Compliance · Standards
ISO standards support built into the workflow.
TraceWorks is designed around the same disciplines ISO standards demand — governed requirements, traceable design, verified evidence, and an audit-ready record of every decision. Here is how the platform maps to five compliance frameworks across quality, safety, project management, and built-environment delivery.
Supported frameworks
Five frameworks. One workspace.
Each standard below has a dedicated clause-by-clause mapping further down this page. If your framework is not listed, the underlying capabilities — requirements governance, traceability, verification, and audit trail — apply broadly.
9001
ISO 9001:2015
Quality Management
Governs the full design and development lifecycle — inputs, outputs, verification, validation, and change control. TraceWorks maps directly to §8.3.
61511
IEC 61511:2016
Functional Safety (SIS)
Mandates a Safety Requirements Specification traceable to the Safety Instrumented Functions it governs, with evidence at each lifecycle phase.
21500
ISO 21500:2021
Project Management
Defines project governance, control, and delivery across the full project lifecycle. TraceWorks covers requirements scope, risk, schedule, change control, and deliverable management.
21502
ISO 21502:2020
Project Management Guidance
Provides detailed guidance on managing project scope, issues, changes, and information. TraceWorks satisfies the information management, change control, and stakeholder engagement disciplines.
19650
ISO 19650:2018–2020
BIM & Information Management
Governs information management for built assets using BIM — from Organizational Information Requirements through Exchange Information Requirements to verified delivery. TraceWorks acts as the CDE governance layer.
Coverage matrix
Which features satisfy which frameworks.
Every checked cell is backed by a specific clause mapping in the sections below.
| TraceWorks capability | 9001 | 61511 | 21500 | 21502 | 19650 |
|---|---|---|---|---|---|
| Versioned requirements with source & type | |||||
| Change request workflow + approval gates | — | ||||
| Typed traceability links (11 edge kinds) | — | — | |||
| Verification matrix (test × requirement) | |||||
| Risk register — 5×5 matrix + mitigation chain | — | ||||
| Immutable activity log + file version history | |||||
| Vendor & supplier qualification records | — | — | — | ||
| Decision log with rationale + approvals | — | — | |||
| Schedule + task-to-artifact linkage | — | — | |||
| Submittal packages + review cycles | — |
Quality Management
ISO 9001:2015 — clause by clause.
Governs the full design and development lifecycle — inputs, outputs, verification, validation, and change control. TraceWorks maps directly to §8.3.
| Clause | Standard requirement | TraceWorks capability | Module |
|---|---|---|---|
| §6.1 | Actions to address risks and opportunities Risk register — 5×5 impact × probability matrix, mitigation chains | Risk register — 5×5 impact × probability matrix, mitigation chains | Risks |
| §7.5 | Documented information — creation, update, control Immutable activity log, file version history, record-level audit trail | Immutable activity log, file version history, record-level audit trail | All modules |
| §8.3.2 | Design inputs — functional, performance, regulatory, legal Requirements with source (Customer / Regulatory / Internal / Derived) and type | Requirements with source (Customer / Regulatory / Internal / Derived) and type | Requirements |
| §8.3.3 | Design outputs — traceable to design inputs Specifications linked to requirements via SATISFIES edges; section-level linkage | Specifications linked to requirements via SATISFIES edges; section-level linkage | Specifications |
| §8.3.4 | Design reviews at planned stages Change request workflow with approval gates, reviewer assignments, and audit trail | Change request workflow with approval gates, reviewer assignments, and audit trail | Reviews |
| §8.3.5 | Design verification — confirm outputs meet inputs Verification matrix: test cases × requirements with PASS/FAIL/PENDING/gap cells | Verification matrix: test cases × requirements with PASS/FAIL/PENDING/gap cells | Tests |
| §8.3.6 | Design changes — review, control, revalidation Immutable requirement versioning; change request diff; stale test propagation | Immutable requirement versioning; change request diff; stale test propagation | Requirements · Reviews |
| §8.4 | External providers — selection, evaluation, re-evaluation Vendor records with status tracking; quote packages linked to components | Vendor records with status tracking; quote packages linked to components | Vendors · Quotes |
Functional Safety
IEC 61511:2016 — clause by clause.
Mandates a Safety Requirements Specification traceable to the Safety Instrumented Functions it governs, with evidence at each lifecycle phase.
| Clause | Standard requirement | TraceWorks capability | Module |
|---|---|---|---|
| §10.3 | Safety Requirements Specification (SRS) — documented, approved Requirements with REGULATORY source and SAFETY type; baseline versioning | Requirements with REGULATORY source and SAFETY type; baseline versioning | Requirements |
| §10.4 | SRS traceability to SIFs and hazard analysis Typed trace links (SATISFIES, MITIGATES) from SRS requirements to risk records | Typed trace links (SATISFIES, MITIGATES) from SRS requirements to risk records | Trace canvas |
| §10.5 | SRS change management — authorization, re-assessment Change request workflow; impact analysis across linked specifications and tests | Change request workflow; impact analysis across linked specifications and tests | Reviews |
| §12 | Safety instrumented system design — verification at each phase Verification matrix; EVIDENCES links from components to test cases | Verification matrix; EVIDENCES links from components to test cases | Tests · Specifications |
| §5.2 | Hazard and risk assessment documentation Risk register with 5×5 matrix, owner, mitigation chain, and audit trail | Risk register with 5×5 matrix, owner, mitigation chain, and audit trail | Risks |
| §5.7 | Documentation throughout the safety lifecycle Immutable activity log; file attachments with version history on every record | Immutable activity log; file attachments with version history on every record | All modules |
Project Management
ISO 21500:2021 — clause by clause.
Defines project governance, control, and delivery across the full project lifecycle. TraceWorks covers requirements scope, risk, schedule, change control, and deliverable management.
| Clause | Standard requirement | TraceWorks capability | Module |
|---|---|---|---|
| §4.3.2 | Develop project charter — define scope, objectives, and governance Projects with scoped requirements, assumptions, and linked artifacts from day one | Projects with scoped requirements, assumptions, and linked artifacts from day one | Projects |
| §4.3.7 | Collect requirements — document stakeholder needs Requirements with source (Customer / Regulatory / Internal), priority, and owner | Requirements with source (Customer / Regulatory / Internal), priority, and owner | Requirements |
| §4.3.10 | Control changes — evaluate, approve, and implement project changes Change request workflow with diff, approval gates, and downstream impact flags | Change request workflow with diff, approval gates, and downstream impact flags | Reviews |
| §4.3.13 | Control schedule — monitor progress against plan Gantt schedule with MS Project XML sync; tasks linked to the artifacts they deliver | Gantt schedule with MS Project XML sync; tasks linked to the artifacts they deliver | Schedule · Tasks |
| §4.3.5 | Manage risks — identify, assess, and respond to project risks Risk register with 5×5 scoring, mitigation chains, and trace score contribution | Risk register with 5×5 scoring, mitigation chains, and trace score contribution | Risks |
| §4.3.18 | Control deliverables — ensure outputs meet acceptance criteria Submittal packages with review cycles, revision history, and acceptance sign-off | Submittal packages with review cycles, revision history, and acceptance sign-off | Submittals |
| §4.3.16 | Manage stakeholders — engage and document decisions Decision log with rationale; threaded comments; team roles (OWNER / ADMIN / MEMBER) | Decision log with rationale; threaded comments; team roles (OWNER / ADMIN / MEMBER) | Decisions · Settings |
Project Management Guidance
ISO 21502:2020 — clause by clause.
Provides detailed guidance on managing project scope, issues, changes, and information. TraceWorks satisfies the information management, change control, and stakeholder engagement disciplines.
| Clause | Standard requirement | TraceWorks capability | Module |
|---|---|---|---|
| §8.3 | Scope management — define, verify, and control project scope Requirements with versioning and change control; specification coverage rollup | Requirements with versioning and change control; specification coverage rollup | Requirements · Specifications |
| §7.2 | Risk management — identify, assess, treat, and monitor risks Risk register with mitigation link chain; MITIGATES typed edge to controlling spec | Risk register with mitigation link chain; MITIGATES typed edge to controlling spec | Risks |
| §9.2 | Issue management — capture, assign, and resolve project issues Decision log with status, rationale, and linked artifact references | Decision log with status, rationale, and linked artifact references | Decisions |
| §10.3 | Change control — assess impact, approve, and communicate changes Change request with before/after diff, approval routing, and stale test propagation | Change request with before/after diff, approval routing, and stale test propagation | Reviews |
| §11.2 | Information management — create, store, and control project information Immutable activity log; file version history; audit-ready record export | Immutable activity log; file version history; audit-ready record export | All modules |
| §6.3 | Stakeholder engagement — communicate, consult, and involve Threaded comments on any artifact; team roles; assignment and notification trail | Threaded comments on any artifact; team roles; assignment and notification trail | All modules |
| §12.3 | Transition and benefits — confirm outputs meet intended benefits Verification matrix coverage and trace score confirm readiness before handover | Verification matrix coverage and trace score confirm readiness before handover | Tests · Dashboard |
BIM & Information Management
ISO 19650:2018–2020 — clause by clause.
Governs information management for built assets using BIM — from Organizational Information Requirements through Exchange Information Requirements to verified delivery. TraceWorks acts as the CDE governance layer.
| Clause | Standard requirement | TraceWorks capability | Module |
|---|---|---|---|
| §5.1 (Pt 1) | Organisational Information Requirements (OIR) — what information the organisation needs Requirements with REGULATORY and CUSTOMER sources capture OIR as governed records | Requirements with REGULATORY and CUSTOMER sources capture OIR as governed records | Requirements |
| §5.2 (Pt 1) | Asset Information Requirements (AIR) — information needed to manage an asset Product/component hierarchy with interface contracts at every level | Product/component hierarchy with interface contracts at every level | Products · Components |
| §5.3 (Pt 1) | Exchange Information Requirements (EIR) — what information is needed at each delivery stage Specifications with numbered sections; submittal scope linked to components and requirements | Specifications with numbered sections; submittal scope linked to components and requirements | Specifications · Submittals |
| §6.2 (Pt 2) | BIM Execution Plan — agreed information delivery strategy Projects with scoped requirements, schedule milestones, and linked delivery artifacts | Projects with scoped requirements, schedule milestones, and linked delivery artifacts | Projects · Schedule |
| §6.4 (Pt 2) | Information delivery — share, check, review, approve, and archive Submittal packages with revision cycles, reviewer sign-off, and immutable archive | Submittal packages with revision cycles, reviewer sign-off, and immutable archive | Submittals |
| §6.5 (Pt 2) | Information validation — check information meets EIR before acceptance Verification matrix links delivery evidence to the EIR-derived requirements it satisfies | Verification matrix links delivery evidence to the EIR-derived requirements it satisfies | Tests · Specifications |
| §6.6 (Pt 2) | Information model management — maintain a federated information model Trace canvas provides a live, linked view across requirements, specs, components, and tests | Trace canvas provides a live, linked view across requirements, specs, components, and tests | Trace canvas |
Getting compliant
How engineering teams use TraceWorks for audit readiness.
Capture every requirement with source and type
Import requirements from your specification document or enter them directly. Tag each one as Customer, Regulatory, Internal, or Derived. Add a type — Performance, Safety, Regulatory, Interface — so the audit record knows what governance applies.
Link specifications and components to every input
As design decisions are made, authors link spec sections to the requirements they satisfy. Components link to specs. The coverage gap report shows every requirement without a downstream link — no clause §8.3.3, §7.3.3, or ISO 19650 EIR gap can hide.
Govern every change through a formal request
When an approved requirement needs to change, a change request is raised. It shows the diff, routes to the responsible engineer, requires sign-off, and marks downstream test cases as stale. Your auditor sees a complete change history on every record.
Close every verification loop before handover
Test cases link to requirements via EVIDENCES edges. The verification matrix shows PASS, FAIL, PENDING, and GAP for every requirement. When every cell is green, the trace score reflects it. The audit package is the live workspace export — no manual assembly.
Ready to make your next audit effortless?
TraceWorks gives your team the governance infrastructure that auditors expect — requirements versioned, changes controlled, verification documented, and evidence one click away.