You could have one big-honking test procedure and verify all requirements in that procedure.
For small applications, a single protocol with a single test case might work (but it would have to be a small application with few requirements).
It’s typical to break verification of installation and setup (e.g., IQ if you so please) out into a separate protocol but then the big question often is how to organize the verification of functional requirements (or OQ if you go there).
One method that has proven to work well is to break the testing up into logical chunks.
For example, one ‘chunk’ may be “security” where you verify that all access controls are properly implemented.
Subsections in a Protocol
Depending on the number of requirements and breadth of scope, each ‘chunk’ may be a protocol or may be subsections in a protocol.
Generally, such chunks will fully verify groups of requirements.
Another method that works well is to define use cases that cover specific “stripes” through the requirements.
For example, one use case might be to address a specific function performed by a specific role.
This may fully or partially verify multiple requirements.
At whatever the lowest level of decomposition is, establish test objectives.