Map user needs through requirements to testing ensuring complete coverage and regulatory compliance.
User Need ID | System Requirements ID | Subsystem Requirements ID | Design Output | Verification | Validation |
---|---|---|---|---|---|
UN-001 | SR-001, SR-002 | SSR-001, SSR-002, SSR-003 | User Interface Design Document | System Test Report Section 3.1 | Usability Evaluation Report Section 4.2 |
UN-002 | SR-003, SR-004 | SSR-004, SSR-005 | Data Management Architecture | System Test Report Section 3.2 | Clinical Validation Study Report |
UN-003 | SR-005 | SSR-006, SSR-007 | Notification System Design | System Test Report Section 3.3 | Usability Evaluation Report Section 4.3 |
UN-004 | SR-006, SR-007 | SSR-008, SSR-009 | Security Architecture Document | Cybersecurity Test Report | Penetration Test Report |
Risk ID | Hazard | Hazardous Situation | Harm | Risk Acceptability | Risk Control ID | Risk Control Requirements ID | Description | Verification |
---|---|---|---|---|---|---|---|---|
R-001 | Incorrect glucose data entry | User enters wrong glucose value | Inappropriate medication dosing | Unacceptable | RC-001 | SSR-010 | Input validation with range checking | System Test Report Section 5.1 |
R-002 | Data breach | Unauthorized access to health data | Privacy violation and identity theft | Unacceptable | RC-002 | SSR-011 | End-to-end encryption implementation | Cybersecurity Test Report Section 2.1 |
R-003 | Missed medication reminder | Notification system failure | Delayed or missed medication | Unacceptable | RC-003 | SSR-012 | Redundant notification mechanisms | System Test Report Section 5.3 |
R-004 | App crashes during data entry | Software anomaly during critical operation | Loss of glucose data | Acceptable | - | - | Acceptable risk with data recovery features | System Test Report Section 6.1 |
What should I do if I find gaps in my traceability matrix?
How detailed should my traceability matrix be?
Can one user need map to multiple requirements?
How do I handle requirements that don't directly trace to user needs?
What's the difference between verification and validation in the traceability matrix?
How often should I update my traceability matrix?