Non functional requirements: start here

NFR 3 Minutes

I’ve been involved with a university, providing guest lectures on various computer topics. In conversation with the students, they thought that implementing the functional requirements took most of the effort. I disagreed, saying that the functional requirements took a small percentage of the effort, the effort was spent in the Non Functional Requirements.

The scenario

You want a third party to implement an application package to allow people to buy and sell widgets from their phone. Once the package has been developed, they will hand it over to you to sell, support, maintain and upgrade and you will be responsible for it,

At the back-end is a web server.

Requirements you have been given.

  • We expect this application package to be used by all the major banks in the world.
  • For the UK we expect the number of people who have an account to be about 10 million people
  • We expect about 1 million trades a day.

These series of posts cover my thoughts on some of the topics. I’ve tried to cover aspects which are not covered by generally available information.

First thoughts

I spent just a few minutes coming up with the list of Non Functional Requirements below.

  1. How do you provide 24* 7 availability – you are allowed 1 minute of outage in a year!  How do you do this, bearing in mind you need to reboot your machines once a month.
  2. Backups… how often do you backup your database? – how long do you keep your backups for ?   It might take 12 hours to backup your database (50 million records each of 10,000 bytes)    How do you do this and provide 24*7 availability, and database consistency.
  3. More important than backups – are you able to restore from a backup and recover your data?
  4. What monitoring do you provide – so when you get a twitter storm saying this product is slow – what does the product provide?  Is average response time good enough? (No)
  5. Our customers often want messages in English, Japanese etc.  How do you write your code to support this?
  6. Your product has a database problem – you are doing 10,000 transactions a second – so in 100 seconds you get 1 million messages in your log! How do you avoid the flood of messages.
  7. What protection do you want for your database – for example encryption of fields , who has access to fields?
    • Can people who provide the disks where you run your database, read your databases and other files.
    • If the disks/files are encrypted – who has access to the decryption keys?
    • Can people who are responsible for backing up your data, see the data in the database?
  8. What audits information do you need to provide – for example who changed what, when?  How long to keep this data for?  Do you keep access records of who looked at a record; think of the Police computers, should you as a policeman be able to access information about a high profile person, “just out of interest”.
  9. What test suites do you provide – for example you create a fix, and you need to regression test the whole of  your product.  (In one product I worked on the test suite was about 5 times larger than the base code!  It handled normal, error and edge cases).
  10. What debug coding standards do you have?  Think of the post office Horizon scandal.  At the end of the day there is a difference in the amount of money in, and out of £10,100.  How do you debug this and find the problem
  11. You need sensible error messages (so people can google them) with appropriate, helpful return codes.  What standards do you need to provide?
  12. What encryption are you going to use on connections?
  13. What headers are you going to provide in the HTML?
  14. How do you stress test your product?  One customer (a bank) ran their test workload at double the expected production workload.  Customer said that if the system was down – it cost them $10,000,000  a minute in fines and compensation.
  15. What levels of code, such as Java will be used.

Links to pages

Unknown's avatar

Published by Colin Paice

I retired from IBM where I worked on MQ on z/OS, and did customer stuff. I retired, and keep my hand in with MQ, by playing with it! I'm now an #IBMChampion from my work trying to make z/OS product more usable.

Published