will make up 99% of the attacks against most people and organizations,” says Roger Grimes, data-driven defense evangelist at KnowBe4.

“To defend against them, aggressively focus more on preventing social engineering,” he adds. “This means deploying technical cyber defenses that prevent social engineering from reaching users. Because technical defenses will never be perfect, you must train your users in how to recognize the signs of social engineering, how to defeat it, and how to appropriately report it.”

Recognize OT as an Attack Surface

In addition to the best practice, general cybersecurity hygiene pertinent to any business, manufacturers must contend with the vulnerability of their operational technology (OT). Every networked machine on the floor provides a possible avenue for intrusion into your larger IT system.

“Lack of segmentation between IT and OT environments and lack of awareness into these systems provide key avenues for threat actors to cause impacts and outages. Organizations need to mitigate as much risk as possible by focusing on quality backups of not just corporate data, but OT configurations and data needed to restore systems, all with secure encryption,” says Tom Marsland, VP of technology at Cloud Range.

The question of whether to place responsibility for OT cybersecurity within the IT department, or instead to spin out a separate OT group, is not just organizational says Marty Edwards, Deputy CTO for OT/IoT at Tenable.

“CFOs and CISOs will look at the cost-benefit analysis of investing in IT vs. OT security, and they’ll see there’s more benefit to investing in OT than IT in 2024 that at any point until now. For every $1 spent in OT, organizations get more than what they get with $1 in IT security investment. OT investments buy down your risk much more so than IT security,” Edwards says.

Amir Hirsh, head of Tenable OT Security, wants manufacturers to acknowledge how green initiatives that involve OT monitoring can increase cybersecurity risks.

“With the growing attention and increase of costs and penalties around energy usage and carbon emissions, companies will turn to smarter management of their operations, which will increase OT-based sensor deployment and controls. We’ll see more and more IoT and OT devices in smart buildings, factory management and building management systems. These trends will expose companies to further risk as they will expand their attack surface and often connect these environments to the internet,” Hirsh says.

RELATED: Five Advantages of Cloud Over On-Premises for Your Requirements Management and Traceability Solution

AI: Cybersecurity, Friend and Foe

Integrating AI into OT carries specific risks and benefits, says Chaz Lever, senior director of security research at Devo.

“As we move into 2024, it’s imperative for manufacturers to place a strong emphasis on the security of their AI implementations. AI represents a new attack surface, and in the case of OT, attacks on AI systems could result in impacts that cross the cyber-physical barrier. Great care needs to be undertaken to make sure AI interacting with OT systems guards against the myriad of potential AI threats (e.g., prompt injection, adversarial examples, model inversion, etc.),” Lever says.

AI also has the potential to help protect OT systems through its integration into security operations. AI’s capability of sifting through massive quantities of security data and isolating high-priority alerts is becoming increasingly sophisticated. This enables AI to augment the capabilities of analysts in monitoring systems, conducting forensic investigations and proactive threat hunting,” Lever adds.

Kurt Markley, managing director for the Americas at Apricorn, points out that bad actors may also use AI to create ransomware tools, the most popular avenues for attack against manufacturers. Generative AI-powered ransomware attacks doubled against healthcare, municipalities and education orgs between August 2022 and July 2023, says Markley.

Manufacturers could be next on the list. Protecting critical data mitigates the risk.

“While almost all IT leaders say they factor in data backups as part of their cyber security strategies, research we conducted [in 2023] found that only one-in-four follow a best practice called the 3-2-1 rule, in which they keep three copies of data on two different formats, one of which is stored offsite and encrypted. Furthermore, this same research found that more than half of respondents kept their backups for 120 days or less, far shorter than the average 287 days it takes to detect a breach,” says Markley.

“The likelihood that AI-driven ransomware will impact far-higher numbers of organizations, it will be more important than ever in 2024 that organizations have a strong cyber resiliency plan in place that relies on two things: encryption of data and storage of it for an appropriate amount of time. IT leaders need to embrace the 3-2-1 rule and must encrypt their own data before bad actors steal it and encrypt it against them,” Markley adds.

Beware the Cloud?

Touted for many years for scalable data architectures and cost-effectiveness compared to on-premises infrastructures, manufacturers like Nissan have learned the cloud also carries cybersecurity risks. Don’t think that offloading data to the cloud means offloading related cybersecurity concerns to your cloud technology provider.

“It’s estimated that 30% of cloud data assets contain sensitive information. All that data makes the cloud a juicy target and we expect that 2024 will continue to show that bad actors are cunning, clever, and hard-working when it comes to pursuing data. The industry has seen triple the number of hacking groups attacking the cloud, with high-profile successes against VMware servers and the U.S. Pentagon taking place [in 2023],” Markley says.

As IT teams spend more on moving and storing data in the cloud, organizations must spend the next 12-to-24 months auditing, categorizing and storing it accordingly. They need to gain deeper visibility into what data they have stored in the cloud, how data relates to each other, and if it is still meaningful to the operations of the organization. In doing so, they are advised to create specific security policies about how, where and for how long they store their data. These policies, when actively enforced, will help organizations better protect their most valuable asset – their data,” he adds.

RELATED: When Evaluating Product Development Software Tools, Not All Cloud is Equal

Think Forward for Best Protection

Effective cybersecurity’s layered, multi-faceted structure and accompanying price tag make it attractive for manufacturers to deprioritize, but the sooner they get on board with proper cybersecurity hygiene the sooner they can stop worrying about ever cutting a fat ransomware demand check…or what they’re going to tell the SEC in the annual 10-K filing.

“Ultimately, it’s crucial for security teams to collaborate closely with their organizational leadership to find an optimal equilibrium between security, user convenience, and technological innovation,” says Lever.

Grimes provides a checklist for basic, first cybersecurity steps:

Patch all software and firmware, especially anything on CISA’s Known Exploited Vulnerability Catalog list.
Use phishing-resistant multifactor authentication (MFA).
If you can’t use MFA, use a password manager which will create and use long and complex, different passwords for every site and service you use.

“The organizations that focus on these core, necessary defenses correctly and don’t get sidetracked by a hundred other less useful shiny objects will significantly decrease cybersecurity risk,” Grimes says. “The organizations that don’t, will likely be hacked.”

Ready, Set, Launch: Welcoming the New Jama Software^® User Community

We are excited to announce the launch of our new Jama Software^® User Community! Hosted on Higher Logic’s Vanilla platform, this community will be based on their successful framework model and will serve as an improved hub for collaboration, discussion, and support. To learn more about the history of Jama Software®’s user community, which was first created in 2015, visit Empowering Customer Success: The Vital Role of Support and User Communities.

In preparation for the launch of this exciting new space, we interviewed Amanda Jennewein – Senior Manager of Customer Support at Jama Software, to find out what existing and new user community members can expect from this transition.

What were the main reasons or goals for relaunching the Jama Software Customer Community?

Amanda Jennewein: Launching the new Jama Software^® User Community is a strategic initiative aimed at improving customer engagement and satisfaction, driving innovation, and strengthening the company’s brand presence in the digital space.

Enhanced Customer Engagement: Our goal is to strengthen customer relationships and create a supportive ecosystem by fostering a sense of belonging and collaboration. Building a vibrant online community allows customers to engage with each other, share experiences, and exchange best practices.
Knowledge Sharing and Support: As we recently shared, a community is valuable for users to access documentation, tutorials, and troubleshooting guides. By centralizing knowledge and expertise, Jama Software empowers customers to find solutions independently and receive support from peers and experts within the community.
Feedback Collection and Product Improvement: The community provides a channel for customers to provide feedback, suggest enhancements, and vote on feature requests. By soliciting input directly from users, we gain valuable insights into customer needs, preferences, and pain points, which can inform product development and roadmap prioritization.
Customer Success and Adoption: A thriving community contributes to customer success by facilitating collaboration, learning, and adopting Jama Software products and solutions. We aim to drive user satisfaction, retention, and advocacy by promoting engagement and self-service support options.
Brand Building and Thought Leadership: Hosting a vibrant community reinforces our position as a software development and requirements management leader. By curating valuable content, facilitating discussions, and showcasing customer success stories, we strengthen our brand reputation and thought leadership within the industry.

When will the new community be available for users to see?

Jennewein: The new community was officially launched on March 18, 2024. Users can now join the new community and explore its features.

RELATED: Jama Software^® Discovery Center

What improvements can users anticipate from our new community?

Jennewein: The migration to Higher Logic Vanilla represents a significant upgrade for the Jama Software Customer Community, offering improved usability, performance, collaboration tools, and integration possibilities. These enhancements allow users to anticipate a more engaging and productive community experience.

Enhanced User Experience: Vanilla offers a modern and intuitive user interface, making it easier for community members to navigate, discover content, and engage with others. The platform’s clean design and user-friendly features create a more enjoyable and efficient user experience.
Improved Performance and Reliability: Vanilla’s infrastructure is designed to deliver better performance and reliability than the previous platform. Users can expect faster page loading times, smoother browsing experiences, and minimal downtime, ensuring uninterrupted access to community resources and discussions.
Streamlined Content Discovery: Vanilla provides robust search functionality and content categorization tools, enabling users to find relevant discussions, articles, and resources quickly. Advanced search filters and tags make locating specific topics of interest easier, facilitating knowledge sharing and collaboration within the community.
Federated search: Vallina connects to other tools to surface relevant content, regardless of where it lives.
Enhanced Customer Support Integration: Further integration of the community with customer support processes and systems to streamline issue resolution, facilitate peer-to-peer support, and provide faster access to assistance. Automation and self-service options will empower users to find solutions independently and reduce their dependency on traditional support channels.

Will users from our previous community notice any significant changes? Will they still be able to find the same information as before?

Jennewein: Overall, the structure and organization of the new customer community will prioritize usability, accessibility, and engagement, aiming to provide a valuable and enriching experience for users seeking support, knowledge sharing, and collaboration within the Jama Software community.

You can see the Vanilla Success Community here, https://success.vanillaforums.com/

Homepage: The homepage serves as the central hub of the community, featuring essential announcements, latest discussions, and popular topics. It provides a snapshot of community activity and directs users to relevant sections and resources.
Discussion Categories: Discussions are typically organized into categories or topics based on themes, product features, or user needs. Precise categorization helps users find discussions relevant to their interests and expertise, promoting participation and knowledge sharing.
Digital Onboarding Guide: A dedicated section for articles, guides, tutorials, and other resources.
Q&A: Users can ask and answer questions within a community to facilitate self-service support and develop brand advocated.
Ideation: Provide feature requests while collaborating with peers by voting and commenting on ideas.
Events and Announcements: Information about upcoming events, webinars, product updates, and community announcements may be featured prominently to keep users informed and engaged.
User Profiles and Recognition: User profiles allow community members to personalize their experience, showcase their expertise, and connect with peers.
Search Functionality: Robust search functionality lets users quickly find relevant discussions, articles, and resources. Advanced search filters and tagging systems improve the discoverability and accessibility of content.
Community Guidelines and Support: Clear guidelines and rules for community participation help maintain a positive and respectful environment. Support resources, FAQs, and help documentation should be readily available to assist users and address any issues they encounter.
Verticalized Resources: Solution spaces for Automotive, Medical Devices & Life Sciences, Robotics, and Airborne Systems will be available to customers who have purchased additional licenses. These spaces offer industry resources, downloadable materials, and specific discussion areas.
Additional Downloadable Resources: Customers may purchase additional licenses to access downloadable content for:
- Data Exchange
- Jama Validation Kit (JVK) – Test cases and coverage reports
- Functional Safety Kit (FSK) – ISO certifications, defects, and safety manuals.
- Jama Connect Interchange™

How will the new community be moderated and managed to ensure a positive experience for members?

Jennewein: To ensure a positive experience for members, the new community will be moderated and managed through a combination of proactive measures, clear guidelines, and responsive support.

Clear Community Guidelines: Clear guidelines and rules for community participation help maintain a positive and respectful environment.
Designated Moderators: The community will have moderators responsible for overseeing discussions, enforcing community guidelines, and addressing any issues or concerns members raise. These moderators will be experienced and knowledgeable individuals who can maintain a respectful and inclusive environment within the community.
Prompt Response to Concerns: Our community encourages its members to report any concerns or violations of community guidelines to the moderators. Upon receiving such reports, the moderators will promptly investigate the issue thoroughly and take appropriate action to address the concern. This may involve removing inappropriate content, issuing warnings, or taking other necessary steps to ensure that our community remains a safe and welcoming place for all.
Transparent Communication: Moderators will communicate openly and transparently with community members, explaining decisions and actions. Transparent communication helps build trust and confidence among members and demonstrates a commitment to fairness and accountability.
Educational Initiatives: Besides taking enforcement actions, moderators will also undertake educational initiatives to encourage positive behavior and cultivate a culture of respect and collaboration among community members. This may include providing guidance on best practices for constructive communication, conflict resolution, and effective participation.

RELATED: Carnegie Mellon University Software Engineering Program Teaches Modern Software Engineering Using Jama Connect^®

How will we address and resolve issues or concerns raised within the customer community?

Jennewein: Support resources, FAQs, and help documentation will be available to assist users and address any issues they encounter in partnership with moderators and the Online Community manager.

What plans does the company have for any additional future growth and evolution of the customer community?

Jennewein: The company’s plans for future growth and evolution of the customer community are focused on creating a vibrant, inclusive, and value-driven ecosystem that empowers users, fosters collaboration, and drives customer success with Jama Software products.

Expansion of Community Features: Continuously evaluate and introduce new features and functionalities to enrich the community experience.
Community Advocacy and Ambassador Programs: Identify and cultivate community advocates and ambassadors passionate about Jama Software products and actively contribute to the community. Recognize and reward these advocates for their contributions and empower them to champion the community, share their experiences, and advocate for the brand.
Feedback-driven Iterative Improvements: Continuously solicit feedback from community members through surveys, polls, and feedback forums to identify areas for improvement and prioritize future enhancements. Use this feedback to inform iterative updates and enhancements to the community platform, ensuring that it evolves in alignment with user needs and expectations.
Content Expansion and Diversification: Invest in expanding and diversifying the content available within the community, tailoring content to address community members’ evolving needs and interests, covering a broad range of topics related to Jama Software products and industry trends.

Conclusion

We are always working to improve and refine our customer experience, aiming to provide excellence in every interaction. If you are a current customer and would like to learn more, please contact your customer success manager or consultant. If you are not yet a client, please visit our website at jamasoftware.com to learn more about our platform and how we can help optimize your development process.

Important: Password Change Required for returning members to access the New Community Site

With the new site launch, returning members must update their password to access the new community site. This is an important step that needs to be taken for security reasons. We appreciate your cooperation. To change your password and gain access to the new Community site, please visit: community.jamasoftware.com

This image portrays a webinar on the topic on Traceable Agile.

In this blog, we recap our webinar, “Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery” – Click HERE to watch it in its entirety.

In this insightful session, Professor Paul Meadows MSc, PMP, CSM and Steven Meadows, Principal Solutions Lead at Jama Software^®, explore Traceable Agile™, as well as best practices in terms of Agile processes, helping you ensure that your team is achieving the right balance between quality and speed.

You will learn about:

Best Practices and Tooling: Learn about the best practices in implementing effective agile processes and recommended tooling to enhance your team’s performance.
Balancing Speed and Quality: Strategies to ensure your software delivery is both fast and shipped with fewer defects
Implementing Traceable Agile: Dive deep into Traceable Agile, a methodology that promotes speed while maintaining a comprehensive historical and current view of your development process, enabling early issue detection.
Real-World Applications: Gain insights into how Traceable Agile is being implemented in various industries, and the benefits it has on software and hardware integration.

Below is an abbreviated transcript of our webinar.

Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Professor Meadows: Well, first of all, I’d like to say thank you for inviting me to the webinar. Steven, I’m looking forward to this. Just in terms of my background, I’ve first of all completed a full career in the British Army and since then I’ve over 20 years of project management experience, really based in mostly world-class, global enterprises, building and managing project management offices, developing and executing project management policies and standards. I’ve got a master’s degree in project management from Liverpool University. I’m a certified project management professional with the Project Management Institute and I’ve been a certified scrum master for over eight years.

I’ve taught project management for Columbia University in New York City and I am currently the lead faculty professor for the master’s degree in project management at NYU, also in New York City.

Steven Meadows: Great, thanks for that introduction. Just as a brief introduction for myself here, my name is Steven Meadows. I’m a principal solutions lead and I represent my company Jama Software and we’ll be touching on what Jama Software is and the solutions that we offer shortly. I also have around about 12 to 13 years experience in solution architecture, solution implementation. I’m also certified in Agile development using Jira software as well as Jira project administration too. So I’ve helped out or helped a lot of different Agile teams implement Agile solutions and implement while using tools. I do briefly want to introduce Jama Software, our company, and also solutions that we develop.

So Jama Software really provides a suite of solutions that spans the entire product and systems development lifecycle, things like capturing and managing requirements’ traceability to ensuring collaboration across different departments and different teams throughout the software development lifecycle. Also, across other verticals as well. Now you’ll see some of the verticals on this slide that we support, including regulated industries like medical device and aerospace and defense, as well as pure software development and industrial manufacturing too.

Now, some of the ways that we really help our customers realize value with our tools by reducing development cycle times, increasing process efficiency, gaining visibility and control and so on. So with that then, Professor Meadows is now going to provide an overview on Agile, the Agile Manifesto, and some of the principles as well.

RELATED: Requirements Traceability Benchmark

Professor Meadows: Thanks Steven. So here we are on the Agile overview page. We’re going to talk about some of the benefits, but as Agile development methodologies and frameworks become more and more the choice of organizations as we see here, they recognize the significant productivity improvements that can be achieved. It’s important here though, Steven, to really draw the distinction between waterfall requirements management and Agile requirements management. As we know, the strength of Agile is in the collaborative development that’s achieved with constant stakeholder and development team interaction over the more traditional approach where requirements are captured upfront largely and changes are not only unwelcome but actually considered disruptive.

And where they do occur generally they have to follow a fairly formal process of review and approval before they’re accepted. So in today’s very dynamic marketplaces, you can see clearly this is not going to help organizations achieve and maintain competitive advantage. So the four foundational values we see here were developed as part of the Agile Manifesto way back in 2001, and they’re really designed to efficiently elicit requirements and turn those requirements into functioning software. It’s about responding to change over following a plan.

And when you look at that in the context of the value placed in working software over comprehensive documentation, we really start to get to understand the challenges that emerge in trying to make sure our stakeholders and their needs are being met by what we deliver. This becomes even more complex when we start to look at the 12 Agile principles in more detail next. Before we move on to there, let me give you a little bit more detail about these values though. So individuals and interactions over processes and tools. Well this value itself emphasizes the importance of focusing on people and obviously their interactions with the team rather than solely relying on processes or tools.

But I don’t want to underestimate the value of processes and tools and we will definitely talk more about that through this webinar. This one really highlights the significance of effective communication, collaboration, and teamwork in delivering successful outcomes. Agile teams prioritize building strong relationships and that’s really one of the strengths that’s looked for as you build a team is that ability to build strong relationships and really fosters open communication, empowering individuals to make decisions that contribute really to the overall project success. Moving on to working software over comprehensive documentation.

Again, this is another one of those values we’re going to dig a lot deeper into through this webinar. But this value really underscores the importance of delivering functional software that meets the needs of the customer over extensive documentation, is the way it’s worded. And while documentation itself has its place in software development, tangible results are in the form of working software. Agile teams strive really to deliver value early and often. Today we’re seeing continuous delivery in many of the firms you’ve implemented successful Agile.

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery

Understanding IATF 16949: A Quick Guide to Automotive Quality Management

In the ever-evolving landscape of the automotive industry, ensuring product quality and safety is paramount. One key standard that plays a crucial role in this pursuit is IATF 16949. In this article, we will delve into the intricacies of IATF 16949, exploring its significance, key elements, and benefits.

What is IATF 16949? IATF 16949, or the International Automotive Task Force 16949, is a globally recognized quality management standard specifically designed for the automotive sector. This standard is based on ISO 9001 and incorporates additional requirements tailored to the automotive industry. IATF 16949 was developed by the International Automotive Task Force (IATF) to promote quality, consistency, and continual improvement throughout the automotive supply chain.

Key Elements of IATF 16949:

Customer Focus: IATF 16949 places a strong emphasis on meeting and exceeding customer requirements. This includes understanding customer needs, providing defect-free products, and consistently delivering high-quality services.
Process Approach: The standard adopts a process-oriented approach to quality management. Organizations are encouraged to identify, manage, and optimize key processes to enhance efficiency and effectiveness in meeting objectives.
Risk Management: IATF 16949 requires organizations to identify and address potential risks within their processes. This proactive approach helps in preventing issues, ensuring product safety, and maintaining a robust quality management system.
Supplier Quality Management: Recognizing the interconnected nature of the automotive supply chain, IATF 16949 places a significant focus on supplier quality management. Companies must work closely with their suppliers to ensure that quality standards are consistently met throughout the supply chain.
Continuous Improvement: The standard promotes a culture of continual improvement, urging organizations to regularly assess and enhance their processes. This commitment to ongoing refinement helps companies stay ahead in a competitive market.

Benefits of Implementing IATF 16949:

Global Recognition: Achieving IATF 16949 certification provides organizations with global recognition, enhancing their credibility and opening doors to new business opportunities.
Improved Efficiency: By adopting the standard’s process-oriented approach, organizations can streamline their operations, reduce waste, and enhance overall efficiency.
Enhanced Customer Satisfaction: Meeting IATF 16949 requirements ensures that products and services consistently meet or exceed customer expectations, leading to higher satisfaction levels.
Risk Mitigation: The focus on risk management helps organizations identify potential issues before they escalate, reducing the likelihood of defects and recalls.
Competitive Advantage: IATF 16949 certification provides a competitive edge in the automotive industry. Many OEMs (Original Equipment Manufacturers) prefer working with suppliers who adhere to this globally recognized standard – and many companies are required to comply.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

Who is required to comply with IATF 16949?

Companies that are part of the automotive supply chain, including manufacturers, suppliers, and service providers, may be required to comply with IATF 16949. This includes organizations involved in the production of automotive parts, components, and assemblies.

Key stakeholders in the automotive industry, such as original equipment manufacturers (OEMs) and their suppliers, often seek IATF 16949 certification to demonstrate their commitment to quality and compliance with industry standards. Certification to this standard is often a prerequisite for becoming a supplier to major automotive companies.

It’s important for organizations in the automotive sector to assess their specific contractual requirements and the expectations of their customers to determine whether compliance with IATF 16949 is necessary for their business. Certification to IATF 16949 is typically achieved through a third-party audit process conducted by accredited certification bodies.

What is a Quality Management System?

A Quality Management System (QMS) is a comprehensive framework of policies, processes, procedures, and records that an organization establishes and maintains to ensure its products or services consistently meet or exceed customer expectations. The primary goal of a QMS is to enhance customer satisfaction by consistently delivering high-quality products or services while also meeting regulatory requirements. It encompasses various elements such as quality planning, control, assurance, and improvement. A well-implemented QMS helps organizations identify and document their processes, set quality objectives, and monitor performance against these objectives. It often involves the use of standardized methodologies, documentation, and quality tools to foster a systematic approach to quality management, ensuring that every stage of the product or service lifecycle is controlled, measured, and continually improved upon. Certification to internationally recognized QMS standards, such as IATF 16946 and ISO 9001, provides external validation of an organization’s commitment to quality and can enhance its credibility in the marketplace.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

How can Jama Connect^® help?

Jama Connect^® is a powerful tool that plays a pivotal role in assisting teams in meeting the requirements of a QMS within various industries, particularly those with stringent regulatory standards.

Here are several ways in which Jama Connect facilitates compliance with QMS requirements:

Documenting and Managing Requirements: Jama Connect provides a centralized platform for documenting and managing requirements throughout the product development lifecycle. It allows teams to create, review, and collaborate on requirements, ensuring clarity and consistency. This centralized approach enhances communication among team members, reducing the risk of misunderstandings and improving overall requirement management efficiency.
Enabling Risk-Based Thinking: The platform supports risk-based thinking by providing tools to identify, assess, and mitigate risks associated with product development. Teams can systematically evaluate potential risks, assign risk levels, and implement mitigation strategies. This proactive approach aligns with the risk management requirements of QMS standards, contributing to safer and more reliable product development.
Assisting with Change Management Processes: Change management is a critical aspect of QMS, and Jama Connect streamlines this process. Teams can efficiently capture and evaluate proposed changes, assess their impact on requirements and other project elements, and implement changes in a controlled manner. This ensures that changes are documented, reviewed, and tracked, promoting transparency and accountability in the change management process.
Enabling Traceability of Processes and Products: Jama Connect offers robust traceability features, allowing teams to establish and visualize relationships between requirements, tests, and other project artifacts. This traceability is crucial for demonstrating compliance with QMS standards, as it provides a clear linkage between various stages of the development process, from initial requirements to final product validation.
Easy Documentation for Evidence for Audits: Jama Connect simplifies the documentation process required for audits. The platform enables teams to generate comprehensive reports, traceability matrices, and documentation trails that serve as evidence of compliance with QMS standards. This facilitates smoother and more successful audits, as auditors can easily review and verify the necessary documentation.
Supporting a Continuous Improvement Process: Continuous improvement is a fundamental principle of QMS, and Jama Connect supports this by providing analytics and insights into project performance. Teams can analyze data on requirements, testing, and other project metrics to identify areas for improvement. This data-driven approach fosters a culture of continuous improvement, aligning with the principles of QMS standards.
Supporting a Customer Focus with Traceability to Customer Needs: Jama Connect helps maintain a strong customer focus by establishing clear traceability from requirements to customer needs. This ensures that the final product aligns with customer expectations and requirements. The platform’s traceability features provide a visual representation of how each requirement contributes to meeting customer needs, strengthening the customer-centric approach advocated by QMS standards.

IATF 16949 is a critical standard for the automotive industry, emphasizing quality management, risk mitigation, and continuous improvement. Organizations that invest in achieving and maintaining IATF 16949 certification position themselves as reliable partners in a highly competitive and demanding market, ensuring the production of high-quality automotive products.

Note: This article was drafted with the aid of AI. Additional content, edits for accuracy, and industry expertise by Matt Mickle and McKenzie Jonsson.

In this blog, we recap our webinar, “Unlocking Success: The Transformative Benefits of Variant Management through Product Line Engineering” – Click HERE to watch it in its entirety.

Unlocking Success: The Transformative Benefits of Variant Management Through Product Line Engineering

Embark on a journey of innovation and efficiency with this webinar on the benefits of variant management through Product Line Engineering (PLE), as we explore how PLE serves as a catalyst for organizational success.

In this insightful session, our industry experts will guide participants through the myriad advantages that PLE offers in the realm of product development, including:

- How PLE accelerates time-to-market and significantly reduces costs by promoting systematic reuse of engineering assets across a product portfolio.
- The strategic impact of PLE on managing product variability, enabling organizations to swiftly adapt to changing market demands without compromising quality.
- A way to gain a competitive edge: Learn how PLE can be implemented in Jama Connect^® to enhance collaboration among cross-functional teams and create adaptable architectures

Below is an abbreviated transcript of our webinar.

Matt Mickle: Today I will spend some time introducing the topic of product line engineering and some of the benefits, as well as challenges that come along with it, especially pertaining to the work that you need to do in Jama Connect. I’ll then hand it off to Geoff, who will walk you through a practical way to implement product line engineering into the way that you work within Jama Connect now. We’ll then sum up and take away any questions from the audience. So without any further ado, let’s jump right into it.

What is product line engineering? Well, there’s multiple definitions floating around for product line engineering, but for the purpose of this webinar, we’re going to stick to something that makes sense from our perspective, which is a focus on engineering for a family of products with similar features, components or modules, as a single product line in order to leverage the commonality and variability, minimize the duplication of effort, and maximize reusability.

There are lots of examples of what a product line could be. It could be a series of vehicles, such as what you see here with the J Series, where you have different models that are part of a single product line. It could be military vehicles developed for different roles. It could be versions of software that are built for different types of consumers, like your light user or your expert user. It could be a line of appliances with different sizes or capabilities, like an oven or a dishwasher. It could be a line of laptops with different sizes, different amounts of memory, and different amounts of CPU. Or for a semiconductor, it could be configurations of IP for a chip family. So lots of different ways that you could have a product line, and with many of those ways you need to think about product line engineering.

RELATED: Jama Connect^® vs. IBM^® DOORS^®: Reuse and Variant Management

Mickle: What are variants and how do you manage those variants? Along the same pathway, we will refer to variants as basically anything that would vary from product to product within a product line. And that could include some of the examples below, like different features, premium services, levels of performance, and different components that you might have, kind of like what you see on this ad for the J Series turbo. And when it comes to variant management, we’ll simply refer to this as the process or the technique that helps us manage and organize the variance. And this could be through one or multiple of these different modes that you see below, or it could be something that’s not listed there.

Okay, so what are some of the benefits that we get from product line engineering and from variant management? One is product line engineering, which enables organizations to create a product line architecture that allows for a systematic reuse of components. This can be components, modules, assets, and those are across different products within a product line. This promotes efficiency by reducing redundancy in the need to recreate similar functionalities for every product.

Another way is by reusing existing components and assets, organizations can significantly reduce their development cost. Product line engineering allows for economies of scale, as the investment in creating a core set of assets can be spread across multiple products, leading to cost savings in the long run. With product line engineering organizations can also streamline the development process by leveraging those existing components and architectures. This means faster time-to-market for new products since development efforts are focused on creating unique features, rather than rebuilding common functionalities.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Mickle: It also helps ensure consistency in the products across your product line. If you reuse well-tested and validated components, the likelihood of introducing defects or inconsistencies is reduced, and that leads to higher overall product quality. As the market demands change or new technologies emerge, product line engineering provides a framework that allows organizations to adapt and evolve their product line more easily. This enables the addition of new features or the modification of existing ones without starting the development right from scratch.

Product line engineer also supports efficient configuration management, therefore allowing organizations to define and manage variations and products through configuration, rather than by creating separated versions or desynchronized copies of content. It simplifies a task of handling different customer requirements or market-specific adaptations.

It also makes the maintenance and updates more manageable. Changes or bug fixes can be applied to common components, and the updates can then be propagated to all the products in the line, ensuring that each product benefits from the improvements without having to undergo individual modifications. It also helps with the mitigation of risks associated with product development by relying on well-established improving components. Since these components have been used and tested across multiple products, the likelihood of critical issues arising is reduced.

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Unlocking Success: The Transformative Benefits of Variant Management through Product Line Engineering

In this blog, we recap our webinar, “Key Systems Engineering Skills: Critical Thinking and Problem Framing” – Click HERE to watch it in its entirety.

Key Systems Engineering Skills: Critical Thinking and Problem Framing

Elevate your team’s success by exploring the role of critical thinking in a system engineering competency model.

In this insightful session, Chris Unger, Retired GE Healthcare Chief Systems Engineering Officer and Principal at PracticalSE LLC, and Vincent Balgos, Director of Medical Device Solutions at Jama Software^®, discuss how critical thinking and decision-making skills are integral to systems engineering.

In this insightful session, you will learn:

Explore the vital role of critical thinking and decision-making in systems engineering.
Learn practical techniques for decision framing and closure.
Gain insight on how systems engineers should manage design decisions on a project.
See a simple model of how and when to engage with stakeholders in design decisions.

Below is an abbreviated transcript of our webinar.

Chris Unger: We’re going to talk today about a follow-up to the last webinar, where I’m going to talk about some of the most important systems engineering skills, critical thinking, and problem framing. So, how do skills in general, and soft skills, fit into improving systems engineering? So, in prior talks, I’ve suggested you keep your processes very simple but make them effective, and that’s easy to say but hard to do. That means you have to understand the system of the SE processes, how they connect, and where the diminishing value of the processes, the source process heading off, happens. As an example, a topic could be a technical risk, or it could be a trade-off between different possible solutions. So, we want to understand how those to the risk management and the decision process interact.

In order to do that, the best systems engineers have to have really good judgment. In addition, we have to influence people. Being simplistic, hardware and software engineers design things, things do what they’re told. I know it’s oversimplified, but our deliverables are instructions on how the software and hardware engineers do things. So, the best systems engineers here have an area of depth that they’re experts in, so they bring some technical credibility. They have systems of breadth, they understand all the systems processes and how they interact, and they have great interpersonal skills. Today I’m going to focus on how you achieve a balanced and optimized design, how you focus on your cost versus risk, and doing that through basically decision making.

So, first I want to talk about the Helix Model. So, the Helix Project was a project funded by the government and, the US government, and their concern was for big aerospace and NASA projects you tend to produce a major, billion-dollar development every 10 years, and then you do 10 years of support. So, people often move on. They were worried about how you create the truly brilliant leader systems engineers from a team that may be a little bit sparse. They developed this model up here in the front and simplistically, you start with things you learn in school, how to do good mechanical engineering, electrical engineering, and software engineering techniques. You then go into an organization, and so you spend the first five years learning about your company. Things like, well, if you’re going to be doing a say glucose monitor, what does blood chemistry look like? What does a sensor look like? What’s a workflow? So, you become a good organization-specific mechanical engineer.

Then you learn about lifecycle. How do you go from womb to tomb, from customer needs to disposal and disposition with all the regulations across the world in terms of chemical safety? So, after five, maybe 10 years, you understand your domain, you understand the lifecycle and you understand your technology. What differentiates after that? What they found was the skills on the bottom half of this page, the Systems Mindset, so big picture thinking, and paradoxical mindset. You’ve all heard that joke about fast, good and cheap, pick two of the three. Well, that’s the world in which systems engineers live. We make trade-offs between things that are inherently conflicting. The other thing is, we’ve got to make decisions quickly, so you’ve got to have a flexible comfort zone. You’ve got to be willing to wait till you have the critical information but make a decision without all the information you want.

RELATED: A Path to Model-Based Systems Engineering (MBSE) with Jama Connect^®

Unger: In terms of the middle column, Interpersonal Skills, just the obvious stuff as I mentioned. You’ve got to influence the other engineers to make a good decision. Then finally here in Technical Leadership, balanced decision-making, and risk-taking. So, I had a general manager one time say, “We’re in the business of managing risks, not avoiding risks.” The least-risk program is also a boring one, but you also don’t want to take moonshots and everything. So, you really want to balance. It’s another case of a paradoxical mindset. Balance risk-taking with hitting a schedule predictably. So, these are the kinds of skills that really differentiate as systems engineering leaders, 10 to 15 years into your career. I’m going to talk more about these, decision-making, stakeholder management, and barrier-breaking.

So, I put together a very simple Systems Engineering Competency Model. I started with the NASA handbook and the NASA lifecycle. I simplified it, into that they had scope and requirements management separated, and I actually agree with those being different. But in reality, on the size of programs that we typically implemented, the people who did one typically did the other. Same thing, the architecture and the design, those were typically the same people. So, you have the upfront design, you have implementation. So, managing the subsystems actually do the implementation of what the design asks them to do, and you integrate it, such that you find your defects early. Then you manage all the lifecycle, the serviceability, manufacturability, disposability, and all the “ilities.”

Then leadership, obviously, there the interpersonal skills. This was developed for GE Healthcare, so I just picked it from our existing leadership skillset and I simplified it. What you’ll notice here is I put down at the bottom, critical thinking, as a technical skill. For many executives, and for other functional engineers, critical thinking is important, but as I mentioned, since we deliver instructions and designs to other engineers, framing decisions, taking vague things from product management and marketing, and turning them into clearer problems or functions to solve, I consider that a core technical excellence of systems engineering. But that’s vague. How do I actually measure that? So, I came up with this fairly simple set of observable behaviors. So, first of all, framing problems takes an ambiguous problem identifies the critical stakeholders, and turns them into a clear problem a more junior engineer can solve.

So, first, let’s talk about framing the problem. Even an entry-level person has to be able to understand a problem that’s been framed for them. But as you get to more senior people, the 10 to 15-year level, you have to be able to frame a complex problem, see around corners, use foresight to sort out essentials from the detail, and identify risks and emergent behavior that need to be incorporated in the decision, that other engineers might not see. Even at the strategist level, you can take a complex and ambiguous problem clarify the ambiguity, and turn it into simply just a complex and interconnected problem.

So, if we’re talking about maybe the 10 to 15-year-old person, not the most senior executives, you’ll be able to take a complex problem, identify ahead of time problems other people don’t see, and capture that. Balance cost, schedule, technical risk, and team capabilities, and make a trade-off based on sound evidence and data. Balance your intuition, when you don’t have all the data with waiting and gathering data where you need it. Then finally, making the decision is maybe the easy part. You have to make sure the team follows your leadership. Take accountability for making the right decisions, delegate where you can, and then ensure that the entire team buys into the decisions that the team or you have made. So, that’s the theory.

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

Unger: Let’s talk about how we manage design decisions. First of all, why? Why is this a critical skill? By identifying the critical design decisions, it allows the team to focus on the most important thing, and separate out the core from the distractions. It helps teams identify work items. So, for example, one time when I was working with the ultrasound team in Japan, we had a bunch of really experienced engineers and they were working on a new ultrasound probe. It had moved an active component into the probe and there was a thermal issue. They were talking in Japanese for about five, 10 minutes when I was asked to frame the problem and I said, “Yeah, you’re talking too fast and too much. This is not that easy. Come back to me and tell me what you’re actually doing.”

They were figuring out how to measure the thermal properties in the lab. I said, “Well, imagine you had a probe that was safe, with maybe 39°C, but that was uncomfortable to handle. Have you worked with the application people on how much value? If you spent $50 more and took the temperature down by 1°C, would that be worth a trade-off? The team, “Oh, that’s interesting.” They were actually focused on the technical feasibility, not the real market and customer acceptance problem. So, by doing this upfront, you can make sure that you have a complete work process for the team. Then once you’ve made the decision, it minimizes rework by making sure the decisions stay closed.

Now, this decision list and prioritization should start early. It would be comfortable to wait until you know everything, but that’s too late. So, it’s a living document. Don’t wait to get started until you have enough information to make a good plan. Start with what you know, and then build out as you continue. So, one of the first things I talk about is, what is a decision? As an example, I’ve had teams come to me saying, “The operating system selection is a decision.” It’s like, “No. It’s actually not typical. It’s typically a collection of decisions.” So, I draw this little arrow here. It’s basically a decision is a point in which you select between different paths going forward and you pick one way versus another. So, deciding whether to include a stretch item in scope or not is a decision. Deciding between very specific designs and implementing a feature is a decision. Setting a critical to-quality parameter or balancing between different parameters, so cost versus reliability or cost versus performance, is a decision.

Tag Archive for: Requirements & Requirements Management

Manage by Exception: Data-Driven Practices to Improve Product, Systems, and Software Quality

Why “Data-Based Management” is Critical, and How it Uncovers Gaps

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution

Examples of Exceptions in Daily Product, System, and Software Development and Requirements Management

A tool such as Jama Connect® can help you successfully manage exceptions, such as in these four examples.

RELATED: Requirements Traceability Diagnostic

Critical Metrics to Consider

For example, a requirement should have three different elements:

TO LEARN MORE, DOWNLOAD THE COMPLETE WHITEPAPER HERE: “Manage by Exception: Data-Driven Practices to Improve Product, Systems, and Software Quality”

Understanding ISO/IEC 27001: A Guide to Information Security Management

RELATED: A Guide to Understanding ISO Standards

Overview of ISO/IEC 27001:

Key Principles:

Scope and Requirements:

Implementation Process:

Certification Process:

Benefits of ISO/IEC 27001:

Continual Improvement:

RELATED: Best Practices Guide to Requirements & Requirements Management

Conclusion

Jama Connect® Features in Five: Automated Testing

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect®… in about five minutes.

VIDEO TRANSCRIPT

RELATED: Requirements Traceability Benchmark

RELATED: The Benefits of Jama Connect®: Supercharge Your Systems Development and Engineering Process

To view more Jama Connect Features in Five topics, visit: Jama Connect Features in Five Video Series

Navigating EU MDR Compliance: Overcoming Challenges To Sustain Your Certification

Sustaining Certification Is An Ongoing Task, Not A One-Time Finish Line

RELATED: Jama Connect® for Medical Device & Life Sciences Development Datasheet

Documentation

Budget

Other Regulatory Bodies Soon To Follow Suit

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Medical Device & Life Sciences

Conclusion

About the Authors:

Cybersecurity Concerns for Manufacturers in 2024

Educate Your Workforce

Recognize OT as an Attack Surface

RELATED: Five Advantages of Cloud Over On-Premises for Your Requirements Management and Traceability Solution

AI: Cybersecurity, Friend and Foe

Beware the Cloud?

RELATED: When Evaluating Product Development Software Tools, Not All Cloud is Equal

Think Forward for Best Protection

Ready, Set, Launch: Welcoming the New Jama Software® User Community

What were the main reasons or goals for relaunching the Jama Software Customer Community?

When will the new community be available for users to see?

RELATED: Jama Software® Discovery Center

What improvements can users anticipate from our new community?

Will users from our previous community notice any significant changes? Will they still be able to find the same information as before?

How will the new community be moderated and managed to ensure a positive experience for members?

RELATED: Carnegie Mellon University Software Engineering Program Teaches Modern Software Engineering Using Jama Connect®

How will we address and resolve issues or concerns raised within the customer community?

What plans does the company have for any additional future growth and evolution of the customer community?

Conclusion

Important: Password Change Required for returning members to access the New Community Site

Below is an abbreviated transcript of our webinar.

Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

RELATED: Requirements Traceability Benchmark

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY: Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery

Understanding IATF 16949: A Quick Guide to Automotive Quality Management

Key Elements of IATF 16949:

Benefits of Implementing IATF 16949:

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

Who is required to comply with IATF 16949?

What is a Quality Management System?

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

How can Jama Connect® help?

Unlocking Success: The Transformative Benefits of Variant Management Through Product Line Engineering

Below is an abbreviated transcript of our webinar.

RELATED: Jama Connect® vs. IBM® DOORS®: Reuse and Variant Management

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY: Unlocking Success: The Transformative Benefits of Variant Management through Product Line Engineering

Key Systems Engineering Skills: Critical Thinking and Problem Framing

Below is an abbreviated transcript of our webinar.

RELATED: A Path to Model-Based Systems Engineering (MBSE) with Jama Connect®

RELATED: Traceable Agile™ – Speed AND Quality Are Possible for Software Factories in Safety-critical Industries

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY: Key Systems Engineering Skills: Critical Thinking and Problem Framing

A tool such as Jama Connect^® can help you successfully manage exceptions, such as in these four examples.

TO LEARN MORE, DOWNLOAD THE COMPLETE WHITEPAPER HERE:
“Manage by Exception: Data-Driven Practices to Improve Product, Systems, and Software Quality”

Learn how you can supercharge your systems development process! In this blog series, we’re pulling back the curtains to give you a look at a few of the powerful features in Jama Connect^®… in about five minutes.

RELATED: The Benefits of Jama Connect^®: Supercharge Your Systems Development and Engineering Process

To view more Jama Connect Features in Five topics, visit:
Jama Connect Features in Five Video Series

RELATED: Jama Connect^® for Medical Device & Life Sciences Development Datasheet

Ready, Set, Launch: Welcoming the New Jama Software^® User Community

RELATED: Jama Software^® Discovery Center

RELATED: Carnegie Mellon University Software Engineering Program Teaches Modern Software Engineering Using Jama Connect^®

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Traceable Agile™ – How to Achieve Speed and Quality with Software Delivery

How can Jama Connect^® help?

RELATED: Jama Connect^® vs. IBM^® DOORS^®: Reuse and Variant Management

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Unlocking Success: The Transformative Benefits of Variant Management through Product Line Engineering

RELATED: A Path to Model-Based Systems Engineering (MBSE) with Jama Connect^®

CLICK HERE TO WATCH THIS WEBINAR IN ITS ENTIRETY:
Key Systems Engineering Skills: Critical Thinking and Problem Framing