IEC 62304 & Requirements Traceability Matrix (RTM) in Jira: A Guide for Medical Device Companies

IEC 62304 defines the software development lifecycle (SDLC) processes for medical device software. With traceability as a main component of this standard, the challenge companies often face is how to use preferred development tools like Jira for SDLC management that are not built to provide the level of traceability required by 62304 and the FDA. This guide will focus on how companies can meet IEC 62304 and generate a compliant Requirements Traceability Matrix (RTM) while using Jira.

Old RTM Management & IEC 62304 Traceability

Most companies using Jira (or similar project management tools) approach building their RTM by manually copying and pasting information into spreadsheets, an error-prone method that often leads to version control issues. Unfortunately, the growing complexity of software exacerbates the flaws in older RTM management methods like these. 

Is Jira natively compliant with IEC 62304?  

No. Jira doesn’t offer a native mechanism for generating the type of evidence required by the FDA, especially when it comes to generating the RTM. Jira’s compliance with specific standards depends on how it is configured, used, and integrated within your organization's processes. This means that the complexity and costs of maintaining 62304 compliance are squarely on the manufacturer. Typical modifications include customization of workflows and fields, process definitions, user training, documentation, audit, validation, and verification are just a few requirements teams must address. 

As a special note on validation, we strongly recommend against validating your own development tools, which are expensive, time-consuming, and provide no competitive edge.  Former Amgen Quality Assurance Specialist Jake Stowe details the challenges in validating your own development tools here.

Compliance with standards like IEC 62304 involves both tool usage and the establishment of appropriate processes and practices within your organization. While Jira can be a valuable tool in this process, it is not a one-size-fits-all solution. But if it’s so difficult to configure Jira for 62304, why is it a good idea to use it for 62304 and traceability compliance? 

Benefits of 62304 Traceability in Jira

Jira has become the industry standard in software project management, being used in over 125,000 companies worldwide. Therefore, the #1 benefit is that developers and product managers alike know the platform well and require almost no training. Furthermore, given the breadth of the platform, the number of integrations and add-ons is vast. This all adds up to faster product development.

A 62304-compliant RTM for product management is a primary concern for many medical device companies. When reading through the level of detail RTMs must contain, manufacturers building complex software systems in Jira are faced with the reality of recording a seemingly endless amount of data that grows as more software releases and updates occur. While Jira is not inherently compliant with 62304, the platform’s capabilities can offer a competitive edge to companies willing to configure it properly: 

1.  Traceability: If augmented, Jira can provide a clear, structured, and compliant way to link requirements, design specifications, test cases, and other crucial artifacts, ensuring compliance in product design while simplifying audits and inspections. Additionally, integration with various plugins and add-ons will automate traceability tasks, reducing manual effort, minimizing the risk of errors, and accelerating the compliance and development processes. 

2. Streamlined Collaboration: IEC 62304 compliance involves many teams, including software developers, quality assurance, and regulatory affairs professionals. Jira allows for real-time communication, task assignment, and progress tracking.

These capabilities are useful for medical device teams handling complex software. However, these benefits do not matter unless your team’s processes are compliant with 62304, and your team is actively (and consistently) transferring data into an RTM. And the truth is, most teams fail to do this reliably. 

Requirements Traceability Matrix (RTM) Reports in Jira

A good Requirements Traceability Matrix (RTM) report serves as a powerful tool for tracking and ensuring that every requirement in a project is appropriately fulfilled and tested. Its components include:  

1. Requirement Identifier & Description: Each requirement is uniquely identified, often with a code or number.‍

2. Source: The source of the requirement, which may include the origin of the requirement, such as a specific customer request, regulatory standard, or internal design specification.

3. Type of Requirement: Categorization of the requirement, which could include functional requirements (what the system should do) and non-functional requirements (qualities and constraints the system must meet, such as performance, security, and usability).

4. Status: The current status of the requirement, which may include labels like "Open," "In Progress," "Resolved," or "Closed." This status allows the team to track the progress of each requirement.

5. Owner/Responsible Party: The person or team responsible for fulfilling the requirement. 

6. Change History: A log of changes made to the requirement over time, including revision dates, reasons for changes, and individuals responsible for modifications. 

7. Comments/Notes: Space for comments, clarifications, and additional information related to the requirement. 

8. Verification and Validation Results: Once a requirement is fulfilled, this section documents the results of the verification and validation activities, which serves as evidence that the requirement has been met.

9. Traceability Links: Cross-references that show how each requirement relates to other project artifacts, such as use cases, user stories, design elements, and test cases. Any relationships between requirements, which could include prerequisites that must be met before a requirement can be fulfilled or tested.

So how do you get all of this information from Jira into an RTM? 

Teams run into this issue time and again. They purchase compliance tools that record data and updates but still require manual movement of data from Jira into another unconnected platform. When details are missed, it can harm patient health, product availability and company reputations.

In the past, purchasing multiple tools—one for documentation, one for traceability, one for development, etc.—cost teams time and money without properly addressing the real issue of manual labor. Development, quality, and regulatory teams spend countless hours performing tedious and error-prone work shuffling data back and forth.

Teams need platforms like Jira to remain agile and address software updates, but many of those benefits are negated by the huge amounts of manual labor required for documentation. So, how can tools teams use Jira for the daily management of complex software while remaining 62304-compliant and easily maintaining a requirements traceability matrix derived from Jira?

How to Generate 62304-compliant Requirements Traceability Matrix (RTM) Reports from Jira

Ketryx offers a streamlined process for creating Requirements Traceability Matrix (RTM) reports directly from Jira with native integration. Here's how it works:

1. Ketryx configures 11 pre-built issue types in Jira to cater to different aspects of your project.

2. Developers can seamlessly continue their work within Jira, utilizing their preferred environment for software development.

3. Within Jira, Ketryx simplifies the process of linking issue types to one another by generating a traceability tree directly within each Jira ticket.

4. Behind the scenes, Ketryx constructs a fully functional and FDA-compliant traceability matrix. This RTM is easily navigable and empowers both quality and development professionals to swiftly identify and manage issues like traceability gaps.

5. Ketryx automatically documents every action, maintaining a Part 11-compliant audit trail and version history. This information is immutable, attributable, secure, and retrievable.

6. By automating the documentation process, Ketryx significantly reduces the time developers need to spend on documentation tasks. This automation ensures that every issue is meticulously documented and traceable up and down the V-model, enhancing both efficiency and compliance.

7. Finally, Ketryx automatically validates Jira to this intended use and provides those design control documents directly to customers.

Ketryx's integrated solution in Jira not only streamlines the RTM generation process but also enhances the quality and compliance aspects of your software development projects. With Ketryx, Jira's capabilities extend beyond its traditional functions, ensuring that it meets the stringent requirements for regulated software development. 

To learn more about how IEC 62304 compliance can be achieved in Jira, try it free here or book a call with the Ketryx team today.

Further insights and community discussions can be found on the Atlassian Community page.