1. Requirements

3.2.4 The project shall perform and maintain bidirectional traceability between the software requirements and the software design.

1.1 Notes

NPR 7150.2, NASA Software Engineering Requirements, does not include any notes for this requirement.

1.2 Applicability Across Classes

This requirement applies to the following classes and safety criticalities with the exceptions noted:

  • Classes C through E and Safety Critical are labeled, "SO." This means that this requirement applies to the safety-critical aspects of the software.
  • Classes F and G are labeled with "X (not OTS)." This means that this requirement does not apply to off-the-shelf software for these classes.




2. Rationale

Software design is created based on the software requirements and some assurance is needed to show that the design fulfills the software requirements and that no requirements are lost or left out of the design. One method of providing this "check and balance" is to create a traceability matrix between the software requirements and the resulting design.

Traceability matrices help ensure that each design element, typically documented in a Software Design Description (SDD), traces back to a software requirement that is the source or reason for having that element in the design. Traceability also helps ensure that all requirements are addressed in the design and that only what is required is designed.  

Traceability links between individual requirements and other system elements, including, but not limited to design, are helpful tools when evaluating the impact of changing or deleting a requirement. When a requirement is changed, traceability can help identify the affected products, including design, documentation, source code, tests, etc.  (NASA-GB-8719.13, NASA Software Safety Guidebook )


Bidirectional traceability is defined as an "association among two or more logical entities that is [discernible] in either direction (to and from an entity)" (ISO/IEC 24765:2009 Systems and software engineering vocabulary).


Traceability is important because it can point out software design elements that are not fulfilled in the code (i.e., missing or incomplete functionality) as well as source code that does not have a parent design element (i.e., extra functionality). Ideally, the trace does not identify any design elements that have no source requirement, but if such "orphan" design elements are discovered in the trace, they need to be discussed by the project team and assurance personnel to determine if the "orphan" elements are necessary. If they are determined to be necessary, any missing source requirements are added to the project.


3. Guidance

Before starting the traceability activity, it is assumed that the documents being traced (e.g., requirements, design, code, test data, etc.) have been approved.

Using a matrix such as the one shown below () allows a single exercise to show traceability both forwards and backwards. The matrix is completed left to right early in the appropriate phase in the project life cycle. As each column is completed, the forward trace is extended to the next set of products. Simply starting with a column such as the UTS Case # and looking at the data in the columns to the left shows the backward traceability from a test case to its parent test specification all the way back to the parent requirement.

While traceability matrices are not the only method for capturing bidirectional traceability, they are the most common. Traceability matrices can be included in the documents to which they apply, such as the SDD, or they can be combined into a single matrix covering higher level requirements, software requirements, design, code, and verification. General guidance for creating a bidirectional traceability matrix includes the following suggested actions:

  • Create the matrix at the beginning of the project.
  • Uniquely identify the elements in the matrix (requirements identifiers, design document identifiers and paragraph numbers for design elements, etc.).
  • Keep the matrix maintained throughout the life of the project.
  • Assign responsibility for creating and maintaining the matrix to a project team member, since managing the links/references can be a labor-intensive process that needs to be tracked/monitored.
  • Maintain the matrix as an electronic document to make maintenance and reporting easier.
  • Create the matrix such that it may be easily sorted to achieve/convey bi-directional traceability.
  • Ensure a review of the matrix at major phases/key reviews of the project.

A bidirectional traceability matrix can be manually created and maintained, or may be a by-product of a requirements management tool. The tracing system needs to be chosen based on project complexity and the number of requirements. Check with project management to see if a requirements management tool exists for the local project that is capable of producing a bidirectional traceability matrix.

Keep in mind that a single requirement could trace to multiple architectural elements, design elements, etc. The reverse is also true, design elements could trace back to multiple source requirements, so the relationships identified in the matrix are not required to be one-to-one.

As decisions are made during the development of the software design, the team may generate new requirements. When that happens and the requirements are confirmed as being within the scope of the project (not expanding the scope or "gold plating" the system by including unnecessary functionality), the traceability matrix is revised to include the new requirements and the mapped design elements.  Keep in mind that the requirements document(s) will also need to be revised when this occurs.

If the software design team is not the same as the requirements development team, collaboration may be needed to ensure proper bidirectional traceability between design and requirements. Likewise, when tracing detailed design to high-level design, collaboration between the different groups may be needed to ensure proper understanding and documented traceability.

According to Software Development Life Cycles: Outline for Developing a Traceability Matrix, The Regulatory Forum , key aspects of tracing design elements include:

  • Trace high-level design specifications to software requirements.
  • Trace detailed design specifications to high-level design.
  • Trace design interfaces to hardware, user, operator, and software interface requirements.
  • Trace design back to hazard analysis, if the design introduces hazards.

Additional guidance related to bidirectional traceability may be found in the following related requirements in this Handbook:


SWE-052

Bidirectional Traceability Between Higher Level Requirements and Software Requirements

SWE-064

Bidirectional Traceability Between Software Design and Software Code

SWE-072

Bidirectional Traceability Between Software Test Procedures and Software Requirements



4. Small Projects

For small projects without access to a requirements tool that includes tracing features and with time/budget limitations preventing them from acquiring a new tool and associated training, requirements tracing may be done with a spreadsheet (such as Excel), a simple database (such as Access) or a textual document. It is very important that the project be diligent about keeping such traces up to date as these methods do not include automatic updates when requirements, design elements, or other relevant documents change. (NASA-STD-8719.13B, NASA Software Safety Standard)

Value-based requirement tracing may be an option for projects with small budgets or projects where a specific set of requirements has priority such as Class C, Safety Critical projects where safety-critical requirements obviously have priority. Value-based requirement tracing prioritizes all of the requirements in the system, with the amount of time and effort expended tracing each requirement depending on the priority of that requirement. This can save a significant amount of effort by focusing traceability activities on the most important requirements. However, value-based tracing requires a clear understanding of the importance of each requirement in the system; it may not be an option if full tracing is a requirement of the customer or the development process standards used for the project. This type of requirement tracing would also be useful for Class F and Class G projects where the software is not Off the Shelf (OTS).


5. Resources





6. Lessons Learned

A documented lesson from the NASA Lessons Learned database notes the following:

Software Requirements Management. Lesson Number 3377: This lesson notes the benefits of using "state-of-the-art software processes and tools to manage requirements for software development."