As enterprises adopt PLM to digitally transform product development, proper governance is crucial for managing these intricate systems responsibly and efficiently.
PLM connects complex product data flows across global teams and partners. Without governance, misuse risks quality, compliance and competitiveness.
Without governance, some of the risks include:
Non-compliant products if unauthorized changes bypass review. For instance, an engineering change skipping change control leading to quality issues.
Wrong materials ordered if BOM data is inaccurate. For example, a materials master data error leading procurement to order incorrect parts.
Production downtime if engineering changes lack approvals. Such as an unauthorized BOM modification halting the production line.
Legal issues if restricted data leaks across borders. For instance, military customer data in PLM being accessed from an unauthorized country.
Introducing LifecycleOps
LifecycleOps is a framework that provides end-to-end lifecycle governance for PLM capabilities.
The foundation of this framework is to clearly define the PLM initiative scope, long-term goals, and short-term objectives. With PLM vendors offering expanding capabilities that overlap with other enterprise domains, determine which systems will be the source of truth and system of record for each type of data. Generic boundaries help, like transactional data like inventory belongs to ERP systems, sales data belongs to CRM systems. Review any new use cases upfront to ensure they are within the scope and align to the objectives of the PLM capabilities before implementation. For example, verify intended 3d packaging design use cases align with the goal of reducing time-to-market for new product introductions before developing them within the PLM system.
The second foundational layer requires the formation of a steering committee or council, the adoption of DevOps tools, and the establishment of an audit trail:
- A council or a committee that consists of cross-functional stakeholders can ensure that the scope and objectives of the PLM initiative match the organizational intent over time and can adjust them as needed.
- DevOps tools can help manage PLM changes and integrations with other systems and data sources. For instance, PLM customizations can be subjected to version control and automated testing.
- Metadata from the process, such as document versions & revisions, and the system, such as access logs, can be recorded by an audit trail. This metadata can contain timestamps, users, and actions, and can be useful for tracking and auditing the PLM activities and data for continuous monitoring.
Four pillars of Effective governance:
- Policies and controls: The first pillar of effective governance is to set up policies and controls for both the process and the system level.
At the process level, establish policies for controlled PLM processes, such as defining change approval tiers that specify the level of authority and review required for different engineering and manufacturing change requests (ECR/MCR).
At the system level, set policies and controls for development, testing, deployment and monitoring of PLM capabilities. For example, put in place change control policies that mandate approvals for modifications based on the significance of the change. - Clear ownership with RACI: The second pillar of effective governance is to establish clear ownership, which can be defined in RACI matrices.
At the process level, RACI matrices should assign the roles and responsibilities of different stakeholders for each use case. For example, a RACI matrix should specify that the Quality department is responsible for reviewing and approving quality test reports, the steering committee is accountable, the buyer desk is consulted and the supply chain is informed.
At the system level, RACI matrices should assign the system administration responsibilities to IT teams for different aspects of PLM, such as development, architecture, test, and rollout across environments. - Transparency through metrics: While clear accountability through responsibility matrices provides oversight, transparency can be enabled through metrics.
At the process level, metrics should measure and monitor the performance and efficiency of the PLM processes, such as the cycle times of engineering change orders (ECO).
At the system level, metrics should measure and monitor the availability, reliability and security of the PLM system, such as the uptime, performance timings and security compliance. These metrics should also be linked to clear accountability through RACI matrices and oversight mechanisms. - Regulatory and ethical compliance: Regulatory and ethical compliance must be ensured as product data evolves.
At the product data level, compliance should be ensured as the data evolves and changes within the PLM system. For example, implement ongoing ITAR compliance checks. Compliance is needed with regulations, quality standards and ethics. For instance, regularly validate PLM-generated bills of materials against ISO quality standards. Where possible, automate compliance checks to reduce errors and risks, like scheduled validations of BOM accuracy.
At the system level, monitor and update for ongoing compliance as data and processes change. For example, re-run integration tests between PLM and ERP systems after any modifications to ensure continuous compliance
Continuous monitoring vital for PLM Governance
Continuous monitoring through validation, alerts, audits, and compliance checks is vital for effective governance of a PLM initiative over time.
PLM data models depend on inputs like changing product data across systems, configurations and users, requiring ongoing checks. This requires constantly validating that PLM capabilities meet the defined scope and objectives as product data evolves over time. Continuous monitoring involves utilizing tools to identify issues and enable updates by process or software architects. For example, real-time monitoring can alert the stakeholders when the engineering change review times increase, which can indicate a bottleneck or a delay in the PLM process.
Checking the software integrations against the security policies is also a key, to ensure that the PLM system and its data are secure and protected. This means that the integrations between the PLM system and other systems or data sources should be tested and verified after any changes or updates, such as re-testing integrations after PLM API or security updates.
RACI matrices help define accountability, however the roles and responsibilities of the different stakeholders should be continuously reassessed, reassigned and recommunicated. For example, with Procurement accountable to manage supplier data checks, continuous monitoring may bring the need to subject supplier parts data for export control and introduce new RACI involving export compliance team to validate supplier BOM data compliance with regulations.
Balancing Governance and Innovation
Enterprises must encourage innovation while governing PLM properly by reviewing and updating their policies to match the emerging PLM capabilities. For example, change control policies may need updating to accommodate the AI-based change prediction capabilities that can enhance the PLM processes.
Developing integrated systems can improve efficiency but must be done ethically, like combining PLM and CRM data to get a holistic view of the product lifecycle and the customer needs, while restricting the access to the personal data to protect the privacy and confidentiality of the customers.
Providing training on responsibilities and ethical data use is also key. For example, educating engineers on change control policies and appropriate data use to ensure that they follow the best practices and comply with the regulations and standards.