In my experience in DOAs, I have often seen the compliance matrix treated as a document, maintained in Excel.
In practice this often leads to the situation that it very soon becomes a snapshot of where the programme stood at a particular moment in time.
It was accurate when it was produced. Then a design change came in, and two lines were updated but not a third. Then a comment from EASA changed a particular compliance approach, but why and how exactly was not documented. Then the programme ran for another six months, documents were released, test passed, and the matrix was opened occasionally but never quite kept pace.
Nobody decided to let it drift. But it just happens — because maintaining a live compliance picture across a complex programme, with a small team, under delivery pressure, is genuinely hard.
The result is that at any given moment, the matrix tells you where you were, approximately. Not where you are. And the changes are intransparent. Like a baseline without a change management process. Consequence: a gap to fill and unknown risks surfacing at the worst possible moment of the project: near the foreseen Type Investigation Completion date / Entry Into Service.
For you in the TC / STC space running a certification programme: how do you currently keep your compliance picture current as the design evolves? Genuinely curious what works in practice.