| Category | URS ref | Feature |
|---|---|---|
| General requirements (G) | URS-COR-G-001 | Users have to login with a username and password |
| URS-COR-G-003 | Images can be added from multiple locations (root-directories) | |
| URS-COR-G-004 | The software version can be consulted. | |
| URS-COR-G-005 | End-users can notify Pathomation if there is an issue with the software | |
| URS-COR-G-106 | The software must have a licensing scheme | |
| URS-COR-G-107 | Provide support for HTTPS communication (in addition to HTTP) | |
| URS-COR-G-108 | A webservice-based Application Programming Interface (API) is available | |
| URS-COR-G-2000 | License management is handled online without (physical nor virtual) server access | |
| URS-COR-G-2001 | A historical overview of license updates is available | |
| URS-COR-G-2002 | Product owners are notified when the license expires | |
| URS-COR-G-2003 | Images can reside on local (server-installed) hard disks | |
| URS-COR-G-2004 | Images can reside on network-resources (unc path references) | |
| URS-COR-G-2005 | Images can reside on S3-compliant storage (buckets) | |
| URS-COR-G-2006 | Automatically link to external data sources without data duplication | |
| URS-COR-G-2007 | Support email communication and arbitrary SMTP server configurations | |
| File format Requirements (G) | URS-COR-F-002 | The software must support the “3DHistech” MRXS file format |
| URS-COR-F-100 | The software must support the “Hamamatsu NDPI ” file format | |
| URS-COR-F-101 | The software must support the “Aperio LEICA SVS” file format | |
| URS-COR-F-102 | The software must support the “Aperio LEICA SCN” file format | |
| URS-COR-F-103 | The software must support the “Ventana Roche BIF (+TIFP)” file format | |
| URS-COR-F-104 | The software must support the “Olympus VSI” file format | |
| URS-COR-F-105 | The software must support the “Generic JPG ” file format | |
| URS-COR-F-200 | The software must support the “Generic TIFF” file format | |
| URS-COR-F-201 | The software must support the “Zeiss ZVI” file format | |
| URS-COR-F-202 | The software must support the “Zeiss CZI” file format | |
| URS-COR-F-203 | The software must support the “Nikon ND2” file format | |
| URS-COR-F-2000 | Support the “Philips TIFF” file format | |
| URS-COR-F-2001 | Support the “Ventana Roche BIF (-TIFP)” file format | |
| URS-COR-F-2002 | Support the “Generic PNG” file format | |
| URS-COR-F-2003 | Support the “Motic MDS” file format | |
| URS-COR-F-2004 | Support the “Perkin Elmer QPTiff” file format | |
| URS-COR-F-2005 | Support the (fluo) “3DHistech” MRXS file format | |
| URS-COR-F-2006 | Support the (fluo) “Hamamatsu NDPIS” file format | |
| URS-COR-F-2007 | Support the (fluo) “Olympus VSI” file format | |
| URS-COR-F-2008 | Support the (fluo) “Zeiss ZVI” file format | |
| URS-COR-F-2009 | Support the (fluo) “Zeiss CZI” file format | |
| URS-COR-F-2010 | Support the (fluo) “Nikon ND2” flle format | |
| URS-COR-F-2011 | Support JPEG encoding | |
| URS-COR-F-2012 | Support JPEG-2000 encoding | |
| URS-COR-F-2013 | Support JPEG-XR encoding | |
| URS-COR-F-2014 | Support lossless JPEG encoding | |
| URS-COR-F-2015 | Support PNG encoding | |
| On-slide graphical annotation requirements (A) | URS-COR-N-2000 | Support “native” MRXS annotations |
| URS-COR-N-2001 | Support “native” SVS annotations | |
| URS-COR-N-2002 | Support “third party” Visiopharm MLD annotations | |
| URS-COR-N-2003 | Support “third party” Indica Labs HALO ANNOTATION annotations | |
| URS-COR-N-2004 | Support “third party” Definiens XML annotations | |
| URS-COR-N-2005 | Support the creation and management of WKT-formatted annotations | |
| URS-COR-N-2006 | Export annotations to WKT file format | |
| URS-COR-N-2007 | Export annotations to CSV file format | |
| URS-COR-N-2008 | Export annotations to MLD file format | |
| URS-COR-N-2009 | Export annotations to ANNOTATION file format | |
| URS-COR-N-2010 | Export annotations to (Aperio/Definiens) XML file format | |
| Regulatory requirements (R) | URS-COR-R-001 | Data will be formatted to allow transfer to another system for long-term storage in a common portable format either during the life of the system or after the system is retired |
| URS-COR-R-002 | The system will contain detection mechanisms for invalid field entries, values out of range, and blank fields if entry is required | |
| URS-COR-R-003 | It will be possible to provide regulatory agenties with both human-readable and electronic c opies of the records, including metadata. It will be possible to transfer data in a human readable format onto transportable media such as PDF, XML, SGML. The system must allow that the copying process produces copies that preserve the content and meaning of the records | |
| URS-COR-R-004 | If it is important to system functionally that steps be performed in a specified order, the system will contain a mechanism to ensure that actions are performed in the correct sequence (in case of sequenced steps) | |
| URS-COR-R-005 | The system will contain an automatically generated audit trail function for all process significant and GxP critical events and allow audit trails on tables and individual records | |
| URS-COR-R-006 | The audit trail data will be read-only | |
| URS-COR-R-007 | It will be impossible to disable the audit trail function | |
| URS-COR-R-008 | The system will prevent the accidental or intentional modifications or deletion of audit trail files | |
| URS-COR-R-009 | It will be possible to generate a report to view which data in the record has been modified | |
| URS-COR-R-010 | A mechanism will be in place to detect and report any attempts of unauthorized use immediately to the customer | |
| URS-COR-R-011 | The audit trail will record: user name, data and time (h/min/sec) of the event using local data and time of the host system, indication of the type of event: record creation/modification/deletion or approval, in case of modification/deletion: old value and new value, reason of change (if applicable) | |
| URS-COR-R-012 | A specific link must be in place to trace the audit trail data to the associated electronic record(s) itself | |
| URS-COR-R-013 | The system will not allow changes in date and time by the user | |
| URS-COR-R-014 | The system date and time will be periodically checked and corrected. The system will support time synchronization | |
| URS-COR-R-015 | The electronic audit trails will be readily available for review | |
| URS-COR-R-016 | The system will be protected against unauthorized use | |
| URS-COR-R-017 | Security will consist of at least two elements (e.g. login ID and password) in case of non-biometric security | |
| URS-COR-R-018 | The system must enforce and automatic log-out after a defined period of no activity | |
| URS-COR-R-019 | The system will allow the specification of different levels of access (e.g. user, administrator) | |
| URS-COR-R-020 | The system will detect security violations and produce an alarm or warning message | |
| URS-COR-R-021 | Controls will be in place to ensure that no two (2) individuals can have the same combination of identification code and password | |
| URS-COR-R-022 | If a password is not issued privately (i.e. the password issuer knows the password), the user will immediately reset their password | |
| Documentation requirements (D) | URS-COR-D-001 | A user guide (manual) is available |
| URS-COR-D-100 | User requirements are available | |
| URS-COR-D-101 | Installation manual is available | |
| URS-COR-D-2001 | Programming (API) documentation is available | |
| URS-COR-R-002 | The system will contain detection mechanisms for invalid field entries, values out of range, and blank fields if entry is required | |
| URS-COR-R-003 | It will be possible to provide regulatory agenties with both human-readable and electronic c opies of the records, including metadata. It will be possible to transfer data in a human readable format onto transportable media such as PDF, XML, SGML. The system must allow that the copying process produces copies that preserve the content and meaning of the records | |
| URS-COR-R-004 | If it is important to system functionally that steps be performed in a specified order, the system will contain a mechanism to ensure that actions are performed in the correct sequence (in case of sequenced steps) | |
| URS-COR-R-005 | The system will contain an automatically generated audit trail function for all process significant and GxP critical events and allow audit trails on tables and individual records | |
| URS-COR-R-006 | The audit trail data will be read-only | |
| URS-COR-R-007 | It will be impossible to disable the audit trail function | |
| URS-COR-R-008 | The system will prevent the accidental or intentional modifications or deletion of audit trail files | |
| URS-COR-R-009 | It will be possible to generate a report to view which data in the record has been modified | |
| URS-COR-R-010 | A mechanism will be in place to detect and report any attempts of unauthorized use immediately to the customer | |
| URS-COR-R-011 | The audit trail will record: user name, data and time (h/min/sec) of the event using local data and time of the host system, indication of the type of event: record creation/modification/deletion or approval, in case of modification/deletion: old value and new value, reason of change (if applicable) | |
| URS-COR-R-012 | A specific link must be in place to trace the audit trail data to the associated electronic record(s) itself | |
| URS-COR-R-013 | The system will not allow changes in date and time by the user | |
| URS-COR-R-014 | The system date and time will be periodically checked and corrected. The system will support time synchronization | |
| URS-COR-R-015 | The electronic audit trails will be readily available for review | |
| URS-COR-R-016 | The system will be protected against unauthorized use | |
| URS-COR-R-017 | Security will consist of at least two elements (e.g. login ID and password) in case of non-biometric security | |
| URS-COR-R-018 | The system must enforce and automatic log-out after a defined period of no activity | |
| URS-COR-R-019 | The system will allow the specification of different levels of access (e.g. user, administrator) | |
| URS-COR-R-020 | The system will detect security violations and produce an alarm or warning message | |
| URS-COR-R-021 | Controls will be in place to ensure that no two (2) individuals can have the same combination of identification code and password | |
| URS-COR-R-022 | If a password is not issued privately (i.e. the password issuer knows the password), the user will immediately reset their password | |
| Documentation requirements | URS-COR-D-001 | A user guide (manual) is available |
| URS-COR-D-100 | User requirements are available | |
| URS-COR-D-101 | Installation manual is available | |
| URS-COR-D-2001 | Programming (API) documentation is available | |
| Training requirements | URS-COR-T-2000 | Self-guided tutorials are available to start using PMA.core |
| URS-COR-T-2001 | Tutorials are available to connect to PMA.core from downstream applications | |
| URS-COR-T-2002 | Protected self-contained environments can be set up for experimentation and training | |
| Hardware requirements (HW) | URS-COR-HW-001 | The CPU is at least a 2.2 GHz Quad Core or AMD equivalent |
| URS-COR-HW-002 | The server computer has at least 8GB DDR3 RAM | |
| URS-COR-HW-003 | The hard disk is at least SATA II | |
| URS-COR-HW-004 | The network is at least 100 Mbs Ethernet | |
| Software requirements (SW) | URS-COR-SW-001 | The operating system is at least Windows 2008 Server |
| URS-COR-SW-002 | At least Web Server IIS 7.5 is installed | |
| URS-COR-SW-003 | At least .NET framework 4.5 is installed | |
| URS-COR-SW-004 | A HTML5-capable web browser is installed | |
| Requirements for PMA.core | URS-COR-001 | It’s possible to view slides through the slide management module |
| URS-COR-003 | It’s possible to add users | |
| URS-COR-004 | Only administrator users have access to the slide management module | |
| URS-COR-005 | An undeletable administrator account is configured | |
| URS-COR-006 | The following user information can be recorded: first name, last name, login name, password and e-mail | |
| URS-COR-007 | Users that are created in the slide management module get access to the viewing module | |
| URS-COR-008 | Users can be given administrator rights | |
| URS-COR-009 | Users can be suspended. As long as users are suspended, they do not have access to the software | |
| URS-COR-010 | Raw server log files can be consulted by administrators (read only) | |
| URS-COR-011 | A list of users currently logged in (active session) is available. Active sessions can be terminated. | |
| URS-COR-012 | Users can quickly access the user manual | |
| URS-COR-013 | Users can log out | |
| URS-COR-100 | Offer the option to store on-slide geometric annotations with slides (also cf. section 7.3 elsewhere in this document) | |
| URS-COR-101 | Offer the option to store form-based annotations with slides | |
| URS-COR-102 | Present a report with operating characteristics to assist in on-site installation troubleshooting | |
| URS-COR-103 | Enable content streaming in both lossy (JPEG) and lossless (PNG) compressed file formats (also cf. section 7.2 elsewhere in this document) | |
| URS-COR-2000 | Root-directories (cf. URS-COR-G-003) can be marked public so every registered PMA.user has access to it; they can also be marked private so only select users have access to it | |
| URS-COR-2001 | Access control lists can be applied to private root-directories (cf. URS-COR-2000) | |
| URS-COR-2002 | Form template definitions can be exported (cf. URS-COR-101) | |
| URS-COR-2003 | Form template definitions can be imported (cf. URS-COR-101) | |
| Requirements for the API (A) | URS-COR-A-250 | identify the version / revision of PMA.core running |
| URS-COR-A-251 | request licensing information from a distance | |
| URS-COR-A-252 | authenticate users and generate sessionID variables | |
| URS-COR-A-253 | de-authenticate an active sessionID | |
| URS-COR-A-254 | determine whether a user can make annotations | |
| URS-COR-A-255 | retrieve root-directories | |
| URS-COR-A-256 | check if the server is responsive. Typically this is done through a server “ping”, but in productions environments this service is often disabled to prevent opportunistic phishing attempts. | |
| URS-COR-A-257 | get an overview of all available root-directories | |
| URS-COR-A-258 | retrieve sub-directories from a parent directory | |
| URS-COR-A-259 | retrieve hosted slides in a specific directory | |
| URS-COR-A-260 | retrieve an anonymized string identification sequence representing a hosted slide | |
| URS-COR-A-261 | retrieve information about a hosted slide | |
| URS-COR-A-262 | retrieve on-slide annotations | |
| URS-COR-A-263 | manipulate on-slide annotations | |
| URS-COR-A-264 | obtain an on-slide annotation’s circumference (distance for 1D-objects)>/td> | URS-COR-A-265 | obtain an on-slide annotation’s surface (only for 2D-objects) |
| URS-COR-A-266 | query available form templates>/td> | |
| URS-COR-A-267 | retrieve slide-associated filled-out forms | |
| URS-COR-A-268 | manipulate slide-associated form data | |
| URS-COR-A-269 | change a (current) user’s password | |
| URS-COR-A-2000 | programmatically (and transaction-based) upload a slide | |
| URS-COR-A-2001 | programmatically (and transaction-based) download a slide | |
| URS-COR-A-2002 | obtain unique identifier (“fingerprint”) of a slide based on its contents | |
| URS-COR-A-2003 | search for slides | |
| URS-COR-A-2004 | reset a user’s password | |
| URS-COR-A-2005 | remind a user’s password via email | |
| URS-COR-A-270 | map a UID back to its real path reference | |
| URS-COR-A-271 | map a root-directory virtual path to its physical presence on the hard disk | |
| URS-COR-A-2006 | create new directories | |
| URS-COR-A-2007 | remove directories | |
| URS-COR-A-2008 | create new root-directories | |
| URS-COR-A-2009 | create new user accounts | |
| URS-COR-A-2010 | delete slides | |
| URS-COR-A-2011 | move slides | |
| URS-COR-A-2012 | rename slides | |
| URS-COR-A-2013 | rename directories | |
| URS-COR-A-2014 | reset any user’s password | |
| URS-COR-A-2015 | remind any user of their password | |
| URS-COR-A-2016 | list all users | |
| URS-COR-A-2017 | suspend a user (cf. URS-COR-009) | |
| URS-COR-A-2018 | obtain user information based on a current user’s SessionID |
