HelixOps Validation
FS FS-HELIX-001

Functional Specification

HelixOps Quality Management System - GxP Validation Documentation

Version: Draft v0.1
Effective: January 2025
Status: Draft
Author
HelixOps Team
Reviewer
Development Lead
Approver
Quality Assurance

1. Introduction #

This Functional Specification (FS) defines the detailed functional behaviors of the HelixOps platform. It translates the business requirements from BRD-HELIX-001 into specific system behaviors that can be implemented and tested.

Document Scope

This document specifies WHAT the system does functionally. The HOW (technical implementation) is covered in DS-HELIX-001.

2. System Overview #

HelixOps Architecture Overview

Frontend
  • • React 18 Single Page Application
  • • Responsive design (mobile/tablet/desktop)
  • • Real-time updates via WebSocket
Backend
  • • Node.js Express API server
  • • PostgreSQL database
  • • RESTful API architecture
6
Modules
123
Functions
45
API Endpoints
18
Data Entities
3
User Roles
12
Workflows

3. Authentication & Authorization #

The system implements secure authentication via OpenID Connect and role-based access control (RBAC) for authorization.

Admin Role
  • • Full system access
  • • User management
  • • System configuration
  • • Audit log access
Manager Role
  • • Create/edit records
  • • Approve workflows
  • • Generate reports
  • • View audit logs
Viewer Role
  • • Read-only access
  • • View dashboards
  • • Export reports
  • • No edit permissions

Authentication Specifications

Spec ID
Functional Description
Priority
Traces To
FUNC-AUTH-001System shall authenticate users via OpenID Connect with Replit Auth providerCriticalBUS-REQ-002
FUNC-AUTH-002System shall support three roles: Admin (full access), Manager (create/edit), Viewer (read-only)CriticalBUS-REQ-003
FUNC-AUTH-003System shall terminate sessions after 15 minutes of inactivityCriticalBUS-REQ-004
FUNC-AUTH-004System shall log all authentication events (login, logout, failed attempts)CriticalBUS-REQ-007
FUNC-AUTH-005System shall prevent concurrent sessions from same user accountHighBUS-REQ-003
Showing 5 of 5 requirements

4. GRC Module Functions #

The GRC module provides risk management, controls management, and compliance framework mapping capabilities.

Risk Scoring Matrix

Impact 1 Impact 2 Impact 3 Impact 4 Impact 5
Likelihood 5 5 10 15 20 25
Likelihood 4 4 8 12 16 20
Likelihood 3 3 6 9 12 15
Likelihood 2 2 4 6 8 10
Likelihood 1 1 2 3 4 5
Low (1-4) Medium (5-9) High (10-16) Critical (17-25)

GRC Functional Specifications

Spec ID
Functional Description
Priority
Traces To
FUNC-RISK-001Risk form shall capture: title, description, category, likelihood (1-5), impact (1-5), ownerCriticalBUS-REQ-100
FUNC-RISK-002System shall auto-calculate risk score as likelihood × impact (1-25)CriticalBUS-REQ-104
FUNC-RISK-003Risk heat map shall display risks in 5x5 matrix with color coding (green/yellow/orange/red)HighBUS-REQ-104
FUNC-CTRL-001Control form shall capture: title, description, type, frequency, owner, linked risksCriticalBUS-REQ-110
FUNC-CTRL-002System shall support control effectiveness ratings: Effective, Needs Improvement, IneffectiveHighBUS-REQ-111
FUNC-COMP-001Compliance framework mapping shall support SOC 2, ISO 27001, GDPR, HIPAA standardsCriticalBUS-REQ-120
Showing 6 of 6 requirements

5. Privacy Module Functions #

The Privacy module implements GDPR compliance workflows including DPIA, ROPA, DSAR, and consent management.

DSAR Workflow

Received Verified In Progress Review Completed

SLA: 30 days from receipt (configurable per jurisdiction)

6. FinOps Module Functions #

The Financial Operations module provides AR/AP ledger management with multi-currency support and bank feed integration.

EUR
Primary
USD
Supported
GBP
Supported
CHF
Supported

7. Audit Trail Functions #

The system maintains a comprehensive, tamper-evident audit trail of all GxP-impacting actions per 21 CFR Part 11 requirements.

Field Description Format
timestamp UTC timestamp of action ISO 8601
user_id Authenticated user identifier UUID
action Type of operation performed CREATE | UPDATE | DELETE | VIEW | LOGIN | LOGOUT
entity_type Type of record affected String (e.g., "risk", "control")
entity_id Unique identifier of affected record UUID
old_values Previous field values (for updates) JSON
new_values New field values JSON
ip_address Client IP address IPv4/IPv6

8. Data Integrity Controls #

The system implements ALCOA+ principles for all GxP-critical data.

A Attributable

All records linked to user ID

L Legible

Clear UI with export capabilities

C Contemporaneous

Real-time timestamping

O Original

Source data preserved

A Accurate

Input validation enforced

C Complete

Required fields enforced

C Consistent

Standardized formats

E Enduring

10-year retention

Document Approval

Author
Signature
HelixOps Team
Technical Writing
Development Lead
Signature
Tech Lead
Engineering
Quality Assurance
Signature
QA Manager
Quality Management

Electronic signatures are considered equivalent to handwritten signatures in accordance with 21 CFR Part 11 requirements.