Prepared By:
The purpose of this template is to assist in the interpretation, application, and preparation of the User
and Functional Requirements Specifications according to Schering-Plough Research Institute’s
(SPRI) standard operating procedures relating to validating software applications.
Paragraphs in blue italics font style are meant to serve as instructions to the Author and should
be deleted in the final document.
Paragraphs in black regular font style are sample wording that may be used as is or modified
as needed. Should a paragraph not be applicable, delete it from the document altogether.
Text in GRAY shading contains a field code, and will NOT automatically update.
1. First, to assure that on your computer variable fields will display as gray in templates,
select Tools from the menu and then Options from the drop down list. On the View tab,
change the setting for Field Shading to display “Always”, by selecting it from the drop
down list. Click OK. (Note: these gray fields will not be shaded when printing the
document.)
2. To change values associated with fields, select File from the menu and then Properties
from the drop down list. Select the value in either the Summary tab or the Custom tab
and change the value. For the Custom tab, then press the Modify button.
3. To update the Table of Contents and all data displayed in field codes within the
completed document, click on Edit / Select All from the menu and then press F9; select
“Update Entire Table” and click OK.
Text in <BRACKETS> should be replaced with the appropriate information by the Author. ///
Approvals
The individuals below agree that they have reviewed and approved the scope of the effort described in
this User and Functional Requirements Specifications (URS-FRS) for System Name and Version
Number, by signing this section. The User and Functional Requirements Specifications will be a
“living” document and will serve as the primary means of communicating project change with regard to
functionality. The signatures below represent the approval for the acceptance of the User and
Functional Requirements Specifications (URS-FRS) and acceptance by PHARMASYS?? management
representing both the user community and the implementation team.
Approval Signatures
APPROVED BY:
Function Name Signature Date
Compliance/VQC/Validation
Name
Manager/Leader
Revision History
TABLE OF CONTENTS
1 Introduction..................................................................................................................................................7
1.1 Project Background.............................................................................................................................7
1.2 Summary of the User and Functional Requirements Specifications.....................................................7
1.2.1 Expected Benefits................................................................................................................................8
1.2.2 Consequences of Business Activities Failure.......................................................................................8
1.2.3 Recommendations...............................................................................................................................8
2 Purpose & Scope.........................................................................................................................................8
2.1 Goals & Objectives..............................................................................................................................8
3 Assumptions, Exclusions and Limitations.................................................................................................9
4 Abbreviations and Acronyms.....................................................................................................................9
5 Reference Documents...............................................................................................................................10
6 Requirements Specification......................................................................................................................11
6.1 Business Requirements......................................................................................................................11
6.1.1 Business Activities (Internal & External)...........................................................................................11
6.1.2 Functional Description.......................................................................................................................12
6.1.3 Outputs (Reports)..............................................................................................................................12
6.1.4 Implementation Constraints...............................................................................................................12
6.2 Data Requirements.............................................................................................................................13
6.2.1 Inputs ............................................................................................................................................13
6.2.2 Data Requirements (New or Existing System Integration)................................................................13
6.2.3 Data Migration...................................................................................................................................14
6.3 Performance Requirements................................................................................................................14
6.4 Environmental Requirements.............................................................................................................15
6.4.1 Facilities Requirements.....................................................................................................................15
6.4.2 Technology Requirements.................................................................................................................15
6.4.3 System Topology...............................................................................................................................16
6.4.4 Mechanical Requirements..................................................................................................................16
6.4.5 Special Equipment Requirements......................................................................................................17
6.5 Security Requirements.......................................................................................................................17
6.5.1 Passwords..........................................................................................................................................18
6.5.2 User ID / Authentication Controls.....................................................................................................19
6.5.3 Internal Software Controls.................................................................................................................20
6.5.4 Software COTS (Commercial Off the Shelf).....................................................................................21
6.5.5 Hardware...........................................................................................................................................21
6.5.6 Desktop / Laptop Dial-Up Controls...................................................................................................22
6.5.7 Physical Security...............................................................................................................................22
6.6 Audit Trail Requirements...................................................................................................................22
6.7 Documentation Requirements............................................................................................................22
6.8 Maintenance Requirements................................................................................................................23
6.9 Back-up, Restore and Archiving........................................................................................................23
6.9.1 Archiving...........................................................................................................................................23
1 Introduction
The User and Functional Requirements Specifications (URS-FRS) documents the business and
functional requirements of the System Name and Version Number system to be deployed. This is
intended to be a living document. The requirements detailed in this URS-FRS document provide the
definition of the System Name and Version Number from a user perspective: this includes the
functional, security, data integrity, and performance capabilities that the System Name and Version
Number must provide, in order to meet the business needs of users in the Department (Dept.)
department at Company Name Here. The URS-FRS will also provide additional information to expand
the project plan for realistic tasks, dates and resources.
1.2.3 Recommendations
/// Discuss any recommendations regarding the technology or applications to be
used. Delete this section, if N/A. ///
List the software products, components, modules, interfaces, or functions that were excluded from
testing (e.g. functions not utilized by the users, etc.) Provide rationale for each, as to why testing was
not performed. ///
Assumptions governing the URS-FRS of the System Name and Version Number system are as follows:
/// Assumptions - Describe the specific assumptions that were applicable to the validation of this
system. Some examples of assumptions are:
Users targeted to create requirements have an appropriate level of computer and functional
literacy ///
Exclusions that apply to the URS-FRS of the System Name and Version Number system are as follows:
/// Exclusions - List the software products, components, modules, interfaces, or functions that were
excluded from testing conducted within the confines of this study. Provide rationale for each, as to why
testing was not performed. An example of an exclusion is:
Requirements designated for future releases are not included in this document. ///
Limitations that apply to the URS-FRS of the System Name and Version Number system are as
follows:
/// Limitations - Describe any limitations, which were applicable (perhaps relating to the platform,
versioning, etc.). Describe the risks that were inherent, if any. Describe the critical success factors
relating to the application, as applicable. Some examples of limitations are:
List any workarounds that are known and required at this stage. ///
Term /
Acronym Definition
Abbreviation
<TERM> <XXX> <DEFINITION>
A more comprehensive list of applicable abbreviations and acronyms can be found in the Validation
Strategy Document (VSD).
5 Reference Documents
The current revisions of the documents listed below have been consulted in the preparation of this
specification document or govern the content of this document.
/// Do not repeat documents already identified in the VSD. If the VSD is not written yet, then you may
reference them, such as:
List the applicable process flows/guidelines that relate to this system. IMPORTANT: Only
reference those that reflect current business practice.
Vendor-supplied documentation
RFP
Other ///
/// For each listed reference, include the document number, full title, version/revision number, effective
date, issuing department, and type of document: ///
Document Issue
Document Title Effective Date Document Type
Number Number
SPRI-05 Validation of Computer Systems April 1, 2002 SPRI, Standard
Corporate Policy
Part 11 Electronic Records; Electronic Signatures August 27, 1997 US CFR, Regulation
6 Requirements Specification
/// In this Requirements section, define the business needs of the typical user in a clear and precise
way. Outline what major tasks the user expects the system to accomplish and any external interfaces
that are required of the system. Describe what legacy system, if any, is being replaced and what
method/phases would be required for phasing out the old, in the new. ///
/// The detailed requirements are uniquely identified with a Requirement Number (Requirement # or
Req. #, comprised of a sequential number prefaced by an alphanumeric identifier, which represents the
Description Category of the applicable business requirement, as suggested in the table below.)
NOTE: The numbering system is a suggestion and may be modified to suit the needs of the Author.
An alternative method may be 4.4.7.1, 4.4.7.2, 4.4.7.3, etc. ///
Requirement # Description
RS-BA-1
RS-BA-2
Requirement # Description
RS-FD-1
RS-FD-2
Requirement # Description
RS-OR-1
RS-OR-1
Cost constraints
Resource constraints
Any changes affecting the project scope, schedule, quality, or costs are
subject to the change management process and formal approval.
Training issues
Requirement # Description
6.2.1 Inputs
/// Describe the raw data and the format it is received in by the System Name and
Version Number. ///
Requirement # Description
RS-IN-1
RS-IN-2
Requirement # Description
Requirement # Description
RS-DM-1
RS-DM-2
Requirement # Description
RS-PR-1 Response time (for example be downloaded via laptop in less than 3 minutes)
RS-PR-2 Logical data flow diagram
RS-PR-3 Availability
RS-PR-4 Processing Speed
RS-PR-5 Stress
RS-PR-6 Peak load/volume/number of users
RS-PR-7 Ease of use
RS-PR-5 Accuracy of calculations
RS-PR-8 Database size & replication constrains
/// NOTE: Ensure that all requirements listed are testable/measurable. ///
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
6.5.1 Passwords
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
The system must support the ability to lock the User ID after x
number of minutes of inactivity, by requiring that the user re-enter
their password to continue operation.
RS -ID-4 Guest Account Protected or Deleted:
Guest accounts must be protected from use or deleted.
RS -ID-5 Written Authorization for the Creation of User ID’s:
There must be a mechanism in place that requires written
authorization prior to the creation of a User ID.
RS -ID-6 Notification Process for Change User ID Status:
There must be a mechanism in place to notify the Application
Security Administer of terminations of employment or changes in
access.
RS -ID-7 Unique User ID/Account Supplied:
System must require User ID’s to be unique; User ID’s may never be
reused.
/// If none were generated specifically for this system/project, be sure to reference the
SPRI internal document/departmental SOP that govern such changes. Internal audits
shall verify that such policies are followed. ///
6.5.2.1 Auditing
Requirement # Description
the system..
RS -AU-5 Audit Trail for Tracking Attempts to Access
Unauthorized System resources or Sensitive
Information:
The system must keep a log of attempts to access
unauthorized system resources or sensitive information.
RS -AU-6 Monitoring of Operating System or Application
Changes:
There must be a mechanism for monitoring the operating
system and/or application changes made to the system.
RS -AU-7 Change Control Process Documented and in Place:
There must be a documented Change Control Process in
place for changes to hardware, system software, and/or
application software..
Requirement # Description
Requirement # Description
Requirement # Description
6.5.5 Hardware
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
Requirement # Description
6.9.1 Archiving
/// Provide detailed requirements of the system relating to:
Requirement # Description
Requirement # Description
Requirement # Description
RS-BI-1 What platform the user will be using (laptop dial-up or desktop,
PC/Macintosh, Windows 95, Win NT, etc.)
RS-BI-2 Where the data will be coming from, via what input, what format, and
from what group
RS-BI-3 Frequency of use (daily, monthly, etc.) and how long of a download
expected
RS-BI-4 What data would be transferred/exported and to where
RS-BI-5 What files require being stored
RS-BI-6 What reports will be generated
RS-BI-7 What compatibility issues are expected
RS-BI-8 The nature of the support that is required (such as help desk: 24-hour
support or multilingual)
/// Provide a diagram describing process dependency.
Requirement # Description
RS-OR-1
RS-OR-2
RS-OR-3
7 Traceability Matrix
As part of the SPRI validation effort, a Traceability Matrix will be compiled. The purpose of the
matrix, in the format of the table displayed below, is to provide testing coverage for the system being
validated, by cross-referencing the requirements (Requirement Number from the URS-FRS) to the test
steps executed as part of IQ/OQ or PQ/UAT (Test Script ID).
/// Fill in the table below, including all detailed functions that are required of the specific system:
input, output, processing, intricate details, screens, relating to the flow of the application, etc. ///
Test
Requirement
# Description Script Test Script Title
Number
ID
1
2
3
4
5
6
/// NOTES:
The Requirement Number column indicates the unique identifier for the specific requirement described
in the Description column.
The Requirement Number and Test Script ID columns are required. ///
/// This matrix may be included either here, as part of the Test Plan/UAT Test Scripts, the Validation
Summary Report (VSR), or just referenced in any of these documents and saved as a separate
document as part of the validation package. Mention here, which is the case for the validation of this
system. ///