TraceAbility Matrix

Traceability Matrix

Taking the Guesswork Out of Fulfilling User Requirements

2

Who Are We?

Susan KueblerTechnical Writer, Quality AssuranceSolvay Pharmaceuticals, [email protected]

Areas of Experience:§ Pharmaceuticals§ Information Services§ Medical Affairs§ Corporate Training§ University Lecturer§ Health Care - HMO

Mary R. Van BrinkQA Technical WriterSolvay Pharmaceuticals, [email protected]

Areas of Experience:

§ Pharmaceuticals§ Corporate Training§ Computer-Based Training (CBT)§ Interactive Voice Response (IVR) § Finance/Accounting§ Banking§ Manufacturing§ Telecommunication§ Application Support§ Newspaper Reporting

3

Solvay FactsSolvay has been in business since 1861. Sodium carbonate (commonly known as soda ash) was the first product sold by the company. Today, Solvay has divisions for plastics, pharmaceuticals, chemicals, and processing (e.g., auto fuel systems). As you can see by the graphic below, we are in many countries around the world. The home office is in Brussels, Belgium. The US pharmaceutical home office is in Marietta, Georgia. To learn more about Solvay, go to www.solvay.com.

4

Solvay Pharmaceuticals, Inc. Products for the US

n Cardiology¨ ACEON® - hypertension treatment

n Gastroenterology¨ Balneol® - pH-balanced perianal lotion¨ CREON® MINIMICROSPHERES® - treatment of pancreatic exocrine insufficiency¨ ROWASA® Enema - treatment of distal ulcerative colitis, proctosigmoiditis or proctitis.

n Mental Health¨ KLONOPIN® Wafers - treatment of panic disorder¨ LITHOBID® - treatment of manic episodes of manic-depressive illness

n Specialized Markets¨ ANADROL® - anemia treatment¨ AndroGel® - testosterone replacement therapy¨ MARINOL® - treatment of anorexia in AIDS and chemotherapy patients

n Women’s Health¨ ESTRATEST® - management of menopause symptoms¨ PROMETRIUM® - prevention of endometrial hyperplasia

5

What are the Objectives?

n Explain the role of the Traceability (Trace) Matrix in the system documentation lifecycle.

n Describe how to incorporate information from the user and functional requirements into the Trace Matrix.

n Illustrate how the system design documents contribute to the matrix.

n Examine the role of testing.n Demonstrate how the implemented system meets

the user requirements.

6

What is a Traceability Matrix?

A traceability matrix documents…§ User and functional requirements.§ Design specifications that address each

user requirement.§ Testing references (i.e., Operational, and

User Acceptance) and specific objectives or Standard Operations Procedures (SOPs) which verify that the user requirements have been met.

7

Sample - Traceability Matrix

Procedural – SOP QA-100-01 GXP Training

N/A – Procedure related.N/A – Procedure related.For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.

2.5

Audit Trails – OQ Test 03 –Objective 3Audit Trails – UAT Test 02 –Objective 1

Section 11 – Audit TrailsSection 6 – Audit Trails6.2 Setting System Clock

The time recorded in the audit trail must accurately reflect the predefined time standard.

2.4

N/AThis function is not currently available in the system.

N/AThe audit trail must be available for reviewing and printing in human-readable format.

2.3


Section 11 – Audit TrailsSection 6 – Audit Trails6.1 Select Audit Trail Option

A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which create, modify, or delete electronic records.

2.2

System Security – OQ Test 02 –Objective 2

Section 9 – Security9.2 System Users

Section 4 – Security4.10 Assigning System Users

Only authorized users shall have access to the system.

2.1

The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.2


Section 9 – Security9.1 System Administrators

Section 4 – Security4.8 System Administrator Access

Only an authorized person may modify access rights.

1.2


Section 9 – SecurityTable 5 – User Account Information

Section 4 – Security4.2 Assigning Privileges

It must be possible to specify and change privileges by user, job type, and role.

1.1

The following general security requirements must be met.1

Test/ObjectiveDesign SpecificationFunctional Requirements

SpecificationUser Requirements

DescriptionURID

8

Why Create a Matrix?

n Demonstrates that the implemented system meets the user requirements.

n Serves as a single source for tracking purposes.

n Identifies gaps in the design and testing.

n Prevents delays in the project timeline, which can be brought about by having to backtrack to fill the gaps.

9

What are the Milestones for the Traceability Matrix?

n Begun after the User Requirements are approved.

n Updated before the Functional Requirements Specifications are approved.

n Updated before the Design Specifications are approved.

n Updated before the approval of the Operational Qualification (OQ) and User Acceptance Testing (UAT) protocols.

n Approved after the approval of the Production Rollout Plan.

10

What is the Role of a Traceability Matrix in the Lifecycle of a Project?

11

What are User Requirements Specifications (URS)?

n Describe what theusers expect thesystem to do.

n Are written to avoid dispute, contradiction,and ignorance.

n Should be unambiguous, complete, verifiable, testable, and consistent with other user requirements.

n Include any regulatory(e.g., ISO 9000+ or FDA) requirements.

n Can be combined with the Functional Requirements Specification (FRS).

12

Sample – User Requirements

System passwords must expire every 60 days.2.8

Electronic signatures must not be reused or reassigned to anyone else.2.7

The electronic signature must be unique to an individual.2.6

For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.

2.5


2.4

The audit trail must be available for reviewing and printing in human-readable form.2.3


2.2

Only authorized users shall have access to the system.2.1

The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.

221 CFR Part 11 Compliance

Only an authorized person may modify access rights.1.2

It must be possible to specify and change privileges by user, job type, and role.1.1

The following general security requirements must be met.1Security

Requirement DescriptionURIDCategory

13

What is the User Requirements Discovery Process?

n Methodology developed by Information Architecture Group (IAG)

n Requirements gathering sessions¨ Usually takes two days¨ Involves all key users¨ Includes a discovery team

comprised of a facilitator anda documenter

14

What are the Requirements Discovery Deliverables?

n Business Requirements Definition (BRD)¨ IAG methodology identifies user activities.¨ Activities help to define business processes and

develop functional requirements.¨ IAG template outlines the entire process.

n User Requirements Specifications (URS)¨ Defines the requirements that are used to build

the system.¨ Forms the basis for the traceability matrix.¨ Contributes to successful system design and

development.

15

What is the Integrated Document Methodology?

16

Why is the Business Requirements Definition (BRD) Developed?

n Describe activitiesn Define functional

requirementsn Identify data elements

17

What Considerations are there for Describing Activities?

n Each activity is defined according to…¨ How the activity begins¨ How the activity is completed¨ The Business Components within the activity¨ The steps to achieve each Component¨ Design Considerations¨ The Issues/Assumptions/Risks

n IAG Template

18

What is the Result of the Discovery Process?

We now have our first deliverable: the Business Requirements Definition (BRD) that is used as the basis for the user requirements specifications document.

19

Demonstration: Mapping User Requirements

20

Demonstration: Mapping User Requirements

21

Sample – User Requirements Incorporated into the Matrix

For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.

2.5

The time recorded in the audit trail must accurately reflect thepredefined time standard.

2.4

The audit trail must be available for reviewing and printing in human-readable form.

2.3


2.2


The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.

2



1.1


User Requirements DescriptionURID

22

Sample – Uniquely Numbered Requirements Incorporated into the Matrix

23

What are Functional Requirements Specifications (FRS)?

n Serve as the blueprint for the project.

n Describe the detailed functions of the system (i.e., what the system will do).

n Provide a common source for reference.

n Can be combined with the User Requirements Specification (URS) or System Design Specification (SDS).

24

Sample – Functional Requirements1. General Tab – R&D

This tab is displayed for searches.

Is, Is NotList of all departments.Drop Down Owning Department

Begins With, Contains, Does Not Contain, Ends With, Is, Is Not

N/AText Box Legacy Document Number

Is, Is NotList of all applicable document languages.

Drop Down Language


List of all system user plus free textsCombo Box Authors


List of all products plus free textPick ListProduct


N/AText BoxTitle


N/AText BoxClassificationIT Note: stored in the subject field.


N/AText BoxXYZ Project NumberIT note: Stored in the object_name field.

Search OperatorsValid ValuesField TypeProperty

25

Sample – Functional Requirements Incorporated into the Matrix

N/A – Procedure related.For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.

2.5

Section 6 – Audit Trails6.2 Setting System Clock


2.4

N/AThe audit trail must be available for reviewing and printing in human-readable form.2.3

Section 6 – Audit Trails6.1 Select Audit Trail Option

A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which c reate, modify, or delete electronic records.

2.2







It must be possible to specify and change privileges by user, job type, and role.1.1


Functional Requirements SpecificationUser Requirements DescriptionURID

26

What are Design Specifications?

n Define the architecture and configuration of the hardware.

n Identify the logical and physical structure of the programming that will be implemented to satisfy the user requirements.

n Reflect how the system will be delivered for production use.

n List the required software, current versions, parameters, and settings.

n Include a visual representation of the system design (e.g., network topology map, data flow, security).

Inspired Programmer

27

Sample – System Design Specifications Incorporated into the Matrix


2.5



2.4

This function is not currently available in the system.

N/AThe audit trail must be available for reviewing and printing in human-readable form.

2.3



2.2











1.1


Design SpecificationFunctional Requirements SpecificationUser Requirements

DescriptionURID

28

What is an Operational Qualification (OQ)?

n Tests the system from the technical perspective.

n Ensures that the developed system meets the technical requirements, including areas such as security, account creation, and screen layouts.

n Can be combined with the User Acceptance Testing (UAT).

29

Why Perform User Acceptance Testing (UAT)?

n Users perform formal acceptance testing of the system functionality to ensure that the system meets their requirements.

n Ultimately, it is the customers that decide whether the quality of the product or service meets their satisfaction.

30

What is User Acceptance Testing?n Performed on the totally integrated computerized system while it is

operating in its normal business environment.n Tests the day-to-day functionality of the system to ensure that the system is

working as intended.

Initials/Date

The XYZ Desktop screen displays.

To log out of the system, perform the following actions:a) Click the Exit icon twice.b) Click the Logout icon.

3.

The listing of records is sequential and there are no duplications.

Verify that the records listed in the report are sequential and that there are no duplications.

2.

The report is printed, labeled and attached appropriately.

a) Print, label, and attach the report.b) Based on the numbering scheme provided in

Attachment A – Qualification Protocol Attachment List, identify the attachmentinformation and write Attachment <#> in thespace provided in the Comments column.

1.

CommentsActual ResultsExpected ResultsProcedureStep

Acceptance Criteria:• Data must be generated for each report, printed, labeled, and attached to the protocol.• The record numbers must be sequential and duplications are not acceptable.

Test 5, Objective 1 – Generating Reports for the XYZ System.

31

Sample - Traceability Matrix

Procedural – SOP QA-100-01 GXP Training


2.5




2.4

N/AThis function is not currently available in the system.

N/AThe audit trail must be available for reviewing and printing in human-readable form.

2.3




2.2




Only authorized users shall have access to the system.

2.1





Only an authorized person may modify access rights.

1.2





1.1


Test/ObjectiveDesign SpecificationFunctional Requirements

SpecificationUser Requirements

DescriptionURID

32

What are the Benefits of Producing a Traceability Matrix?

n The people involved are encouraged to think about the best way to test the requirements.

n The design reflects a product or service that satisfies customer needs.

n The product conforms to the design standard, which means it can be reproduced.

n The users are assured that what is delivered is what they expected.

33

Conclusions

n Prompts the development of user requirements that are specific and testable.

n Tracks the progress of the functional and design elements.

n Documents that the requirements are met.

n Serves as a single source for referencing requirements and for internal and external auditing.

Developing a Traceability Matrix….

34

Are there any Questions?

? ? ? ? ? ?

TraceAbility Matrix

Documents

Transcript of TraceAbility Matrix