This GigaOm Research Reprint Expires: Dec 7, 2022

GigaOm Radar for Regulated Software Lifecycle Management (RSLM)v2.0

1. Summary

The digital transformation occurring at enterprises everywhere has made software central to advanced engineered products and services. As these applications are applied in safety-critical and mission-critical environments and scenarios, the need to manage both risk and software quality has become paramount. These software applications are subject to regulation by law, compliance with standards bodies, and auditing and legal scrutiny.

Application lifecycle management (ALM) suites (often under the label of agile project management) have been used to manage the development of highly complex software and/or large software projects with multiple teams. Over the years, they have evolved and split to meet the needs of both enterprise IT and of highly regulated markets for software applications—from advanced engineering manufacturing to the pharmaceutical industry, financial services, and beyond. Given how the tooling for enterprise IT ALM and the new ALM targeting highly regulated industries has diverged, they are now two distinct categories and therefore, we are re-labelling the latter as regulated software lifecycle management (RSLM).

If you’re a product manufacturer or service provider considering the purchase of an RSLM solution, we recommend first reading the GigaOm Key Criteria report, which serves as a foundational resource for making decisions about selecting such a solution. In this GigaOm Radar report, we cover the vendors that are the most active in this sector. The GigaOm Radar chart shows a visual positioning of the vendors, and the report provides in-depth analysis of the solutions based on our key criteria and evaluation metrics.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

2. Market Categories and Deployment Types

For a better understanding of the market and vendor positioning (Table 1), we assess how well solutions for RSLM are positioned to serve specific market segments.

  • Small-to-medium enterprise (SME): In this category we assess solutions on their ability to meet the needs of organizations ranging from small businesses to medium-sized companies. We also include departmental use cases in large enterprises, where ease of use and deployment are more important than extensive management functionality and feature set.
  • Large enterprise: For large organizations, offerings are assessed on their ability to support sizable and business-critical projects. Optimal solutions in this category will have a strong focus on flexibility, performance, and features to improve security and support compliance. Scalability is another big differentiator, as is the ability to deploy the same service in different environments.
  • Specialized: Optimal solutions are designed for specific workloads and use cases, such that the solution specializes in certain segments of RSLM and may integrate with third parties for remaining segments.

We recognize four main deployment models for solutions in this report: on-premises, software-as-a-service (SaaS), cloud (two types), and hybrid, as follows.

  • On-premises: These solutions are available with no internet connection and require on-premises compute capacity for full functionality. The trend is away from on-premises, but some customers want to run certain applications only in their data center.
  • SaaS: Solutions are available on a subscription basis and hosted by vendors on their cloud. Users access the solution via a browser or client component.
  • Self-hosted cloud: These solutions are available in the cloud. Self-hosting allows customers to run the solution on their private cloud or on the public cloud of their choice, which enables access to a range of cloud services and functions if required. Cloud solutions are ideal for easy scalability.
  • Vendor-hosted cloud: Solutions are available on the vendor’s cloud where they are fully managed and hosted, removing the administrative burden from the customer. This option allows the solution to access a range of cloud services and functions if required and benefits from the cloud’s easy scalability.
  • Hybrid solutions: These solutions can be installed both on-premises and in the cloud, offering the greatest flexibility.

Table 1. Vendor Positioning

Market Segment

Deployment Models

SME Large Enterprise Specialized On-Premises SaaS Self-Hosted Cloud Vender-Hosted Cloud
Jama Software
Micro Focus
Siemens Polarion
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

3. Key Criteria Comparison

Building on the findings from the GigaOm report, “Key Criteria for Evaluating RSLM,” Table 2 summarizes how each vendor included in this research performs in the areas we consider differentiating and critical in this sector. These are the key criteria. The objective is to give the reader a snapshot of the technical capabilities of different solutions and define the perimeter of the market landscape.

Table 2. Key Criteria Comparison

Key Criteria

Process Management Advanced Variants Management Risk QA and Test Management Software Security Management Compliance Reporting, Dependencies Advanced Integrations
IBM 2 3 2 3 3 3
Inflectra 2 2 3 2 3 3
Intland 2 3 3 2 3 2
Jama Software 2 3 2 2 2 2
Kovair 2 2 2 2 3 3
Micro Focus 3 2 3 2 3 3
Orcanos 2 1 3 2 3 2
Perforce 2 2 2 2 2 2
Siemens Polarion 2 3 2 2 3 3
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

The evaluation metrics cover six factors by which we can judge each key criterion: the extent of technical innovation; the support for compliance; how easy it is to scale the solution and its degree of flexibility and usability; how well the solution is connected to the tool ecosystem; licensing and technical support; and how well the feature benefits the return on investment and its impact on the total cost of ownership. Table 3 compares the vendors in terms of these evaluation metrics.

Table 3. Evaluation Metrics Comparison

Evaluation Metrics

Technical Innovation Compliance Support Scalability, Flexibility, and Usability Solution Ecosystem Licensing and Support Overall ROI/TCO
IBM 3 3 2 3 2 2
Inflectra 2 3 2 2 2 3
Intland 2 3 2 2 2 3
Jama Software 2 2 2 2 2 2
Kovair 2 2 3 3 2 2
Micro Focus 3 2 3 2 2 2
Orcanos 3 3 2 2 2 2
Perforce 2 2 2 2 2 2
Siemens Polarion 2 3 2 3 2 2
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

By combining the information provided in the tables above, the reader can develop a good understanding of the technical solutions available in the market. The companion key criteria report shows the impact of the evaluation metrics on individual key criteria.

4. GigaOm Radar

This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic in Figure 1. The resulting chart is a forward-looking perspective on all the vendors in this report based on their products’ technical capabilities and feature sets.

Figure 1. GigaOm Radar for RSLM

The GigaOm Radar plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—Maturity versus Innovation, and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.

As you can see in the Radar chart in Figure 1, we have ranked IBM as a leading solution, with four other vendors—Inflectra, Intland Software, Micro Focus, and Siemens Polarion—closing in. In fact, we expect to see Micro Focus narrow the gap as it continues to invest in its solution. Following the leaders, we have challenger Kovair, which also seems likely to narrow the gap. Among the three new entrants—Jama Software, Orcanos, and Perforce—Orcanos is an outperformer and in time we expect to see it in the challenger group.

Inside the GigaOm Radar

The GigaOm Radar weighs each vendor’s execution, roadmap, and ability to innovate to plot solutions along two axes, each set as opposing pairs. On the Y axis, Maturity recognizes solution stability, strength of ecosystem, and a conservative stance, while Innovation highlights technical innovation and a more aggressive approach. On the X axis, Feature Play connotes a narrow focus on niche or cutting-edge functionality, while Platform Play displays a broader platform focus and commitment to a comprehensive feature set.

The closer to center a solution sits, the better its execution and value, with top performers occupying the inner Leaders circle. The centermost circle is almost always empty, reserved for highly mature and consolidated markets that lack space for further innovation.

The GigaOm Radar offers a forward-looking assessment, plotting the current and projected position of each solution over a 12- to 18-month window. Arrows indicate travel based on strategy and pace of innovation, with vendors designated as Forward Movers, Fast Movers, or Outperformers based on their rate of progression.

Note that the Radar excludes vendor market share as a metric. The focus is on forward-looking analysis that emphasizes the value of innovation and differentiation over incumbent market position.

5. Vendor Insights

IBM, Engineering Lifecycle Management

IBM has decades of experience providing software development management tools for regulated industries. It targets three major sectors: aerospace and defense, automotive, and mechatronics (mechanical and electronics). The supply chain in these industries is deep and complex, and IBM has sought to integrate with the diverse tooling to be found across these environments, as well as in the public (government) and financial sectors.

IBM’s Engineering Lifecycle Management (ELM) suite is designed for software and systems engineers working with software, hardware, mechanical, and electronic components. Engineering organizations evolved custom processes and methodologies that combine practices from multiple approaches, including V-model engineering, lean, agile, and DevOps. The management of these custom hybrid processes requires a flexible solution, which IBM describes as “multimodal DevOps,” and its Engineering Lifecycle Optimization (ELO) extends the capabilities of ELM to deliver it.

ELM offers features not found in traditional ALM, in particular:

  • ELO Engineering Insights mines development data for insights into product development, offering advanced decision support by searching and viewing data across tool sets and visualizing impacts of changes.
  • IBM Engineering Requirements Quality Assistant (RQA) uses artificial intelligence (AI) to gain insight into product requirements, leveraging IBM Watson’s natural language processing (NLP) to improve the identification of ambiguous, duplicate, and incorrect requirements.

ELM spans systems design, test, and workflow management, with development analytics, report publishing, and agile and lean processes customized by IBM Method Composer, including SAFe, out of the box. The solution is available on the IBM cloud and, with OpenShift, on-premises.

IBM also offers global configuration management (GCM) capabilities. GCM assembles configurations within ELM and across IBM tools, pulling together product configuration streams and baselines from contributing tools, such as Engineering Workflow Management, Engineering Test Management, Engineering Systems Design Rhapsody, and Engineering Requirements Management DOORS Next. These configurations all relate to requirements, designs, tests, source code, and other global configurations for a specific component release or product version, and help manage versions and variants across product lines. The value of GCM is directly related to the complexity of the product being developed and the number of product versions and variants that can reuse base development work. GCM can scale across installations supporting tens of thousands of engineers. The ability to scale product lines and reuse previous engineering work saves time and money.

IBM is seeing increased adoption of cloud-native technology (microservices, containers, and Kubernetes) within its customer base, as more businesses continue their digital transformation journeys. Digital transformation is enabling organizations to become more agile without compromising the compliance and robustness of their processes. ELM supports SAFe v5.0, which is popular in the engineering community for the discipline it introduces in working with agile methods.

Strengths: IBM ELM addresses highly regulated environments and large-scale development efforts supporting hundreds to thousands of developers. IBM sustains a presence in many of the largest engineering companies via its DOORS and DOORS Next products, which add RSLM capabilities to advanced requirements management. IBM’s expertise in IBM Engineering RQA includes an AI element to identify ambiguous, duplicate, and incorrect requirements.

Challenges: IBM faces a task in bringing its tools together across its portfolio and presenting them as a cohesive RSLM offering. IBM’s messaging could be improved to highlight the breadth of ELM’s applicability across all regulated industries, such as medical devices; pharmaceutical drug discovery and manufacturing; and financial engineering, for which IBM is playing outside of its core sector of traditional engineering firms.

Inflectra SpiraPlan

Inflectra was founded in 2006 and remains a self-financed private company. Its initial offering involved software test management and software test automation, which over time grew organically into an ALM suite. The company eventually shifted its focus toward the regulated market as the demands and opportunities of that market grew. Today, SpiraPlan is a highly capable RSLM solution.

The company has eleven sales offices and partners across the globe, manned by engagement specialists (who are salaried, not on commission) rather than traditional sales staff, who help customers on-board the product. Many customers are in regulated industries such as healthcare and defense, so they will always demand on-premises solutions, and Inflectra therefore maintains both cloud and on-premises editions. Its cloud data centers are based in North America, Europe, and Asia-Pacific.

Inflectra SpiraPlan, which includes the SpiraTeam and SpiraTest editions, helps manage multiple stakeholders across the integrated agile supply chain, including regulators, suppliers, services, and outsourcers. It can be used by a small team working in isolation, or by multiple teams, departments, or organizational units.

Customers range across all industries, including financial services and insurance, energy, industrial and automotive, defense, government, aerospace, IT, healthcare, and retail. SpiraPlan includes regulatory report templates for just a few major industries, but users can customize these for other industries and for specific regulations.

SpiraPlan can be adapted to meet users’ needs. For example, it can be used purely for reporting purposes, or to manage open risks, resources, or schedules across all products and projects, or to create a system or systems in which requirements are shared.

For financial services and insurance, Inflectra offers a secure cloud platform (SOC2-compliant) or on-premises deployment, with integrated enterprise risk management, integration with automated testing and compliance tools, and end-to-end traceability for all work assets and auditability of testing. The risk management module is a complete application for tracking and mitigating risks, conducting impact analysis, and analyzing risk probabilities. This module started as a project risk-management solution but was found useful in clinical life science risk management. It has since evolved and is now fully integrated into the Inflectra system.

Strengths: Data held on the Inflectra cloud stays inside users’ regulatory enclaves. Users can control the update cadence of their validated platform to ease software certification requirements. On-premises users can control their updates, while cloud users can opt in or out of each update and see Inflectra’s validation results for each update. Inflectra’s core competency in test management is evident in the SpiraPlan and SpiraTest products. These can integrate with automated testing and compliance tools and feature end-to-end traceability and auditability of testing that integrates with the risk management module.

Challenges: The quality management system (required in regulated environments) in SpiraPlan needs further development. Inflectra needs to work to secure SpiraPlan and to better assist developers in building secure code (with progress already made in the form of multi-factor authentication, recently added). Inflectra faces an uphill climb in the automotive sector, where it must earn the German Technischer Überwachungsverein (TUV) certification to gain full access to this market.

Intland Software codebeamer and codebeamer X

Intland Software was founded in 1998 and is headquartered in Stuttgart, Germany, with R&D facilities in Germany and Hungary and partners and resellers around the world. We ranked it as tier 2 by RSLM market share, and it received above-average customer peer reviews.

Intland’s codebeamer RSLM solution underpins two versions, classic and X. The classic version is favored by the automotive industry and has some features only exposed in this version. The newer X version has a modern UI and is favored by the medtech and avionics sectors. The company expects to bring the two versions together.

Codebeamer is used in safety-critical product development, and it can also be used for planning, release management, and agile charts because it supports scaled agile methodologies such as LeSS and SAFe, with the full agile stack. Codebeamer has been awarded TUV Nord Trusted Tool status for use in German industries. It can be configured easily without requiring coded extensions, and its automotive, medtech, pharmaceutical and avionics industry templates have predefined workflows and artifacts, making it easy for these industries to gain ALM productivity quickly.

With support for automotive manufacturing and medical devices, the company is also building up its presence in pharmacology and other industries. A recent customer win is the VW Group, where codebeamer will be the standard ALM tool across the company. The deal involves four partners who will provide integrations with other tools within VW. Key features of codebeamer that helped win the deal are support for agility, cloud hosting, a microservices architecture, an open API, and the ability to scale horizontally with high availability—Intland has customers using codebeamer with 20,000 seats. Despite upheavals in the automotive industry and the Covid pandemic, VW is investing heavily in innovation, and RSLM is seen as an important component of its software initiatives.

Codebeamer organizes work by projects, project groups, and working sets (in beta at the time of writing). Work items are logically contained in Trackers and include requirements, test cases, documentation, and more. To manage different versions of a product in the same project, the working set concept allows all Trackers belonging to one project version to be visible in its distinct working set. Codebeamer deployment is via Intland’s cloud on AWS, with each customer having a dedicated server. Customers can host on-premises as well.

Codebeamer has many configuration options, making it highly adaptable to individual customer needs and hence applicable across many highly regulated industries. There are many process templates available within the solution, including Automotive ISO 26262, Avionics DO-178C, SAFe, and an agile-waterfall hybrid. Intland is a fast-growing RSLM vendor but it is still relatively new to the market.

Strengths: The new working set concept helps organize multiple versions of products, with the baselining feature providing snapshots at both creation and release. Projects can be initiated from best-practice process templates that are available for most common industries. Intland offers easy and comprehensive control of each Tracker, with roles configured as required and permissions itemized to cover every activity. This configuration can be set up for any type of work item.

Challenges: Codebeamer X lacks some features being developed for the classic version, such as working sets, though the eventual convergence of the two versions should relieve this issue. Regulatory reporting requires containers to house various elements, such as design history, risk management, and risk-benefit analysis, but users must create these manually themselves by configuring the solution (they are available in the Medical Software Engineering template). ALM-PLM integration is possible only through the API, and there are no native plug-ins to major PLM solutions.

Jama Software’s Jama Connect

Jama Software was founded in 2007 with headquarters in Portland, Oregon. Its customer base of more than 600 is spread across over 30 countries and includes 32% of Global 2000 companies. Jama has been certified by Germany’s TUV SUD for use in safety-critical systems development in German industries. The company’s origins are in requirements management, and it has expanded its capabilities over the years with the Jama Connect RSLM solution.

Jama’s focus is on providing an integrated requirements, risk, and test management solution for mid-to-large enterprises building complex products and mission-critical software in regulated, compliant, and governed markets. Many organizations still use a document-based process for requirements management, or legacy solutions that are no longer suitable for current needs. Both represent opportunities for Jama to modernize customer use of RSLM, especially targeting innovative companies or innovative departments within larger organizations with a modern, flexible solution that also has the rigor demanded in regulated, high-risk environments.

Jama Connect is available in two editions. Jama Connect Product Development is the choice for most use cases while Jama Connect for Medical Device Development is industry-specific. Under separate licenses, Jama also offers customer supply chain integration connectors; validation and functional safety kits; and data exchange for ReqIF. The solution can be deployed on-premises or as SaaS on the Jama cloud.

Jama’s target markets span industries from aerospace and defense to manufacturing and automotive, to the semiconductor and finance sectors. Its core practice is end-to-end traceability and auditability across the software development lifecycle, with an integrated solution for requirements, risk, and test management. Jama Connect works with the RSLM ecosystem through integration hubs OpsHub and Tasktop.

The medical devices industry is a particularly strong market for Jama because it is highly regulated and includes both large players and startups, especially the newer small and nimble companies that have moved to the cloud. The medical devices edition features configurations and starters to help developers fulfill regulatory requirements, such as a procedures and configurations guide for design control activities, and templates for design history files and trace reports. The availability of Jama’s solution both on-premises and in the cloud has been a factor weighing in its favor in this market. Medical customers also like Jama’s out-of-the-box configurations for the medical market as well as its procedure guides and report templates.

Strengths: Jama Connect is a superior requirements management solution for highly regulated industries, which leverages the strength of its origins in this discipline. The excellent risk management tool is process-driven, with features for defining risks; setting and adjusting rankings; mitigating risks; and performing risk-benefit analysis. A technical peer review feature, with a mature workflow process and guidelines for successful peer reviewing, is included.

Challenges: Jama Connect lacks robust support for Agile and lean practices. Integration with the RSLM ecosystem out-of-the box is limited and relies on third-party hubs, which require additional licenses. Test cases automatically generated from requirements would be a nice addition.

Kovair ALM, Value Stream Management Platform, and DevSecOps

Founded in 2000 and headquartered in Silicon Valley, Kovair focuses on software development and offers three main RSLM solutions: Kovair ALM, Value Stream Management Platform (VSMP), and Value Stream Delivery Platform (VSDP). These are available as a single suite with one license. Kovair also offers the Omnibus Integration Platform. Clients include many Fortune 1000 companies.

Kovair ALM is an integrated suite that supports project, requirements, test, and defect management as well as agile and lean (Kanban) processes. The suite enables collaboration and is easily configurable. For regulated markets, it features end-to-end traceability and real-time reporting using data from all phases of the life cycle.

Kovair ALM offers a task-based workflow supported by business rules. It enables notifications, allowing organizations to implement and enforce centralized governance throughout a project or product lifecycle. The solution’s automation can eliminate manual handoffs between teams and developers, reducing costs and enhancing product quality by ensuring compliance with regulated industry standards.

Kovair Omnibus is an integration platform for connecting Kovair tools to the development tool ecosystem. The platform acts as a hub, based on an enterprise service bus, allowing organizations to connect multiple tools without rip-and-replace. It currently supports more than one hundred third-party tool integrations.

Kovair’s products all support low-code/no-code, drag-and-drop techniques, which help to reduce the time to build systems. The latest release adds a pipeline-as-code feature, which extends scripting capabilities for workflows. VSMP can be used to capture revenue opportunities by tracking sales, cost savings, and KPIs. Kovair ALM is a comprehensive tool suite that covers project and portfolio management, ALM components, and Omnibus integration with third-party tools. Kovair Quicksync is a policy-driven data migration tool for moving data between tools.

Finally, Kovair has an ALM-PLM center of excellence integration platform, which connects Kovair ALM with PLM solutions. Supported PLM vendors include Aras, PTC, and Siemens, and Dassault is on the roadmap. The platform enables collaboration, exchange of product development data across multiple enterprise tools, and digital design reviews with participating stakeholders across multiple tools. It also manages changes, revisions, releases, and bills of materials across the digital thread, and enables dynamic end-to-end traceability across various product development artifacts, which aids regulatory compliance.

Strengths: Kovair ALM’s task-based workflow helps govern the development process throughout the software design lifecycle. The workflow supports conditional branching for parallel activities and end-to-end traceability is supported with proactive and reactive impact change analysis. Relationships between artifacts can be defined by users, with attributes specific to the relationship. Kovair’s Omnibus integration platform is comprehensive, with more than 110 supported integrations and bidirectional capabilities covering a broad range of development tools and IT applications.

Challenges: Agile process frameworks such as SAFe and LeSS are not available out of the box, though they can be configured manually using the low-code/no-code interface. The quality assurance and management features could be enhanced to support development in highly regulated industries. Kovair requirements management could be improved to support the multitude of variants and parameters that are linked with requirements in large-scale manufacturing engineering.

Micro Focus RSLM stack

Micro Focus built its ALM portfolio over the years by acquiring ALM players like Borland, Serena, and HPE Software, then turning this wide-ranging portfolio of solutions into a cohesive RSLM solution. All Micro Focus ALM products have a new and consistent UI based on EverythingUX, a Micro Focus open-design initiative. OEMs who wish to embed Micro Focus technology into their products can also use EverythingUX.

At the core of Micro Focus’ RSLM solution are tools: Dimensions RM (requirements management), Dimensions CM (change and configuration management), and ALM Octane. Deployment, continuous delivery, environment provisioning, and monitoring are all shipped now as part of Dimensions CM.

Dimensions CM embraces the concept of “design parts,” which allows you to store related items in distinct buckets in a logical tree structure. These design parts are visible in other aspects of the RSLM system. Work can be allocated based on the structure or on change requests linked to the parts. Design parts can be reused as well in other products. Part variants can be created and baselines taken of parts and variants. The baseline feature is mature, allowing a given baseline to be revised with an updated change request, items to be removed, or baselines to be merged.

There are two new additions to the RSLM stack, organically developed in-house: PulseUno and Product Value Stream Management (VSM). PulseUno is available as a standalone product or with Dimensions CM. It offers version control through Dimensions or Git, with peer review and continuous integration built-in, along with vulnerability scanning, artifact vaults, codebase explorer, and team activity visualization. It also allows chain tooling to be configured. When a tool chain process runs, all the relevant feedback from individual tools is consolidated and visible in the PulseUno console. The new VSM piece is due for release in Q1 2022 and feeds on ALM Octane, PulseUno, and the deployment automation solution to track value and flow. ALM Octane supports agile and hybrid work processes.

Micro Focus, which is SAFe certified, continues to consolidate its ALM tools and is making impressive gains in the RSLM market. We rank it as tier 1 by market share, but it suffers from a below-average customer peer rating. This rating may be due to old review scores not being refreshed, as we see the company making significant progress with each new edition of its solution, with new functionality and better integration.

Strengths: The new functionality of PulseUno and Product VSM enhances the RSLM offering with the latest tooling for collaboration and value enhancement. PulseUno’s Kanban board lets developers visualize their daily work. Test management and tooling in Micro Focus RSLM are excellent, with a wealth of capabilities in Micro Focus Quality Center and LoadRunner. The range of out-of-the-box integrations is impressive, and can be managed through PulseUno. Micro Focus RSLM has out-of-the-box integration with two of the three largest players in PLM: Dassault and Siemens. Customers can add their own custom plug-ins easily and see them in PulseUno.

Challenges: Micro Focus is perceived as a purveyor of legacy tools for ALM, but this does not reflect the company’s progress and innovation. Micro Focus needs to bring its image in line with its accomplishments. The risk management functionality is spread across multiple tools and could be better served through a single interface.

Orcanos Compliance

Orcanos was formed in 2004 with a focus on ALM for SMEs. As the ALM market transformed, the growth opportunity was available in RSLM and the company refocused to regulated markets in 2015. Orcanos is a small and growing company that today targets the life science (medical devices and pharmaceuticals) and automotive industries. However, it also has customers in other sectors, including high-tech, electronics, and aerospace.

Orcanos’ comprehensive set of tools spans the RSLM design, control, and quality management system (QMS), all within one integrated solution. This allows software developers and product quality, test, and risk professionals to work within a single platform. Orcanos has ready compliance with a number of regulatory requirements, such as FDA CFR Part 11 for electronic records and signatures. It offers integrated risk management and end-to-end traceability.

The main dashboard provides 90% of the information required by all stakeholders. This flexible tool gives users the freedom to create custom dashboards with widgets, providing project or product development data for end users and stakeholders at all levels. A Compliance Engine enables the solution to generate an executive summary showing product development status for regulators and auditors.

Orcanos supports all types of requirements with advanced tracing capabilities. Administrators can customize traceability rules, workflow fields, and automation, as well as manage priorities and backlog. Tracing can occur at multiple levels of requirements, linking to test coverage and risk mitigation. Users can execute tests (by integrating with test automation tools using the API), report defects, and save the results. Orcanos will generate a full traceability matrix.

Because of traceability, the solution automatically knows the risk involved in using a requirement, and the risk management module provides full support for Failure Mode Effects Analysis (FMEA) that satisfies standards such as ISO 14971. Customers can manage Process FMEA (PFMEA), Use FMEA (UFMEA), and mitigations, and generate risk management reports to Microsoft Word and Excel.

Baselining is one of the platform’s strengths. A product in development may be in version 2.0, its software in version 5.6, its hardware in 1.0, and its mechanical content in version 2.5. This product tree is dealt with as a source control system, so baselining a point in time archives the whole environment: code, settings, documents, and so forth. Any baseline can be accessed for continuing work. Snapshots of baselines preserve a development point in time.

The company recently added features for managing the build of materials in manufacturing, which small and medium-sized business customers can use without the need for a full-scale product lifecycle management solution. Users work on one platform with licensing providing access to design control (RSLM), QMS, or both, at an attractive price per seat per month. Deployment is via the Orcanos hosted cloud, though large enterprise customers have the option of deploying on-premises.

Strengths: Orcanos’ strong traceability feature can link bugs to risks and automatically generate a risk report. Components reuse is another strength, making it easy to create a new product out of existing components. An object’s traceability in reuse can be confined to the current product or extended through the object’s entire history. Orcanos continues to advance, adding basic PLM features suitable for SMEs after having transitioned from enterprise ALM to a compliance-as-a-service platform.

Challenges: The variants and configurations of requirements must be created manually as fresh objects from existing requirements, using the customizable features of all work items. Test cases are not automated; instead they are created manually from requirements, though the reporting can be filtered to reveal any work items that are not linked to traceability. There is no integration out of the box with code-scanning tools, but everything in Orcanos is API-based and a plug-in can be created for any tool.

Perforce Helix ALM

Perforce is well known for its software configuration management (SCM) solution. Through a series of recent acquisitions and enhancements, it has expanded into enterprise IT ALM, and its Helix ALM product also addresses the RSLM space. With an emphasis on the end-to-end traceability available in the Helix integrated solution, the company is targeting industries such as medical devices, energy, manufacturing and robotics, utilities, embedded systems, and software development in general.

Helix is based on three core modules: HelixRM for requirements management, HelixTCM for test case management, and HelixIM for issue management. The three modules are fully integrated and offer features such as automated traceability (forward and backward, as well as impact analysis), a traceability matrix, automated workflow, risk management, and dozens of out-of-the-box metrics, reports and dashboards.

The test management solution is particularly strong. Helix TCM can create, organize, reuse, execute, measure, and report on manual and automated product testing. It can manage testing of complex products with thousands of test cases, execute them, and manage the results. The product will group related tests into suites to retain order, reuse tests, and write, execute, and track the results of test cases without the need to switch among different applications. It will also manage change and analyze its impact. Exploratory test sessions can be recorded and used to create new test cases, complete with detailed steps and screen captures.

Support for automated test suites and continuous integration using Jenkins allow users to structure testing efforts, execute and view and analyze large testing sets.

Helix TCM integrates out of the box with Atlassian JIRA and Slack, and includes a REST API for custom integration with other ecosystems. Perforce handles software configuration management naturally (a separate license is required), or you can choose from open source options such as Git or Perforce on Git.

Helix ALM provides a wide range of deployment options from on-prem, cloud (hosted VMs by Perforce) to any hybrid option (by installing on the user’s cloud or local machines), using either a browser or desktop client.

Strengths: Perforce offers a strong set of functionalities via features such as SCM, agile project and product management, and requirements management. There is excellent support for agile frameworks, such as lean, Scrum, and SAFe, as well as traditional V-model processes. The enterprise grade features of Perforce, especially those around security, make it an excellent choice in highly regulated industries.

Challenges: Integration with systems engineering tools such as those for modeling and simulation is poor. DevOps release management is left for third-party tools and could be bridged better with some in-tool capabilities. Perforce’s risk management tooling is not easily visible and, given the importance of risk management in regulated industries, could be better defined.

Siemens Polarion

Polarion was founded in 2005 as an ALM company with a strong base in German engineering industries. It was acquired by Siemens in 2016, and continues its strong emphasis on helping to manage complex software development in highly regulated industries. Polarion benefited from being used internally at Siemens and from expansion into the Siemens customer base, and it continues to expand its reach across all sectors. Polarion has been particularly useful for companies developing embedded software in discrete and process industries that must comply with regulatory requirements, and for independent software vendors in regulated industries such as finance, banking, and insurance.

Siemens Teamcenter is a leader in the PLM space, so there was a natural opportunity to offer customers of both solutions a strong integration between the two, which Polarion embraced.

The solution is suitable for companies undertaking enterprise agile transformation or pursuing a global roll-out of conventional agile methodologies in regulated industries. Polarion is an official Scaled Agile partner and has out-of-the-box support for the latest SAFe 5.0 standard. It also features Kanban planning.

Polarion natively supports large-scale requirements management and traceability, and variant management is offered as a Siemens add-on. Polarion supports parameters for validation automation, as well as automated configurable workflows that allow an organization’s processes to be modeled within it. This ensures process adherence, and facilitates collaboration and sign-off on work items and documents from state to state, based on definable rules, with full audit trails, electronic signatures, and security.

Polarion is available in two versions: Polarion On-premise and Polarion X, a SaaS cloud solution. The X version is always up to date and offers developer seats per user per month ranging from $35 to $125. The on-premises version allows organizations to integrate the tool with their in-house systems and control the cadence of change for purposes such as regulatory certification. The solution is highly modular and allows users to select spot solutions. However, we recommend taking the complete ALM suite to benefit from end-to-end traceability and auditability, and to manage workflow and improve collaboration with a unified tool.

Strengths: Polarion Variants, an add-on to the requirements management module, allows large-scale management of variations, parameters, and product configurations. ALM-PLM integration is a key strength for Siemens Teamcenter customers and makes Polarion a natural choice for the tight bidirectional features enabled across ALM and PLM activities. Its integration capabilities are useful, with an open API for building apps (for example, using Siemens’ low-code/no-code tool, Mendix) and extensions.

Challenges: Polarion supports some risk management capabilities, such as FMEA, ISO 26262, DO178C, and so forth. While Siemens does support major regulatory compliance standards, additional licenses may be required for third-party Polarion extension risk packs, to cover, for example, risk-benefit analysis and compliance management. The RSLM sector is seeing tools from the traditional IT ALM space make inroads in engineering, such as support for DevOps and value stream management (VSM). Polarion will support VSM as part of a SAFe v5 extension, and with respect to DevOps, Polarion’s chosen strategy is to integrate with leading third-party tools.

6. Analyst’s Take

Highly regulated markets, such as those for medical devices, aerospace engineering, and automobile manufacturing, require a dedicated end-to-end suite to manage software design, development, and delivery. It is possible to work with spot solutions, whether from the enterprise IT side or with dedicated engineering-focused tools, but this leaves plenty of work for the user to meet regulatory standards and satisfy auditors. RSLM solutions offer end-to-end integrated tooling, and thus remove much of that burden by helping to reduce the risk in building complex software, as well as by producing timely compliance reports at the push of a button.

Digital transformation and improvements in development approaches, such as agile and continuous delivery, are leading to faster product cycles. At the same time, both regulations and security challenges are increasing, and reliance on a global supply for hardware and software only increases product complexity. RSLM is not just about handling in-house software development, but also about managing all the components for creating a product across the entire supply chain, including hardware, software, electronic, and mechanical elements.

The vendors covered in this report are the market leaders in RSLM. They all have their strengths and challenges, but rank head and shoulders above spot solutions that have been patched together or, even worse, use office-based tools to manage the software development lifecycle. We recommend shortlisting your RSLM provider from the vendors in the GigaOm Radar.

7. About Michael Azoff

Michael Azoff

Michael Azoff is a Consulting Analyst at Gigaom, covering all aspects of artificial intelligence: research, software, and hardware, as well as many disciplines in software development, from agile and DevOps, to cloud native computing, software lifecycle management, and more. He was previously Chief Analyst at Kisaco Research, where he introduced the first industry analyst comparison charts on AI chips, and before that Distinguished Analyst at Informa/Ovum.

After completing his PhD in the field of solid state electronics at University of Sheffield, Michael worked at Rutherford Appleton Laboratory and published academic papers. He went into R&D in industry, building neural networks when backpropagation was invented, had a startup for his Prognostica Microsoft Excel add-in for time series forecasting, and published a book on the topic for Wiley in 1994.

8. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

9. Copyright

© Knowingly, Inc. 2021 "GigaOm Radar for Regulated Software Lifecycle Management (RSLM)" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact