Sie sind auf Seite 1von 34

Traceability Matrix

Taking the Guesswork Out of


Fulfilling User Requirements
Who Are We?

Mary R. Van Brink Susan Kuebler


QA Technical Writer Technical Writer, Quality Assurance
Solvay Pharmaceuticals, Inc. Solvay Pharmaceuticals, Inc.
mary.vanbrink@solvay.com susan.kuebler@solvay.com

Areas of Experience: Areas of Experience:


§ Pharmaceuticals
§ Pharmaceuticals
§ Information Services
§ Corporate Training
§ Medical Affairs
§ Computer-Based Training (CBT)
§ Corporate Training
§ Interactive Voice Response (IVR)
§ University Lecturer
§ Finance/Accounting
§ Health Care - HMO
§ Banking
§ Manufacturing
§ Telecommunication
§ Application Support
§ Newspaper Reporting
2
Solvay Facts
Solvay has been in business since 1861. Sodium carbonate
(commonly known as soda ash) was the first product sold by the
company. Today, Solvay has divisions for plastics,
pharmaceuticals, chemicals, and processing (e.g., auto fuel
systems). As you can see by the graphic below, we are in many
countries around the world. The home office is in Brussels,
Belgium. The US pharmaceutical home office is in Marietta,
Georgia. To learn more about Solvay, go to www.solvay.com.

3
Solvay Pharmaceuticals, Inc.
Products for the US
n Cardiology
¨ ACEON® - hypertension treatment
n Gastroenterology
¨ Balneol® - pH-balanced perianal lotion
¨ CREON® MINIMICROSPHERES ® - treatment of pancreatic exocrine insufficiency
¨ ROWASA ® Enema - treatment of distal ulcerative colitis, proctosigmoiditis or proctitis.
n Mental Health
¨ KLONOPIN® Wafers - treatment of panic disorder
¨ LITHOBID® - treatment of manic episodes of manic-depressive illness
n Specialized Markets
¨ ANADROL ® - anemia treatment
¨ AndroGel® - testosterone replacement therapy
¨ MARINOL ® - treatment of anorexia in AIDS and chemotherapy patients
n Women’s Health
¨ ESTRATEST ® - management of menopause symptoms
¨ PROMETRIUM® - prevention of endometrial hyperplasia

4
What are the Objectives?
n Explain the role of the Traceability (Trace) Matrix
in the system documentation lifecycle.
n Describe how to incorporate information from the
user and functional requirements into the Trace
Matrix.
n Illustrate how the system design documents
contribute to the matrix.
n Examine the role of testing.
n Demonstrate how the implemented system meets
the user requirements.

5
What is a Traceability Matrix?
A traceability matrix documents…
§ User and functional requirements.
§ Design specifications that address each
user requirement.
§ Testing references (i.e., Operational, and
User Acceptance) and specific objectives or
Standard Operations Procedures (SOPs)
which verify that the user requirements have
been met.
6
Sample - Traceability Matrix
User Requirements Functional Requirements
URID Design Specification Test/Objective
Description Specification

1 The following general security requirements must be met.

1.1 It must be possible to specify and Section 4 – Security Section 9 – Security System Security – OQ Test 02 –
change privileges by user, job type, 4.2 Assigning Privileges Table 5 – User Account Information Objective 1
and role.

1.2 Only an authorized person may modify Section 4 – Security Section 9 – Security System Security – OQ Test 02 –
access rights. 4.8 System Administrator Access 9.1 System Administrators Objective 2

2 The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.

2.1 Only authorized users shall have Section 4 – Security Section 9 – Security System Security – OQ Test 02 –
access to the system. 4.10 Assigning System Users 9.2 System Users Objective 2

2.2 A computer generated, time-stamped Section 6 – Audit Trails Section 11 – Audit Trails Audit Trails – OQ Test 03 –
audit trail must be available to 6.1 Select Audit Trail Option Objective 1
independently record the date and time Audit Trails – UAT Test 02 –
of operator entries and actions which Objective 1
create, modify, or delete electronic
records.

2.3 The audit trail must be available for N/A This function is not currently N/A
reviewing and printing in human- available in the system.
readable format.

2.4 The time recorded in the audit trail Section 6 – Audit Trails Section 11 – Audit Trails Audit Trails – OQ Test 03 –
must accurately reflect the predefined 6.2 Setting System Clock Objective 3
time standard. Audit Trails – UAT Test 02 –
Objective 1

2.5 For individuals who develop, maintain, N/A – Procedure related. N/A – Procedure related. Procedural – SOP QA-100-01 GXP
or use electronic records and Training
signatures systems, documentation
that lists the education, training, and
experience for each user must be
available.

7
Why Create a Matrix?
n Demonstrates that the
implemented system meets
the user requirements.
n Serves as a single source for
tracking purposes.
n Identifies gaps in the design
and testing.
n Prevents delays in the project
timeline, which can be brought
about by having to backtrack
to fill the gaps.

8
What are the Milestones for the
Traceability Matrix?
n Begun after the User Requirements
are approved.
n Updated before the Functional
Requirements Specifications are
approved.
n Updated before the Design
Specifications are approved.
n Updated before the approval of the
Operational Qualification (OQ) and
User Acceptance Testing (UAT)
protocols.
n Approved after the approval of the
Production Rollout Plan.

9
What is the Role of a Traceability
Matrix in the Lifecycle of a Project?

10
What are User Requirements
Specifications (URS)?

n Should be unambiguous,
complete, verifiable,
testable, and consistent with
other user requirements.
n Describe what the n Include any regulatory
users expect the (e.g., ISO 9000+ or FDA)
system to do. requirements.
n Are written to avoid n Can be combined with the
dispute, contradiction, Functional Requirements
and ignorance. Specification (FRS).

11
Sample – User Requirements
Category URID Requirement Description
Security 1 The following general security requirements must be met.
1.1 It must be possible to specify and change privileges by user, job type, and role.
1.2 Only an authorized person may modify access rights.
21 CFR Part 11 2 The following 21 CFR Part 11 requirements must be met to remain compliant with
Compliance the regulations.
2.1 Only authorized users shall have access to the system.
2.2 A computer generated, time-stamped audit trail must be available to independently
record the date and time of operator entries and actions which create, modify, or
delete electronic records.
2.3 The audit trail must be available for reviewing and printing in human-readable form.
2.4 The time recorded in the audit trail must accurately reflect the predefined time
standard.
2.5 For individuals who develop, maintain, or use electronic records and signatures
systems, documentation that lists the education, training, and experience for each
user must be available.
2.6 The electronic signature must be unique to an individual.
2.7 Electronic signatures must not be reused or reassigned to anyone else.
2.8 System passwords must expire every 60 days.

12
What is the User Requirements
Discovery Process?
n Methodology developed by
Information Architecture Group
(IAG)
n Requirements gathering
sessions
¨ Usually takes two days
¨ Involves all key users
¨ Includes a discovery team
comprised of a facilitator and
a documenter

13
What are the Requirements
Discovery Deliverables?
n Business Requirements Definition (BRD)
¨ IAG methodology identifies user activities.
¨ Activities help to define business processes and
develop functional requirements.
¨ IAG template outlines the entire process.
n User Requirements Specifications (URS)
¨ Defines the requirements that are used to build
the system.
¨ Forms the basis for the traceability matrix.
¨ Contributes to successful system design and
development.
14
What is the Integrated Document
Methodology?

15
Why is the Business Requirements
Definition (BRD) Developed?

n Describe activities
n Define functional
requirements
n Identify data elements

16
What Considerations are there
for Describing Activities?
n Each activity is defined according to…
¨ How the activity begins
¨ How the activity is completed
¨ The Business Components within the activity
¨ The steps to achieve each Component
¨ Design Considerations
¨ The Issues/Assumptions/Risks

n IAG Template

17
What is the Result of the
Discovery Process?
We now have our first deliverable: the Business
Requirements Definition (BRD) that is used as the
basis for the user requirements specifications
document.

18
Demonstration: Mapping User
Requirements

19
Demonstration: Mapping User
Requirements

20
Sample – User Requirements
Incorporated into the Matrix
URID User Requirements Description

1 The following general security requirements must be met.

1.1 It must be possible to specify and change privileges by user,


job type, and role.

1.2 Only an authorized person may modify access rights.

2 The following 21 CFR Part 11 requirements must be met to


remain compliant with the regulations.

2.1 Only authorized users shall have access to the system.

2.2 A computer generated, time-stamped audit trail must be


available to independently record the date and time of
operator entries and actions which create, modify, or delete
electronic records.

2.3 The audit trail must be available for reviewing and printing in
human-readable form.

2.4 The time recorded in the audit trail must accurately reflect the
predefined time standard.

2.5 For individuals who develop, maintain, or use electronic


records and signatures systems, documentation that lists the
education, training, and experience for each user must be
available.

21
Sample – Uniquely Numbered
Requirements Incorporated into the Matrix

22
What are Functional Requirements
Specifications (FRS)?
n Serve as the blueprint for
the project.
n Describe the detailed
functions of the system (i.e.,
what the system will do).
n Provide a common source
for reference.
n Can be combined with the
User Requirements
Specification (URS) or
System Design Specification
(SDS).

23
Sample – Functional Requirements
1. General Tab – R&D
This tab is displayed for searches.

Property Field Type Valid Values Search Operators


XYZ Project Number Text Box N/A Begins With, Contains, Does Not Contain,
IT note: Stored in the Ends With, Is, Is Not
object_name field.

Classification Text Box N/A Begins With, Contains, Does Not Contain,
IT Note: stored in the subject Ends With, Is, Is Not
field.
Title Text Box N/A Begins With, Contains, Does Not Contain,
Ends With, Is, Is Not

Product Pick List List of all products plus free text Begins With, Contains, Does Not Contain,
Ends With, Is, Is Not
Authors Combo Box List of all system user plus free texts Begins With, Contains, Does Not Contain,
Ends With, Is, Is Not

Language Drop Down List of all applicable document Is, Is Not


languages.
Legacy Document Number Text Box N/A Begins With, Contains, Does Not Contain,
Ends With, Is, Is Not

Owning Department Drop Down List of all departments. Is, Is Not

24
Sample – Functional Requirements
Incorporated into the Matrix
URID User Requirements Description Functional Requirements Specification

1 The following general security requirements must be met.

1.1 It must be possible to specify and change privileges by user, job type, and role. Section 4 – Security
4.2 Assigning Privileges

1.2 Only an authorized person may modify access rights. Section 4 – Security
4.8 System Administrator Access

2 The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.

2.1 Only authorized users shall have access to the system. Section 4 – Security
4.10 Assigning System Users

2.2 A computer generated, time-stamped audit trail must be available to independently Section 6 – Audit Trails
record the date and time of operator entries and actions which c reate, modify, or 6.1 Select Audit Trail Option
delete electronic records.

2.3 The audit trail must be available for reviewing and printing in human-readable form. N/A

2.4 The time recorded in the audit trail must accurately reflect the predefined time Section 6 – Audit Trails
standard. 6.2 Setting System Clock

2.5 For individuals who develop, maintain, or use electronic records and signatures N/A – Procedure related.
systems, documentation that lists the education, training, and experience for each
user must be available.

25
What are Design Specifications?
n Define the architecture and configuration
of the hardware.
n Identify the logical and physical structure
of the programming that will be
implemented to satisfy the user
requirements.
n Reflect how the system will be delivered
for production use.
n List the required software, current
versions, parameters, and settings.
Inspired Programmer n Include a visual representation of the
system design (e.g., network topology
map, data flow, security).

26
Sample – System Design Specifications
Incorporated into the Matrix
User Requirements
URID Functional Requirements Specification Design Specification
Description

1 The following general security requirements must be met.

1.1 It must be possible to specify and change privileges by Section 4 – Security Section 9 – Security
user, job type, and role. 4.2 Assigning Privileges Table 5 – User Account Information

1.2 Only an authorized person may modify access rights. Section 4 – Security Section 9 – Security
4.8 System Administrator Access 9.1 System Administrators

2 The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.

2.1 Only authorized users shall have access to the system. Section 4 – Security Section 9 – Security
4.10 Assigning System Users 9.2 System Users

2.2 A computer generated, time-stamped audit trail must be Section 6 – Audit Trails Section 11 – Audit Trails
available to independently record the date and time of 6.1 Select Audit Trail Option
operator entries and actions which create, modify, or delete
electronic records.

2.3 The audit trail must be available for reviewing and printing N/A This function is not currently available in the
in human-readable form. system.

2.4 The time recorded in the audit trail must accurately reflect Section 6 – Audit Trails Section 11 – Audit Trails
the predefined time standard. 6.2 Setting System Clock

2.5 For individuals who develop, maintain, or use electronic N/A – Procedure related. N/A – Procedure related.
records and signatures systems, documentation that lists
the education, training, and experience for each user must
be available.

27
What is an Operational
Qualification (OQ)?
n Tests the system from the
technical perspective.
n Ensures that the developed
system meets the technical
requirements, including areas
such as security, account
creation, and screen layouts.
n Can be combined with the User
Acceptance Testing (UAT).

28
Why Perform User Acceptance
Testing (UAT)?
n Users perform formal
acceptance testing of the
system functionality to
ensure that the system
meets their requirements.
n Ultimately, it is the
customers that decide
whether the quality of the
product or service meets
their satisfaction.

29
What is User Acceptance Testing?
n Performed on the totally integrated computerized system while it is
operating in its normal business environment.
n Tests the day-to-day functionality of the system to ensure that the system is
working as intended.
Test 5, Objective 1 – Generating Reports for the XYZ System.

Acceptance Criteria:
• Data must be generated for each report, printed, labeled, and attached to the protocol.
• The record numbers must be sequential and duplications are not acceptable.

Initials/
Step Procedure Expected Results Actual Results Comments
Date

1. a) Print, label, and attach the report. The report is printed, labeled
b) Based on the numbering scheme provided in and attached appropriately.
Attachment A – Qualification Protocol
Attachment List, identify the attachment
information and write Attachment <#> in the
space provided in the Comments column.

2. Verify that the records listed in the report are The listing of records is
sequential and that there are no duplications. sequential and there are no
duplications.

3. To log out of the system, perform the following The XYZ Desktop screen
actions: displays.
a) Click the Exit icon twice.
b) Click the Logout icon.

30
Sample - Traceability Matrix
User Requirements Functional Requirements
URID Design Specification Test/Objective
Description Specification

1 The following general security requirements must be met.

1.1 It must be possible to specify and change Section 4 – Security Section 9 – Security System Security – OQ Test 02 –
privileges by user, job type, and role. 4.2 Assigning Privileges Table 5 – User Account Information Objective 1

1.2 Only an authorized person may modify Section 4 – Security Section 9 – Security System Security – OQ Test 02 –
access rights. 4.8 System Administrator Access 9.1 System Administrators Objective 2

2 The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.

2.1 Only authorized users shall have access to Section 4 – Security Section 9 – Security System Security – OQ Test 02 –
the system. 4.10 Assigning System Users 9.2 System Users Objective 2

2.2 A computer generated, time-stamped audit Section 6 – Audit Trails Section 11 – Audit Trails Audit Trails – OQ Test 03 –
trail must be available to independently 6.1 Select Audit Trail Option Objective 1
record the date and time of operator entries Audit Trails – UAT Test 02 –
and actions which create, modify, or delete Objective 1
electronic records.

2.3 The audit trail must be available for N/A This function is not currently N/A
reviewing and printing in human-readable available in the system.
form.

2.4 The time recorded in the audit trail must Section 6 – Audit Trails Section 11 – Audit Trails Audit Trails – OQ Test 03 –
accurately reflect the predefined time 6.2 Setting System Clock Objective 3
standard. Audit Trails – UAT Test 02 –
Objective 1

2.5 For individuals who develop, maintain, or N/A – Procedure related. N/A – Procedure related. Procedural – SOP QA-100-01 GXP
use electronic records and signatures Training
systems, documentation that lists the
education, training, and experience for each
user must be available.

31
What are the Benefits of
Producing a Traceability Matrix?
n The people involved are
encouraged to think
about the best way to test
the requirements.
n The design reflects a
product or service that
satisfies customer needs.
n The product conforms to n The users are assured
the design standard, that what is delivered is
which means it can be what they expected.
reproduced.

32
Conclusions
Developing a Traceability Matrix….
n Prompts the development of
user requirements that are
specific and testable.
n Tracks the progress of the
functional and design
elements.
n Documents that the
requirements are met.
n Serves as a single source
for referencing
requirements and for
internal and external
auditing.
33
Are there any Questions?

??????

34

Das könnte Ihnen auch gefallen