Non functional requirements: standards

NFR 1 Minute

This blog post is part of a series on non functional requirements, and how they take most of the effort.

The scenario

You want a third party to implement an application package to allow people to buy and sell widgets from their phone. Once the package has been developed, they will hand it over to you to sell, support, maintain and upgrade and you will be responsible for it,

At the back-end is a web server.

Requirements you have been given.

  • We expect this application package to be used by all the major banks in the world.
  • For the UK we expect the number of people who have an account to be about 10 million people
  • We expect about 1 million trades a day.

See start here for additional topics.

What standards?

You may have industry standards you have to follow. You may have corporate standards you have to follow.

For a hardware device the standards could include the amount of radiation it generates (high frequency radio or microwaves) You need to specify how this will be tested.

You may have to worry about the amount of heat your solution will generate, and how much power it will consume.

Industry software standards may include

  1. Keeping an audit trail of transactions for 10 years
  2. Provide a right to forget, so you can permanently remove someone’s records from the system. This may be incompatible with 1) above. I didn’t say the standards are consistent.
    • How do your implement right to forget – you have backups taken 9 years ago. Are you going to restore all these backups, delete the records, create another backup and delete the original? This will not work.
  3. Report breaches of security.
    • A hacker has accessed your system
    • Some one in your organisation has looked at data without a need to know. For example someone looks up their child’s partner, to see if they are on the government/police computer. This means you need to provide the mechanism to protect and report violations, and an the ability to administer this authority.
  4. Maintain a list of people who had authority to a resource – but did not use it.

How will you test these standards are being met?

Unknown's avatar

Published by Colin Paice

I retired from IBM where I worked on MQ on z/OS, and did customer stuff. I retired, and keep my hand in with MQ, by playing with it! I'm now an #IBMChampion from my work trying to make z/OS product more usable.

Published

Leave a comment