TraceAbility Matrix
-
Upload
downloadarticle -
Category
Documents
-
view
1.750 -
download
6
description
Transcript of TraceAbility Matrix
Traceability Matrix
Taking the Guesswork Out of Fulfilling User Requirements
2
Who Are We?
Susan KueblerTechnical Writer, Quality AssuranceSolvay Pharmaceuticals, [email protected]
Areas of Experience:§ Pharmaceuticals§ Information Services§ Medical Affairs§ Corporate Training§ University Lecturer§ Health Care - HMO
Mary R. Van BrinkQA Technical WriterSolvay Pharmaceuticals, [email protected]
Areas of Experience:
§ Pharmaceuticals§ Corporate Training§ Computer-Based Training (CBT)§ Interactive Voice Response (IVR) § Finance/Accounting§ Banking§ Manufacturing§ Telecommunication§ Application Support§ Newspaper Reporting
3
Solvay FactsSolvay has been in business since 1861. Sodium carbonate (commonly known as soda ash) was the first product sold by the company. Today, Solvay has divisions for plastics, pharmaceuticals, chemicals, and processing (e.g., auto fuel systems). As you can see by the graphic below, we are in many countries around the world. The home office is in Brussels, Belgium. The US pharmaceutical home office is in Marietta, Georgia. To learn more about Solvay, go to www.solvay.com.
4
Solvay Pharmaceuticals, Inc. Products for the US
n Cardiology¨ ACEON® - hypertension treatment
n Gastroenterology¨ Balneol® - pH-balanced perianal lotion¨ CREON® MINIMICROSPHERES® - treatment of pancreatic exocrine insufficiency¨ ROWASA® Enema - treatment of distal ulcerative colitis, proctosigmoiditis or proctitis.
n Mental Health¨ KLONOPIN® Wafers - treatment of panic disorder¨ LITHOBID® - treatment of manic episodes of manic-depressive illness
n Specialized Markets¨ ANADROL® - anemia treatment¨ AndroGel® - testosterone replacement therapy¨ MARINOL® - treatment of anorexia in AIDS and chemotherapy patients
n Women’s Health¨ ESTRATEST® - management of menopause symptoms¨ PROMETRIUM® - prevention of endometrial hyperplasia
5
What are the Objectives?
n Explain the role of the Traceability (Trace) Matrix in the system documentation lifecycle.
n Describe how to incorporate information from the user and functional requirements into the Trace Matrix.
n Illustrate how the system design documents contribute to the matrix.
n Examine the role of testing.n Demonstrate how the implemented system meets
the user requirements.
6
What is a Traceability Matrix?
A traceability matrix documents…§ User and functional requirements.§ Design specifications that address each
user requirement.§ Testing references (i.e., Operational, and
User Acceptance) and specific objectives or Standard Operations Procedures (SOPs) which verify that the user requirements have been met.
7
Sample - Traceability Matrix
Procedural – SOP QA-100-01 GXP Training
N/A – Procedure related.N/A – Procedure related.For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.
2.5
Audit Trails – OQ Test 03 –Objective 3Audit Trails – UAT Test 02 –Objective 1
Section 11 – Audit TrailsSection 6 – Audit Trails6.2 Setting System Clock
The time recorded in the audit trail must accurately reflect the predefined time standard.
2.4
N/AThis function is not currently available in the system.
N/AThe audit trail must be available for reviewing and printing in human-readable format.
2.3
Audit Trails – OQ Test 03 –Objective 1Audit Trails – UAT Test 02 –Objective 1
Section 11 – Audit TrailsSection 6 – Audit Trails6.1 Select Audit Trail Option
A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which create, modify, or delete electronic records.
2.2
System Security – OQ Test 02 –Objective 2
Section 9 – Security9.2 System Users
Section 4 – Security4.10 Assigning System Users
Only authorized users shall have access to the system.
2.1
The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.2
System Security – OQ Test 02 –Objective 2
Section 9 – Security9.1 System Administrators
Section 4 – Security4.8 System Administrator Access
Only an authorized person may modify access rights.
1.2
System Security – OQ Test 02 –Objective 1
Section 9 – SecurityTable 5 – User Account Information
Section 4 – Security4.2 Assigning Privileges
It must be possible to specify and change privileges by user, job type, and role.
1.1
The following general security requirements must be met.1
Test/ObjectiveDesign SpecificationFunctional Requirements
SpecificationUser Requirements
DescriptionURID
8
Why Create a Matrix?
n Demonstrates that the implemented system meets the user requirements.
n Serves as a single source for tracking purposes.
n Identifies gaps in the design and testing.
n Prevents delays in the project timeline, which can be brought about by having to backtrack to fill the gaps.
9
What are the Milestones for the Traceability Matrix?
n Begun after the User Requirements are approved.
n Updated before the Functional Requirements Specifications are approved.
n Updated before the Design Specifications are approved.
n Updated before the approval of the Operational Qualification (OQ) and User Acceptance Testing (UAT) protocols.
n Approved after the approval of the Production Rollout Plan.
10
What is the Role of a Traceability Matrix in the Lifecycle of a Project?
11
What are User Requirements Specifications (URS)?
n Describe what theusers expect thesystem to do.
n Are written to avoid dispute, contradiction,and ignorance.
n Should be unambiguous, complete, verifiable, testable, and consistent with other user requirements.
n Include any regulatory(e.g., ISO 9000+ or FDA) requirements.
n Can be combined with the Functional Requirements Specification (FRS).
12
Sample – User Requirements
System passwords must expire every 60 days.2.8
Electronic signatures must not be reused or reassigned to anyone else.2.7
The electronic signature must be unique to an individual.2.6
For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.
2.5
The time recorded in the audit trail must accurately reflect the predefined time standard.
2.4
The audit trail must be available for reviewing and printing in human-readable form.2.3
A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which create, modify, or delete electronic records.
2.2
Only authorized users shall have access to the system.2.1
The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.
221 CFR Part 11 Compliance
Only an authorized person may modify access rights.1.2
It must be possible to specify and change privileges by user, job type, and role.1.1
The following general security requirements must be met.1Security
Requirement DescriptionURIDCategory
13
What is the User Requirements Discovery Process?
n Methodology developed by Information Architecture Group (IAG)
n Requirements gathering sessions¨ Usually takes two days¨ Involves all key users¨ Includes a discovery team
comprised of a facilitator anda documenter
14
What are the Requirements Discovery Deliverables?
n Business Requirements Definition (BRD)¨ IAG methodology identifies user activities.¨ Activities help to define business processes and
develop functional requirements.¨ IAG template outlines the entire process.
n User Requirements Specifications (URS)¨ Defines the requirements that are used to build
the system.¨ Forms the basis for the traceability matrix.¨ Contributes to successful system design and
development.
15
What is the Integrated Document Methodology?
16
Why is the Business Requirements Definition (BRD) Developed?
n Describe activitiesn Define functional
requirementsn Identify data elements
17
What Considerations are there for Describing Activities?
n Each activity is defined according to…¨ How the activity begins¨ How the activity is completed¨ The Business Components within the activity¨ The steps to achieve each Component¨ Design Considerations¨ The Issues/Assumptions/Risks
n IAG Template
18
What is the Result of the Discovery Process?
We now have our first deliverable: the Business Requirements Definition (BRD) that is used as the basis for the user requirements specifications document.
19
Demonstration: Mapping User Requirements
20
Demonstration: Mapping User Requirements
21
Sample – User Requirements Incorporated into the Matrix
For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.
2.5
The time recorded in the audit trail must accurately reflect thepredefined time standard.
2.4
The audit trail must be available for reviewing and printing in human-readable form.
2.3
A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which create, modify, or delete electronic records.
2.2
Only authorized users shall have access to the system.2.1
The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.
2
Only an authorized person may modify access rights.1.2
It must be possible to specify and change privileges by user, job type, and role.
1.1
The following general security requirements must be met.1
User Requirements DescriptionURID
22
Sample – Uniquely Numbered Requirements Incorporated into the Matrix
23
What are Functional Requirements Specifications (FRS)?
n Serve as the blueprint for the project.
n Describe the detailed functions of the system (i.e., what the system will do).
n Provide a common source for reference.
n Can be combined with the User Requirements Specification (URS) or System Design Specification (SDS).
24
Sample – Functional Requirements1. General Tab – R&D
This tab is displayed for searches.
Is, Is NotList of all departments.Drop Down Owning Department
Begins With, Contains, Does Not Contain, Ends With, Is, Is Not
N/AText Box Legacy Document Number
Is, Is NotList of all applicable document languages.
Drop Down Language
Begins With, Contains, Does Not Contain, Ends With, Is, Is Not
List of all system user plus free textsCombo Box Authors
Begins With, Contains, Does Not Contain, Ends With, Is, Is Not
List of all products plus free textPick ListProduct
Begins With, Contains, Does Not Contain, Ends With, Is, Is Not
N/AText BoxTitle
Begins With, Contains, Does Not Contain, Ends With, Is, Is Not
N/AText BoxClassificationIT Note: stored in the subject field.
Begins With, Contains, Does Not Contain, Ends With, Is, Is Not
N/AText BoxXYZ Project NumberIT note: Stored in the object_name field.
Search OperatorsValid ValuesField TypeProperty
25
Sample – Functional Requirements Incorporated into the Matrix
N/A – Procedure related.For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.
2.5
Section 6 – Audit Trails6.2 Setting System Clock
The time recorded in the audit trail must accurately reflect the predefined time standard.
2.4
N/AThe audit trail must be available for reviewing and printing in human-readable form.2.3
Section 6 – Audit Trails6.1 Select Audit Trail Option
A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which c reate, modify, or delete electronic records.
2.2
Section 4 – Security4.10 Assigning System Users
Only authorized users shall have access to the system.2.1
The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.2
Section 4 – Security4.8 System Administrator Access
Only an authorized person may modify access rights.1.2
Section 4 – Security4.2 Assigning Privileges
It must be possible to specify and change privileges by user, job type, and role.1.1
The following general security requirements must be met.1
Functional Requirements SpecificationUser Requirements DescriptionURID
26
What are Design Specifications?
n Define the architecture and configuration of the hardware.
n Identify the logical and physical structure of the programming that will be implemented to satisfy the user requirements.
n Reflect how the system will be delivered for production use.
n List the required software, current versions, parameters, and settings.
n Include a visual representation of the system design (e.g., network topology map, data flow, security).
Inspired Programmer
27
Sample – System Design Specifications Incorporated into the Matrix
N/A – Procedure related.N/A – Procedure related.For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.
2.5
Section 11 – Audit TrailsSection 6 – Audit Trails6.2 Setting System Clock
The time recorded in the audit trail must accurately reflect the predefined time standard.
2.4
This function is not currently available in the system.
N/AThe audit trail must be available for reviewing and printing in human-readable form.
2.3
Section 11 – Audit TrailsSection 6 – Audit Trails6.1 Select Audit Trail Option
A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which create, modify, or delete electronic records.
2.2
Section 9 – Security9.2 System Users
Section 4 – Security4.10 Assigning System Users
Only authorized users shall have access to the system.2.1
The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.2
Section 9 – Security9.1 System Administrators
Section 4 – Security4.8 System Administrator Access
Only an authorized person may modify access rights.1.2
Section 9 – SecurityTable 5 – User Account Information
Section 4 – Security4.2 Assigning Privileges
It must be possible to specify and change privileges by user, job type, and role.
1.1
The following general security requirements must be met.1
Design SpecificationFunctional Requirements SpecificationUser Requirements
DescriptionURID
28
What is an Operational Qualification (OQ)?
n Tests the system from the technical perspective.
n Ensures that the developed system meets the technical requirements, including areas such as security, account creation, and screen layouts.
n Can be combined with the User Acceptance Testing (UAT).
29
Why Perform User Acceptance Testing (UAT)?
n Users perform formal acceptance testing of the system functionality to ensure that the system meets their requirements.
n Ultimately, it is the customers that decide whether the quality of the product or service meets their satisfaction.
30
What is User Acceptance Testing?n Performed on the totally integrated computerized system while it is
operating in its normal business environment.n Tests the day-to-day functionality of the system to ensure that the system is
working as intended.
Initials/Date
The XYZ Desktop screen displays.
To log out of the system, perform the following actions:a) Click the Exit icon twice.b) Click the Logout icon.
3.
The listing of records is sequential and there are no duplications.
Verify that the records listed in the report are sequential and that there are no duplications.
2.
The report is printed, labeled and attached appropriately.
a) Print, label, and attach the report.b) Based on the numbering scheme provided in
Attachment A – Qualification Protocol Attachment List, identify the attachmentinformation and write Attachment <#> in thespace provided in the Comments column.
1.
CommentsActual ResultsExpected ResultsProcedureStep
Acceptance Criteria:• Data must be generated for each report, printed, labeled, and attached to the protocol.• The record numbers must be sequential and duplications are not acceptable.
Test 5, Objective 1 – Generating Reports for the XYZ System.
31
Sample - Traceability Matrix
Procedural – SOP QA-100-01 GXP Training
N/A – Procedure related.N/A – Procedure related.For individuals who develop, maintain, or use electronic records and signatures systems, documentation that lists the education, training, and experience for each user must be available.
2.5
Audit Trails – OQ Test 03 –Objective 3Audit Trails – UAT Test 02 –Objective 1
Section 11 – Audit TrailsSection 6 – Audit Trails6.2 Setting System Clock
The time recorded in the audit trail must accurately reflect the predefined time standard.
2.4
N/AThis function is not currently available in the system.
N/AThe audit trail must be available for reviewing and printing in human-readable form.
2.3
Audit Trails – OQ Test 03 –Objective 1Audit Trails – UAT Test 02 –Objective 1
Section 11 – Audit TrailsSection 6 – Audit Trails6.1 Select Audit Trail Option
A computer generated, time-stamped audit trail must be available to independently record the date and time of operator entries and actions which create, modify, or delete electronic records.
2.2
System Security – OQ Test 02 –Objective 2
Section 9 – Security9.2 System Users
Section 4 – Security4.10 Assigning System Users
Only authorized users shall have access to the system.
2.1
The following 21 CFR Part 11 requirements must be met to remain compliant with the regulations.2
System Security – OQ Test 02 –Objective 2
Section 9 – Security9.1 System Administrators
Section 4 – Security4.8 System Administrator Access
Only an authorized person may modify access rights.
1.2
System Security – OQ Test 02 –Objective 1
Section 9 – SecurityTable 5 – User Account Information
Section 4 – Security4.2 Assigning Privileges
It must be possible to specify and change privileges by user, job type, and role.
1.1
The following general security requirements must be met.1
Test/ObjectiveDesign SpecificationFunctional Requirements
SpecificationUser Requirements
DescriptionURID
32
What are the Benefits of Producing a Traceability Matrix?
n The people involved are encouraged to think about the best way to test the requirements.
n The design reflects a product or service that satisfies customer needs.
n The product conforms to the design standard, which means it can be reproduced.
n The users are assured that what is delivered is what they expected.
33
Conclusions
n Prompts the development of user requirements that are specific and testable.
n Tracks the progress of the functional and design elements.
n Documents that the requirements are met.
n Serves as a single source for referencing requirements and for internal and external auditing.
Developing a Traceability Matrix….
34
Are there any Questions?
? ? ? ? ? ?