Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • CAPA Plan - BSI CE Mark Closeout
    • Index
    • Overview and Device Description
    • Information provided by the Manufacturer
    • Design and Manufacturing Information
    • GSPR
    • Benefit-Risk Analysis and Risk Management
    • Product Verification and Validation
      • Software
        • R-TF-012-023 Software Development Plan
        • R-TF-012-033 Software Test Plan
        • R-TF-012-034 Software Test Description
        • R-TF-012-035 — Software Test Report
        • R-TF-012-038 Verified Version Release
        • R-TF-012-039 Validated Version Transfer
        • R-TF EN 62304 Checklist
        • R-TF EN 82304 Checklist
      • Artificial Intelligence
      • Cybersecurity
      • Usability and Human Factors Engineering
      • Clinical
      • Commissioning
    • Post-Market Surveillance
  • Legit.Health Plus Version 1.1.0.1
  • Legit.Health Utilities
  • Licenses and accreditations
  • Applicable Standards and Regulations
  • Pricing
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Product Verification and Validation
  • Software
  • R-TF-012-033 Software Test Plan

R-TF-012-033 Software Test Plan

Purpose​

This Software Test Plan defines the verification strategy, governance, execution approach, and evidence records for the medical device exposed as a versioned HTTPS API. The plan is requirements-driven and provides complete traceability to the software requirements baseline, with execution evidence managed through TestRail and supporting CI/CD artifacts.

The objectives of this plan are to:

  • Define the verification approach (test levels, test types, gating, regression strategy) for the API medical device.
  • Specify how each software requirement is verified, including objective pass/fail criteria and required evidence.
  • Establish traceability from requirements to test cases and test execution records.
  • Define how test records are generated, reviewed, retained, and presented as regulated evidence.

Scope​

In scope​

  • Verification of all requirements in the approved requirements baseline (functional, security, performance, reliability, data integrity, and operational/commissioning requirements).
  • Verification of externally exposed API behaviors and contracts, including:
    • GET /device/health, GET /device/about
    • GET /clinical/severity-experts
    • POST /login
    • POST /clinical/diagnosis-support, POST /clinical/severity-assessment
  • Verification of security and cybersecurity controls such as TLS enforcement, authentication/authorization behaviors, rate limiting, and audit trail behaviors.
  • Performance verification under nominal load.

Out of scope​

  • Clinical validation or clinical performance claims of AI/ML outputs against ground truth datasets (handled under separate clinical evaluation/validation protocols).
  • UI-level testing (no UI is in scope for an API-only device).
  • Non-product tooling verification except where required to establish objective evidence capture (e.g., CI artifact generation, exports).

Test management system and governance​

Tool confidence (TestRail and CI evidence pipeline)​

The control of testing evidence is divided into distinct workflows to maintain a clear audit trail for version 1.1.0.0:

  • Development Verification (Unit & Integration): These tests are executed locally. The resulting logs and a generated manifest file are uploaded manually to the 01_development_verification/ folder in S3.
  • Software Verification: Test cases are defined and indexed in TestRail. Execution occurs on the Preproduction server, with results linked from TestRail to the 02_software_verification/ folder in S3.
  • Commissioning: These environment-specific tests are managed via TestRail and executed in the Production environment. Evidence is stored in the 03_commissioning/ folder in S3.

To ensure the integrity of the manual upload process and the completeness of the release, a Manual Manifest Check is performed before final sign-off. This check confirms that all logs are present in the versioned S3 repository, matched against the manifest files, and that all TestRail-indexed activities contain valid links to their corresponding S3 objects.

s3://legit-health-plus/software-tests/v1.1.0.0/
├── 01_development_verification/
│   ├── unit_tests/                 <-- Local run logs + Manifest
│   └── integration_tests/          <-- Local run logs + Manifest
├── 02_software_verification/
│   └── preproduction/
│       └── test_plan_13/           <-- Requirement-based tests (from TestRail)
│           └── test_run_105/
├── 03_commissioning/
│   └── production/
│       └── test_plan_15/           <-- Environment/Deployment tests (from TestRail)
│           ├── test_run_274/
│           └── test_run_276/
└── manifest.json                   <-- Root manifest indexing all 3 folders

TestRail project structure​

  • Project: Medical Device
  • Suite: single suite (regulated baseline)
  • Sections (as implemented):
    • API
      • System Info
    • Diagnosis Support
    • Clinical Signs
    • Image metadata
    • Security
    • Report builder
    • Performance
    • Audit
    • Commissioning

Stable identifiers​

  • Primary Requirement Id field is authoritative and shall match the requirement code in the requirements baseline.
  • Execution identity for a run is captured via:
    • version (TestRail run custom field)
    • Run naming convention including commit_sha
    • Evidence pack manifest including the immutable build identity tuple (release tag, commit SHA and image digest when applicable)

version follows the four-digit scheme (W.X.Y.Z) defined in GP-012: X is the major increment (W is reserved for exceptional, fundamental changes), Y is the minor increment, and Z captures bug fixes and patches.

Custom fields (as implemented)​

Note on field naming

The field identifiers used in this plan (e.g., requirement_ids, primary_requirement_id, evidence_required) refer to the internal field names/keys in TestRail. The human-readable labels in the TestRail UI/export may differ. Where needed for audit/readability, a mapping between internal keys and UI labels is maintained in the TestRail administration configuration.

Test Cases​

  • requirement_ids (one per line; may include multiple; must include the authoritative RequirementID(s))
  • primary_requirement_id (single primary RequirementID for reporting)
  • test_level (Unit / Integration-Service / System-API / Commissioning)
  • test_type (Functional / Security / Performance / Reliability / Data Integrity / Installation-Maintenance)
  • automation (Automated / Manual / Hybrid)
  • nrt (Non-Regression Test membership)
  • risk_link (link to hazard/risk control IDs; if available)
  • evidence_required (explicit evidence expectations; minimum evidence is defined in “Test execution, data recording, and evidence pack”)
  • expected_results (objective pass/fail criteria; must be specific and measurable)
  • preconditions (list that must be met before execution)

Test results​

  • version (four-digit tag, e.g., vW.X.Y.Z)

Naming conventions​

Test Cases​

  • Title states what is going to be verified.
  • The requirement_ids and primary_requirement_id fields must include RequirementIDs exactly as in the requirements baseline.

Test Runs​

Test Plans vs Test Runs (TestRail)
  • A "Test plan" is a container that groups multiple "Test Runs" under a single controlled verification activity for a specific build and environment (e.g., a given {release_version}, {commit_sha}, and {env_id}).
  • A "Test Run" is the execution record where test case results (pass/fail/blocked), execution notes, and evidence are recorded for a defined scope and purpose (e.g., {run_purpose} such as Smoke, Regression, Performance, Commissioning).
  • In this test process, the "Plan" represents the overall verification campaign for a build/environment, and each "Run" represents one execution slice within that campaign.
  • Plan name: Medical Device API {release_version} (sha:{commit_sha}) — Verification Plan — {env_id}
  • Run name: Medical Device API {release_version} (sha:{commit_sha}) — {run_purpose} — {env_id}
  • {env_id} is one of: Dev / Pre / Pro.

Minimum required metadata to be present (either as run fields, run name, or in the evidence pack manifest):

  • release version
  • commit SHA
  • environment ID

Change control for test cases​

Test cases are treated as regulated records; any edits to approved cases must be controlled, traceable, and justified. To ensure the integrity of the verification process for version 1.1.0.0, the following controls are enforced:

  • Reviewer Assignment: Every test case includes a dedicated Reviewer field and a Review Status (Draft, In Review, Approved). No test case may be executed for regulated evidence until its status is set to Approved.
  • Independence of Review: To mitigate bias, the Reviewer assesses the test steps for accuracy and alignment with software requirements. For small-team configurations, the technical lead (CTO) may perform this review, provided the justification is documented in the final report to acknowledge the team-size constraint while maintaining clinical safety oversight.
  • Freezing during execution: During an active verification campaign, test cases are frozen. Fixes for minor errors in test steps are handled as controlled updates and require a recorded justification in TestRail.
  • Substantive Changes: Modifications that change the test objective, pass/fail criteria, or requirement coverage require a formal revision and a new Reviewer approval before execution.
  • Evidence Consistency: Evidence requirements (evidence_required) are mandatory acceptance criteria. These must be strictly mapped to the S3 Evidence Pack structure (folders 01 through 03) and verified against the root manifest file to ensure a complete and untampered record of results.

Requirements taxonomy and verification strategy​

Test levels (where executed)​

  • Unit: Development Environment. Fast verification of pure functions and internal logic. Logs are manually uploaded to S3 (01_development_verification/unit_tests/).
  • Integration-Service: Development Environment. Service-to-service and persistence integration. Logs are manually uploaded to S3 (01_development_verification/integration_tests/).
  • System-API: Preproduction Environment. End-to-end API contract, workflows, security controls, and response schema verification. Results are indexed in TestRail and evidence is stored in S3 (02_software_verification/).
  • Commissioning (Production)
    • Purpose: Operational verification of the deployed production release (installation, readiness, and security controls).
    • Inputs: Controlled, non-identifying test data only.
    • Execution: Restricted to approved personnel.
    • Record: Commissioning outcomes are documented in controlled commissioning records:
      • R-TF-029-001 (Deployment & Configuration)
      • R-TF-029-002 (Functional & Interface)
      • R-TF-029-003 (Clinical Workflow & Operational Readiness)
    • Indexing: A dedicated TestRail Run with test_level = Commissioning is used to index execution results and provide direct links to evidence in S3 (03_commissioning/)

Entry and exit criteria (minimum)​

Entry (before executing regulated evidence runs):

  • Requirements baseline is approved and versioned.
  • Test cases are reviewed and set to Approved status in TestRail.
  • Target environment and build identity are defined (Release Version: 1.1.0.0, Commit SHA).

Exit (release verification complete):

  • All required runs for the release/environment are executed (Unit/Integration + Preproduction Verification + Production Commissioning).
  • Any failed cases have linked defect records, disposition, and documented re-test where applicable.
  • Evidence Pack Integrity: S3 Evidence Pack is complete (Folders 01, 02, and 03) and includes the root manifest.json binding all results to the build identity.

Commissioning records (R-TF-029-001/002/003)​

Commissioning in Production follows the structure of the R-TF-029 records to ensure regulatory compliance.

  • Granularity rule: TestRail commissioning test cases are defined to match the main verification sections of the R-TF-029 records (e.g., “AI/ML Model Runtime Availability”).
  • Evidence rule: Each TestRail result links to the relevant section of the R-TF-029 record and the corresponding S3 object.
  • Baseline identification: Baseline identity is recovered from the manifest.json and includes the release version, commit SHA, and local container image IDs built via Bazel.

Test types (how classified)​

  • Functional: API behavior, workflow orchestration, report content.
  • Security: TLS, JWT Authentication, and Audit controls.
  • Performance: API latency verification (e.g., p95 latency < 10s under nominal load per Case C416).
  • Reliability: Availability and operational readiness checks.
  • Data Integrity: Schema constraints, EXIF stripping, and audit completeness.
  • Installation: Deployment environment verification and model loading.

Gating and regression strategy​

Development Gate (Local)​

  • Execution: Unit and Integration tests must pass with 100% success on the developer's local workstation.
  • Evidence: Logs and a local manifest must be generated and uploaded to S3 folder 01_development_verification/ before a build is promoted to Preproduction.

Regression Strategy (Preproduction)​

To ensure that new versions (e.g., v1.1.0.0) do not introduce regressions into established clinical workflows, the following strategy is applied:

  • Automated NRT: All test cases flagged in TestRail as Non-Regression Test (NRT) = Yes must be executed.
  • Impact-Based Testing: If a substantive change is made to a specific AI/ML expert or clinical sign (e.g., Erythema grading), all associated clinical workflow tests in Folder 02 must be re-executed, regardless of their NRT flag.
  • Performance Baseline: A regression check of API latency is mandatory; the p95 latency must not deviate significantly from the approved baseline (max 10s).

Release Candidate Gate (Preproduction)​

  • Execution: Successful completion of the designated System-API verification run in TestRail (Folder 02).
  • Review: All "Approved" test cases must show a "Passed" status, and any "Failed" cases must have a linked GitHub Issue with a documented risk disposition.

Production Commissioning Gate (Production)​

  • Execution: Execute the Commissioning run in TestRail (Folder 03) before enabling clinical traffic.
  • Readiness: Commissioning confirms environment-specific readiness (not functional behavior) and is governed by the signed R-TF-029-001/002/003 records.

Test environment​

Environment IDs and use​

  • Dev: Local workstation environment used for Unit and Integration test execution. Results are manually captured and uploaded to S3 folder 01_development_verification/.
  • Pre: Dedicated Preproduction server used for System-API verification of release candidates. Results are indexed in TestRail and stored in S3 folder 02_software_verification/.
  • Pro: Production environment used for Commissioning and final operational verification before clinical release. Results are indexed in TestRail and stored in S3 folder 03_commissioning/.

Environment controls​

For each environment, the following identifiers must be versioned and referenced within the root manifest.json to maintain the software configuration baseline:

  • API Configuration: Base URL and active routing prefix (e.g., https://plus.legit.health/v1.0/).
  • Build Identity: The unique combination of Software Version (1.1.0.0) and the Git Commit SHA.
  • Container Baseline: For the Production environment, the local Image IDs (generated by the local Bazel build) must be recorded to ensure the deployed artifacts match the verified baseline.
  • Runtime Configuration: Reference to the configuration baseline identifier (SHA-256 of the redacted .env file).
  • Security & Secrets: Credentials, API keys, and secrets (e.g., AWS_SECRET_ACCESS_KEY) SHALL NOT be stored in TestRail or evidence packs. Verification is limited to confirming that secrets are externalized and managed via protected environment variables.

Operational constraints for Pro commissioning​

To ensure clinical safety and regulatory compliance during the final deployment phase:

  • Access Control: Commissioning execution is strictly restricted to approved technical personnel (e.g., CTO/Lead Engineer).
  • Data Privacy: Only non-identifying, synthetic, or anonymized test data (verified as PII-free via EXIF stripping) may be used in the Production environment.
  • Evidence Integrity: The evidence pack must capture sufficient logs and health snapshots to prove operational readiness without exposing sensitive infrastructure data or plaintext secrets.

Planned tests​

All requirement-driven verification test cases are defined and maintained in TestRail under the section structure defined above, and traced to requirements via requirement_ids / primary_requirement_id.

The traceability matrix is maintained as a controlled export.

Test execution, data recording, and evidence pack​

What constitutes “execution evidence”​

For each TestRail Run (e.g., R15, R16), the evidence pack includes:

  • TestRail Run Export: A CSV/PDF export containing run metadata (release version, environment), tester identity, execution timestamps, and per-case outcomes.
  • Test Case Definitions: A snapshot of the approved test case versions used during the run to ensure the pass/fail meaning is reconstructible.
  • Manual Execution Artifacts:
    • Unit/Integration: Local terminal logs and coverage reports (coverage.py).
    • Verification: Request/response transcripts and server logs captured during preproduction testing.
    • Commissioning: Signed R-TF-029 records (PDF), deployment/config snapshots, and CloudWatch Synthetics screenshots.

Evidence pack storage​

System of record: Amazon S3 serves as the immutable evidence store, with TestRail providing the execution index and direct artifact links.

S3 path convention (v1.1.0.0) Evidence is organized into the following controlled hierarchy:

  • s3://legit-health-plus/software-tests/v1.1.0.0/
    • 01_development_verification/ (Unit/Integration logs + manifest)
    • 02_software_verification/ (Preproduction TestRail exports + logs)
    • 03_commissioning/ (Production TestRail exports + R-TF-029 records)
    • manifest.json (Root integrity index for all folders)

Evidence pack protection​

  • Access Control: Storage is restricted to authorized technical leads via IAM least-privilege policies.
  • Immutability: Once the manifest.json is generated and uploaded, the pack is considered a frozen regulated record. Any necessary updates must be additive and require an updated manifest.
  • Integrity: The root manifest.json binds all artifacts to the release identity (Version 1.1.0.0 and Commit SHA) using cryptographic checksums (ETags/MD5) for every file.

Relationship to T-012-035 (Test Run record)​

The “Test Run record” required by the QMS is operationalized as the combined set of:

  1. The TestRail Run Export (documenting the who, when, and what of the results).
  2. The S3 Evidence Folder (containing the raw supporting artifacts).
  3. The manifest.json (providing the integrity binding between the results and the build).

The manifest.json contains, at minimum:

  • release_version (1.1.0.0).
  • commit_sha (The unique Git identifier for the build).
  • env_id (Dev / Pre / Pro).
  • generated_at (UTC timestamp of the evidence pack finalization).
  • Artifact Inventory: A complete list of files with their S3 URIs and MD5/SHA-256 checksums to support audit reconstruction.

Evidence pack completeness expectations​

  • Verification completeness: The 02_software_verification/ folder must contain logs for all System-API cases executed in TestRail.
  • Commissioning completeness: The 03_commissioning/ folder must include the finalized and signed R-TF-029-001/002/003 records and supporting snapshots (e.g., DynamoDB audit entries, TLS certificates).
  • Validation: The manifest.json inventory must match the stored artifacts exactly; any mismatch indicates a failure in the evidence collection process.

Traceability and coverage​

Traceability mechanism​

  • Authoritative Baseline: The requirements baseline is the definitive list of RequirementIDs for Legit.Health Plus v1.1.0.0.
  • TestRail Integration: Traceability is established by mapping RequirementIDs directly into the primary_requirement_id and requirement_ids fields within TestRail test cases.
  • Traceability Matrix: A controlled export (RequirementID → Test Case ID → Evidence URI) serves as the primary record for auditing coverage.
  • Coverage Rule: Every RequirementID must map to at least one test case or be accompanied by a documented justification explaining why testing is not applicable.

Coverage completeness​

The requirements baseline and coverage status are formalized in the Traceability Matrix (Annex A). Coverage is considered complete when:

  1. Every requirement in the baseline maps to at least one Approved test case in TestRail.
  2. The manifest.json in the S3 evidence pack confirms that evidence exists for all test cases mapped to those requirements.
  3. Any requirement not tested has a documented verification rationale approved by the technical lead.

Defect management (GitHub Issues)​

Defects identified during the verification and commissioning of Legit.Health Plus are managed as controlled records to ensure clinical safety.

Problem Resolution Workflow​

  • Tracking System: Defects are tracked as GitHub Issues.
  • Linkage Rule: Any failed test result in TestRail that represents a nonconformance to a requirement must include a link to the corresponding GitHub Issue in the result comment.
  • Environmental Failures: Failures caused by infrastructure (e.g., S3 timeout) rather than software bugs must be labeled as "Environmental" in the TestRail comment. Objective evidence of the environment issue must be provided, and a re-test must be executed once the environment is stable.
  • Mandatory Defect Fields: Each GitHub Issue must record, at minimum:
    • Fix Version: (e.g., 1.1.0.0).
    • Labels: (e.g., bug, clinical-risk, commissioning).
    • Priority: (Urgency of the fix).
    • Severity: (Impact on medical safety or device performance).

Final Disposition​

The Software Test Report (STR) must confirm that all defects linked during the v1.1.0.0 campaign have been resolved, mitigated, or deferred with a documented risk assessment.

Records retention​

  • Retention Period: All test evidence packs and exports—including TestRail Plan/Run exports, per-case results, local Unit/Integration logs, coverage reports, performance results, commissioning records (R-TF-029), and the root manifest file—are retained for a minimum of 10 years.
  • System of Record: The authoritative repository for evidence packs is Amazon S3, organized by software version (e.g., v1.1.0.0/). Evidence integrity is maintained through S3 bucket versioning and the storage of a manifest.json containing a full inventory of artifacts and their cryptographic checksums.
  • Execution Index: TestRail serves as the live execution record. For every regulated verification campaign, TestRail exports (CSV/PDF) are generated and archived within the corresponding versioned S3 folder to ensure the testing record remains accessible regardless of the live tool's state.
  • Audit Trail Retention: Clinical and security audit records are retained indefinitely in DynamoDB. Retention is verified by ensuring no automated Time-to-Live (TTL) or expiry policies are active for audit tables. Audit data is immutable post-write; any administrative access or migration is performed under controlled change management with documented justification.
  • Disposal: No test evidence or audit records shall be deleted during the defined retention period. Any exceptional disposal required by legal or data protection mandates must be handled as a controlled event, preserving the overall traceability and integrity of the device's regulatory history.

References​

  • R-TF-029-001 Deployment and Configuration Commissioning Record
  • R-TF-029-002 Functional and Interface Commissioning Record
  • R-TF-029-003 Clinical Workflow and Operational Readiness Commissioning Record
  • Applicable standards for software verification planning, traceability, and records: ISO 62304 and ISO 82304-1.
  • EU MDR documentation retention expectations (used to define minimum evidence retention period).
  • Requirements baseline: Software Requirements (authoritative RequirementIDs).
  • Test management system: TestRail (project “Medical Device”).
  • CI system: GitHub Actions.
  • Defect tracker: GitHub Issues.

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-007
  • Approver: JD-001

Annexes​

  • Annex A: Traceability matrix
  • Annex B: Verification Test Cases Export

Annex A: Traceability matrix​

SRS IdSRS NameCommit SHATest Case IdTest Case TitleReviewerReview StatusTest Case URL
SRS-7PJNetwork Service Exposure3e665d001836b7047732f81944bc46a1b78d4491C50Verify the API service accepts incoming HTTP requests on the designated network portGerardo Fernández ApprovedView
SRS-AQMStandard HTTP Status Code Usage5437d177ca46efc0a2aee07795a01f277e7d6309C62Verify API returns 200 HTTP status codes for successful requestsGerardo Fernández ApprovedView
SRS-BYJJSON Data Interchange Format5437d177ca46efc0a2aee07795a01f277e7d6309C68Verify API processes JSON requests and returns JSON responses with correct Content-Type headersGerardo Fernández ApprovedView
SRS-DW0User Authentication Endpoint Implementation9457a72ec5a38e1da7230ded0eab6009653e2d02C77Verify successful user authentication and token generation via the POST /auth/login endpointGerardo Fernández ApprovedView
SRS-D3NProvision of Clinical Parameter Endpoints175ceb47259bb94067a1b32781d296431f3de0d2C73Verify retrieval and filtering of clinical signs data via /clinical/severity-experts endpointGerardo Fernández ApprovedView
SRS-LBSURL-Based API Versioningc0e67a0f3c8791c893d82e34e250822316f1a1b6C106Verify API endpoints are accessible via URL paths prefixed with the major and minor version identifierGerardo Fernández ApprovedView
SRS-MZCRequest Body Size Limitation45df8326922e46467821cd50f5ed256c1fc91265C110Verify the API returns HTTP 413 when the request body exceeds the configured maximum sizeGerardo Fernández ApprovedView
SRS-Q9MClinical Signs Analysis Endpoint Implementation83628274c21ab0a9f5b8708a5ba260e704cf1f04C124Verify POST /clinical/severity-assessment returns quantified results for valid image and sign listGerardo Fernández ApprovedView
SRS-RXKDiagnostic Support Endpoint Implementatione0acb00226584d123dbf076320fa5c982bae3de4C128Verify the diagnosis-support endpoint accepts valid images and returns diagnostic analysisGerardo Fernández ApprovedView
SRS-ZQOConcurrent API Version Supportc0e67a0f3c8791c893d82e34e250822316f1a1b6C162Verify simultaneous availability and processing of requests across distinct API versionsGerardo Fernández ApprovedView
SRS-ID7Input Data Validation9ddd7569150f49e8a8e7bf7dea474fd0151d969fC330Verify API rejects malformed inputs with standardized 422 Unprocessable Entity responsesGerardo Fernández ApprovedView
SRS-EH4Security-Safe Error Handlinge73a2e5b9fb16994ed8863928fc1170d27c89ec2C331Verify API returns sanitized error responses with appropriate HTTP status codes and no internal detailsGerardo Fernández ApprovedView
SRS-AQMStandard HTTP Status Code Usage5437d177ca46efc0a2aee07795a01f277e7d6309C454Verify API returns 401 HTTP status codes for wrong login requestsGerardo Fernández ApprovedView
SRS-AQMStandard HTTP Status Code Usage5437d177ca46efc0a2aee07795a01f277e7d6309C455Verify API returns 422 HTTP status code when invalid data is submittedGerardo Fernández ApprovedView
SRS-GERSystem Behavior on Internal Component Failure.1a0ccc9ff2e12bfabbb7416413594855054492a3C456Verification of controlled 503 response and graceful degradation during downstream service failure.Gerardo Fernández ApprovedView
SRS-6KEAPI Health Check Endpoint67fcd201c0c34f02bf9a7f296f5d30b48a449bdfC169Verify health check endpoint returns unhealthy when some service is unavailableGerardo Fernández ApprovedView
SRS-6KEAPI Health Check Endpoint67fcd201c0c34f02bf9a7f296f5d30b48a449bdfC46Verify the public health endpoint returns HTTP 200 and status OK when operationalGerardo Fernández ApprovedView
SRS-BA6Display the legal information about this medical devicebe09165d77882d22cd597701fc7208e781c4b4fdC66Verify retrieval of mandatory legal information, UDI, and regulatory metadata via APIGerardo Fernández ApprovedView
SRS-Z24API Documentation Endpointc5299af33cd65649bc9ac05042ddc2af2f27ec46C159Verify availability of OpenAPI specification and interactive documentation endpointsGerardo Fernández ApprovedView
SRS-Q3QGenerate an aggregated ICD probability distribution from a set of imagesce07d6bc71d9381b29143f6991553e397e2af717C255Verify API returns aggregated ICD probability distribution with structured code details in studyAggregate arrayGerardo Fernández ApprovedView
SRS-0ABGenerate per-image ICD analysis with explainability heat mapbb4ee4ec42e52cc235bcbdd8b8521075e1522883C256Verify response includes per-image ICD probabilities and heat maps for the top five categoriesGerardo Fernández ApprovedView
SRS-58WInclude entropy score in report66516edac9d596a17b83405b07e4b49a5ab9d25aC258Verify response includes normalized entropy score between 0 and 1 in findingsGerardo Fernández ApprovedView
SRS-71IInclude the indicator of needing a high priority referral in the report12c87e3ebe43cb2888704a822e151ed65ae08d03C260Verify report response includes highPriorityReferral score within riskMetrics objectGerardo Fernández ApprovedView
SRS-8HYInclude the indicator of malignancy in the report7a23b8e8e140bfc891a5a336b57503df3290c076C261Verify report response includes malignantConditionProbability score within riskMetrics objectGerardo Fernández ApprovedView
SRS-D08Include the indicator of the image presenting a pigmented lesion in the report7a23b8e8e140bfc891a5a336b57503df3290c076C262Verify report response includes pigmentedLesion score within riskMetrics objectGerardo Fernández ApprovedView
SRS-JLMInclude the indicator of the presence of a condition in the reporte1ff30861d0ca1d17a688780ffdc8416b08af50eC263Verify report response includes anyConditionProbability score within riskMetrics objectGerardo Fernández ApprovedView
SRS-KASInclude the indicator of needing an urgent referral in the report12c87e3ebe43cb2888704a822e151ed65ae08d03C264Verify report response includes urgentReferral score within riskMetrics objectGerardo Fernández ApprovedView
SRS-K7MOrchestrate diagnosis support workflowccd236d6da920ea8518d49352917abde3a07e380C265Verify diagnosis workflow returns ranked ICD-11 codes, binary indicators, and explainability maps for valid imagesGerardo Fernández ApprovedView
SRS-A9FWound Bed Tissue - Epithelial3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C266Verify epithelial tissue classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-B3ZInflammatory Pattern Identification13d2f3fee665834cab27bf4c7775d70fc032e79fC267Verify API returns Hurley stage and inflammatory status with associated probabilities for valid image inputGerardo Fernández ApprovedView
SRS-B6LWound Bed Tissue - Necrotic69f87eca8bd38d25b519b7b3ae45a8b57ef87d37C268Verify tissue wound bed necrotic classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-B8NPustule Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC269Verify pustule classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-A4WInflammatory Nodular Lesion Quantification9aa3c03db45e210c2e0ebf416de2b4313876d0ddC270Verify inflammatory nodular lesion detector return correct counts and bounding boxes for drainning tunnelsGerardo Fernández ApprovedView
SRS-A6TDelimited Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C271Verify wound borders delimited classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-C1RSerous Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC272Verify wound exudation serous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-D7NPurulent Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC274Verify wound exudation purulent classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-D9TMaceration Surface Quantificationcd6d5708a7544686f7423a834ed3aa128f84cf1fC275Verify wound maceration segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-E4RErythema Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC276Verify erythema classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-Y6FCrusting Intensity Quantificationfafd6724110f48c2a14b22d8899654fec857e6cfC277Verify crusting classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-F2KThickened Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C278Verify thickened wound borders classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-T3KInduration Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC279Verify induration classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-F6JHair Loss Surface Quantification80aca9ea492b4a00d38fb9475f641d95ca7538f9C280Verify hair loss segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-G3PWound Perilesional Erythema Assessment524ed8f71f74ccb494929fd9fd2d79649e755d99C281Verify wound perilesional erythema classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-G9RWound Stage Classification1c08ac0744595495e59baf99844d92ca240e36afC282Verify wound stage classification returns right score and confidence metrics from a valid wound imageGerardo Fernández ApprovedView
SRS-H5KErythema Surface Quantification524ed8f71f74ccb494929fd9fd2d79649e755d99C283Verify erythema segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-H9XLichenification Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC284Verify lichenification classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-I7TWound Affected Tissue - Intact Skin3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C285Verify wound affected tissues intact classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-J5PHair Follicle Quantification3da6d2f72803c32efa59bd6330f16e472e1dffb5C286Verify API returns follicle count, bounding boxes, and confidence scores for a valid scalp imageGerardo Fernández ApprovedView
SRS-J9VIndistinguishable Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C287Verify wound borders indistinguishable classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-K3HWound Affected Tissue - Subcutaneous3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C288Verify wound affected tissues subcutaneous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-K4UOrthopedic Material Surface Quantificationac4cc1b8609bc67fb67de904cae2305a35000eb3C289Verify wound orthopedic material segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-L4WDamaged Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C290Verify wound borders damaged classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-L8YBiofilm and Slough Surface Quantification6b479d5371886e425abf08bd1fa0fe9db1851b27C291Verify wound biofilm material segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-M2LXerosis Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC292Verify xerosis classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-M6PGranulation Tissue Surface Quantification4b3ed220fbc0dac3ac8ba4ed25dc854824596a8dC293Verify wound granulation segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-N2CBone Surface Segmentation21985a46323f455af83abb1de509450461fb8945C294Verify wound bone segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-N5QSwelling Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC295Verify swelling classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-N8WWound Affected Tissue - Dermis-Epidermis3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C296Verify wound exudation serous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-O5MWound Affected Tissue - Muscle3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C297Verify wound affected tissues muscle classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-L3XSkin Surface Segmentation6402f7f36831b49314b9b1602e4a928cfc6c771eC298Verify skin segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-Z5NHive Lesion Quantificationb43e1688a3b7bd57bebe34920cbdf4382ac5a463C299Verify hive detector return correct counts and bounding boxes for hivesGerardo Fernández ApprovedView
SRS-Z8PBiofilm-Compatible Tissue Assessment6b479d5371886e425abf08bd1fa0fe9db1851b27C300Verify wound biofilm tissue classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-P4XWound Bed Tissue - Slough6b479d5371886e425abf08bd1fa0fe9db1851b27C302Verify tissue wound bed slough classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-P9WDesquamation Intensity Quantification7b50a8f3820cd7e662dcfc14c8c6d003f9c704a9C303Verify desquamation classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-Q1LHypopigmentation or Depigmentation Surface Quantification9a0390133a15a446f1eef9a4aeda874fdd747902C304Verify hypopigmentation segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-Q8ZDiffuse Wound Edges Assessment0b81afcee7dfbb8aa6c62ad3642235d545c017f9C305Verify wound borders diffused classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-R3WWound Bed Surface Quantification98cf89c1cea8c7a15217017e778fdb2aebfe91cbC306Verify wound bed segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-R7COozing Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC307Verify oozing classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-S2VWound Affected Tissue - Bone21985a46323f455af83abb1de509450461fb8945C308Verify wound affected tissues bone classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-S8MAcneiform Lesion Type Quantificatione8e6d9d811a14cfb28c0280ad89ad897b3195237C309Verify acneiform detector return correct counts and bounding boxes for papules, pustules, spotsGerardo Fernández ApprovedView
SRS-T6HWound AWOSI Score Quantification1c08ac0744595495e59baf99844d92ca240e36afC310Verify AWOSI classification returns right score and confidence metrics from a valid wound imageGerardo Fernández ApprovedView
SRS-T9UWound Bed Tissue - Closed3cc2af57186b3e2d6e104bbd4d0fa453bb933a05C311Verify tissue wound bed closed classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-U4MPerilesional Maceration Assessmentcd6d5708a7544686f7423a834ed3aa128f84cf1fC312Verify wound perilesional maceration classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-U8ZNail Lesion Surface Quantificationc9bff523adf85be5af207f9249ef5f0d69d47a12C313Verify nail lesion segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-V1DExcoriation Intensity Quantification8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC314Verify excoriation classification returns right intensity and confidenceGerardo Fernández ApprovedView
SRS-V7QNecrosis Surface Quantification69f87eca8bd38d25b519b7b3ae45a8b57ef87d37C315Verify wound necrosis segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-W3RHyperpigmentation Surface Quantification492182224cc07eb6b28363eeda7d44d7650a6c9dC316Verify hyperpigmentation segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-W9KBloody Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC317Verify wound bloody exudation classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-X5BFibrinous Exudate Assessment8a90efa14fb67f3f8ae28a1561537d8b46f13f1fC318Verify wound exudation fibrinous classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-X8QFollicular and Inflammatory Pattern Identification3da6d2f72803c32efa59bd6330f16e472e1dffb5C319Verify follicular and inflammatory pattern identification returns right resultGerardo Fernández ApprovedView
SRS-Y2EWound Bed Tissue - Granulation4b3ed220fbc0dac3ac8ba4ed25dc854824596a8dC320Verify wound tissue wound bed granulation classification returns right presence prediction and confidence scoreGerardo Fernández ApprovedView
SRS-W6TOrchestrate Clinical Signs Analysis Workflowccd236d6da920ea8518d49352917abde3a07e380C321Verify generation of structured clinical assessment report with quantified results for requested signs via APIGerardo Fernández ApprovedView
SRS-E1VBody Surface Segmentation3089eb6b2b1f76b9df0498e37cf2b05ac05cbeb6C325Verify body surface segmentation analysis returns segmentation masks and the right percentage of surface affectedGerardo Fernández ApprovedView
SRS-S8MAcneiform Lesion Type Quantificatione8e6d9d811a14cfb28c0280ad89ad897b3195237C446Verify acneiform detector return correct counts and bounding boxes for nodules, pustules and scabsGerardo Fernández ApprovedView
SRS-S8MAcneiform Lesion Type Quantificatione8e6d9d811a14cfb28c0280ad89ad897b3195237C447Verify acneiform detector return correct counts and bounding boxes for scabs, comedones, papules and pustulesGerardo Fernández ApprovedView
SRS-Z5NHive Lesion Quantificationb43e1688a3b7bd57bebe34920cbdf4382ac5a463C448Verify hive detector return correct counts and bounding boxes for hives (second image)Gerardo Fernández ApprovedView
SRS-A4WInflammatory Nodular Lesion Quantification9aa3c03db45e210c2e0ebf416de2b4313876d0ddC449Verify inflammatory nodular lesion detector return correct counts and bounding boxes for non drainning tunnelsGerardo Fernández ApprovedView
SRS-A4WInflammatory Nodular Lesion Quantification9aa3c03db45e210c2e0ebf416de2b4313876d0ddC450Verify inflammatory nodular lesion detector return correct counts and bounding boxes for nodulesGerardo Fernández ApprovedView
SRS-H2VHead Detectiond696b2e9d092bfea4a77f88806660c119cbf7b88C323Verify head detection returns right bounding boxes and heads count inside an imageGerardo Fernández ApprovedView
SRS-9ZTThe product classifies the image's modality9316f7a8be2d571d85c8a0ddec7efba1cd488443C327Verify API returns ""clinical"" for image modality category when a skin image is providedGerardo Fernández ApprovedView
SRS-O93The product checks the image's clinical domain9316f7a8be2d571d85c8a0ddec7efba1cd488443C328Verify API returns image domain category equals to ""dermatological"" and confidence score for a skin imageGerardo Fernández ApprovedView
SRS-Y5WThe product checks the image quality with the Dermatological Image Quality Assessment (DIQA) algorithmea193ffa19a80d2322d0fbd7d22fe17ca1f45571C329Verify API returns dermatological image quality score, interpretation, and acquisition feedbackGerardo Fernández ApprovedView
SRS-9ZTThe product classifies the image's modality9316f7a8be2d571d85c8a0ddec7efba1cd488443C451Verify API returns ""dermoscopic"" for image modality category when a skin image is providedGerardo Fernández ApprovedView
SRS-O93The product checks the image's clinical domain9316f7a8be2d571d85c8a0ddec7efba1cd488443C452Verify API returns image domain category equals to ""non_dermatological"" and confidence score for a dog imageGerardo Fernández ApprovedView
SRS-F05Generate FHIR DiagnosticReport Base Structure866081f8469c001d52f6d7ca4493dbd2b820f9f4C453Verify FHIR DiagnosticReport base structure for a segmenterGerardo Fernández ApprovedView
SRS-1KWSecure Communication Protocol Enforcement45df8326922e46467821cd50f5ed256c1fc91265C332Verify API accepts requests over HTTPS using TLS 1.2 or 1.3Gerardo Fernández ApprovedView
SRS-1KWSecure Communication Protocol Enforcement45df8326922e46467821cd50f5ed256c1fc91265C333Verify API rejects or redirects unencrypted HTTP requestsGerardo Fernández ApprovedView
SRS-28XImplement progressive delays between failed login attemptsae97659c200e930e6d482ada87d85320eb6b980dC335Verify progressive increase in enforced delay across consecutive failed authentication attemptsGerardo Fernández ApprovedView
SRS-28XImplement progressive delays between failed login attemptsae97659c200e930e6d482ada87d85320eb6b980dC336Verify delay resets upon successful authenticationGerardo Fernández ApprovedView
SRS-A25Role-Based Access Control (RBAC) with Least Privilege Principle to restrict users to essential functions56792dc7766f00e6c3cd7f07da45da4808739d82C337Verify successful access to permitted endpoints for an authorized roleGerardo Fernández ApprovedView
SRS-A25Role-Based Access Control (RBAC) with Least Privilege Principle to restrict users to essential functions56792dc7766f00e6c3cd7f07da45da4808739d82C338Verify access denial for endpoints outside the assigned role scopeGerardo Fernández ApprovedView
SRS-A2BAPI Rate Limiting05a6336f79c149468746b6b212d597b7d5c1eb76C339Verify HTTP 403 response when request volume exceeds defined thresholdGerardo Fernández ApprovedView
SRS-A2BAPI Rate Limiting05a6336f79c149468746b6b212d597b7d5c1eb76C340Verify request acceptance after rate limit time window expirationGerardo Fernández ApprovedView
SRS-MM8Generated JWTs must have an expiration date0fb498ac02a4da9cf0c06e2311082a8876ad246eC341Verify generated authentication tokens include the expiration claimGerardo Fernández ApprovedView
SRS-MM8Generated JWTs must have an expiration date0fb498ac02a4da9cf0c06e2311082a8876ad246eC342Verify access denial for requests using an expired JWTGerardo Fernández ApprovedView
SRS-SDZUse hashed and salted passwordsdfbc23d18a8ad4e1026b749c2357e213aa2935aeC343Verify generation of authentication token using valid credentialsGerardo Fernández ApprovedView
SRS-SDZUse hashed and salted passwordsdfbc23d18a8ad4e1026b749c2357e213aa2935aeC344Verify rejection of authentication requests with invalid credentialsGerardo Fernández ApprovedView
SRS-SDZUse hashed and salted passwordsdfbc23d18a8ad4e1026b749c2357e213aa2935aeC345Verify password update functionality and subsequent authenticationGerardo Fernández ApprovedView
SRS-TPKLock accounts after five failed attemptsb60cff1087fe074f380a201655ba882b3ca9d32bC346Verify account lockout enforcement after threshold reachedGerardo Fernández ApprovedView
SRS-TPKLock accounts after five failed attemptsb60cff1087fe074f380a201655ba882b3ca9d32bC347Verify failed attempt counter reset on successful loginGerardo Fernández ApprovedView
SRS-TPKLock accounts after five failed attemptsb60cff1087fe074f380a201655ba882b3ca9d32bC348Verify administrative manual account unlock capabilityGerardo Fernández ApprovedView
SRS-U8MEnforce strong password policies (min. 12 characters, complexity rules, expiration policies)f620de037a1e1c3b92d9ececc17b6f15cba83b4fC349Verify enforcement of password complexity and length constraintsGerardo Fernández ApprovedView
SRS-U8MEnforce strong password policies (min. 12 characters, complexity rules, expiration policies)f620de037a1e1c3b92d9ececc17b6f15cba83b4fC350Verify authentication behavior for expired passwordsGerardo Fernández ApprovedView
SRS-WEREndpoint Access Controlc5299af33cd65649bc9ac05042ddc2af2f27ec46C351Verify protected endpoints allow access with a valid OAuth 2.0 Bearer tokenGerardo Fernández ApprovedView
SRS-WEREndpoint Access Controlc5299af33cd65649bc9ac05042ddc2af2f27ec46C352Verify protected endpoints reject requests lacking a valid token with 401 UnauthorizedGerardo Fernández ApprovedView
SRS-WEREndpoint Access Controlc5299af33cd65649bc9ac05042ddc2af2f27ec46C353Verify public endpoints are accessible without an Authorization headerGerardo Fernández ApprovedView
SRS-WGFAES-256 encryption for data at restd053992d42d60f71a88a28d3e56ea6da46294a5fC354Verify AES-256 encryption configuration for data storageGerardo Fernández ApprovedView
SRS-X9JConduct periodic access reviews to verify permissions align with job functionsf620de037a1e1c3b92d9ececc17b6f15cba83b4fC355Verify authorized administrator can retrieve current user information for reviewGerardo Fernández ApprovedView
SRS-X9JConduct periodic access reviews to verify permissions align with job functionsf620de037a1e1c3b92d9ececc17b6f15cba83b4fC356Verify authorized administrator can revoke permissions during access reviewGerardo Fernández ApprovedView
SRS-IC4Software and Configuration Integrity Verificationdc4180b5afa19d3b2bac9c1805f1b65eed2ab8bbC357Verify successful execution and audit logging of system integrity checksGerardo Fernández ApprovedView
SRS-BK7Encrypted Backup and Integrity Verificationd053992d42d60f71a88a28d3e56ea6da46294a5fC363Verify backup generationGerardo Fernández ApprovedView
SRS-BK7Encrypted Backup and Integrity Verificationd053992d42d60f71a88a28d3e56ea6da46294a5fC364Verify automated backup generationGerardo Fernández ApprovedView
SRS-CCDIntrusion Prevention and Malicious Traffic Detection45df8326922e46467821cd50f5ed256c1fc91265C366Verify blocking of anomalous high-frequency request burstsGerardo Fernández ApprovedView
SRS-F05Generate FHIR DiagnosticReport Base Structure866081f8469c001d52f6d7ca4493dbd2b820f9f4C368Verify FHIR DiagnosticReport base structure for a detectorGerardo Fernández ApprovedView
SRS-FMGRecord Analysis Duration in Reportef4c4f23bc67f3e0ab17075c219294dc8ff39fa1C369Verify analysisDuration field population in DiagnosticReportGerardo Fernández ApprovedView
SRS-JC6The product provides a final image validity summaryea193ffa19a80d2322d0fbd7d22fe17ca1f45571C370Verify isAssessable is true when domain and quality criteria are metGerardo Fernández ApprovedView
SRS-JC6The product provides a final image validity summaryea193ffa19a80d2322d0fbd7d22fe17ca1f45571C371Verify isAssessable is false when image quality is unacceptableGerardo Fernández ApprovedView
SRS-JC6The product provides a final image validity summaryea193ffa19a80d2322d0fbd7d22fe17ca1f45571C372Verify isAssessable is false when image is non-dermatologicalGerardo Fernández ApprovedView
SRS-K6NMap Per-Image Analysis to a dedicated object in the reportc7651f8d92ca3b2231bf87c202edb67903ca164aC373Verify single image analysis maps to structured object in imageAnalyses arrayGerardo Fernández ApprovedView
SRS-K6NMap Per-Image Analysis to a dedicated object in the reportc7651f8d92ca3b2231bf87c202edb67903ca164aC374Verify multiple image analyses map to distinct objects in imagingAnalysis arrayGerardo Fernández ApprovedView
SRS-H3JDeterministic Response Schemas9ddd7569150f49e8a8e7bf7dea474fd0151d969fC375Verify response structure compliance with OpenAPI success schemaGerardo Fernández ApprovedView
SRS-H3JDeterministic Response Schemas9ddd7569150f49e8a8e7bf7dea474fd0151d969fC376Verify response structure compliance with OpenAPI error schemaGerardo Fernández ApprovedView
SRS-W5ZAssign DiagnosticReport Identifier7c98fffc302ad65ccecb6237d6579ea5dc9c6d04C377Verify Assignment of Official Identifier to DiagnosticReportGerardo Fernández ApprovedView
SRS-W5ZAssign DiagnosticReport Identifier7c98fffc302ad65ccecb6237d6579ea5dc9c6d04C378Verify Uniqueness of Generated DiagnosticReport IdentifiersGerardo Fernández ApprovedView
SRS-D6WAccurate Time Synchronization107088729759f59e8b256bc374b3553b28c4ac47C382Verify System Timestamp Accuracy via API Response HeadersGerardo Fernández ApprovedView
SRS-D6WAccurate Time Synchronization107088729759f59e8b256bc374b3553b28c4ac47C383Verify System Time Synchronization and Accuracy StatusGerardo Fernández ApprovedView
SRS-SI2Secure Audit Trail Access Interfaced053992d42d60f71a88a28d3e56ea6da46294a5fC388Verify Role-Based Access Control for Audit Trail InterfaceGerardo Fernández ApprovedView
SRS-SI2Secure Audit Trail Access Interfaced053992d42d60f71a88a28d3e56ea6da46294a5fC389Verify Audit Trail Search and Export CapabilitiesGerardo Fernández ApprovedView
SRS-T5PAudit Record Integrity Protectiond053992d42d60f71a88a28d3e56ea6da46294a5fC391Verify audit records cannot be modified or deleted via APIGerardo Fernández ApprovedView
SRS-PU2Comprehensive Event Auditingd053992d42d60f71a88a28d3e56ea6da46294a5fC395Verify audit trail generation for authentication lifecycle and security anomaliesGerardo Fernández ApprovedView
SRS-U2PConsolidated Audit Record Contentccce090b3840da989088cd689cfa68e49ace8825C398Verify audit record completeness for successful API eventGerardo Fernández ApprovedView
SRS-U2PConsolidated Audit Record Contentccce090b3840da989088cd689cfa68e49ace8825C399Verify audit record completeness for failed API eventGerardo Fernández ApprovedView
SRS-PU2Comprehensive Event Auditingd053992d42d60f71a88a28d3e56ea6da46294a5fC410Verify audit trail generation for clinical data creation eventsGerardo Fernández ApprovedView
SRS-T95Audit System Failure Handling1a0ccc9ff2e12bfabbb7416413594855054492a3C413Audit record preservation during database unavailabilityGerardo Fernández ApprovedView
SRS-BWBPerformance and Latencyef4c4f23bc67f3e0ab17075c219294dc8ff39fa1C416Verify p95 API latency remains under 10 seconds during nominal loadGerardo Fernández ApprovedView

Annex B: Verification Test Cases Export​

  • File: test_rail_verification_tests.csv
Previous
R-TF-012-023 Software Development Plan
Next
R-TF-012-034 Software Test Description
  • Purpose
  • Scope
    • In scope
    • Out of scope
  • Test management system and governance
    • Tool confidence (TestRail and CI evidence pipeline)
    • TestRail project structure
    • Stable identifiers
    • Custom fields (as implemented)
      • Test Cases
      • Test results
    • Naming conventions
      • Test Cases
      • Test Runs
    • Change control for test cases
  • Requirements taxonomy and verification strategy
    • Test levels (where executed)
    • Entry and exit criteria (minimum)
    • Commissioning records (R-TF-029-001/002/003)
    • Test types (how classified)
    • Gating and regression strategy
      • Development Gate (Local)
      • Regression Strategy (Preproduction)
      • Release Candidate Gate (Preproduction)
      • Production Commissioning Gate (Production)
  • Test environment
    • Environment IDs and use
    • Environment controls
    • Operational constraints for Pro commissioning
  • Planned tests
  • Test execution, data recording, and evidence pack
    • What constitutes “execution evidence”
    • Evidence pack storage
      • Evidence pack protection
    • Relationship to T-012-035 (Test Run record)
    • Evidence pack completeness expectations
  • Traceability and coverage
    • Traceability mechanism
    • Coverage completeness
  • Defect management (GitHub Issues)
    • Problem Resolution Workflow
    • Final Disposition
  • Records retention
  • References
  • Annexes
    • Annex A: Traceability matrix
    • Annex B: Verification Test Cases Export
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI Labs Group S.L.)