# Product Requirements Document (PRD)
## Cloud Water Meter Testbench Monitoring System (WMTMS)

---

**Document Version**: 1.0  
**Date**: February 10, 2026  
**Organization**: Sharjah Electricity, Water and Gas Authority (SEWA)  
**Project Status**: Production Ready  
**Classification**: Internal Use

---

## Table of Contents

1. [Executive Summary](#1-executive-summary)
2. [Product Overview](#2-product-overview)
3. [Business Objectives](#3-business-objectives)
4. [Target Users](#4-target-users)
5. [Functional Requirements](#5-functional-requirements)
6. [Technical Requirements](#6-technical-requirements)
7. [User Interface Requirements](#7-user-interface-requirements)
8. [Security Requirements](#8-security-requirements)
9. [Performance Requirements](#9-performance-requirements)
10. [Integration Requirements](#10-integration-requirements)
11. [Data Requirements](#11-data-requirements)
12. [Compliance Requirements](#12-compliance-requirements)
13. [Success Metrics](#13-success-metrics)
14. [Project Roadmap](#14-project-roadmap)
15. [Assumptions and Constraints](#15-assumptions-and-constraints)
16. [Glossary](#16-glossary)

---

## 1. Executive Summary

### 1.1 Product Name
**Cloud Water Meter Testbench Monitoring System (WMTMS)**

### 1.2 Purpose
WMTMS is a comprehensive web-based system designed to monitor, manage, and track water meter testing operations across multiple SEWA facilities. The system standardizes testing procedures, ensures quality control, maintains audit trails, and provides real-time monitoring of testbench operations.

### 1.3 Product Vision
To become the industry-leading platform for water meter quality assurance and testbench management, ensuring accuracy, compliance, and operational efficiency across all SEWA testing facilities.

### 1.4 Key Benefits
- **Quality Assurance**: Standardized testing procedures across all locations
- **Compliance**: Complete audit trails for regulatory requirements
- **Efficiency**: Automated data collection and report generation
- **Visibility**: Real-time monitoring of testing operations
- **Traceability**: Full lifecycle tracking of water meters
- **Cost Reduction**: Reduced manual errors and rework

### 1.5 Target Deployment
- **Primary Locations**: Sharjah, Kalba, Khorfakan
- **Users**: 10-50 concurrent users
- **Testbenches**: 6+ testbenches (Domestic & Bulk)
- **Annual Tests**: 10,000+ water meter tests

Location	Testbench Units
Sharjah	1 Domestic + 1 Bulk
Kalba	1 Domestic + 1 Bulk
Khorfakkan	1 Domestic + 1 Bulk
Total	6 Testbenches

---

## 2. Product Overview

### 2.1 Product Description
WMTMS is a role-based, multi-tenant web application that manages the complete water meter testing lifecycle. It supports both domestic (residential) and bulk (commercial/industrial) water meter testing with 11 standardized test types based on international standards.

### 2.2 Core Capabilities
1. **Test Management**: Execute and record 11 types of water meter tests

THE TYPES OF TESTS CONDUCTED 
 
1) Intrinsic Error Test (Accuracy Test) 
2) Magnetic Field Test 
3) Endurance Continuous Test 
4) Endurance Dis-Continuous Test  
5) Reverse Flow Test 
6) Flow Disturbance Test 
7) Static Pressure Test 
8) Water Pressure Test 
9) Pressure Loss Test 
10) Water Temperature Test 
11) Overload Temperature Test

2. **Equipment Management**: Track testbenches, calibration, and maintenance
3. **Location Management**: Manage multiple testing facilities
4. **User Management**: Role-based access control for different user types
5. **Reporting**: Generate comprehensive test reports and analytics
6. **Audit**: Complete audit trails for compliance and quality assurance

### 2.3 Technology Stack
- **Frontend**: HTML5, CSS3, JavaScript, Bootstrap 5.3
- **Backend**: PHP 8.1+
- **Database**: MySQL 8.0+ mysqli
- **Web Server**: Apache 2.4+ / IIS 10+
- **OS**: Windows 10+ / Linux
- **Browser Support**: Chrome, Firefox, Edge, Safari (latest versions)

### 2.4 Deployment Model
- **Type**: On-premises web application
- **Access**: Internal network (VPN for remote access)
- **Architecture**: Client-Server (3-tier)
- **Scalability**: Horizontal (multiple web servers)

---

## 3. Business Objectives

### 3.1 Primary Objectives
1. **Standardization**: Implement consistent testing procedures across all facilities
2. **Quality Control**: Ensure 99.9% accuracy in water meter testing
3. **Compliance**: Meet UAE regulatory requirements for water meter testing
4. **Efficiency**: Reduce test processing time by 40%
5. **Traceability**: Maintain 100% traceability of tested meters

### 3.2 Secondary Objectives
1. Reduce paper-based processes by 90%
2. Decrease manual data entry errors by 95%
3. Improve report generation time from days to minutes
4. Enable real-time monitoring of testing operations
5. Facilitate data-driven decision making

### 3.3 Business Value
- **Cost Savings**: $200,000+ annually through efficiency gains
- **Risk Reduction**: Minimize regulatory compliance risks
- **Customer Satisfaction**: Improved service quality and accuracy
- **Operational Excellence**: Streamlined workflows and processes
- **Competitive Advantage**: Industry-leading quality standards

### 3.4 Return on Investment (ROI)
- **Implementation Cost**: $150,000
- **Annual Savings**: $200,000
- **ROI**: 133% in first year
- **Payback Period**: 9 months

---

## 4. Target Users

### 4.1 User Personas

#### 4.1.1 Super Administrator
- **Role**: System-wide oversight and configuration
- **Responsibilities**: System configuration, user management, global settings
- **Technical Skills**: High
- **Usage Frequency**: Daily
- **Key Needs**: Complete system control, security management, audit access

#### 4.1.2 Administrator
- **Role**: Facility-level management
- **Responsibilities**: Location management, testbench configuration, reporting
- **Technical Skills**: Medium-High
- **Usage Frequency**: Daily
- **Key Needs**: Operational oversight, team management, analytics

#### 4.1.3 Technician
- **Role**: Test execution and data entry
- **Responsibilities**: Conduct tests, record results, generate certificates
- **Technical Skills**: Medium
- **Usage Frequency**: Daily (multiple times)
- **Key Needs**: Easy test execution, clear instructions, quick data entry

#### 4.1.4 Auditor
- **Role**: Quality assurance and compliance
- **Responsibilities**: Review test results, audit trails, compliance verification
- **Technical Skills**: Medium
- **Usage Frequency**: Weekly/As needed
- **Key Needs**: Comprehensive audit trails, report generation, data export

### 4.2 User Distribution
- **Super Administrators**: 2-3 users
- **Administrators**: 5-10 users (per location)
- **Technicians**: 30-70 users
- **Auditors**: 5-10 users
- **Total**: 50-100 users

---

## 5. Functional Requirements

### 5.1 Authentication & Authorization

#### 5.1.1 User Authentication
- **REQ-AUTH-001**: System shall support username/password authentication
- **REQ-AUTH-002**: Passwords must be hashed using bcrypt (cost factor 12)
- **REQ-AUTH-003**: System shall enforce password complexity requirements:
  - Minimum 8 characters
  - At least 1 uppercase letter
  - At least 1 lowercase letter
  - At least 1 number
  - At least 1 special character
- **REQ-AUTH-004**: System shall lock accounts after 5 failed login attempts
- **REQ-AUTH-005**: Account lockout duration shall be 15 minutes
- **REQ-AUTH-006**: System shall log all authentication attempts
- **REQ-AUTH-007**: Session timeout shall be 30 minutes of inactivity
- **REQ-AUTH-008**: System shall support "Remember Me" functionality (optional)
- ** USER LEVEL ACCESS

#### 5.1.2 Role-Based Access Control
- **REQ-RBAC-001**: System shall support 4 user roles:
  - Super Administrator
  - Administrator
  - Technician
  - Auditor
- **REQ-RBAC-002**: Each role shall have predefined permissions
- **REQ-RBAC-003**: Permissions shall be enforced at both UI and API levels
- **REQ-RBAC-004**: System shall prevent privilege escalation
- **REQ-RBAC-005**: NOrmal User login for each site only

#### 5.1.3 Permission Matrix

| Feature | Super Admin | Admin | Technician | Auditor |
|---------|-------------|-------|------------|---------|
| View Dashboard | ✓ | ✓ | ✓ | ✓ |
| Run Tests | ✓ | ✓ | ✓ | ✗ |
| View Test History | ✓ | ✓ | ✓ | ✓ |
| Generate Reports | ✓ | ✓ | Limited | ✓ |
| Manage Users | ✓ | ✓ | ✗ | ✗ |
| Manage Locations | ✓ | ✓ | ✗ | ✗ |
| Manage Testbenches | ✓ | ✓ | ✗ | ✗ |
| Manage Test Types | ✓ | ✓ | ✗ | ✗ |
| View Audit Logs | ✓ | ✓ | ✗ | ✓ |
| System Configuration | ✓ | ✗ | ✗ | ✗ |

### 5.2 Location Management

#### 5.2.1 Location CRUD Operations
- **REQ-LOC-001**: System shall allow authorized users to create locations
- **REQ-LOC-002**: Each location shall have:
  - Unique ID (auto-generated)
  - Name (required)
  - Code (required, unique)
  - Address (optional)
  - Phone number (optional)
  - Manager name (optional)
  - Status (Active/Inactive)
  - Created/Updated timestamps
- **REQ-LOC-003**: System shall validate location code uniqueness
- **REQ-LOC-004**: System shall allow location editing by authorized users
- **REQ-LOC-005**: System shall prevent deletion of locations with associated testbenches
- **REQ-LOC-006**: System shall allow location deactivation instead of deletion
- **REQ-LOC-007**: System shall display location list with search/filter capabilities

#### 5.2.2 Location Requirements
- **REQ-LOC-008**: Location names must be 3-100 characters
- **REQ-LOC-009**: Location codes must be 2-20 characters, alphanumeric
- **REQ-LOC-010**: Phone numbers must follow UAE format
- **REQ-LOC-011**: Inactive locations shall not appear in testbench assignment

### 5.3 Testbench Management

#### 5.3.1 Testbench Types
- **REQ-TB-001**: System shall support two testbench types:
  - **Domestic**: For residential water meters (15mm - 50mm)
  - **Bulk**: For commercial/industrial meters (>50mm)
- **REQ-TB-002**: Each testbench shall be assigned to one location
- **REQ-TB-003**: Testbench type cannot be changed after creation

#### 5.3.2 Testbench CRUD Operations
- **REQ-TB-004**: System shall allow authorized users to create testbenches
- **REQ-TB-005**: Each testbench shall have:
  - Unique ID (auto-generated)
  - Name (required)
  - Type (Domestic/Bulk, required)
  - Serial Number (required, unique)
  - Location (required, FK to locations)
  - Manufacturer (optional)
  - Model (optional)
  - Installation Date (optional)
  - Last Calibration Date (optional)
  - Next Calibration Date (optional)
  - Status (Active/Inactive)
  - Created/Updated timestamps
- **REQ-TB-006**: System shall validate serial number uniqueness
- **REQ-TB-007**: System shall allow testbench editing by authorized users
- **REQ-TB-008**: System shall prevent deletion of testbenches with test results
- **REQ-TB-009**: System shall allow testbench deactivation instead of deletion

#### 5.3.3 Calibration Management
- **REQ-TB-010**: System shall track calibration dates
- **REQ-TB-011**: System shall calculate next calibration date (1 year from last)
- **REQ-TB-012**: System shall provide calibration status indicators:
  - **Up to Date**: Next calibration >30 days away (Green)
  - **Due Soon**: Next calibration <30 days (Yellow)
  - **Overdue**: Past calibration date (Red)
- **REQ-TB-013**: System shall send calibration reminders 30 days before due date
- **REQ-TB-014**: Dashboard shall display overdue calibrations prominently

#### 5.3.4 Testbench Requirements
- **REQ-TB-015**: Testbench names must be 3-100 characters
- **REQ-TB-016**: Serial numbers must be 5-50 characters, alphanumeric
- **REQ-TB-017**: Dates must be in YYYY-MM-DD format
- **REQ-TB-018**: Next calibration cannot be before last calibration

### 5.4 Test Type Management

#### 5.4.1 Standard Test Types
- **REQ-TT-001**: System shall support 11 standard test types:
  1. **Intrinsic Error Test (Accuracy Test)** - Category: Accuracy
  2. **Magnetic Field Test** - Category: Environmental
  3. **Endurance Continuous Test** - Category: Durability
  4. **Endurance Dis-Continuous Test** - Category: Durability
  5. **Reverse Flow Test** - Category: Environmental
  6. **Flow Disturbance Test** - Category: Environmental
  7. **Static Pressure Test** - Category: Pressure
  8. **Water Pressure Test** - Category: Pressure
  9. **Pressure Loss Test** - Category: Pressure
  10. **Water Temperature Test** - Category: Temperature
  11. **Overload Temperature Test** - Category: Temperature

#### 5.4.2 Test Type Attributes
- **REQ-TT-002**: Each test type shall have:
  - Unique ID (auto-generated)
  - Code (required, unique, immutable)
  - Name (English, required)
  - Name (Arabic, required)
  - Description (English, optional)
  - Description (Arabic, optional)
  - Category (optional)
  - Display Order (required, default 0)
  - Status (Active/Inactive)
  - Created/Updated timestamps

#### 5.4.3 Test Type Categories
- **REQ-TT-003**: System shall support 5 test categories:
  - Accuracy
  - Durability
  - Environmental
  - Pressure
  - Temperature

#### 5.4.4 Test Type Management
- **REQ-TT-004**: System shall allow authorized users to create custom test types
- **REQ-TT-005**: System shall validate test code uniqueness
- **REQ-TT-006**: System shall allow test type editing (except code)
- **REQ-TT-007**: System shall prevent deletion of test types with results
- **REQ-TT-008**: System shall allow test type deactivation
- **REQ-TT-009**: System shall allow display order customization
- **REQ-TT-010**: System shall filter test types by category
- **REQ-TT-011**: Inactive test types shall not appear in test execution

#### 5.4.5 Bilingual Support
- **REQ-TT-012**: All test types must have English and Arabic names
- **REQ-TT-013**: System shall display test names based on user language preference
- **REQ-TT-014**: Default language shall be English
- **REQ-TT-015**: Users shall be able to switch language via dropdown

### 5.5 Test Execution

#### 5.5.1 Test Creation
- **REQ-TEST-001**: Authorized users shall be able to initiate tests
- **REQ-TEST-002**: Test creation shall require:
  - Location
  - Testbench (filtered by location)
  - Test Type
  - Meter Information (serial, size, type)
  - Test Parameters (based on test type)
- **REQ-TEST-003**: System shall validate all required fields
- **REQ-TEST-004**: System shall generate unique test ID
- **REQ-TEST-005**: System shall record technician who initiated test

#### 5.5.2 Test Recording
- **REQ-TEST-006**: System shall capture test data:
  - Test start time
  - Test end time
  - Test duration
  - Test readings (based on test type)
  - Test results (Pass/Fail)
  - Observations/Notes
  - Environmental conditions (optional)
- **REQ-TEST-007**: System shall calculate test results automatically where applicable
- **REQ-TEST-008**: System shall allow manual result entry for complex tests
- **REQ-TEST-009**: System shall validate data ranges for each test type

#### 5.5.3 Test Status
- **REQ-TEST-010**: Tests shall have the following statuses:
  - **Pending**: Test created but not started
  - **In Progress**: Test currently running
  - **Completed**: Test finished with results
  - **Failed**: Test completed with failure
  - **Cancelled**: Test cancelled before completion
- **REQ-TEST-011**: Only the test creator or supervisor can change test status
- **REQ-TEST-012**: Completed tests cannot be edited (only viewed)

#### 5.5.4 Test Results
- **REQ-TEST-013**: Each test shall have a result:
  - Pass
  - Fail
  - Conditional Pass
  - Inconclusive
- **REQ-TEST-014**: Failed tests shall require failure reason
- **REQ-TEST-015**: System shall track pass/fail rates per test type
- **REQ-TEST-016**: System shall track pass/fail rates per testbench

### 5.6 Test History & Search

#### 5.6.1 Test History Display
- **REQ-HIST-001**: System shall display all completed tests
- **REQ-HIST-002**: Test history shall include:
  - Test ID
  - Date/Time
  - Location
  - Testbench
  - Test Type
  - Meter Serial
  - Result (Pass/Fail)
  - Technician
  - Actions (View, Report, Delete)

#### 5.6.2 Search & Filter
- **REQ-HIST-003**: Users shall be able to search tests by:
  - Test ID
  - Meter Serial Number
  - Date Range
  - Location
  - Testbench
  - Test Type
  - Result (Pass/Fail)
  - Technician
- **REQ-HIST-004**: Search results shall be paginated (25 per page)
- **REQ-HIST-005**: Users shall be able to sort results by any column
- **REQ-HIST-006**: Advanced filters shall be collapsible

#### 5.6.3 Test Details
- **REQ-HIST-007**: Users shall be able to view full test details
- **REQ-HIST-008**: Test details shall display all recorded data
- **REQ-HIST-009**: Test details shall show audit trail (who created, when)
- **REQ-HIST-010**: Test details shall be printable

### 5.7 Reporting

#### 5.7.1 Report Types
- **REQ-RPT-001**: System shall support the following reports:
  - **Test Certificate**: Individual test certificate (PDF)
  - **Batch Report**: Multiple tests report
  - **Location Report**: Tests by location
  - **Testbench Report**: Tests by testbench
  - **Test Type Report**: Tests by test type
  - **Daily Summary**: Tests conducted in a day
  - **Monthly Summary**: Tests conducted in a month
  - **Calibration Report**: Testbench calibration status
  - **Pass/Fail Report**: Pass/fail statistics

#### 5.7.2 Report Generation
- **REQ-RPT-002**: Reports shall be generated in PDF format
- **REQ-RPT-003**: Reports shall include SEWA branding and logo
- **REQ-RPT-004**: Reports shall include generation date/time
- **REQ-RPT-005**: Reports shall include user who generated report
- **REQ-RPT-006**: Reports shall be downloadable
- **REQ-RPT-007**: Report generation shall complete within 10 seconds for single tests
- **REQ-RPT-008**: Batch reports shall support up to 1000 tests

#### 5.7.3 Report Content
- **REQ-RPT-009**: Test certificates shall include:
  - SEWA logo and contact info
  - Test ID and date
  - Meter information
  - Test type and standards
  - Test parameters and readings
  - Result (Pass/Fail) with clear indicator
  - Technician signature (digital)
  - QR code for verification
- **REQ-RPT-010**: Summary reports shall include:
  - Date range
  - Total tests conducted
  - Pass/Fail breakdown
  - Tests by location
  - Tests by testbench
  - Tests by test type
  - Charts and graphs

#### 5.7.4 Data Export
- **REQ-RPT-011**: Users shall be able to export data to:
  - PDF
  - Excel (XLSX)
  - CSV
- **REQ-RPT-012**: Exports shall include all filtered data
- **REQ-RPT-013**: Large exports (>10,000 records) shall be queued
- **REQ-RPT-014**: Users shall receive notification when export is ready

### 5.8 User Management

#### 5.8.1 User CRUD Operations
- **REQ-USER-001**: Super Admins and Admins shall be able to create users
- **REQ-USER-002**: Each user shall have:
  - Unique ID (auto-generated)
  - Username (required, unique)
  - Email (required, unique)
  - Password (required, hashed)
  - Full Name (required)
  - Phone (optional)
  - Role (required)
  - Location (required for non-super-admin)
  - Status (Active/Inactive)
  - Failed Login Attempts
  - Locked Until (timestamp)
  - Last Login (timestamp)
  - Created/Updated timestamps
- **REQ-USER-003**: System shall validate username uniqueness
- **REQ-USER-004**: System shall validate email format
- **REQ-USER-005**: Admins can only create users for their assigned location
- **REQ-USER-006**: Super Admins can create users for any location

#### 5.8.2 Password Management
- **REQ-USER-007**: System shall support password reset functionality
- **REQ-USER-008**: Password reset shall require email verification
- **REQ-USER-009**: Password reset tokens shall expire after 1 hour
- **REQ-USER-010**: Users shall be able to change their own password
- **REQ-USER-011**: Password change shall require old password verification
- **REQ-USER-012**: System shall enforce password history (last 5 passwords)

#### 5.8.3 Account Management
- **REQ-USER-013**: Admins shall be able to activate/deactivate users
- **REQ-USER-014**: Deactivated users cannot login
- **REQ-USER-015**: Admins shall be able to unlock locked accounts
- **REQ-USER-016**: System shall log all user account changes

### 5.9 Dashboard

#### 5.9.1 Dashboard Overview
- **REQ-DASH-001**: All authenticated users shall have access to dashboard
- **REQ-DASH-002**: Dashboard shall be the default landing page after login
- **REQ-DASH-003**: Dashboard content shall be role-specific

#### 5.9.2 Dashboard Widgets
- **REQ-DASH-004**: Dashboard shall include:
  - **Statistics Cards**:
    - Total tests (filtered by date range)
    - Tests passed
    - Tests failed
    - Active testbenches
  - **Recent Tests Table**:
    - Last 20 tests conducted
    - Quick links to view details
  - **Test Type Breakdown**:
    - Tests by test type
    - Pass/fail rates per test type
    - Progress bars
  - **Calibration Alerts**:
    - Overdue calibrations
    - Upcoming calibrations
  - **Quick Actions**:
    - Run new test
    - Generate report
    - View audit log

#### 5.9.3 Dashboard Filters
- **REQ-DASH-005**: Dashboard shall support filtering by:
  - Date range (from/to)
  - Location (for admins/super-admins)
  - Testbench
- **REQ-DASH-006**: Filters shall persist during session
- **REQ-DASH-007**: Default filter shall be "Last 30 days"

#### 5.9.4 Dashboard Performance
- **REQ-DASH-008**: Dashboard shall load within 3 seconds
- **REQ-DASH-009**: Dashboard data shall be cached for 5 minutes
- **REQ-DASH-010**: Dashboard shall auto-refresh every 5 minutes

### 5.10 Audit & Logging

#### 5.10.1 Audit Trail
- **REQ-AUDIT-001**: System shall maintain comprehensive audit trail
- **REQ-AUDIT-002**: Audit log shall capture:
  - Timestamp (precise to millisecond)
  - User (who performed action)
  - Action (what was done)
  - Entity Type (location, testbench, test, etc.)
  - Entity ID (which record was affected)
  - Old Values (before change)
  - New Values (after change)
  - IP Address
  - User Agent
  - Result (Success/Failure)

#### 5.10.2 Audited Actions
- **REQ-AUDIT-003**: System shall audit:
  - User login/logout
  - Failed login attempts
  - Password changes
  - User CRUD operations
  - Location CRUD operations
  - Testbench CRUD operations
  - Test Type CRUD operations
  - Test execution (create, update, complete)
  - Report generation
  - Configuration changes
  - Permission changes

#### 5.10.3 Audit Access
- **REQ-AUDIT-004**: Audit logs shall be accessible to Super Admins and Auditors
- **REQ-AUDIT-005**: Audit logs shall be read-only (no editing or deletion)
- **REQ-AUDIT-006**: Audit logs shall be searchable and filterable
- **REQ-AUDIT-007**: Audit logs shall be exportable to CSV/Excel

#### 5.10.4 Audit Retention
- **REQ-AUDIT-008**: Audit logs shall be retained for minimum 7 years
- **REQ-AUDIT-009**: Old audit logs shall be archived (not deleted)
- **REQ-AUDIT-010**: Archived logs shall remain searchable

### 5.11 Internationalization

#### 5.11.1 Language Support
- **REQ-I18N-001**: System shall support:
  - English (default)
  - Arabic (RTL support)
- **REQ-I18N-002**: Users shall be able to switch language via dropdown
- **REQ-I18N-003**: Language preference shall persist across sessions
- **REQ-I18N-004**: All UI text shall be translatable
- **REQ-I18N-005**: Test types shall have bilingual names

#### 5.11.2 Right-to-Left (RTL) Support
- **REQ-I18N-006**: Arabic language shall use RTL layout
- **REQ-I18N-007**: RTL shall affect:
  - Text direction
  - Form layouts
  - Menu alignment
  - Icon positioning
- **REQ-I18N-008**: Numbers and dates shall remain LTR in Arabic

#### 5.11.3 Date & Time Formatting
- **REQ-I18N-009**: Dates shall be displayed in format: DD/MM/YYYY
- **REQ-I18N-010**: Times shall be displayed in 24-hour format
- **REQ-I18N-011**: Timezone shall be UAE (UTC+4)
- **REQ-I18N-012**: Timestamps shall be stored in UTC in database

---

## 6. Technical Requirements

### 6.1 Architecture

#### 6.1.1 System Architecture
- **REQ-ARCH-001**: System shall follow 3-tier architecture:
  - **Presentation Tier**: HTML, CSS, JavaScript (Bootstrap 5.3)
  - **Application Tier**: PHP 8.1+ mysqli
  - **Data Tier**: MySQL 8.0+

#### 6.1.2 Design Patterns
- **REQ-ARCH-002**: System shall implement:
  - MVC (Model-View-Controller) pattern
  - Repository pattern for data access
  - Factory pattern for object creation
  - Dependency injection where applicable

#### 6.1.3 Database Design
- **REQ-ARCH-003**: Database shall be normalized to 3NF
- **REQ-ARCH-004**: Foreign keys shall enforce referential integrity
- **REQ-ARCH-005**: Indexes shall be created on:
  - Primary keys
  - Foreign keys
  - Frequently searched columns
  - Date/time columns

### 6.2 Technology Stack

#### 6.2.1 Frontend Technologies
- **REQ-TECH-001**: HTML5 for markup
- **REQ-TECH-002**: CSS3 for styling
- **REQ-TECH-003**: JavaScript (ES6+) for client-side logic
- **REQ-TECH-004**: Bootstrap 5.3 for responsive design
- **REQ-TECH-005**: Font Awesome 6.4 for icons
- **REQ-TECH-006**: Chart.js for data visualization

#### 6.2.2 Backend Technologies
- **REQ-TECH-007**: PHP 8.1+ for server-side logic
- **REQ-TECH-008**: mysqli for database abstraction
- **REQ-TECH-009**: bcrypt for password hashing
- **REQ-TECH-010**: PHPMailer for email functionality

#### 6.2.3 Database
- **REQ-TECH-011**: MySQL 8.0+ for data storage
- **REQ-TECH-012**: InnoDB storage engine
- **REQ-TECH-013**: UTF-8MB4 character set

#### 6.2.4 Web Server
- **REQ-TECH-014**: Apache 2.4+ or IIS 10+
- **REQ-TECH-015**: HTTPS/TLS 1.3
- **REQ-TECH-016**: mod_rewrite (Apache) for clean URLs

### 6.3 Database Schema

#### 6.3.1 Core Tables
- **REQ-DB-001**: System shall include the following tables:
  - `users` - User accounts
  - `locations` - Testing locations
  - `testbenches` - Testing equipment
  - `test_types` - Test type definitions
  - `test_results` - Test execution records
  - `test_data` - Detailed test measurements
  - `audit_log` - Audit trail
  - `sessions` - User sessions
  
  additional for table domestic and bulk
  
  THE TYPES OF TESTS CONDUCTED 
 
1) Intrinsic Error Test (Accuracy Test) 
2) Magnetic Field Test 
3) Endurance Continuous Test 
4) Endurance Dis-Continuous Test  
5) Reverse Flow Test 
6) Flow Disturbance Test 
7) Static Pressure Test 
8) Water Pressure Test 
9) Pressure Loss Test 
10) Water Temperature Test 
11) Overload Temperature Test

#### 6.3.2 Data Types
- **REQ-DB-002**: Use appropriate data types:
  - INT for IDs
  - VARCHAR for strings
  - TEXT for long text
  - DATETIME for timestamps
  - DECIMAL for precise numbers
  - ENUM for fixed options
  - JSON for flexible data

#### 6.3.3 Constraints
- **REQ-DB-003**: Implement constraints:
  - PRIMARY KEY on all ID columns
  - FOREIGN KEY with CASCADE/RESTRICT
  - UNIQUE on unique columns
  - NOT NULL on required columns
  - CHECK constraints for data validation

### 6.4 API Design

#### 6.4.1 API Structure
- **REQ-API-001**: RESTful API endpoints for CRUD operations
- **REQ-API-002**: JSON request/response format
- **REQ-API-003**: Standard HTTP methods:
  - GET for retrieval
  - POST for creation
  - PUT/PATCH for updates
  - DELETE for deletion

#### 6.4.2 API Endpoints
- **REQ-API-004**: Core API endpoints:
  - `/api/users` - User management
  - `/api/locations` - Location management
  - `/api/testbenches` - Testbench management
  - `/api/test-types` - Test type management
  - `/api/tests` - Test execution
  - `/api/reports` - Report generation

#### 6.4.3 API Response Format
- **REQ-API-005**: Standard response format:
```json
{
  "success": true,
  "data": {},
  "message": "",
  "error": ""
}
```

#### 6.4.4 Error Handling
- **REQ-API-006**: HTTP status codes:
  - 200: Success
  - 201: Created
  - 400: Bad Request
  - 401: Unauthorized
  - 403: Forbidden
  - 404: Not Found
  - 422: Validation Error
  - 500: Server Error

### 6.5 Security Implementation

#### 6.5.1 Input Validation
- **REQ-SEC-001**: All user input shall be validated server-side
- **REQ-SEC-002**: Use prepared statements to prevent SQL injection
- **REQ-SEC-003**: Sanitize input before display to prevent XSS
- **REQ-SEC-004**: Validate file uploads (type, size, content)

#### 6.5.2 Session Management
- **REQ-SEC-005**: Use PHP sessions with secure settings:
  - `session.cookie_httponly = 1`
  - `session.cookie_secure = 1` (HTTPS)
  - `session.use_strict_mode = 1`
- **REQ-SEC-006**: Regenerate session ID on privilege change
- **REQ-SEC-007**: Destroy session completely on logout

#### 6.5.3 CSRF Protection
- **REQ-SEC-008**: Implement CSRF tokens for all forms
- **REQ-SEC-009**: Validate CSRF tokens on submission
- **REQ-SEC-010**: Tokens shall expire after 1 hour

#### 6.5.4 Headers
- **REQ-SEC-011**: Set security headers:
  - `X-Frame-Options: DENY`
  - `X-Content-Type-Options: nosniff`
  - `X-XSS-Protection: 1; mode=block`
  - `Content-Security-Policy`
  - `Strict-Transport-Security`

### 6.6 File Structure

#### 6.6.1 Directory Structure
```
sewa/
├── admin/                  # Admin pages
│   ├── users.php
│   ├── locations.php
│   ├── testbenches.php
│   ├── test-types.php
│   └── audit.php
├── api/                    # API endpoints
│   ├── user-actions.php
│   ├── location-actions.php
│   ├── testbench-actions.php
│   ├── test-type-actions.php
│   └── test-actions.php
├── assets/                 # Static assets
│   ├── css/
│   │   └── theme-lite.css
│   ├── js/
│   │   └── app.js
│   └── images/
├── classes/                # PHP classes
│   ├── Database.php
│   ├── User.php
│   ├── Test.php
│   └── Report.php
├── config/                 # Configuration files
│   ├── database.php
│   ├── app.php
│   └── constants.php
├── dashboard/              # User dashboard
│   ├── index.php
│   ├── tests.php
│   └── history.php
├── database/               # Database scripts
│   ├── schema.sql
│   └── test_types_data.sql
├── docs/                   # Documentation
│   ├── PRD.md
│   ├── MANAGEMENT-GUIDE.md
│   └── API-DOCS.md
├── includes/               # Common includes
│   ├── bootstrap.php
│   ├── header.php
│   ├── footer.php
│   ├── auth.php
│   ├── db.php
│   └── functions.php
├── lang/                   # Language files
│   ├── en.json
│   └── ar.json
├── reports/                # Report generation
│   └── generate.php
├── storage/                # File storage
│   ├── logs/
│   ├── reports/
│   └── uploads/
├── modules/                  # Unit tests
├── .htaccess              # Apache config
├── index.php              # Login page
└── logout.php             # Logout handler
```

---

## 7. User Interface Requirements

### 7.1 Design Principles

#### 7.1.1 Core Principles
- **REQ-UI-001**: User interface shall be clean, modern, and professional
- **REQ-UI-002**: Design shall prioritize usability over aesthetics
- **REQ-UI-003**: Interface shall be consistent across all pages
- **REQ-UI-004**: Navigation shall be intuitive and predictable
- **REQ-UI-005**: Feedback shall be immediate and clear

#### 7.1.2 Design System
- **REQ-UI-006**: Color Palette:
  - **Primary**: Light Green (#10b981)
  - **Secondary**: Black (#1f2937)
  - **Danger**: Red (#ef4444)
  - **Success**: Green (#10b981)
  - **Warning**: Orange (#f59e0b)
  - **Info**: Blue (#06b6d4)
- **REQ-UI-007**: Typography:
  - Font Family: Inter, Segoe UI, system fonts
  - Base Size: 16px
  - Line Height: 1.6
  - Weights: 400 (regular), 500 (medium), 600 (semibold), 700 (bold)
- **REQ-UI-008**: Spacing:
  - Base unit: 4px
  - Common values: 8px, 12px, 16px, 24px, 32px

### 7.2 Layout

#### 7.2.1 Page Layout
- **REQ-UI-009**: All pages shall use consistent layout:
  - Header (navigation bar)
  - Sidebar (left-side menu)
  - Main content area
  - Footer
- **REQ-UI-010**: Header shall be sticky (fixed position)
- **REQ-UI-011**: Sidebar shall be collapsible on mobile
- **REQ-UI-012**: Content area shall be scrollable independently

#### 7.2.2 Responsive Design
- **REQ-UI-013**: System shall be responsive across devices:
  - **Desktop**: ≥1200px (full layout)
  - **Laptop**: 992px-1199px (full layout)
  - **Tablet**: 768px-991px (adjusted layout)
  - **Mobile**: <768px (stacked layout)
- **REQ-UI-014**: Touch targets shall be minimum 44x44px on mobile
- **REQ-UI-015**: Forms shall stack vertically on mobile

### 7.3 Navigation

#### 7.3.1 Top Navigation
- **REQ-UI-016**: Header shall include:
  - SEWA logo
  - Application name
  - Language switcher
  - User menu (profile, settings, logout)
- **REQ-UI-017**: User menu shall be dropdown-based
- **REQ-UI-018**: Active page shall be indicated in navigation

#### 7.3.2 Side Navigation
- **REQ-UI-019**: Sidebar shall include:
  - Dashboard
  - Tests
  - Test History
  - Reports
  - Administration section (if authorized)
  - System Configuration section (if authorized)
  - Audit Log (if authorized)
- **REQ-UI-020**: Menu items shall have icons
- **REQ-UI-021**: Submenu items shall be indented
- **REQ-UI-022**: Active menu item shall be highlighted
- **REQ-UI-023**: Hover states shall provide visual feedback

### 7.4 Components

#### 7.4.1 Buttons
- **REQ-UI-024**: Button styles:
  - Primary: Green gradient
  - Secondary: Gray solid
  - Success: Green solid
  - Danger: Red solid
  - Warning: Orange solid
  - Info: Blue solid
- **REQ-UI-025**: Buttons shall have:
  - Clear labels
  - Icons (optional)
  - Hover states
  - Disabled states
  - Loading states (spinner)

#### 7.4.2 Forms
- **REQ-UI-026**: Form fields shall include:
  - Clear labels
  - Placeholder text (when helpful)
  - Help text (when needed)
  - Required indicators (*)
  - Validation messages
- **REQ-UI-027**: Validation shall be:
  - Client-side (instant feedback)
  - Server-side (security)
  - Inline (next to field)
- **REQ-UI-028**: Required fields shall be marked
- **REQ-UI-029**: Error messages shall be specific and actionable

#### 7.4.3 Tables
- **REQ-UI-030**: Tables shall include:
  - Column headers (sortable)
  - Hover row highlighting
  - Alternating row colors (zebra striping)
  - Action buttons per row
  - Pagination (if >25 rows)
  - Loading states
- **REQ-UI-031**: Tables shall be responsive:
  - Horizontal scroll on mobile
  - Or card-based layout on mobile

#### 7.4.4 Cards
- **REQ-UI-032**: Cards shall include:
  - Header (with title and actions)
  - Body (content)
  - Footer (optional)
- **REQ-UI-033**: Cards shall have:
  - Border radius: 12px
  - Box shadow: subtle
  - Hover effect: lift
  - White background

#### 7.4.5 Modals
- **REQ-UI-034**: Modals shall include:
  - Header (title and close button)
  - Body (content/form)
  - Footer (action buttons)
- **REQ-UI-035**: Modals shall have:
  - Backdrop overlay (dim background)
  - Close on backdrop click (optional)
  - Close on ESC key
  - Focus trap (accessibility)

#### 7.4.6 Alerts & Notifications
- **REQ-UI-036**: Alerts shall have types:
  - Success (green)
  - Error (red)
  - Warning (orange)
  - Info (blue)
- **REQ-UI-037**: Alerts shall include:
  - Icon
  - Message
  - Close button (optional)
  - Auto-dismiss (5 seconds)
- **REQ-UI-038**: Toasts (notifications) shall appear:
  - Top-right corner
  - Stack vertically
  - Auto-dismiss
  - Slide-in animation

#### 7.4.7 Loading States
- **REQ-UI-039**: Loading indicators shall be shown:
  - Button spinners (inline)
  - Page loaders (full page)
  - Skeleton screens (content placeholders)
- **REQ-UI-040**: Loading shall never block user from cancelling

### 7.5 Specific Page Requirements

#### 7.5.1 Login Page
- **REQ-UI-041**: Login page shall include:
  - SEWA logo and branding
  - Application name and tagline
  - Username field
  - Password field with show/hide toggle
  - Remember me checkbox
  - Login button
  - Forgot password link
  - Language switcher
- **REQ-UI-042**: Login page shall have:
  - Centered card layout
  - Gradient background
  - Animations (subtle)
  - Error messages below form

#### 7.5.2 Dashboard
- **REQ-UI-043**: Dashboard shall include:
  - Welcome message with user name
  - Date filter (from/to dates)
  - Statistics cards (4 cards in a row)
  - Recent tests table
  - Test type breakdown chart
  - Calibration alerts
  - Quick action buttons
- **REQ-UI-044**: Statistics cards shall show:
  - Large number (metric)
  - Label
  - Icon
  - Trend indicator (up/down)
  - Color coding

#### 7.5.3 Test Execution Page
- **REQ-UI-045**: Test execution shall be wizard-based:
  - Step 1: Select Location & Testbench
  - Step 2: Select Test Type
  - Step 3: Enter Meter Information
  - Step 4: Enter Test Parameters
  - Step 5: Record Test Data
  - Step 6: Confirm & Submit
- **REQ-UI-046**: Wizard shall show:
  - Progress indicator
  - Step navigation
  - Previous/Next buttons
  - Cancel button
  - Save draft option

#### 7.5.4 Test History Page
- **REQ-UI-047**: Test history shall include:
  - Search bar (prominent)
  - Advanced filters (collapsible)
  - Results table
  - Pagination
  - Export button
- **REQ-UI-048**: Each test row shall have actions:
  - View details
  - Generate certificate
  - Delete (if authorized)

#### 7.5.5 Management Pages
- **REQ-UI-049**: Management pages shall use card-based layout
- **REQ-UI-050**: Each card shall represent one record
- **REQ-UI-051**: Cards shall include:
  - Title/Name
  - Key information
  - Status badge
  - Action buttons
- **REQ-UI-052**: Grid shall be:
  - 3 columns on desktop
  - 2 columns on tablet
  - 1 column on mobile

### 7.6 Accessibility

#### 7.6.1 WCAG Compliance
- **REQ-UI-053**: System shall meet WCAG 2.1 Level AA
- **REQ-UI-054**: Color contrast ratio shall be minimum 4.5:1
- **REQ-UI-055**: All interactive elements shall be keyboard accessible
- **REQ-UI-056**: Focus indicators shall be visible

#### 7.6.2 Semantic HTML
- **REQ-UI-057**: Use semantic HTML5 elements
- **REQ-UI-058**: Proper heading hierarchy (h1-h6)
- **REQ-UI-059**: ARIA labels where needed
- **REQ-UI-060**: Alt text for all images

#### 7.6.3 Keyboard Navigation
- **REQ-UI-061**: Tab order shall be logical
- **REQ-UI-062**: Enter key shall submit forms
- **REQ-UI-063**: ESC key shall close modals
- **REQ-UI-064**: Arrow keys shall navigate tables/lists

---

## 8. Security Requirements

### 8.1 Authentication Security

#### 8.1.1 Password Security
- **REQ-SEC-101**: Passwords must be hashed using bcrypt (cost 12)
- **REQ-SEC-102**: Password minimum length: 8 characters
- **REQ-SEC-103**: Password must contain:
  - Uppercase letter
  - Lowercase letter
  - Number
  - Special character
- **REQ-SEC-104**: Password history: Last 5 passwords cannot be reused
- **REQ-SEC-105**: Failed login lockout: 5 attempts = 15 min lockout

#### 8.1.2 Session Security
- **REQ-SEC-106**: Session timeout: 30 minutes inactivity
- **REQ-SEC-107**: Session ID regeneration on privilege change
- **REQ-SEC-108**: Secure session cookies (HttpOnly, Secure, SameSite)
- **REQ-SEC-109**: One session per user (optional)

### 8.2 Authorization Security

#### 8.2.1 Access Control
- **REQ-SEC-110**: Enforce role-based permissions at:
  - UI level (hide/disable)
  - Controller level (redirect)
  - API level (403 Forbidden)
- **REQ-SEC-111**: Prevent horizontal privilege escalation
- **REQ-SEC-112**: Prevent vertical privilege escalation
- **REQ-SEC-113**: Check permissions on every request

### 8.3 Data Security

#### 8.3.1 Data Protection
- **REQ-SEC-114**: Encrypt sensitive data at rest:
  - Passwords (bcrypt)
  - API keys (AES-256)
- **REQ-SEC-115**: Use HTTPS/TLS 1.3 for data in transit
- **REQ-SEC-116**: Sanitize all output to prevent XSS
- **REQ-SEC-117**: Use prepared statements to prevent SQL injection

#### 8.3.2 Data Validation
- **REQ-SEC-118**: Validate all input server-side
- **REQ-SEC-119**: Whitelist allowed characters
- **REQ-SEC-120**: Enforce data type validation
- **REQ-SEC-121**: Enforce length/range validation

### 8.4 Application Security

#### 8.4.1 CSRF Protection
- **REQ-SEC-122**: Generate unique CSRF token per session
- **REQ-SEC-123**: Include CSRF token in all forms
- **REQ-SEC-124**: Validate CSRF token on submission
- **REQ-SEC-125**: Reject requests with invalid/missing tokens

#### 8.4.2 File Upload Security
- **REQ-SEC-126**: Validate file type (whitelist)
- **REQ-SEC-127**: Validate file size (max 10MB)
- **REQ-SEC-128**: Scan files for malware
- **REQ-SEC-129**: Store files outside web root
- **REQ-SEC-130**: Generate random filenames

#### 8.4.3 Error Handling
- **REQ-SEC-131**: Display generic error messages to users
- **REQ-SEC-132**: Log detailed errors server-side
- **REQ-SEC-133**: Never expose stack traces to users
- **REQ-SEC-134**: Never expose database structure in errors

### 8.5 Infrastructure Security

#### 8.5.1 Server Security
- **REQ-SEC-135**: Disable directory listing
- **REQ-SEC-136**: Disable unnecessary PHP functions
- **REQ-SEC-137**: Keep software updated (PHP, MySQL, Apache)
- **REQ-SEC-138**: Use firewall rules (allow only necessary ports)

#### 8.5.2 Database Security
- **REQ-SEC-139**: Use least privilege principle for DB users
- **REQ-SEC-140**: Separate DB users for different operations
- **REQ-SEC-141**: Disable remote root access
- **REQ-SEC-142**: Enable MySQL audit log

#### 8.5.3 Backup Security
- **REQ-SEC-143**: Encrypt database backups
- **REQ-SEC-144**: Store backups off-site
- **REQ-SEC-145**: Test backup restoration regularly
- **REQ-SEC-146**: Retain backups for 90 days minimum

---

## 9. Performance Requirements

### 9.1 Response Time

#### 9.1.1 Page Load Times
- **REQ-PERF-001**: Dashboard shall load within 3 seconds
- **REQ-PERF-002**: Standard pages shall load within 2 seconds
- **REQ-PERF-003**: Form submissions shall respond within 1 second
- **REQ-PERF-004**: Search results shall return within 2 seconds
- **REQ-PERF-005**: API calls shall respond within 500ms

#### 9.1.2 Report Generation
- **REQ-PERF-006**: Single test certificate shall generate within 5 seconds
- **REQ-PERF-007**: Batch reports (100 tests) shall generate within 30 seconds
- **REQ-PERF-008**: Large exports (1000+ tests) shall be queued

### 9.2 Throughput

#### 9.2.1 Concurrent Users
- **REQ-PERF-009**: System shall support 50 concurrent users
- **REQ-PERF-010**: System shall support 100 concurrent users (peak)
- **REQ-PERF-011**: System shall maintain performance under load

#### 9.2.2 Transaction Volume
- **REQ-PERF-012**: System shall handle 100 tests per hour
- **REQ-PERF-013**: System shall handle 1000 tests per day
- **REQ-PERF-014**: System shall handle 10,000 tests per year

### 9.3 Resource Usage

#### 9.3.1 Server Resources
- **REQ-PERF-015**: CPU usage shall not exceed 70% under normal load
- **REQ-PERF-016**: Memory usage shall not exceed 80% of available RAM
- **REQ-PERF-017**: Disk I/O shall not become bottleneck

#### 9.3.2 Database Performance
- **REQ-PERF-018**: Database queries shall complete within 100ms (simple)
- **REQ-PERF-019**: Complex queries shall complete within 500ms
- **REQ-PERF-020**: Database connections shall be pooled

### 9.4 Optimization

#### 9.4.1 Frontend Optimization
- **REQ-PERF-021**: Minimize HTTP requests
- **REQ-PERF-022**: Compress CSS/JS files (minification)
- **REQ-PERF-023**: Optimize images (WebP format)
- **REQ-PERF-024**: Lazy load images below fold
- **REQ-PERF-025**: Use browser caching (cache headers)

#### 9.4.2 Backend Optimization
- **REQ-PERF-026**: Use opcode cache (OPcache)
- **REQ-PERF-027**: Use query result caching (Redis/Memcached)
- **REQ-PERF-028**: Use database indexes appropriately
- **REQ-PERF-029**: Optimize SQL queries (avoid N+1)
- **REQ-PERF-030**: Use pagination for large result sets

#### 9.4.3 Caching Strategy
- **REQ-PERF-031**: Cache static assets (CSS, JS, images)
- **REQ-PERF-032**: Cache dashboard data (5 minutes)
- **REQ-PERF-033**: Cache test type list (indefinite, invalidate on change)
- **REQ-PERF-034**: Cache location list (indefinite, invalidate on change)

---

## 10. Integration Requirements

### 10.1 External Systems

#### 10.1.1 Email System
- **REQ-INT-001**: System shall integrate with SMTP server
- **REQ-INT-002**: Email notifications for:
  - Password reset
  - Account creation
  - Calibration reminders
  - System alerts
- **REQ-INT-003**: Email templates shall be customizable
- **REQ-INT-004**: Email sending shall be asynchronous (queued)

#### 10.1.2 Active Directory (Future)
- **REQ-INT-005**: System shall support AD authentication (Phase 2)
- **REQ-INT-006**: Users shall be able to login with AD credentials
- **REQ-INT-007**: AD groups shall map to system roles

#### 10.1.3 Testbench Hardware (Future)
- **REQ-INT-008**: System shall integrate with testbench equipment (Phase 2)
- **REQ-INT-009**: Automatic data capture from testbenches
- **REQ-INT-010**: Real-time test monitoring
- **REQ-INT-011**: Equipment status monitoring

### 10.2 Data Exchange

#### 10.2.1 Import Capabilities
- **REQ-INT-012**: System shall support data import from:
  - CSV (test results)
  - Excel (bulk user creation)
- **REQ-INT-013**: Import shall validate data before insertion
- **REQ-INT-014**: Import errors shall be reported clearly

#### 10.2.2 Export Capabilities
- **REQ-INT-015**: System shall export data to:
  - PDF (reports)
  - Excel (XLSX)
  - CSV (raw data)
- **REQ-INT-016**: Exports shall include all filtered data
- **REQ-INT-017**: Large exports shall be queued

#### 10.2.3 API Integration
- **REQ-INT-018**: System shall provide REST API
- **REQ-INT-019**: API shall use JSON format
- **REQ-INT-020**: API shall require authentication (API keys)
- **REQ-INT-021**: API documentation shall be available

---

## 11. Data Requirements

### 11.1 Data Model

#### 11.1.1 Core Entities
- **REQ-DATA-001**: System shall manage the following entities:
  - Users
  - Locations
  - Testbenches
  - Test Types
  - Test Results
  - Test Data (measurements)
  - Audit Logs
  - Sessions

#### 11.1.2 Entity Relationships
```
Users (N) → (1) Locations
Locations (1) → (N) Testbenches
Testbenches (1) → (N) Test Results
Test Types (1) → (N) Test Results
Test Results (1) → (N) Test Data
Users (1) → (N) Test Results (technician)
Users (1) → (N) Audit Logs
```

### 11.2 Data Integrity

#### 11.2.1 Referential Integrity
- **REQ-DATA-002**: Foreign keys shall enforce relationships
- **REQ-DATA-003**: CASCADE delete where appropriate:
  - Delete testbench → cascade to test results
  - Delete test result → cascade to test data
- **REQ-DATA-004**: RESTRICT delete where critical:
  - Cannot delete location with active testbenches
  - Cannot delete test type with results

#### 11.2.2 Data Validation
- **REQ-DATA-005**: Database constraints shall enforce:
  - NOT NULL on required fields
  - UNIQUE on unique fields
  - CHECK constraints on enums
  - Foreign key constraints
- **REQ-DATA-006**: Application layer shall validate:
  - Data types
  - Value ranges
  - Business rules
  - Cross-field validation

### 11.3 Data Retention

#### 11.3.1 Retention Periods
- **REQ-DATA-007**: Data retention periods:
  - Test results: 7 years (minimum)
  - Audit logs: 7 years (minimum)
  - User accounts: Active + 1 year after deactivation
  - Sessions: 30 days
  - Error logs: 90 days

#### 11.3.2 Archival
- **REQ-DATA-008**: Old data shall be archived (not deleted)
- **REQ-DATA-009**: Archived data shall remain searchable
- **REQ-DATA-010**: Archived data shall be restorable

### 11.4 Backup & Recovery

#### 11.4.1 Backup Strategy
- **REQ-DATA-011**: Daily full database backups
- **REQ-DATA-012**: Hourly incremental backups
- **REQ-DATA-013**: Backup retention: 30 days
- **REQ-DATA-014**: Off-site backup storage
- **REQ-DATA-015**: Encrypted backups

#### 11.4.2 Recovery
- **REQ-DATA-016**: Recovery Time Objective (RTO): 4 hours
- **REQ-DATA-017**: Recovery Point Objective (RPO): 1 hour
- **REQ-DATA-018**: Test backup restoration monthly
- **REQ-DATA-019**: Document recovery procedures

---

## 12. Compliance Requirements

### 12.1 Regulatory Compliance

#### 12.1.1 Water Meter Testing Standards
- **REQ-COMP-001**: System shall comply with:
  - ISO 4064 (Water meters standards)
  - OIML R49 (Water meters - Pattern approval and verification)
  - UAE Water Meter Testing Standards
- **REQ-COMP-002**: Test procedures shall follow standard protocols
- **REQ-COMP-003**: Test certificates shall include all required information

#### 12.1.2 Data Protection
- **REQ-COMP-004**: System shall comply with UAE data protection laws
- **REQ-COMP-005**: Personal data shall be protected
- **REQ-COMP-006**: Data access shall be logged
- **REQ-COMP-007**: Users shall have right to access their data

#### 12.1.3 Quality Management
- **REQ-COMP-008**: System shall support ISO 9001 requirements
- **REQ-COMP-009**: Complete audit trails for quality assurance
- **REQ-COMP-010**: Traceability of all tests and results

### 12.2 Internal Policies

#### 12.2.1 SEWA Policies
- **REQ-COMP-011**: System shall comply with SEWA IT policies
- **REQ-COMP-012**: Password policies shall match SEWA standards
- **REQ-COMP-013**: Access control shall follow SEWA guidelines

#### 12.2.2 Audit Requirements
- **REQ-COMP-014**: System shall provide complete audit trail
- **REQ-COMP-015**: Audit logs shall be tamper-proof
- **REQ-COMP-016**: Audit logs shall be exportable for external audits

---

## 13. Success Metrics

### 13.1 Key Performance Indicators (KPIs)

#### 13.1.1 Operational Metrics
- **KPI-001**: Test Processing Time: <20 minutes per test (target)
- **KPI-002**: Data Entry Accuracy: >99% (target)
- **KPI-003**: System Uptime: >99.5% (target)
- **KPI-004**: Report Generation Time: <5 minutes (target)
- **KPI-005**: User Satisfaction Score: >4.0/5.0 (target)

#### 13.1.2 Quality Metrics
- **KPI-006**: Test Pass Rate: 85-95% (expected range)
- **KPI-007**: Calibration Compliance: >95% on-time (target)
- **KPI-008**: Audit Trail Completeness: 100% (target)
- **KPI-009**: Data Validation Errors: <1% (target)
- **KPI-010**: System Error Rate: <0.1% (target)

#### 13.1.3 Business Metrics
- **KPI-011**: Tests per Day: Increase by 40% (target)
- **KPI-012**: Paper Usage: Decrease by 90% (target)
- **KPI-013**: Manual Errors: Decrease by 95% (target)
- **KPI-014**: Cost per Test: Decrease by 30% (target)
- **KPI-015**: ROI: >100% in Year 1 (target)

### 13.2 Acceptance Criteria

#### 13.2.1 Functional Acceptance
- **ACCEPT-001**: All functional requirements implemented
- **ACCEPT-002**: All user roles can perform assigned tasks
- **ACCEPT-003**: All test types are executable
- **ACCEPT-004**: Reports generate correctly
- **ACCEPT-005**: Audit trail is complete

#### 13.2.2 Performance Acceptance
- **ACCEPT-006**: Dashboard loads within 3 seconds
- **ACCEPT-007**: System supports 50 concurrent users
- **ACCEPT-008**: Search results return within 2 seconds
- **ACCEPT-009**: Reports generate within 10 seconds

#### 13.2.3 Security Acceptance
- **ACCEPT-010**: All authentication requirements met
- **ACCEPT-011**: All authorization requirements met
- **ACCEPT-012**: Penetration testing passed
- **ACCEPT-013**: Security audit passed

#### 13.2.4 Usability Acceptance
- **ACCEPT-014**: User training completed successfully
- **ACCEPT-015**: User satisfaction >4.0/5.0
- **ACCEPT-016**: Technicians can complete tests without assistance
- **ACCEPT-017**: Mobile responsive works on all devices

---

## 14. Project Roadmap

### 14.1 Phase 1: Core System (Completed)

#### 14.1.1 Deliverables
- ✅ User authentication and authorization
- ✅ Location management
- ✅ Testbench management (Domestic & Bulk)
- ✅ Test type management (11 types)
- ✅ Dashboard with statistics
- ✅ Sidebar navigation
- ✅ Modern UI with responsive design
- ✅ Audit logging
- ✅ Documentation (PRD, Guides)


### 14.2 Phase 2: Test Execution (Q1 2026)

#### 14.2.1 Deliverables
- [ ] Test execution wizard
- [ ] Test data recording
- [ ] Test result calculation
- [ ] Test status management
- [ ] Test history and search
- [ ] Test details view


### 14.3 Phase 3: Reporting (Q1-Q2 2026)

#### 14.3.1 Deliverables
- [ ] Test certificate generation (PDF)
- [ ] Batch reports
- [ ] Summary reports
- [ ] Analytics and charts
- [ ] Data export (Excel, CSV)
- [ ] Report templates


### 14.4 Phase 4: Advanced Features (Q2 2026)

#### 14.4.1 Deliverables
- [ ] Advanced search and filtering
- [ ] Custom test types
- [ ] Test scheduling
- [ ] Email notifications
- [ ] Mobile app (optional)
- [ ] API documentation


### 14.5 Phase 5: Integration (Q2-Q3 2026)

#### 14.5.1 Deliverables
- [ ] Active Directory integration
- [ ] Testbench hardware integration
- [ ] Real-time data capture
- [ ] Equipment monitoring
- [ ] Third-party API integrations

### 14.6 Phase 6: Deployment & Training (Q3 2026)

#### 14.6.1 Deliverables
- [ ] Production deployment
- [ ] User training (all roles)
- [ ] Documentation finalization
- [ ] Video tutorials
- [ ] Go-live support


---

## 15. Assumptions and Constraints

### 15.1 Assumptions

#### 15.1.1 Technical Assumptions
- **ASSUME-001**: Windows Server 2019+ will be available
- **ASSUME-002**: MySQL 8.0+ will be available
- **ASSUME-003**: PHP 8.1+ will be available
- **ASSUME-004**: Modern browsers (latest versions) will be used
- **ASSUME-005**: Network infrastructure will support application needs

#### 15.1.2 User Assumptions
- **ASSUME-006**: Users have basic computer literacy
- **ASSUME-007**: Users will complete training before use
- **ASSUME-008**: Users have access to modern devices (desktop/tablet)
- **ASSUME-009**: Technicians are familiar with testing procedures

#### 15.1.3 Business Assumptions
- **ASSUME-010**: Testing standards will remain stable
- **ASSUME-011**: Budget will be approved as planned
- **ASSUME-012**: Resources (team) will be available
- **ASSUME-013**: Stakeholders will be engaged throughout project

### 15.2 Constraints

#### 15.2.1 Technical Constraints
- **CONSTR-001**: Must work on Windows IIS environment
- **CONSTR-002**: Must use existing server infrastructure
- **CONSTR-003**: Cannot use cloud services (on-premises only)
- **CONSTR-004**: Must integrate with existing network
- **CONSTR-005**: Limited to PHP/MySQL technology stack

#### 15.2.2 Budget Constraints
- **CONSTR-006**: Total project budget: $150,000
- **CONSTR-007**: Annual maintenance budget: $30,000
- **CONSTR-008**: No additional hardware purchases allowed

#### 15.2.3 Timeline Constraints
- **CONSTR-009**: Phase 1 must complete by Q1 2026 ✅
- **CONSTR-010**: Full system go-live by Q3 2026
- **CONSTR-011**: Training must complete before go-live

#### 15.2.4 Resource Constraints
- **CONSTR-012**: Development team: 2-3 developers
- **CONSTR-013**: QA team: 1 tester
- **CONSTR-014**: Limited to 40 hours/week per developer

---

## 16. Glossary

### 16.1 Terms and Definitions

| Term | Definition |
|------|------------|
| **Bulk Meter** | Commercial/industrial water meter (>50mm diameter) |
| **Calibration** | Process of adjusting testbench to ensure accuracy |
| **WMTMS** | Cloud Water Meter Testbench Monitoring System |
| **Domestic Meter** | Residential water meter (15mm-50mm diameter) |
| **Intrinsic Error** | Difference between meter reading and actual flow |
| **ISO 4064** | International standard for water meters |
| **OIML R49** | International recommendation for water meter verification |
| **Pass/Fail** | Test result indicating meter meets/fails standards |
| **SEWA** | Sharjah Electricity, Water and Gas Authority |
| **Testbench** | Equipment used to test water meter accuracy |
| **Test Certificate** | Official document certifying test results |
| **Test Type** | Specific type of test (e.g., accuracy, pressure) |
| **Technician** | User role responsible for conducting tests |

### 16.2 Acronyms

| Acronym | Full Form |
|---------|-----------|
| **API** | Application Programming Interface |
| **CRUD** | Create, Read, Update, Delete |
| **CSV** | Comma-Separated Values |
| **CSRF** | Cross-Site Request Forgery |
| **FK** | Foreign Key |
| **HTML** | HyperText Markup Language |
| **HTTP** | HyperText Transfer Protocol |
| **HTTPS** | HyperText Transfer Protocol Secure |
| **JSON** | JavaScript Object Notation |
| **KPI** | Key Performance Indicator |
| **MVC** | Model-View-Controller |
| **PDF** | Portable Document Format |
| **PRD** | Product Requirements Document |
| **REST** | Representational State Transfer |
| **ROI** | Return on Investment |
| **RPO** | Recovery Point Objective |
| **RTO** | Recovery Time Objective |
| **RTL** | Right-to-Left |
| **SMTP** | Simple Mail Transfer Protocol |
| **SQL** | Structured Query Language |
| **TLS** | Transport Layer Security |
| **UAE** | United Arab Emirates |
| **UI** | User Interface |
| **URL** | Uniform Resource Locator |
| **WCAG** | Web Content Accessibility Guidelines |
| **XSS** | Cross-Site Scripting |

---

## Appendices

### Appendix A: User Stories

#### A.1 Super Administrator Stories
- As a Super Admin, I want to create user accounts so that team members can access the system
- As a Super Admin, I want to configure system settings so that the system operates according to policy
- As a Super Admin, I want to view all locations so that I have system-wide visibility

#### A.2 Administrator Stories
- As an Administrator, I want to manage my location's testbenches so that equipment is properly tracked
- As an Administrator, I want to view test statistics so that I can monitor performance
- As an Administrator, I want to generate reports so that I can provide data to management

#### A.3 Technician Stories
- As a Technician, I want to run tests quickly so that I can process more meters
- As a Technician, I want clear test instructions so that I don't make errors
- As a Technician, I want to generate certificates immediately so that customers receive timely service

#### A.4 Auditor Stories
- As an Auditor, I want to view complete audit trails so that I can verify compliance
- As an Auditor, I want to search test history so that I can investigate issues
- As an Auditor, I want to export data so that I can perform external analysis

### Appendix B: Wire frames
*(Note: Wire frames would be included as separate files/images)*

### Appendix C: Database Schema
*(Note: Full database schema included in database/schema.sql)*

### Appendix D: API Documentation
*(Note: Full API documentation would be provided separately)*

