Requirements Management and the Traceability Matrix

A cornerstone of a rigorous software development process is requirements management and the traceability of those requirements to implementation—and subsequently, proof of correct implementation.

Requirements traceability is defined by authors, Gotel and Finkelstein, as “the ability to describe and follow the life of a requirement, in both a forward and backward direction (i.e., from its origins, through its development and specification, to its subsequent deployment and use, and through periods of on-going refinement and iteration in any of these phases).”

Tracing requirements isn’t simply linking a paragraph from a document to a section of code or a test. Traceability must be maintained throughout the phases of development as requirements manifest into design, architecture, and implementation. Consider the typical “V” diagram of software.

Figure 1: The classic V diagram shows how traceability goes forward and backward through each phase of development.

Each phase drives the subsequent phase. In turn, the work items in these phases must satisfy the requirements from the previous phase. System design is driven from requirements. System design satisfies the requirements, and so on.

Requirements traceability management (RTM) proves that each phase is satisfying the requirements of each subsequent phase. However, this is only half of the picture. None of this traceability demonstrates that requirements are being met. That requires testing.

Figure 2: The other important part of requirements traceability is verification and validation testing to prove the implementation of the specification from the corresponding design phase. Validation typically occurs at the end of the development cycle during final acceptance testing with the customer.

In the V diagram shown in Figure 2, each testing phase verifies the satisfaction of the specifications associated with the corresponding design/implementation phase. In the example, acceptance testing validates requirements, integration testing verifies architecture design, unit testing verifies module design, and so on. Validation typically occurs at the end of the development lifecycle during acceptance testing with the customer.

Requirements traceability needs both the link to implementation and verification, plus all the associated artifacts from the development process. Software development on any realistic scale will have many requirements, complex design and architecture, and possibly thousands of units and unit tests. Automation of RTM in testing is necessary, especially for safety-critical software that requires documentation of traceability for certifications and audits.

Requirements Traceability Matrix

A requirement traceability matrix is a document that illustrates the satisfaction of requirements with a corresponding work item, like a unit test, module source code, architecture design element, and so on. The matrix is often displayed as a table, which shows how each requirement is “checked off” by a corresponding part of the product. Creation and maintenance of these matrices are often automated with requirements management tools with the ability to display them visually in many forms and even hard copy if required.

Below is a requirements traceability matrix example from Intland codeBeamer. It shows system-level requirements decomposed to high-level and low-level requirements and the test cases that verify each.

Figure 3: Requirements traceability matrix example in Intland codeBeamer.

Why Is Requirements Traceability Needed?

In the simplest sense, requirements traceability is needed to keep track of exactly what you’re building when writing software. This means making sure the software does what it’s supposed to and that you’re only building what is needed.

Traceability works both to prove you satisfied the requirements and to identify what doesn’t. If there are architectural elements or source code that can’t be traced to a requirement, then it’s a risk and shouldn’t be there. The benefits go beyond providing proof of the implementation. Disciplined traceability is an important visibility into development progress.

Traceability isn’t necessarily strict in enterprise software application, although that’s certainly improving. However, it is a required activity in safety and mission-critical software.

Requirements Traceability in Safety-Critical Software

Requirements in safety-critical software are the key driver for product design and development. These requirements include functional safety, application requirements, and non-functional requirements that fully define the product. This reliance on documented requirements is a mixed blessing since poor requirements are one of critical causes of safety incidents in software. In other words, the implementation wasn’t at fault, but poor or missing requirements were.

It’s important to realize that many requirements in safety-critical software are derived from safety analysis and risk management. The system must perform its intended functions, of course, but it must also mitigate risks to greatly reduce the possibility of injury. Moreover, in order to document and prove that these safety functions are implemented and tested fully and correctly, traceability is critical.

Automating Bidirectional Traceability

Maintaining traceability records on any sort of scale requires automation. Application lifecycle management tools include requirements management capabilities that are mature and tend to be the hub for traceability. Integrated software testing tools like Parasoft complete the verification and validation of requirements by providing an automated bidirectional traceability to the executable test case, which includes the pass or fail result and traces down to the source code that implements the requirement.

Parasoft integrates with market-leading requirements management and agile planning systems such as Intland codeBeamer, Polarion from Siemens, Atlassian Jira, CollabNet VersionOne and TeamForge.

As shown in the image below, each of Parasoft’s test automation tools (C/C++test, Jtest, dotTEST, SOAtest, and Selenic) support the association of tests with work items defined in these systems (such as requirements, stories, defects, test case definitions). Traceability is managed through Parasoft’s central reporting and analytics dashboard (Parasoft DTP).

Figure 4: Parasoft provides bidirectional traceability from work items to test cases and test results—both displaying traceability reports with Parasoft DTP as well as reporting results back to the requirements management system.

Parasoft DTP correlates the unique identifiers from the management system with static analysis findings, code coverage, and test results from unit, integration, and functional tests. Results are displayed within Parasoft DTP’s traceability reports and sent back to the requirements management system. They provide full bidirectional traceability and reporting as part of the system’s traceability matrix.

The traceability reporting in Parasoft DTP is highly customizable. The following image shows a requirements traceability matrix template for stories authored in Jira that trace to the test cases, static analysis findings, source code files, and manual code reviews.

Figure 5: Requirements traceability matrix template from Parasoft DTP integrated with Altassian Jira.

The bidirectional correlation between test results and work items provides the basis of requirements traceability. Parasoft DTP adds test and code coverage analysis to evaluate test completeness. Maintaining this bidirectional correlation between requirements, tests, and the artifacts that implement them is an essential component of traceability.

Benefits of Automated Traceability

Automated traceability offers several benefits to software development teams. Below is a closer look at how automation can boost traceability in software development.

1. Improves requirement management. Automated traceability simplifies and streamlines requirements management by providing a clear and systematic approach to automatically linking requirements to design documents, code, and test cases, making it easier to track the progress of requirements from inception to implementation. This ensures that all requirements are properly addressed, reducing human manual errors and the risk of overlooking critical functionalities.

Additionally, automated traceability enables effective impact analysis, allowing stakeholders to understand the implications of changes to requirements and make informed decisions.

2. Facilitates team collaboration. Automated traceability facilitates collaboration between teams. When requirements are linked to design decisions, code, and tests, stakeholders can visualize the impact of changes and modifications. This visual representation helps in productive discussions, enabling stakeholders to make informed decisions about requirements prioritization, scope, and trade-offs. This encourages active participation and draws input from all relevant parties, leading to better consensus on the project’s requirements.

In addition, automated traceability identifies dependencies and impacts between different components of the software. As a result, when changes are made to one component, traceability allows stakeholders to quickly identify the associated requirements, design decisions, and tests that may be affected. This knowledge of dependencies and impacts promotes collaboration by ensuring that all relevant parties are aware of the potential consequences of changes.

3. Enhances quality assurance. Automated traceability significantly improves quality assurance efforts throughout the software development lifecycle. When traceability is automated, it allows for the automatic linking of requirements to test cases, which in turn ensures that all the requirements are adequately covered by corresponding test cases.

With test cases generated automatically based on the traced requirements, it reduces the risk of missing test scenarios, which is often the case when test cases are manually created. But with automated traceability, all the necessary test scenarios are derived directly from the requirements, reducing the risk of missing test scenarios.

4. Streamlines maintenance and troubleshooting processes. Maintenance and troubleshooting are inherent aspects of software development. With automated traceability, these processes become more efficient and effective. For instance, when issues or bugs arise, traceability enables developers to quickly identify the specific requirements, design decisions, or code components associated with the problem. This accelerates the troubleshooting process, saving valuable time and resources.

Furthermore, automated traceability also helps document the resolution steps, facilitating future maintenance and reducing the chances of recurring issues.

5. Expedites regulatory compliance and auditing. Compliance with regulations and standards is a crucial aspect of software development, and automated traceability helps organizations demonstrate adherence to regulatory requirements.

Automated traceability provides a clear audit trail of decisions, actions, and changes made during the software development process. This makes compliance audits smoother and more straightforward, as all the necessary information is readily available and traceable.

Tools of Requirements Traceability

Several tools are available to facilitate requirements traceability, providing functionalities for linking, tracking, managing, and analyzing the relationships between requirements. Some popular tools for requirements traceability include the following.

1. Parasoft. Offers test cases to requirements traceability management functionalities through its central reporting and analytics dashboard, Parasoft DTP. In addition to Parasoft DTP, other tools within the Parasoft ecosystem that offer traceability capabilities are Parasoft Selenic, Parasoft SOAtest, Parasoft C/C++test, Parasoft Jtest and Parasoft DotTest. These tools can support users by completing the traceability between requirements to test cases and down to the source files if desired. . With these tools, you can easily track test coverage for each requirement, assess quality impact faster and provide requirement testing analytics and reporting.

In addition, Parasoft can also automate defect creation which helps in establishing a comprehensive feedback loop within your development workflow. It also helps with regulatory compliance along with standards like ISO 26262, DO-178C, IEC 62304, IEC 61508, and EN 50128.

2. Codebeamer. Provides all stakeholders with a central software requirements management platform to collaborate efficiently. Users share ideas. They control and record changes, and identify, manage, and track requirements across the entire application life cycle. This results in reducing costs, risks, and delivery times in product development.
3. Jama Connect. Enables teams to capture, manage, and track requirements throughout the development process. It offers features for creating and maintaining traceability links between requirements, design documents, test cases, and other artifacts. The tool also provides real-time visibility into the status of requirements and their associated artifacts.
4. Polarion Requirements. A collaborative requirements management tool that supports end-to-end traceability. It allows users to define and manage requirements, link them to other project artifacts, and track their implementation status. The tool offers traceability matrices, impact analysis, and customizable reporting to facilitate effective traceability management.

Managing the Workflow of Defect/Issue Creation

Parasoft DTP also helps triage the creation of defects and issues into new work items. Test automation and static analysis produce a lot of data to consume. Tools that help manage this data are important to prioritize the work items and prevent the tools from overwhelming the team.

Using the violation and test explorers in Parasoft DTP, shown below, the team can efficiently create new work items following triage of test failures and static analysis violations. The combination of traceability and triaged issue/defect creation provides a complete feedback loop for a workflow.

Figure 6: Creating a new Defect in VersionOne while triaging test failures in Parasoft DTP.

Summary

Requirements traceability is a key part of requirements management in software development. The level of formality in traceability varies by application type but the practice is absolutely necessary in safety-critical software.

Bidirectional traceability is important so that requirement management tools and other lifecycle tools can correlate results and align them with requirements and associated work items.

The complexity of modern software projects requires automation to scale requirements traceability. Parasoft tools are built to integrate with best-of-breed requirement management tools to aid traceability into test automation results and complete the software test verification and validation of requirements.