Requirements traceability is a sub-discipline of requirements management within software development and systems engineering. Traceability as a general term is defined by the IEEE Systems and Software Engineering Vocabulary as (1) the degree to which a relationship can be established between two or more products of the development process, especially products having a predecessor-successor or master-subordinate relationship to one another; (2) the identification and documentation of derivation paths (upward) and allocation or flowdown paths (downward) of work products in the work product hierarchy; (3) the degree to which each element in a software development product establishes its reason for existing; and (4) discernable association among two or more logical entities, such as requirements, system elements, verifications, or tasks.
Requirements traceability in particular, is defined as "the ability to describe and follow the life of a requirement in both a forwards and backwards direction (i.e., from its origins, through its development and specification, to its subsequent deployment and use, and through periods of ongoing refinement and iteration in any of these phases)". In the requirements engineering field, traceability is about understanding how high-level requirements – objectives, goals, aims, aspirations, expectations, needs – are transformed into low-level requirements. It is therefore primarily concerned with satisfaction relationships between layers of information (aka artefacts). However, traceability may document relationships between many kinds of development artefacts, such as requirements, specification statements, designs, tests, models and developed components. For example, it is common practice to capture verification relationships to demonstrate that a requirement is verified by a certain test artefact.
Traceability is especially relevant when developing safety-critical systems and therefore prescribed by safety guidelines, such as DO178C, ISO 26262, and IEC61508. A common requirement of these guidelines is that critical requirements must be verified and that this verification must be demonstrated through traceability.
Tracing towards and beyond the requirements
Pre-Requirements Traceability. Requirements come from different sources, like the business person ordering the product, the marketing manager and the actual user. These people all have different requirements of the product. Using requirements traceability, an implemented feature can be traced back to the person or group that wanted it during the requirements elicitation. This can be used during the development process to prioritize the requirement, determining how valuable the requirement is to a specific user. It can also be used after the deployment when user studies show that a feature is not used, to see why it was required in the first place.
Post-Requirements Traceability. Not only the requirements themselves should be traced but also the requirements relationship with all the artefacts associated with it, such as models, analysis results, test cases, test procedures, test results and documentation of all kinds. Even people and user groups associated with requirements should be traceable. Requirements are realized into design artefacts, implementation, and finally, verified. Artefacts tied to the latter stages should be traced back to the requirements as well. This is typically done via a requirements traceability matrix.
Establishing traceability beyond requirements into design, implementation, and verification artefacts can become difficult. When implementing software requirements for instance, the requirements may be in a requirements management tool, while the design artefacts may be in a tool such as MagicDraw, Mathworks Simulink, Telelogic Rhapsody, and Microsoft Visio. In other cases, including for little projects, requirements may be included in MS Word or PDF document, and managed with tools like Reqchecker.
Furthermore, implementation artefacts will likely be in the form of source files, links to which can be established in various ways at various scopes. Verification artefacts such as those generated by internal tests or formal verification tools (e.g., LDRA Testbed suite, Parasoft Concerto, and SCADE)
Repository or tool stack integration can present a significant challenge to maintaining traceability in a dynamic system.
Usage of traceability information
- Change Impact analysis – if a requirement is changing, trace links inform about related and dependent artefacts. These artefacts can easily be verified and if required be adjusted. The probability to overlook related artefacts is reduced.
- Coverage analysis – Traceability ensures that no requirements are overlooked. Especially when certifying safety-critical products it is necessary to demonstrate that all requirements are realized.
- Project status analysis – Tracking of the project status is possible: analyzing the traceability data allows to see the completion status of the requirements. Requirements without links or with incomplete trace chain (e.g. requirements with implementation but without tests) indicate that further work is necessary. The missing links show which concrete artefacts are missing and need to be realized.
- Reuse of product components – it is possible to structure requirements and their linked artefacts in packages. These packages can be used for different products.
- Persisting relationships – Often knowledge of a project or product is in the head of specific persons. By use of traceability this knowledge is saved by visualizing the relation between the different artefacts. This knowledge remains even if a person leaves the project.
- Test optimization – By linking requirements, source code, test cases and test results it is easy to identify affected parts of the source code if tests fail. Furthermore, redundant test cases can be identified and eliminated.
A more complete overview of development activities supported by traceability and their relevance is given in.
Practical use of traceability information
Extensive studies document the effectiveness, but also the difficulties of capturing traceability information:
- Traceability accelerates and improves development activities - A study with 71 subjects who performed source code changes with and without traceability support showed significant benefits of traceability. Developers completed tasks with traceability support 24% faster and 50% more correct.
- More complete traceability helps avoiding software defects - In an analysis of development data from 24 medium-sized and large open-source projects, a statistically significant relationship between the completeness of the captured traceability information and the defect rate of the developed source code was found. Components with more complete traceability showed a lower number of defects (aka bugs).
- Achieving compliant traceability is difficult - An analysis of the pre-market testing of software in medical devices at the US Food and Drug Administration (FDA) in 2013 identified significant gaps between prescribed and filed traceability information. The quest towards a standard-conformable traceability often results in a "Big Freeze". Big freeze, since companies aim to avoid further development because re-certification is associated with enormous effort.
Visualization of traceability information
One goal of traceability is to visualize the relationship between artefacts. As the number and complexity of trace links increases, techniques for traceability visualization are necessary. A visualization can include information about the artefacts (e.g. artefact type, metadata, attributes) and links (e.g. link typ, metadata, link strength).
- Traceability matrix – A traceability matrix is a table-like representation that maps artefacts of one type (e.g., requirements) depicted in columns to artefacts of another type (e.g., source code) depicted in rows. Cells visualize a trace between two artefacts if filled or a non-trace if left empty. The advantage of traceability matrices is that all links between artefacts are visible at a glance. Filters help to reduce the amount of displayed information. Traceability matrices are suitable for management tasks. However, in industry projects often consist of thousands of artefacts: the tables could become very large and confusing.
- Traceability graph – In a traceability graph artefacts are represented as nodes. Nodes are connected by edges, if a trace link between the artefacts exists. Graphs are especially suitable for development tasks. They allow getting an overview on the links exploratively and are characterized by a high information comprehension ratio. By navigating through the graph it is easy to identify missing links as a hint to create required artefacts.
- List – Lists represent traceability links in one entry. This entry could include information concerning the source and target artefact and attributes. They are especially suitable when bulk operations for several different artefacts should be executed. Filters and sorting mechanisms allow to handle the displayed information. However, compared to the visualizations described above lists are less suitable to execute project management, development and testing tasks.
- Hyperlink – Hyperlinks connect linked artefacts and allow to “jump” from a source artefact to a linked artefact. This visualization is suitable if detailed information about an artefact is needed as it allows to navigate to artefacts in their native environment. Using hyperlinks solely has the disadvantage that a lot of navigation effort is necessary to get an overview on the link status as linked artefacts are not visualized compactly.
Visualizations can be combined to overcome their specific limitations.
Traceability is realized by capturing traces either entirely manual or tool supported, e.g. as spreadsheet in Microsoft Excel. Though widely applied, this process is cumbersome, error-prone, and often leads to traceability information that is of insufficient quality due to the various involved development tools and the typically very high number of artefacts to be traced.
Tool-supported traceability requires that development information that is distributed across a whole chain of development tools to be homogenized and aggregated. The following approaches exist for reaching this state:
Homogenization of the tool environment through an ALM tool – ALM tool chains cover the whole life-cycle of a system and manage all artefacts of the development process in a holistic approach. Issue trackers implementing the Volere requirements template have been used successfully in distributed environments. The advantage of this approach is that the homogenization of artefacts allows to manage and analyze them easily with dedicated tools of the ALM tool. The disadvantage is that it is necessary to implement the whole ALM tool chain. If introduced, it is difficult to replace specific tools in the tool chain.
Homogenization of data through surrogate requirements – Requirements management (RM) tools allow storing, organizing, and managing all requirements of a system's specifications and typically arrange them in a specification tree that links each requirement to its parent requirement in the higher specification. Commercial RM tools with traceability support are, e.g., 3SL Cradle, CASE Spec, IRise, Gatherspace, IBM Rational RequisitePro, IBM DOORS, CaliberRM, QFDCapture and Matrix_Requirements_Medical. Freely available tools are, e.g., FreeMind and Concordion. Typical analysis functions based on recorded traceability information are, e.g., completeness checks i.e. do all system level requirements go down to equipment level (with or without modification), assessment of requirements deviations over all levels, and qualification status presentation. In order to ensure traceability to artefact types beyond requirements, RM tools often allow to import other artefacts as surrogate requirements that can then be traced with the tool's requirements tracing methods. For example, elements of a Mathworks Simulink model can be imported into an IBM Rational DOORS surrogate module and then be related to requirements. The disadvantage of this approach is that different adapters or converters for the different artefact types are necessary that need to have a consistent version and data format. In contrast to ALM tools this consistency must be carried out oneself.
- "Systems and software engineering – Vocabulary". ISO/IEC/IEEE 24765:2010(E): 1–418. 2010-12-01. doi:10.1109/IEEESTD.2010.5733835.
- "IEEE Guide for Developing System Requirements Specifications". 1998 Edition IEEE Std 1233: 1–36. 1998-12-01. doi:10.1109/IEEESTD.1998.88826.
- "IEEE Guide for Information Technology - System Definition - Concept of Operations (ConOps) Document". IEEE Std 1362-1998: 1–24. 1998-12-01. doi:10.1109/IEEESTD.1998.89424.
- Gotel, O.C.Z.; Finkelstein, C.W. "An analysis of the requirements traceability problem". Proceedings of IEEE International Conference on Requirements Engineering. doi:10.1109/icre.1994.292398.
- Gotel, Orlena; Cleland-Huang, Jane; Hayes, Jane Huffman; Zisman, Andrea; Egyed, Alexander; Grünbacher, Paul; Dekhtyar, Alex; Antoniol, Giuliano; Maletic, Jonathan (2012-01-01). Cleland-Huang, Jane; Gotel, Orlena; Zisman, Andrea, eds. Software and Systems Traceability. Springer London. pp. 3–22. doi:10.1007/978-1-4471-2239-5_1. ISBN 9781447122388.
- Hull, Elizabeth; Ken Jackson; Jeremy Dick (2005). Requirements Engineering (Second Edition). Springer. pp. 9–13, 131–151. ISBN 1-85233-879-2.
- Pinheiro F.A.C. and Goguen J.A., "An object-oriented tool for tracing requirements", IEEE Software 1996, 13(2), pp. 52-64
- Mäder, P.; Jones, P. L.; Zhang, Y.; Cleland-Huang, J. (2013-05-01). "Strategic Traceability for Safety-Critical Projects". IEEE Software. 30 (3): 58–66. doi:10.1109/MS.2013.60. ISSN 0740-7459.
- Li, Yin; Juan Li; Ye Yang; Mingshu Li (2008). Requirement-Centric Traceability for Change Impact Analysis:A Case Study. Springer Berlin/Heidelberg. pp. 100–111. ISBN 978-3-540-79587-2.
- Wiegers, Karl (2013). "Requirements Traceability: Links in the Requirements Chain, Part 1". jama. Retrieved 2016-12-14.
- Wiegers, K.; Beatty, J. (2013). Software Requirements. Microsoft Press.
- Bouillon, Elke; Mäder, Patrick; Philippow, Ilka (2013-04-08). Doerr, Joerg; Opdahl, Andreas L., eds. Requirements Engineering: Foundation for Software Quality. Lecture Notes in Computer Science. Springer Berlin Heidelberg. pp. 158–173. doi:10.1007/978-3-642-37422-7_12. ISBN 9783642374210.
- Mäder, Patrick; Egyed, Alexander (2015-04-01). "Do developers benefit from requirements traceability when evolving and maintaining a software system?". Empirical Software Engineering. 20 (2): 413–441. doi:10.1007/s10664-014-9314-z. ISSN 1382-3256.
- Rempel, Patrick; Mäder, Patrick (2016-01-01). "Preventing Defects: The Impact of Requirements Traceability Completeness on Software Quality". IEEE Transactions on Software Engineering. PP (99): 1–1. doi:10.1109/TSE.2016.2622264. ISSN 0098-5589.
- "open-DO | Toward a cooperative and open framework for the development of certifiable software". www.open-do.org. Retrieved 2017-04-15.
- Li, Y.; Maalej, W. (2012). Which Traceability Visualization Is Suitable in This Context? A Comparative Study. Springer. pp. 194–210.
- Kannenberg, Andrew; Saiedian, Hossein (2009). "Why Software Requirements Traceability Remains a Challenge" (PDF). CrossTalk Magazine - The Journal of Defense Software Engineering.
- Laplante, Phillip A. (2009). "Requirements Engineering for Software and Systems". CRC Press.