Requirements Traceability
Executive Summary
The Requirements Traceability Matrix (RTM) for the HarvestPlus Nutrition Education & Monitoring Platform ensures every functional requirement is mapped to a use case specification, architecture decision, and DPDP/compliance constraint.
This matrix provides:
- Completeness: Every requirement from the proposal is mapped to a functional specification.
- Verification: Every use case has defined acceptance criteria and testable logic.
- Compliance: DPDP-sensitive requirements are explicitly flagged.
Traceability Matrix
Student Experience
| Req ID |
Requirement |
User Role |
Use Case |
ADR |
DPDP |
Status |
| REQ-001 |
Nutrition awareness & engagement |
Student |
STU-001 |
ADR-001 |
No |
Done |
| REQ-002 |
Structured video learning |
Student |
STU-002 |
ADR-002 |
No |
Done |
| REQ-011 |
Daily nutrition goals (calorie/hydration) |
Student |
STU-003 |
ADR-001 |
No |
Done |
| REQ-012 |
Progress & streak tracking |
Student |
STU-004 |
ADR-001 |
No |
Done |
| REQ-013 |
Push notifications & bell alerts |
Student / Admin |
STU-005 |
ADR-002 |
No |
Done |
| REQ-014 |
User profile & personalisation |
Student |
STU-006 |
ADR-001 |
Yes |
Done |
Program Administration
| Req ID |
Requirement |
User Role |
Use Case |
ADR |
DPDP |
Status |
| REQ-005 |
Centralized curriculum management (CMS) |
Admin |
ADM-101 |
ADR-003 |
No |
Done |
| REQ-003 |
Real-time monitoring & school KPIs |
Admin |
ADM-102 |
ADR-002 |
No |
Done |
| REQ-004 |
Impact reporting (PDF/Excel) |
Admin |
ADM-103 |
ADR-003 |
Yes |
Done |
| REQ-015 |
Meal distribution & inventory |
Admin |
ADM-104 |
ADR-002 |
No |
Done |
| REQ-016 |
Student progress & enrollment view |
Admin |
ADM-105 |
ADR-002 |
Yes |
Done |
| REQ-017 |
Wellness score aggregation |
Admin |
ADM-106 |
ADR-002 |
No |
Done |
Field Operations
| Req ID |
Requirement |
User Role |
Use Case |
ADR |
DPDP |
Status |
| REQ-007 |
Offline-first bulk screening |
Coordinator |
FCM-201 |
ADR-001 |
Yes |
Done |
Security & Compliance
| Req ID |
Requirement |
User Role |
Use Case |
ADR |
DPDP |
Status |
| REQ-008 |
Zero-trust auth & RBAC |
All |
SEC-301 |
ADR-002 |
Yes |
Done |
| REQ-009 |
PII privacy & DPDP compliance |
System |
SEC-302 |
ADR-002 |
Yes |
Done |
| Req ID |
Requirement |
User Role |
Use Case |
ADR |
DPDP |
Status |
| REQ-006 |
Secure data ingestion & cloud sync |
System |
ING-501 |
ADR-002 |
No |
Done |
| REQ-018 |
Video metric ingest & completion |
System |
ING-502 |
ADR-002 |
No |
Done |
| REQ-010 |
High availability & disaster recovery |
DevOps |
PLT-401 |
ADR-002 |
No |
Done |
| REQ-019 |
Automated CI/CD pipeline |
DevOps |
PLT-402 |
ADR-002 |
No |
Done |
DPDP Compliance Summary
India's Digital Personal Data Protection Act (DPDP) applies to any system that processes personal data of Indian residents. The following requirements are directly impacted:
| Obligation |
How We Comply |
Covered By |
| Data Minimisation |
Only Age, Height, Weight captured per student — no biometric data |
SEC-302 · STU-001 |
| Purpose Limitation |
Health data used exclusively for nutrition program monitoring |
SEC-302 |
| Consent |
Parent/guardian consent obtained at school onboarding |
SEC-302 |
| Right to be Forgotten |
Admin can permanently delete a student's data record |
ADM-105 |
| Data Localisation |
Database hosted in Indian cloud region (AWS ap-south-1 / GCP asia-south1) |
PLT-401 |
| Breach Notification |
Automated security incident alerting within 72 hours |
PLT-401 · SEC-301 |
| Role-Based Access |
No cross-school data access; coordinators see only their school |
SEC-301 · ADM-105 |
Data Integration & Ingestion
The platform handles high-volume health data from intermittent mobile connections.
- Direct API: Real-time sync for assessments and module completions.
- Buffer-Sync: Batch processing for offline screening data captured in the field.
- Admin CSV Upload: Bulk student and school data ingestion via Admin Console.
See: ING-501 · ING-502