System Requirements

UID:

DOC-SYS

Type	Level	UID	REFS	Title	Statement	Rationale	TYPE	STANDARD_REF	STATUS	REVIEWED_HASH	REVIEWED_BY
REQUIREMENT	1	SYS-001	Children: SRS-001 First-launch database initialisation ST-001 Local clinic visible in Patients menu	SYS-001 change in progress First-launch readiness for local enrolment	When the device is opened on a workstation that has no pre-existing BioFlow data directory, a default local clinic shall be present and immediately available for the clinician to attach newly-enrolled patient records, without requiring the clinician to first create or configure a clinic record manually.	Stakeholder commitment: clinicians installing the device on a fresh workstation expect to enrol their first patient within minutes of starting the application, without learning a separate clinic-management workflow as a prerequisite. Auto-provisioning a default local clinic removes that friction.	functional		Approved	1c8a5a84aebeb1b05f0044436dce6685870daaaade275946cde09b1b935e7fc5	@DougYoungberg
REQUIREMENT	2	SYS-002	Children: SRS-002 Local database confidentiality at rest	SYS-002 change in progress Confidentiality of patient data at rest	The device shall keep clinic, patient, clinical-user, recording, and audit-log data stored on the local workstation confidential against any party gaining access to the workstation's filesystem without the operator's BioFlow credentials.	BioFlow workstations are deployed in clinical environments where multiple staff and IT roles share physical access, and the local data store carries identifiable patient records. HIPAA Security Rule §164.312(a)(2)(iv) (encryption of ePHI at rest) and GDPR Art. 32(1)(a) (encryption as appropriate technical safeguard) require that filesystem-level access does not yield readable PHI on its own.	regulatory	45 CFR §164.312(a)(2)(iv); GDPR Art. 32(1)(a)	Approved	940ecc884b9e74e53cf0626b9253a7be885b903762de73e2a7b847831533eebb	@DougYoungberg
REQUIREMENT	3	SYS-003	Children: SRS-003 Local database integrity enforcement	SYS-003 change in progress Integrity of patient data at rest	The device shall preserve the integrity of clinic, patient, recording, and audit-log data stored on the local workstation against accidental alteration, partial writes, referential inconsistency, and concurrent-write corruption — such that any record returned by the device represents a complete and consistent state authored through the application.	BioFlow's local data store is the authoritative source for clinic and patient records on a given workstation; clinical decisions and uploads to the cloud are made against it. A record silently corrupted by a partial write after a crash, by a dangling foreign-key reference, or by a schema-violating row would mis-attribute a recording, mis-identify a patient, or strand orphan rows that mask deletion intent. HIPAA Security Rule §164.312(c)(1) (integrity) and GDPR Art. 5(1)(f) (integrity and confidentiality, including accidental loss, destruction or damage) both require the device to protect ePHI against improper alteration or destruction; the standards explicitly include accidental corruption, not only adversarial tampering. SYS-003 is the device- level commitment that the local store does not silently drift out of internal consistency.	regulatory	45 CFR §164.312(c)(1); GDPR Art. 5(1)(f); GDPR Art. 32(1)(b)	Approved	2c29cc4c8c670d6d9fa809e35fac9e1425ad652f765332fccf15573952b5eb69	@DougYoungberg
REQUIREMENT	4	SYS-004	Children: SRS-004 Audit logging of clinical record operations SRS-005 Audit-trail review and export	SYS-004 change in progress Audit trail of clinical record operations	The device shall maintain an audit trail that independently records every operation that creates, modifies, or deletes a clinical record on the local workstation, and every action that exports such a record to an external system. Each entry shall capture the action, the affected record, and a system-generated UTC timestamp. Audit entries shall not be modified in a way that obscures previously recorded information after they are written.	An audit trail of clinical-record operations is a stakeholder-level commitment of the device. It supports the clinical organisation's internal review duties (knowing what happened to which clinical record, and when) and the integrity of the local clinical data store (so that accidental or unauthorised modifications can be reconstructed and investigated after the fact). The record-modification clause is included because an entry whose content can be silently overwritten after the fact ceases to be a useful record of what happened.	functional		Approved	f4ff59b59ede96ba3085b89a1e864d2debc3215cb3b0042298a5801c5207b53a	@DougYoungberg
REQUIREMENT	5	SYS-005	Children: SRS-006 Maximized main window on launch SRS-007 Always-visible recording control widget SRS-008 Bottom-bar signal and menu mode toggle SRS-009 Dismiss overlay on ESC or click-outside SRS-010 At most one overlay open at a time SRS-011 Signal-mode bottom-bar controls SRS-012 Menu-mode bottom-bar navigation buttons SRS-013 Recorded-duration readout format SRS-014 Patient name in recording widget SRS-015 Bottom bar default and resting mode SRS-016 Minimum main window size SRS-017 Selectable application themes SRS-018 Live signal display frame rate SRS-019 Multi-monitor window position restore SRS-020 Display-scaling layout integrity	SYS-005 reviewed Operator workstation for recording sessions	The device shall present the operator a workstation interface for conducting EEG recording sessions in which the live EEG signal display remains continuously visible while the operator accesses recording controls and overlay menus.	Stakeholder commitment: clinicians conduct EEG recording sessions while continuously monitoring the live signal. The operator interface must keep the signal display visible while the operator works with recording controls and menus, so that adjusting settings or navigating the interface never interrupts observation of the patient's EEG.	functional		Approved	36b7b9d007b3a35a6c4ae57ee8de812b64b42e0aee6f8fd3c1b193ece1339aa8	@DougYoungberg