Software Development Life Cycles:
Outline for Developing a Traceability Matrix

By Diana Baldwin, AccuReg Inc.

  1. Software Life Cycle
    1. The FDA does not prescribe a specific software development life cycle, but requires manufacturers to identify and follow what makes sense for them
    2. Manufacturers choose a software life cycle model and development methodology appropriate for their device and organization
      1. Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, May 1998
    3. Software Life Cycle must include:
      1. Risk management
      2. Requirements analysis and specification
      3. Design (both top level and detailed)
      4. Implementation (coding)
      5. Integration
      6. Validation
      7. Maintenance
    4. A software life cycle model should be understandable, thoroughly documented, results oriented, auditable, and traceable.
      1. Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, May 1998

  2. What is required to demonstrate traceability?

    1. Provide a traceability analysis or matrix which links requirements, design specifications, hazards, and validation. Traceability among these activities and documents is essential. This document acts as a map, providing the links necessary for determining where information is located.
      1. Guidance for the Content of Premarket Submissions for Software Contained in Medical Devices, May 1998

  3. How Does Traceability Ensure the Life Cycle is Followed?

    1. It demonstrates the relationship between design inputs and design outputs
    2. It ensures that design is based on predecessor, established requirements
    3. It helps ensure that design specifications are appropriately verified, that functional requirements are appropriately validated
    4. Important: Traceability is a 2-way street. Maintain "backwards" and "forwards" -- Tunnel Vision not acceptable in the Software Life Cycle!

  4. Traceability Across the Life Cycle

    1. Risk Analysis (Initial and Ongoing Activities)
      1. Trace potential hazards to their specific cause
      2. Trace identified mitigations to the potential hazards
      3. Trace specific causes of software-related hazards to their location in the software
    2. Requirements Analysis and Specification
      1. Trace Software Requirements to System Requirements
      2. Trace Software Requirements to hardware, user, operator and software interface requirements
      3. Trace Software Requirements to Risk Analysis mitigations
    3. Design Analysis and Specification
      1. Trace High-Level Design Specifications to Software Requirements
      2. Trace Design Interfaces to hardware, user, operator and software interface requirements
      3. Evaluate design for introduction of hazards; trace to Hazard Analysis as appropriate
    4. Design Analysis and Specification
      1. Trace Detailed Design Specifications to High-Level Design
      2. IMPORTANT: Ability to demonstrate traceability of safety critical software functions and safety critical software controls to the detailed design specifications
    5. Source Code Analysis (Implementation)
      1. Trace Source Code to Detailed Design Specifications
      2. Trace unit tests to Source Code and to Design Specifications
        1. Verify an appropriate relationship between the Source Code and Design Specifications being challenged
    6. Source Code Analysis (Implementation)
      1. Trace Source Code to Design Specifications
      2. Trace unit tests to Source Code and to Design Specifications
        1. Verify an appropriate relationship between the Source Code and Design Specifications being challenged
    7. Integration
      1. Trace integration tests to High-Level Design Specifications
      2. IMPORTANT: Use High-Level Design Specifications to establish a rational approach to integration, to determine regression testing when changes are made
    8. Validation
      1. Trace system tests to Software Requirement Specifications
      2. Use a variety of test types
        1. Design test cases to address concerns such as robustness, stress, security, recovery, usability, etc.
      3. Use traceability to assure that the necessary level of coverage is achieved

  5. Plan Ahead for Traceability

    1. Options
      1. Manual methods
        1. Word processors
        2. Spreadsheets
      2. "Home-built" Automated Systems
        1. Relational Databases
      3. Commercial Automated Systems
        1. DOORS
        2. Requisite Pro

7501 Northwest 4 Street, Suite 210
Plantation, Florida 33317, USA
Telephone: 954-641-6400  Fax: 954-641-6410
Email: accureg@regulatory.com

Contact webmaster

 

Copyright © 2001 AccuReg, Inc. All rights reserved.
No portion of this site may be reproduced without express written consent of AccuReg, Inc.