Non-functional Requirements – Why do we need them?
Non-functional requirements, what comes to our mind when we talk about NFR (Non-functional requirements)?
What do you put down in non-functional requirements when you are documenting requirements in your project?
When we say non-functional we typically mean those requirements that are not related to functionality of the system, then what exactly are these and why do we need them.
Now imagine a system where it publishes results for 10 graders school certification examination in a country like India, and the kind of load it will have when the results are declared.
So what all requirements do we have to consider for this system apart from functionality, it surely has to have high performance requirement to handle the load as well as good security/authentication system in place.
This is the kind of requirements which is generally referred as Non-functional requirements, the requirements which are important for the user community or for smooth functioning of the system like usability, reliability etc.
The non-functional requirements should always be described in clear terms like the system should be able to handle 0.1 million users simultaneously and the response time has to be less than 2 seconds for each user.
Here is a good list of common non-functional requirements:
NFR Category |
Non-functional Requirements |
Short explanation |
Applicable to situation |
Can be tested by |
Constraint |
Price |
Target price for the solution |
Most |
Checklist |
Constraint |
Resource constraints |
Constraints imposed on development such as constraints imposed due to small screen size of mobile devices. |
Most |
Checklist |
Compliance |
Compliance |
Regulatory compliance. |
Health care (HIPAA, FDA) |
Integration testing across systems |
Compliance |
Documentation |
Documentation requirements. |
Health care, Aviation, Automotive |
Test cases for color blindness |
Compliance |
Legal and licensing issues or patent-infringement-avoidability |
Adhering to compliance requirements. |
Most |
Test cases verification of record data update |
Maintainability |
Analyzability |
Ability to investigate a failure |
Most |
Backup recovery test |
Maintainability |
Changeability |
Ability to change one component without affecting others, and without causing unexpected failures |
Most |
Review the application code |
Maintainability |
Deployment |
Ease with which an application can be deployed and upgraded. |
Most |
Review the application code |
Maintainability |
Escrow |
Source code of an application is kept securely and available to buyer under certain conditions |
Purchased an out-sourced product |
Checklist |
Maintainability |
Extensibility / Modifiability |
Ability to extend the product easily |
Most |
Consumer feedback |
Maintainability |
Supportability |
Ability to support applications for specific period, locations etc. |
Most |
Checklist |
Maintainability |
Testability |
Ease of test automation |
Most |
Checklist |
Performance |
Performance / response time (performance engineering) |
Time taken to respond to a user request. |
Most |
Checklist |
Performance |
Resource utilization |
% of available capacity used |
Most |
Checklist |
Performance |
Scalability |
Ability to support specified number of users / transactions |
Systems supporting large number of users |
Review the application code |
Portability |
Interoperability |
Ability to work with existing systems. |
Most |
Review the application code |
Portability |
Platform compatibility |
Ability to work with stated platforms. |
Most |
Review the application code |
Portability |
Replaceability |
Most |
Review the application code |
|
Reliability |
Availability |
% of time the system is available. |
Critical systems |
Latency testing |
Reliability |
Backup |
Frequency at which data must be backed-up. |
Universal |
Test on desired platforms |
Reliability |
Disaster recovery |
Time taken to restore the application after a disaster. |
Most |
Multiple browser test |
Reliability |
Failure management (Fault tolerance) |
Ability to manage failures. |
Most |
Checklist |
Reliability |
Quality (e.g. faults discovered, faults delivered, fault removal efficacy) |
Target defect density |
Mission critical applications |
Code and design Review |
Reliability |
Recovery / recoverability (e.g. mean time to recovery – MTTR) |
Ability to recover quickly |
Mission critical applications |
Review the application code |
Reliability |
Reliability (e.g. mean time between failures – MTBF) |
Ability to provide service when needed |
Mission critical applications |
Review the application code |
Reliability |
Replaceability |
Ability to replace a faulty part on the fly |
Mission critical applications |
Review the application code |
Reliability |
Resilience |
Ability to withstand attacks |
Mission critical applications |
Checklist |
Reliability |
Robustness |
Ability to operate continuously even under adverse conditions. |
Most |
Simulation of internet attack |
Reliability |
Stability |
Most |
Checklist |
|
Security |
Audit and control aka Accountability |
To track changes made to data. |
Finance, Health care |
Review the application code |
Security |
Authenticity |
Most |
Review the application code |
|
Security |
Confidentiality |
Protect data from being exposed to unauthorized users |
Most |
Review the application code |
Security |
Integrity |
Maintaining correctness of data |
Most |
Penetration test |
Security |
Privacy |
Ability to keep personal data secure. |
Health care |
Penetration test |
Usability |
Accessibility |
Application being usable by persons with special needs such as color blindness. |
Government |
Review the application code |
Usability |
Ease of use |
Limit number of clicks to maximum 3 clicks to complete any transaction |
Most |
Review the application code |
Usability |
Emotional factors (like fun or absorbing) |
Making application likable by a certain audience. |
Education |
Checklist |
Usability |
Internationalization |
Ability to operate the application in different countries such as handling multiple time zone, currency, languages etc. |
Most |
Review the application code |
Usability |
Learnability |
Different user groups should be able to use the product with or without training |
Most |
Review the application code |
Usability |
Safety |
Ensure safe usage of the product and prevent damages caused by the application. For example, safety features for a navigation system. |
Where there are dangers to human life. Aviation, Automotive, Health care etc.. |
Key board control test |
Certification |
Certification on a particular technology such as certified on Azure. |
Most |
Untrained user test |
|
Localization |
Ability to satisfy needs of a particular country or domain (say petroleum industry) |
Most |
Review the application code |
|
Re-usability |
Ability to re-use existing components and create new re-usable components |
Most |
Review the application code |
|
Portability |
Installability |
Ability to install or un-install easily |
Most |
Review the application code |
Whereas some of the common functional requirements include:
- Business Rules, logic, Validation
- Calculations/formulae
- Error message/handling
- Transaction corrections, adjustments and cancellations
- Admin functions/access, super user access
- Authentication
- Authorization levels
- Audit log of transactions
- External Interfaces
- Reporting Requirements
- Legal/Regulatory/Compliance Requirements
The non-functional requirements should always be described in clear terms like the system should be able to handle 0.1 million users simultaneously and the response time has to be less than 2 seconds for each user.
Advantages
- Makes the system user friendly/easy to use and acceptable
- Absence of them makes it lot more difficult to use for users and sometimes system may get abandoned due to the absence of these features
Disadvantages
- Gets missed out often in requirements gathering exercise
- Difficult to articulate or define quantitatively