Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
      • R-TF-012-019 SOUPs
      • R-TF-012-028 Software Requirement Specification
      • R-TF-012-029 Software Architecture Description
      • R-TF-012-030 Software Configuration Management Plan
      • R-TF-012-031 Product requirements specification
      • R-TF-012-037 Labeling and IFU Requirements
      • R-TF-012-040 Documentation level FDA
      • R-TF-012-041 Software Classification 62304
      • R-TF-012-043 Traceability Matrix
      • Review meetings
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design and Manufacturing Information
  • R-TF-012-043 Traceability Matrix

R-TF-012-043 Traceability Matrix

Purpose​

This traceability matrix establishes the complete bidirectional relationships between risks, requirements, design specifications, and testing activities for Legit Health Plus v1.1.0.0, in accordance with IEC 62304 clauses 5.1.1, 5.1.9, 5.5.3, and 8.2.4.

The matrix ensures compliance with IEC 62304 by demonstrating that:

  • Risk Traceability (IEC 62304 § 7.1, 7.2; ISO 14971 § 6.2, 7.1, 7.3, 8): All identified risks in document R-TF-013-002 have been addressed by:

    1. Software requirements designed to mitigate the risk (risk control measures)
    2. Software requirements which introduced or contribute to the risk
    3. Verification of implementation of risk controls (ISO 14971 § 7.1) - confirming that risk control measures have been implemented as specified in the design
    4. Verification of effectiveness of risk controls (ISO 14971 § 7.3, 8) - confirming that the implemented risk control measures actually reduce the identified risk to an acceptable level and evaluation of residual risk

  • Requirements Traceability (IEC 62304 § 5.1.1, 5.1.9):

    • All software requirements (SRS) are traced to their source:
      • Product requirements (PR) from system-level specifications
      • Regulatory requirements (RR) from applicable standards and regulations
    • All product requirements are implemented by one or more software requirements
    • Changes to requirements can be traced to their impact on design and testing

  • Verification Traceability (IEC 62304 § 5.5, 5.6):

    • All software requirements are verified through defined test cases
    • All test cases are linked to specific software requirements
    • Test execution results are documented with pass/fail status
    • Verification activities are appropriate to the software safety class (Class C)

  • Completeness and Coverage Analysis (IEC 62304 § 5.7, 5.8):

    • No software requirement exists without verification
    • No risk exists without mitigation or acceptance
    • No test case exists without traceability to requirements
    • Coverage gaps are identified, analyzed, and addressed

Scope​

This traceability matrix covers:

  • Risks: Identified in [R-TF-013-002 Risk management record]
  • Product Requirements (PR): Documented in [R-TF-012-001 Product Requirements]
  • Software Requirements (SRS): Documented in [R-TF-012-028 Software Requirement Specification]
  • Regulatory Requirements (RR): Documented in [R-TF-012-037 Labeling and IFU Requirements]
  • Test Cases: Documented in [R-TF-012-033 Software Tests Plan] and [R-TF-012-034 Software Test Description]

Change History​

Product: Legit Health Plus Version: 1.1.0.0

Part 1: Risk Traceability to Software Requirements​

Reference to Risk Management Documentation​

In accordance with IEC 62304 § 7.1 (Risk analysis of software contributing to hazardous situations) and ISO 14971 § 6.2 (Risk control measures), the complete traceability between identified risks and their corresponding software requirement specifications (SRS) is documented in R-TF-013-002 Risk Management Record.

Rationale for Document Separation​

This traceability matrix does not duplicate the risk-to-SRS traceability information for the following regulatory and practical reasons:

  1. Single Source of Truth (ISO 13485 § 4.2.4): Maintaining traceability information in a single authoritative document (the Risk Management Record) ensures data integrity, prevents inconsistencies, and facilitates change control. The Risk Management Record serves as the primary source for all risk-related traceability.

  2. ISO 14971 § 3.5 Compliance: ISO 14971 requires a risk management file that contains comprehensive risk analysis documentation. Concentrating risk traceability within R-TF-013-002 ensures all risk control measure information, including:

    • Risk identification and characterization
    • Risk control measure selection and implementation (ISO 14971 § 6.2, 7.1)
    • Verification of risk control implementation (ISO 14971 § 7.1)
    • Verification of risk control effectiveness (ISO 14971 § 7.3)
    • Residual risk evaluation (ISO 14971 § 7.4)

    is maintained in a centralized, auditable format.

  3. Document Maintainability (IEC 62304 § 5.1.1): Avoiding duplication reduces the risk of:

    • Version conflicts between documents
    • Incomplete updates when requirements or risk assessments change
    • Increased review and approval burden
    • Confusion during regulatory inspections or audits

  4. Readability and Usability: By referencing rather than duplicating, this document remains focused on its core purpose: demonstrating the traceability from product requirements through software requirements to verification activities. This structure allows:

    • Easier navigation for reviewers and auditors
    • Clearer separation of concerns between risk management and requirements management
    • More efficient document maintenance and version control

  5. IEC 62304 § 5.1.9 Compliance: This clause requires maintaining traceability between different levels of requirements and to risk controls. This requirement is satisfied through the combination of:

    • Risk-to-SRS traceability in R-TF-013-002
    • PR-to-SRS and SRS-to-Test traceability in this document (Parts 2 and 3)

    Together, these documents provide complete bidirectional traceability without redundancy.

Continuous Integration Between Documents​

The relationship between R-TF-013-002 (Risk Management Record) and R-TF-012-043 (Traceability Matrix) is continuous and dynamic throughout the product development lifecycle governed by GP-012 (Design and Development Process):

  1. Forward Flow - Development Phase:

    • Software requirements (SRS) are defined to address identified risks and product requirements
    • Test cases are created to verify SRS implementation (documented in this matrix - Parts 2 and 3)
    • As SRS are implemented and tested, this information flows back to R-TF-013-002
    • The Risk Management Record is continuously updated to reflect:
      • Implementation status of risk control measures
      • Verification of risk control implementation (ISO 14971 § 7.1)
      • Links to specific test cases that verify risk controls

  2. Backward Flow - Post-Market and Clinical Evaluation:

    • Verification of risk control effectiveness (ISO 14971 § 7.3, 8) requires real-world evidence from:
      • Clinical evaluation data (ISO 14155, MDR Annex XIV)
      • Post-market surveillance data (ISO 14971 § 9)
      • Clinical performance data
    • This column in the Risk Management Record cannot be completed until clinical evaluation activities have generated sufficient evidence
    • The effectiveness verification is therefore a post-development activity that confirms residual risk acceptability

  3. Process Centralization (GP-012):

    • While GP-012 (Design and Development) is the central coordinating process for product development
    • Multiple processes operate in parallel:
      • GP-001 (Risk Management) - maintains R-TF-013-002
      • GP-003 (Clinical Evaluation) - provides effectiveness data
      • GP-008 (Post-Market Surveillance) - provides real-world performance data
    • GP-012 orchestrates the information flow between these processes to ensure:
      • Risk control measures are implemented in design
      • Verification activities are completed before release
      • Effectiveness evaluation is planned and executed post-market
      • Traceability remains current throughout the product lifecycle

This integrated approach ensures that risk management is not a one-time activity but a continuous process (ISO 14971 § 9, IEC 62304 § 9.1) where design outputs feed into risk assessment and post-market data feeds back into risk control effectiveness evaluation.

What is Documented Here​

This traceability matrix (R-TF-012-043) focuses on:

  • Part 2: Product Requirements (PR) to Software Requirements (SRS) traceability
  • Part 3: Software Requirements (SRS) to Test Cases and Test Results traceability

For comprehensive risk-to-requirement traceability, including risk control measures, implementation verification, and effectiveness evaluation, refer to R-TF-013-002 Risk Management Record.

Part 2: Product Requirements to Software Requirements​

This section traces product requirements to their implementing software requirements, ensuring that all product-level needs are addressed in the software design.

View:
CodeNameDerived from Product Requirements
SRS-Q3QGenerate an aggregated ICD probability distribution from a set of images
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-0ABGenerate per-image ICD analysis with explainability heat map
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-58WInclude entropy score in report
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-71IInclude the indicator of needing a high priority referral in the report
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-8HYInclude the indicator of malignancy in the report
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-D08Include the indicator of the image presenting a pigmented lesion in the report
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-JLMInclude the indicator of the presence of a condition in the report
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-KASInclude the indicator of needing an urgent referral in the report
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-K7MOrchestrate diagnosis support workflow
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-7PJNetwork Service Exposure
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-AQMStandard HTTP Status Code Usage
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-BYJJSON Data Interchange Format
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-DW0User Authentication Endpoint Implementation
  • PRS-1V6: Expose the device's functionality through a versioned, network-accessible API
SRS-D3NProvision of Clinical Parameter Endpoints
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-LBSURL-Based API Versioning
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-MZCRequest Body Size Limitation
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-Q9MClinical Signs Analysis Endpoint Implementation
  • PRS-1V6: Expose the device's functionality through a versioned, network-accessible API
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-RXKDiagnostic Support Endpoint Implementation
  • PRS-1V6: Expose the device's functionality through a versioned, network-accessible API
  • PRS-8QJ: Generate an interpretative probability distribution of possible ICD categories by analysing images
SRS-ZQOConcurrent API Version Support
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-6KEAPI Health Check Endpoint
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-BA6Display the legal information about this medical device
  • PRS-3YH: Compliance with MDR
  • PRS-6DP: Compliance with FDA
  • PRS-1V6: Expose the device's functionality through a versioned, network-accessible API
SRS-Z24API Documentation Endpoint
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-ID7Input Data Validation
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-EH4Security-Safe Error Handling
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-1KWSecure Communication Protocol Enforcement
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-28XImplement progressive delays between failed login attempts
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-A25Role-Based Access Control (RBAC) with Least Privilege Principle to restrict users to essential functions
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-A2BAPI Rate Limiting
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-MM8Generated JWTs must have an expiration date
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-SDZUse hashed and salted passwords
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-TPKLock accounts after five failed attempts
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-U8MEnforce strong password policies (min. 12 characters, complexity rules, expiration policies)
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-WEREndpoint Access Control
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-WGFAES-256 encryption for data at rest
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-X9JConduct periodic access reviews to verify permissions align with job functions
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-IC4Software and Configuration Integrity Verification
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-BK7Encrypted Backup and Integrity Verification
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-CCDIntrusion Prevention and Malicious Traffic Detection
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-F05Generate FHIR DiagnosticReport Base Structure
  • PRS-5LJ: Support health data interoperability using the HL7 FHIR standard
SRS-FMGRecord Analysis Duration in Report
  • PRS-5LJ: Support health data interoperability using the HL7 FHIR standard
SRS-JC6The product provides a final image validity summary
  • PRS-7XK: Characterize ingested images and extract contextual metadata
SRS-K6NMap Per-Image Analysis to a dedicated object in the report
  • PRS-7XK: Characterize ingested images and extract contextual metadata
  • PRS-5LJ: Support health data interoperability using the HL7 FHIR standard
SRS-H3JDeterministic Response Schemas
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-W5ZAssign DiagnosticReport Identifier
  • PRS-5LJ: Support health data interoperability using the HL7 FHIR standard
SRS-BWBPerformance and Latency
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-GERSystem Behavior on Internal Component Failure.
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-HUGTraceability via Correlation Identifiers
  • PRS-0MC: Comprehensive secure audit trails for user interactions
  • PRS-1V6: Expose the device’s functionality through a versioned, network-accessible API
SRS-D6WAccurate Time Synchronization
  • PRS-0MC: Comprehensive secure audit trails for user interactions
SRS-PU2Comprehensive Event Auditing
  • PRS-0MC: Comprehensive secure audit trails for user interactions
  • PRS-9F2: Cybersecurity & continuous threat detection
SRS-SI2Secure Audit Trail Access Interface
  • PRS-0MC: Comprehensive secure audit trails for user interactions
SRS-T5PAudit Record Integrity Protection
  • PRS-0MC: Comprehensive secure audit trails for user interactions
SRS-T95Audit System Failure Handling
  • PRS-0MC: Comprehensive secure audit trails for user interactions
SRS-U2PConsolidated Audit Record Content
  • PRS-0MC: Comprehensive secure audit trails for user interactions
SRS-A9FWound Bed Tissue - Epithelial
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-B3ZInflammatory Pattern Identification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-B6LWound Bed Tissue - Necrotic
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-B8NPustule Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-A4WInflammatory Nodular Lesion Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-A6TDelimited Wound Edges Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-C1RSerous Exudate Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-D7NPurulent Exudate Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-D9TMaceration Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-E4RErythema Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-Y6FCrusting Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-F2KThickened Wound Edges Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-T3KInduration Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-F6JHair Loss Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-G3PWound Perilesional Erythema Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-G9RWound Stage Classification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-H5KErythema Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-H9XLichenification Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-I7TWound Affected Tissue - Intact Skin
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-J5PHair Follicle Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-J9VIndistinguishable Wound Edges Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-K3HWound Affected Tissue - Subcutaneous
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-K4UOrthopedic Material Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-L4WDamaged Wound Edges Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-L8YBiofilm and Slough Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-M2LXerosis Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-M6PGranulation Tissue Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-N2CBone Surface Segmentation
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-N5QSwelling Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-N8WWound Affected Tissue - Dermis-Epidermis
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-O5MWound Affected Tissue - Muscle
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-L3XSkin Surface Segmentation
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-Z5NHive Lesion Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-Z8PBiofilm-Compatible Tissue Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-P4XWound Bed Tissue - Slough
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-P9WDesquamation Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-Q1LHypopigmentation or Depigmentation Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-Q8ZDiffuse Wound Edges Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-R3WWound Bed Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-R7COozing Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-S2VWound Affected Tissue - Bone
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-S8MAcneiform Lesion Type Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-T6HWound AWOSI Score Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-T9UWound Bed Tissue - Closed
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-U4MPerilesional Maceration Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-U8ZNail Lesion Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-V1DExcoriation Intensity Quantification
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
SRS-V7QNecrosis Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-W3RHyperpigmentation Surface Quantification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-W9KBloody Exudate Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-X5BFibrinous Exudate Assessment
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-X8QFollicular and Inflammatory Pattern Identification
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-Y2EWound Bed Tissue - Granulation
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
SRS-W6TOrchestrate Clinical Signs Analysis Workflow
  • PRS-2ZB: Quantitative assessment of dermatological visual sign intensity
  • PRS-3TC: Quantitative assessment of dermatological structural features and lesion morphometry
  • PRS-7XK: Image adequacy assessment for AI analysis suitability
SRS-H2VHead Detection
  • PRS-7XK: Characterize ingested images and extract contextual metadata
SRS-E1VBody Surface Segmentation
  • PRS-7XK: Characterize ingested images and extract contextual metadata
SRS-9ZTThe product classifies the image's modality
  • PRS-7XK: Characterize ingested images and extract contextual metadata
SRS-O93The product checks the image's clinical domain
  • PRS-7XK: Characterize ingested images and extract contextual metadata
SRS-Y5WThe product checks the image quality with the Dermatological Image Quality Assessment (DIQA) algorithm
  • PRS-7XK: Characterize ingested images and extract contextual metadata

Part 3: Software Requirements (SRS) to Test Cases​

SRS IdSRS NameCommit SHATest Case IdTest Case TitleReviewerReview StatusTest Case URLTest IdTest URLStatus
SRS-7PJNetwork Service Exposure3e665d001836b7047732f81944bc46a1b78d4491C50Verify the API service accepts incoming HTTP requests on the designated network portGerardo Fernández ApprovedViewT105View✅
SRS-AQMStandard HTTP Status Code Usage5437d177ca46efc0a2aee07795a01f277e7d6309C62Verify API returns 200 HTTP status codes for successful requestsGerardo Fernández ApprovedViewT106View✅
SRS-BYJJSON Data Interchange Format5437d177ca46efc0a2aee07795a01f277e7d6309C68Verify API processes JSON requests and returns JSON responses with correct Content-Type headersGerardo Fernández ApprovedViewT107View✅
SRS-DW0User Authentication Endpoint Implementation9457a72ec5a38e1da7230ded0eab6009653e2d02C77Verify successful user authentication and token generation via the POST /auth/login endpointGerardo Fernández ApprovedViewT109View✅
SRS-D3NProvision of Clinical Parameter Endpoints175ceb47259bb94067a1b32781d296431f3de0d2C73Verify retrieval and filtering of clinical signs data via /clinical/severity-experts endpointGerardo Fernández ApprovedViewT108View✅
SRS-LBSURL-Based API Versioningc0e67a0f3c8791c893d82e34e250822316f1a1b6C106Verify API endpoints are accessible via URL paths prefixed with the major and minor version identifierGerardo Fernández ApprovedViewT110View✅
SRS-MZCRequest Body Size Limitation45df8326922e46467821cd50f5ed256c1fc91265C110Verify the API returns HTTP 413 when the request body exceeds the configured maximum sizeGerardo Fernández ApprovedViewT111View✅
SRS-Q9MClinical Signs Analysis Endpoint Implementation83628274c21ab0a9f5b8708a5ba260e704cf1f04C124Verify POST /clinical/severity-assessment returns quantified results for valid image and sign listGerardo Fernández ApprovedViewT112View✅
SRS-RXKDiagnostic Support Endpoint Implementatione0acb00226584d123dbf076320fa5c982bae3de4C128Verify the diagnosis-support endpoint accepts valid images and returns diagnostic analysisGerardo Fernández ApprovedViewT113View✅
SRS-ZQOConcurrent API Version Supportc0e67a0f3c8791c893d82e34e250822316f1a1b6C162Verify simultaneous availability and processing of requests across distinct API versionsGerardo Fernández ApprovedViewT114View
SRS-ID7Input Data Validation9ddd7569150f49e8a8e7bf7dea474fd0151d969fC330Verify API rejects malformed inputs with standardized 422 Unprocessable Entity responsesGerardo Fernández ApprovedViewT115View✅
SRS-EH4Security-Safe Error Handlinge73a2e5b9fb16994ed8863928fc1170d27c89ec2C331Verify API returns sanitized error responses with appropriate HTTP status codes and no internal detailsGerardo Fernández ApprovedViewT116View✅
SRS-AQMStandard HTTP Status Code Usage5437d177ca46efc0a2aee07795a01f277e7d6309C454Verify API returns 401 HTTP status codes for wrong login requestsGerardo Fernández ApprovedViewT272View✅
SRS-AQMStandard HTTP Status Code Usage5437d177ca46efc0a2aee07795a01f277e7d6309C455Verify API returns 422 HTTP status code when invalid data is submittedGerardo Fernández ApprovedViewT273View✅
SRS-GERSystem Behavior on Internal Component Failure.1a0ccc9ff2e12bfabbb7416413594855054492a3C456Verification of controlled 503 response and graceful degradation during downstream service failure.Gerardo Fernández ApprovedViewT300View✅
SRS-6KEAPI Health Check Endpoint67fcd201c0c34f02bf9a7f296f5d30b48a449bdfC169Verify health check endpoint returns unhealthy when some service is unavailableGerardo Fernández ApprovedViewT121View✅
SRS-6KEAPI Health Check Endpoint67fcd201c0c34f02bf9a7f296f5d30b48a449bdfC46Verify the public health endpoint returns HTTP 200 and status OK when operationalGerardo Fernández ApprovedViewT118View✅
SRS-BA6Display the legal information about this medical devicebe09165d77882d22cd597701fc7208e781c4b4fdC66Verify retrieval of mandatory legal information, UDI, and regulatory metadata via APIGerardo Fernández ApprovedViewT119View✅
SRS-Z24API Documentation Endpointc5299af33cd65649bc9ac05042ddc2af2f27ec46C159Verify availability of OpenAPI specification and interactive documentation endpointsGerardo Fernández ApprovedViewT120View✅
SRS-Q3QGenerate an aggregated ICD probability distribution from a set of imagesce07d6bc71d9381b29143f6991553e397e2af717C255Verify API returns aggregated ICD probability distribution with structured code details in studyAggregate arrayGerardo Fernández ApprovedViewT122View✅
SRS-0ABGenerate per-image ICD analysis with explainability heat mapbb4ee4ec42e52cc235bcbdd8b8521075e1522883C256Verify response includes per-image ICD probabilities and heat maps for the top five categoriesGerardo Fernández ApprovedViewT123View✅
SRS-58WInclude entropy score in report66516edac9d596a17b83405b07e4b49a5ab9d25aC258Verify response includes normalized entropy score between 0 and 1 in findingsGerardo Fernández ApprovedViewT125View✅
SRS-71IInclude the indicator of needing a high priority referral in the report12c87e3ebe43cb2888704a822e151ed65ae08d03C260Verify report response includes highPriorityReferral score within riskMetrics objectGerardo Fernández ApprovedViewT127View✅
SRS-8HYInclude the indicator of malignancy in the report7a23b8e8e140bfc891a5a336b57503df3290c076C261Verify report response includes malignantConditionProbability score within riskMetrics objectGerardo Fernández ApprovedViewT128View✅
SRS-D08Include the indicator of the image presenting a pigmented lesion in the report7a23b8e8e140bfc891a5a336b57503df3290c076C262Verify report response includes pigmentedLesion score within riskMetrics objectGerardo Fernández ApprovedViewT129View✅
SRS-JLMInclude the indicator of the presence of a condition in the reporte1ff30861d0ca1d17a688780ffdc8416b08af50eC263Verify report response includes anyConditionProbability score within riskMetrics objectGerardo Fernández ApprovedViewT130View✅
SRS-KASInclude the indicator of needing an urgent referral in the report12c87e3ebe43cb2888704a822e151ed65ae08d03C264Verify report response includes urgentReferral score within riskMetrics objectGerardo Fernández ApprovedViewT131View✅
SRS-K7MOrchestrate diagnosis support workflowccd236d6da920ea8518d49352917abde3a07e380C265Verify diagnosis workflow returns ranked ICD-11 codes, binary indicators, and explainability maps for valid imagesGerardo Fernández ApprovedViewT132View✅
SRS-A9FWound Bed Tissue - Epithelial3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C266Verify epithelial tissue classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT133View✅
SRS-B3ZInflammatory Pattern Identification13d2f3fee665834cab27bf4c7775d70fc032e79fC267Verify API returns Hurley stage and inflammatory status with associated probabilities for valid image inputGerardo Fernández ApprovedViewT134View✅
SRS-B6LWound Bed Tissue - Necrotic69f87eca8bd38d25b519b7b3ae45a8b57ef87d37C268Verify tissue wound bed necrotic classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT135View✅
SRS-B8NPustule Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC269Verify pustule classification returns right intensity and confidenceGerardo Fernández ApprovedViewT136View✅
SRS-A4WInflammatory Nodular Lesion Quantification9aa3c03db45e210c2e0ebf416de2b4313876d0ddC270Verify inflammatory nodular lesion detector return correct counts and bounding boxes for drainning tunnelsGerardo Fernández ApprovedViewT137View✅
SRS-A6TDelimited Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C271Verify wound borders delimited classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT138View✅
SRS-C1RSerous Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC272Verify wound exudation serous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT139View✅
SRS-D7NPurulent Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC274Verify wound exudation purulent classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT141View✅
SRS-D9TMaceration Surface Quantificationcd6d5708a7544686f7423a834ed3aa128f84cf1fC275Verify wound maceration segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT142View✅
SRS-E4RErythema Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC276Verify erythema classification returns right intensity and confidenceGerardo Fernández ApprovedViewT143View✅
SRS-Y6FCrusting Intensity Quantificationfafd6724110f48c2a14b22d8899654fec857e6cfC277Verify crusting classification returns right intensity and confidenceGerardo Fernández ApprovedViewT144View✅
SRS-F2KThickened Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C278Verify thickened wound borders classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT145View✅
SRS-T3KInduration Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC279Verify induration classification returns right intensity and confidenceGerardo Fernández ApprovedViewT146View✅
SRS-F6JHair Loss Surface Quantification80aca9ea492b4a00d38fb9475f641d95ca7538f9C280Verify hair loss segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT147View✅
SRS-G3PWound Perilesional Erythema Assessment524ed8f71f74ccb494929fd9fd2d79649e755d99C281Verify wound perilesional erythema classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT148View✅
SRS-G9RWound Stage Classification1c08ac0744595495e59baf99844d92ca240e36afC282Verify wound stage classification returns right score and confidence metrics from a valid wound imageGerardo Fernández ApprovedViewT149View✅
SRS-H5KErythema Surface Quantification524ed8f71f74ccb494929fd9fd2d79649e755d99C283Verify erythema segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT150View✅
SRS-H9XLichenification Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC284Verify lichenification classification returns right intensity and confidenceGerardo Fernández ApprovedViewT151View✅
SRS-I7TWound Affected Tissue - Intact Skin3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C285Verify wound affected tissues intact classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT152View✅
SRS-J5PHair Follicle Quantification3da6d2f72803c32efa59bd6330f16e472e1dffb5C286Verify API returns follicle count, bounding boxes, and confidence scores for a valid scalp imageGerardo Fernández ApprovedViewT153View✅
SRS-J9VIndistinguishable Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C287Verify wound borders indistinguishable classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT154View✅
SRS-K3HWound Affected Tissue - Subcutaneous3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C288Verify wound affected tissues subcutaneous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT155View✅
SRS-K4UOrthopedic Material Surface Quantificationac4cc1b8609bc67fb67de904cae2305a35000eb3C289Verify wound orthopedic material segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT156View✅
SRS-L4WDamaged Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C290Verify wound borders damaged classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT157View✅
SRS-L8YBiofilm and Slough Surface Quantification6b479d5371886e425abf08bd1fa0fe9db1851b27C291Verify wound biofilm material segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT158View✅
SRS-M2LXerosis Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC292Verify xerosis classification returns right intensity and confidenceGerardo Fernández ApprovedViewT159View✅
SRS-M6PGranulation Tissue Surface Quantification4b3ed220fbc0dac3ac8ba4ed25dc854824596a8dC293Verify wound granulation segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT160View✅
SRS-N2CBone Surface Segmentation21985a46323f455af83abb1de509450461fb8945C294Verify wound bone segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT161View✅
SRS-N5QSwelling Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC295Verify swelling classification returns right intensity and confidenceGerardo Fernández ApprovedViewT162View✅
SRS-N8WWound Affected Tissue - Dermis-Epidermis3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C296Verify wound exudation serous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT163View✅
SRS-O5MWound Affected Tissue - Muscle3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C297Verify wound affected tissues muscle classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT164View✅
SRS-L3XSkin Surface Segmentation6402f7f36831b49314b9b1602e4a928cfc6c771eC298Verify skin segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT165View✅
SRS-Z5NHive Lesion Quantificationb43e1688a3b7bd57bebe34920cbdf4382ac5a463C299Verify hive detector return correct counts and bounding boxes for hivesGerardo Fernández ApprovedViewT166View✅
SRS-Z8PBiofilm-Compatible Tissue Assessment6b479d5371886e425abf08bd1fa0fe9db1851b27C300Verify wound biofilm tissue classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT167View✅
SRS-P4XWound Bed Tissue - Slough6b479d5371886e425abf08bd1fa0fe9db1851b27C302Verify tissue wound bed slough classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT169View✅
SRS-P9WDesquamation Intensity Quantification7b50a8f3820cd7e662dcfc14c8c6d003f9c704a9C303Verify desquamation classification returns right intensity and confidenceGerardo Fernández ApprovedViewT170View✅
SRS-Q1LHypopigmentation or Depigmentation Surface Quantification9a0390133a15a446f1eef9a4aeda874fdd747902C304Verify hypopigmentation segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT171View✅
SRS-Q8ZDiffuse Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C305Verify wound borders diffused classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT172View✅
SRS-R3WWound Bed Surface Quantification98cf89c1cea8c7a15217017e778fdb2aebfe91cbC306Verify wound bed segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT173View✅
SRS-R7COozing Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC307Verify oozing classification returns right intensity and confidenceGerardo Fernández ApprovedViewT174View✅
SRS-S2VWound Affected Tissue - Bone21985a46323f455af83abb1de509450461fb8945C308Verify wound affected tissues bone classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT175View✅
SRS-S8MAcneiform Lesion Type Quantificatione8e6d9d811a14cfb28c0280ad89ad897b3195237C309Verify acneiform detector return correct counts and bounding boxes for papules, pustules, spotsGerardo Fernández ApprovedViewT176View✅
SRS-T6HWound AWOSI Score Quantification1c08ac0744595495e59baf99844d92ca240e36afC310Verify AWOSI classification returns right score and confidence metrics from a valid wound imageGerardo Fernández ApprovedViewT177View✅
SRS-T9UWound Bed Tissue - Closed3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C311Verify tissue wound bed closed classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT178View✅
SRS-U4MPerilesional Maceration Assessmentcd6d5708a7544686f7423a834ed3aa128f84cf1fC312Verify wound perilesional maceration classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT179View✅
SRS-U8ZNail Lesion Surface Quantificationc9bff523adf85be5af207f9249ef5f0d69d47a12C313Verify nail lesion segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT180View✅
SRS-V1DExcoriation Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC314Verify excoriation classification returns right intensity and confidenceGerardo Fernández ApprovedViewT181View✅
SRS-V7QNecrosis Surface Quantification69f87eca8bd38d25b519b7b3ae45a8b57ef87d37C315Verify wound necrosis segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT182View✅
SRS-W3RHyperpigmentation Surface Quantification492182224cc07eb6b28363eeda7d44d7650a6c9dC316Verify hyperpigmentation segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT183View✅
SRS-W9KBloody Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC317Verify wound bloody exudation classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT184View✅
SRS-X5BFibrinous Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC318Verify wound exudation fibrinous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT185View✅
SRS-X8QFollicular and Inflammatory Pattern Identification3da6d2f72803c32efa59bd6330f16e472e1dffb5C319Verify follicular and inflammatory pattern identification returns right resultGerardo Fernández ApprovedViewT186View✅
SRS-Y2EWound Bed Tissue - Granulation4b3ed220fbc0dac3ac8ba4ed25dc854824596a8dC320Verify wound tissue wound bed granulation classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedViewT187View✅
SRS-W6TOrchestrate Clinical Signs Analysis Workflowccd236d6da920ea8518d49352917abde3a07e380C321Verify generation of structured clinical assessment report with quantified results for requested signs via APIGerardo Fernández ApprovedViewT188View✅
SRS-E1VBody Surface Segmentation3089eb6b2b1f76b9df0498e37cf2b05ac05cbeb6C325Verify body surface segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedViewT193View✅
SRS-S8MAcneiform Lesion Type Quantificatione8e6d9d811a14cfb28c0280ad89ad897b3195237C446Verify acneiform detector return correct counts and bounding boxes for nodules, pustules and scabsGerardo Fernández ApprovedViewT264View✅
SRS-S8MAcneiform Lesion Type Quantificatione8e6d9d811a14cfb28c0280ad89ad897b3195237C447Verify acneiform detector return correct counts and bounding boxes for scabs, comedones, papules and pustulesGerardo Fernández ApprovedViewT265View✅
SRS-Z5NHive Lesion Quantificationb43e1688a3b7bd57bebe34920cbdf4382ac5a463C448Verify hive detector return correct counts and bounding boxes for hives (second image)Gerardo Fernández ApprovedViewT266View✅
SRS-A4WInflammatory Nodular Lesion Quantification9aa3c03db45e210c2e0ebf416de2b4313876d0ddC449Verify inflammatory nodular lesion detector return correct counts and bounding boxes for non drainning tunnelsGerardo Fernández ApprovedViewT267View✅
SRS-A4WInflammatory Nodular Lesion Quantification9aa3c03db45e210c2e0ebf416de2b4313876d0ddC450Verify inflammatory nodular lesion detector return correct counts and bounding boxes for nodulesGerardo Fernández ApprovedViewT268View✅
SRS-H2VHead Detectiond696b2e9d092bfea4a77f88806660c119cbf7b88C323Verify head detection returns right bounding boxes and heads count inside an imageGerardo Fernández ApprovedViewT191View✅
SRS-9ZTThe product classifies the image's modality9316f7a8be2d571d85c8a0ddec7efba1cd488443C327Verify API returns ""clinical"" for image modality category when a skin image is providedGerardo Fernández ApprovedViewT195View✅
SRS-O93The product checks the image's clinical domain9316f7a8be2d571d85c8a0ddec7efba1cd488443C328Verify API returns image domain category equals to ""dermatological"" and confidence score for a skin imageGerardo Fernández ApprovedViewT196View✅
SRS-Y5WThe product checks the image quality with the Dermatological Image Quality Assessment (DIQA) algorithmea193ffa19a80d2322d0fbd7d22fe17ca1f45571C329Verify API returns dermatological image quality score, interpretation, and acquisition feedbackGerardo Fernández ApprovedViewT197View✅
SRS-9ZTThe product classifies the image's modality9316f7a8be2d571d85c8a0ddec7efba1cd488443C451Verify API returns ""dermoscopic"" for image modality category when a skin image is providedGerardo Fernández ApprovedViewT269View✅
SRS-O93The product checks the image's clinical domain9316f7a8be2d571d85c8a0ddec7efba1cd488443C452Verify API returns image domain category equals to ""non_dermatological"" and confidence score for a dog imageGerardo Fernández ApprovedViewT270View✅
SRS-F05Generate FHIR DiagnosticReport Base Structure866081f8469c001d52f6d7ca4493dbd2b820f9f4C453Verify FHIR DiagnosticReport base structure for a segmenterGerardo Fernández ApprovedViewT271View✅
SRS-1KWSecure Communication Protocol Enforcement45df8326922e46467821cd50f5ed256c1fc91265C332Verify API accepts requests over HTTPS using TLS 1.2 or 1.3Gerardo Fernández ApprovedViewT198View✅
SRS-1KWSecure Communication Protocol Enforcement45df8326922e46467821cd50f5ed256c1fc91265C333Verify API rejects or redirects unencrypted HTTP requestsGerardo Fernández ApprovedViewT199View✅
SRS-28XImplement progressive delays between failed login attemptsae97659c200e930e6d482ada87d85320eb6b980dC335Verify progressive increase in enforced delay across consecutive failed authentication attemptsGerardo Fernández ApprovedViewT201View✅
SRS-28XImplement progressive delays between failed login attemptsae97659c200e930e6d482ada87d85320eb6b980dC336Verify delay resets upon successful authenticationGerardo Fernández ApprovedViewT202View✅
SRS-A25Role-Based Access Control (RBAC) with Least Privilege Principle to restrict users to essential functions56792dc7766f00e6c3cd7f07da45da4808739d82C337Verify successful access to permitted endpoints for an authorized roleGerardo Fernández ApprovedViewT203View✅
SRS-A25Role-Based Access Control (RBAC) with Least Privilege Principle to restrict users to essential functions56792dc7766f00e6c3cd7f07da45da4808739d82C338Verify access denial for endpoints outside the assigned role scopeGerardo Fernández ApprovedViewT204View✅
SRS-A2BAPI Rate Limiting05a6336f79c149468746b6b212d597b7d5c1eb76C339Verify HTTP 403 response when request volume exceeds defined thresholdGerardo Fernández ApprovedViewT205View✅
SRS-A2BAPI Rate Limiting05a6336f79c149468746b6b212d597b7d5c1eb76C340Verify request acceptance after rate limit time window expirationGerardo Fernández ApprovedViewT206View✅
SRS-MM8Generated JWTs must have an expiration date0fb498ac02a4da9cf0c06e2311082a8876ad246eC341Verify generated authentication tokens include the expiration claimGerardo Fernández ApprovedViewT207View✅
SRS-MM8Generated JWTs must have an expiration date0fb498ac02a4da9cf0c06e2311082a8876ad246eC342Verify access denial for requests using an expired JWTGerardo Fernández ApprovedViewT208View✅
SRS-SDZUse hashed and salted passwordsdfbc23d18a8ad4e1026b749c2357e213aa2935aeC343Verify generation of authentication token using valid credentialsGerardo Fernández ApprovedViewT209View✅
SRS-SDZUse hashed and salted passwordsdfbc23d18a8ad4e1026b749c2357e213aa2935aeC344Verify rejection of authentication requests with invalid credentialsGerardo Fernández ApprovedViewT210View✅
SRS-SDZUse hashed and salted passwordsdfbc23d18a8ad4e1026b749c2357e213aa2935aeC345Verify password update functionality and subsequent authenticationGerardo Fernández ApprovedViewT211View✅
SRS-TPKLock accounts after five failed attemptsb60cff1087fe074f380a201655ba882b3ca9d32bC346Verify account lockout enforcement after threshold reachedGerardo Fernández ApprovedViewT212View✅
SRS-TPKLock accounts after five failed attemptsb60cff1087fe074f380a201655ba882b3ca9d32bC347Verify failed attempt counter reset on successful loginGerardo Fernández ApprovedViewT213View✅
SRS-TPKLock accounts after five failed attemptsb60cff1087fe074f380a201655ba882b3ca9d32bC348Verify administrative manual account unlock capabilityGerardo Fernández ApprovedViewT214View✅
SRS-U8MEnforce strong password policies (min. 12 characters, complexity rules, expiration policies)f620de037a1e1c3b92d9ececc17b6f15cba83b4fC349Verify enforcement of password complexity and length constraintsGerardo Fernández ApprovedViewT215View✅
SRS-U8MEnforce strong password policies (min. 12 characters, complexity rules, expiration policies)f620de037a1e1c3b92d9ececc17b6f15cba83b4fC350Verify authentication behavior for expired passwordsGerardo Fernández ApprovedViewT216View✅
SRS-WEREndpoint Access Controlc5299af33cd65649bc9ac05042ddc2af2f27ec46C351Verify protected endpoints allow access with a valid OAuth 2.0 Bearer tokenGerardo Fernández ApprovedViewT217View✅
SRS-WEREndpoint Access Controlc5299af33cd65649bc9ac05042ddc2af2f27ec46C352Verify protected endpoints reject requests lacking a valid token with 401 UnauthorizedGerardo Fernández ApprovedViewT218View✅
SRS-WEREndpoint Access Controlc5299af33cd65649bc9ac05042ddc2af2f27ec46C353Verify public endpoints are accessible without an Authorization headerGerardo Fernández ApprovedViewT219View✅
SRS-WGFAES-256 encryption for data at restd053992d42d60f71a88a28d3e56ea6da46294a5fC354Verify AES-256 encryption configuration for data storageGerardo Fernández ApprovedViewT220View✅
SRS-X9JConduct periodic access reviews to verify permissions align with job functionsf620de037a1e1c3b92d9ececc17b6f15cba83b4fC355Verify authorized administrator can retrieve current user information for reviewGerardo Fernández ApprovedViewT221View✅
SRS-X9JConduct periodic access reviews to verify permissions align with job functionsf620de037a1e1c3b92d9ececc17b6f15cba83b4fC356Verify authorized administrator can revoke permissions during access reviewGerardo Fernández ApprovedViewT222View✅
SRS-IC4Software and Configuration Integrity Verificationdc4180b5afa19d3b2bac9c1805f1b65eed2ab8bbC357Verify successful execution and audit logging of system integrity checksGerardo Fernández ApprovedViewT223View✅
SRS-BK7Encrypted Backup and Integrity Verificationd053992d42d60f71a88a28d3e56ea6da46294a5fC363Verify backup generationGerardo Fernández ApprovedViewT225View✅
SRS-BK7Encrypted Backup and Integrity Verificationd053992d42d60f71a88a28d3e56ea6da46294a5fC364Verify automated backup generationGerardo Fernández ApprovedViewT226View✅
SRS-CCDIntrusion Prevention and Malicious Traffic Detection45df8326922e46467821cd50f5ed256c1fc91265C366Verify blocking of anomalous high-frequency request burstsGerardo Fernández ApprovedViewT228View✅
SRS-F05Generate FHIR DiagnosticReport Base Structure866081f8469c001d52f6d7ca4493dbd2b820f9f4C368Verify FHIR DiagnosticReport base structure for a detectorGerardo Fernández ApprovedViewT230View✅
SRS-FMGRecord Analysis Duration in Reportef4c4f23bc67f3e0ab17075c219294dc8ff39fa1C369Verify analysisDuration field population in DiagnosticReportGerardo Fernández ApprovedViewT231View✅
SRS-JC6The product provides a final image validity summaryea193ffa19a80d2322d0fbd7d22fe17ca1f45571C370Verify isAssessable is true when domain and quality criteria are metGerardo Fernández ApprovedViewT232View✅
SRS-JC6The product provides a final image validity summaryea193ffa19a80d2322d0fbd7d22fe17ca1f45571C371Verify isAssessable is false when image quality is unacceptableGerardo Fernández ApprovedViewT233View✅
SRS-JC6The product provides a final image validity summaryea193ffa19a80d2322d0fbd7d22fe17ca1f45571C372Verify isAssessable is false when image is non-dermatologicalGerardo Fernández ApprovedViewT234View✅
SRS-K6NMap Per-Image Analysis to a dedicated object in the reportc7651f8d92ca3b2231bf87c202edb67903ca164aC373Verify single image analysis maps to structured object in imageAnalyses arrayGerardo Fernández ApprovedViewT235View✅
SRS-K6NMap Per-Image Analysis to a dedicated object in the reportc7651f8d92ca3b2231bf87c202edb67903ca164aC374Verify multiple image analyses map to distinct objects in imagingAnalysis arrayGerardo Fernández ApprovedViewT236View✅
SRS-H3JDeterministic Response Schemas9ddd7569150f49e8a8e7bf7dea474fd0151d969fC375Verify response structure compliance with OpenAPI success schemaGerardo Fernández ApprovedViewT237View✅
SRS-H3JDeterministic Response Schemas9ddd7569150f49e8a8e7bf7dea474fd0151d969fC376Verify response structure compliance with OpenAPI error schemaGerardo Fernández ApprovedViewT238View✅
SRS-W5ZAssign DiagnosticReport Identifier7c98fffc302ad65ccecb6237d6579ea5dc9c6d04C377Verify Assignment of Official Identifier to DiagnosticReportGerardo Fernández ApprovedViewT239View✅
SRS-W5ZAssign DiagnosticReport Identifier7c98fffc302ad65ccecb6237d6579ea5dc9c6d04C378Verify Uniqueness of Generated DiagnosticReport IdentifiersGerardo Fernández ApprovedViewT240View✅
SRS-D6WAccurate Time Synchronization107088729759f59e8b256bc374b3553b28c4ac47C382Verify System Timestamp Accuracy via API Response HeadersGerardo Fernández ApprovedViewT244View✅
SRS-D6WAccurate Time Synchronization107088729759f59e8b256bc374b3553b28c4ac47C383Verify System Time Synchronization and Accuracy StatusGerardo Fernández ApprovedViewT245View✅
SRS-SI2Secure Audit Trail Access Interfaced053992d42d60f71a88a28d3e56ea6da46294a5fC388Verify Role-Based Access Control for Audit Trail InterfaceGerardo Fernández ApprovedViewT247View✅
SRS-SI2Secure Audit Trail Access Interfaced053992d42d60f71a88a28d3e56ea6da46294a5fC389Verify Audit Trail Search and Export CapabilitiesGerardo Fernández ApprovedViewT248View✅
SRS-T5PAudit Record Integrity Protectiond053992d42d60f71a88a28d3e56ea6da46294a5fC391Verify audit records cannot be modified or deleted via APIGerardo Fernández ApprovedViewT249View✅
SRS-PU2Comprehensive Event Auditingd053992d42d60f71a88a28d3e56ea6da46294a5fC395Verify audit trail generation for authentication lifecycle and security anomaliesGerardo Fernández ApprovedViewT251View✅
SRS-U2PConsolidated Audit Record Contentccce090b3840da989088cd689cfa68e49ace8825C398Verify audit record completeness for successful API eventGerardo Fernández ApprovedViewT252View✅
SRS-U2PConsolidated Audit Record Contentccce090b3840da989088cd689cfa68e49ace8825C399Verify audit record completeness for failed API eventGerardo Fernández ApprovedViewT253View✅
SRS-PU2Comprehensive Event Auditingd053992d42d60f71a88a28d3e56ea6da46294a5fC410Verify audit trail generation for clinical data creation eventsGerardo Fernández ApprovedViewT255View✅
SRS-T95Audit System Failure Handling1a0ccc9ff2e12bfabbb7416413594855054492a3C413Audit record preservation during database unavailabilityGerardo Fernández ApprovedViewT258View✅
SRS-BWBPerformance and Latencyef4c4f23bc67f3e0ab17075c219294dc8ff39fa1C416Verify p95 API latency remains under 10 seconds during nominal loadGerardo Fernández ApprovedViewT261View✅

Coverage Analysis​

Risk Coverage​

To be filled
  • Total Risks Identified: 8
  • Risks with SRS Mitigation: 8 (100%)
  • Risks with Test Coverage: 8 (100%)

Requirement Coverage​

  • Total Product Requirements: 18
  • PRs with SRS Implementation: 18 (100%)
  • Total Software Requirements: 122
  • SRS with Test Cases: 122 (100%)

Test Coverage​

To be filled
  • Total Test Cases: 159
  • Tests Passed (RC3): 50 (100%)
  • Tests Failed (RC3): 0 (0%)
  • Blocked Tests (RC3): 0 (0%)

Conclusion​

This traceability matrix demonstrates complete coverage of:

  1. All identified risks are mitigated by software requirements
  2. All product requirements are implemented by software requirements
  3. All software requirements are verified by test cases
  4. All tests have been executed and passed in the final release candidate (RC3)

The traceability analysis confirms that Legit Health Plus v1.1.0.0 meets all requirements and has been adequately tested for release.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
R-TF-012-041 Software Classification 62304
Next
Review meetings
  • Purpose
  • Scope
  • Change History
  • Part 1: Risk Traceability to Software Requirements
    • Reference to Risk Management Documentation
    • Rationale for Document Separation
    • Continuous Integration Between Documents
    • What is Documented Here
  • Part 2: Product Requirements to Software Requirements
  • Part 3: Software Requirements (SRS) to Test Cases
  • Coverage Analysis
    • Risk Coverage
    • Requirement Coverage
    • Test Coverage
  • Conclusion
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)