Share this
Non-functional requirements and system qualities - closing the chasm
by Matt Johnston on 07 July 2011
In my architecture consulting and training assignments, software developers and architects often tell me that the non-functional requirements they receive are not usable. The main gripes they have are that the NFRs are sweeping statements not specific to particular transactions, they aren’t credibly traceable to real business needs, or some important categories of NFRs are missing altogether.
Likewise a number of business analysts tell me that they find it difficult to define NFRs; they feel that these are so “technical” that they should be defined by developers, architects or infrastructure specialists.
If this is the situation that you face – a chasm cutting through the team’s understanding, take heart: it doesn’t have to be this difficult! The first step towards closing the chasm is for members of the team to shift their expectations and take on a bit more work:
- Developers or architects: recognise that you will always have to engineer the system quality requirements when you engineer the system. Don’t expect comprehensive non-functional requirements to be handed to you on a plate – they are unlikely to be adequate, and you need the opportunity to explore and negotiate them and understand the real drivers behind them.
- Business analysts: work with the stakeholders to envisage the business context in which the IT solution will be used, and what will drive the need to change the solution over time. Learn which quality characteristics the architects and developers are most influenced by, and which aspects of the business context and IT context typically drive these characteristics.
For example, to support a particular business function, the value required for the system security characteristic Confidentiality will depend on the intra-business and inter-business environment in which the system is used, particularly the trust relationships and the business requirements for privacy. Instead of wondering about encryption standards the business analyst is now dealing with trust and privacy, well within their ability.
The second step towards closing the chasm is already hinted at above. It starts with the team recognising the different types of quality or non-functional or requirements and design decisions, whether they are desired properties of the business or of the system’s externals or its internals, so which sort of stakeholder is entitled to assert these requirements or make these decisions. Then when you understand the drives / supports relationship between the levels it is much easier to derive or create requirements that are clearly justified and traceable.
In my experience, many teams don’t give enough thought to the types (or levels) of quality requirements and decisions. In dealing with the requirements and decisions they inadvertently work with a mix of levels without realising it. For example they try to elicit detailed technical requirements from business people, or write technical decisions into business analysis deliverables. It doesn’t help that the business stakeholders often state some very specific design decisions such as “the customer data must be stored on the salesperson’s PC”.
What are these different levels of quality requirements and decisions? How do they differ in the domain that they concern, or the types of stakeholder immediately impacted by them being met?
|
Level |
Concern |
Direct Stakeholder |
Example |
1 |
Solution ownership objective |
Broader business context |
Solution owner |
Cost of ownership < $20,000 / year. |
2 |
Business operational goal This may be a KPI |
The effectiveness of one business domain (capability group) |
Line of business manager, e.g. process owner. |
Process XYZ: average cycle time < 30 minutes. |
3 |
Business-enablement goal |
Enabling specific business tasks |
Business worker |
Task ABC: average elapsed time < 2 minutes. |
4 |
Non-functional requirement - run-time or deploy-time Also called a quality of servicerequirement. |
The experience of using or operating the system |
End-user or system administrator / operator |
Screen FGH submission: response time 95thpercentile 2.0 seconds. |
5 |
Non-functional requirement - design-time or build-time This is an internal design goal for the system. |
Developing, maintaining and extending the system
|
Development team and maintenance team |
Component PQR response time budget to provide 100 item result set: 95thpercentile < 100ms. |
6 |
Design parameter This is a decision to structure the solution, allocate behaviour to particular components, employ certain mechanisms, utilise technologies or achieve internal properties |
The system’s ability to achieve the levels above |
Architect and developers |
Use a caching mechanism that provides the full result set from cache in 98% of cases. |
Usually I find that the non-functional requiremetns provided to the developers and architect are really just a survey, partially covering levels 1, 2 and 3, with “requirements” that are arbitrary rather than strictly required, not tempered with enough reality. At this point it is best for the architect to take responsibility for the NFRs, and engineer the NFRs so that they are usable by the people who depend on them, i.e. the developers, architects and testers. Engineering the system includes the usual trade-offs between the design parameters in order to achieve the required properties and qualities in the appropriate balance.
However, engineering the system is not a one-way process, working down through the levels. It involves querying and challenging the functional and non-functional requirements, and zig-zagging between making design choices and negotiating the requirements. The requirements cease being arbitrary and reach the right balance because they are both necessary and achievable.
OK, you have accepted the mission, but what resources are available to base your quality analysis and design on? The two leading organisations providing frameworks for organising system quality specifications are the International Organisation for Standardisation (ISO) and the Software Engineering Institute (SEI).
The ISO 25010 standard replaces ISO 9126 and defines sets of quality characteristics, for which you define measures and target values. The ISO equivalents to my levels above are:
- Level 3: Quality In Use Characteristic, e.g. Efficiency.
- Level 4: External Quality Sub-Characteristic, e.g. Time Behaviour.
- Level 5: Internal Quality Sub-Characteristic, e.g. Time Behaviour
SEI uses an equivalent set of terminology, and provides process guidance in the Architecture Tradeoff Analysis Method (ATAM). This includes the Quality Attribute Scenario technique for quantifying the NFRs and tracing them up the levels to real business needs.
Share this
- Agile Development (153)
- Software Development (126)
- Agile (76)
- Scrum (66)
- Application Lifecycle Management (50)
- Capability Development (47)
- Business Analysis (46)
- DevOps (43)
- IT Professional (42)
- Equinox IT News (41)
- Agile Transformation (38)
- IT Consulting (38)
- Knowledge Sharing (36)
- Lean Software Development (35)
- Requirements (35)
- Strategic Planning (35)
- Solution Architecture (34)
- Digital Disruption (32)
- IT Project (31)
- International Leaders (31)
- Digital Transformation (26)
- Project Management (26)
- Cloud (25)
- Azure DevOps (23)
- Coaching (23)
- IT Governance (23)
- System Performance (23)
- Change Management (20)
- Innovation (20)
- MIT Sloan CISR (15)
- Client Briefing Events (13)
- Architecture (12)
- Working from Home (12)
- IT Services (10)
- Data Visualisation (9)
- Kanban (9)
- People (9)
- Business Architecture (8)
- Communities of Practice (8)
- Continuous Integration (7)
- Business Case (4)
- Enterprise Analysis (4)
- Angular UIs (3)
- Business Rules (3)
- GitHub (3)
- Java Development (3)
- Lean Startup (3)
- Satir Change Model (3)
- API (2)
- Automation (2)
- Scaling (2)
- Security (2)
- Toggles (2)
- .Net Core (1)
- AI (1)
- Diversity (1)
- Testing (1)
- ✨ (1)
- August 2024 (1)
- February 2024 (3)
- January 2024 (1)
- September 2023 (2)
- July 2023 (3)
- August 2022 (4)
- August 2021 (1)
- July 2021 (1)
- June 2021 (1)
- May 2021 (1)
- March 2021 (1)
- February 2021 (2)
- November 2020 (2)
- September 2020 (1)
- July 2020 (1)
- June 2020 (3)
- May 2020 (3)
- April 2020 (2)
- March 2020 (8)
- February 2020 (1)
- November 2019 (1)
- August 2019 (1)
- July 2019 (2)
- June 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (1)
- December 2018 (3)
- November 2018 (3)
- October 2018 (3)
- September 2018 (1)
- August 2018 (4)
- July 2018 (5)
- June 2018 (1)
- May 2018 (1)
- April 2018 (5)
- March 2018 (3)
- February 2018 (2)
- January 2018 (2)
- December 2017 (2)
- November 2017 (3)
- October 2017 (4)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (1)
- May 2017 (1)
- March 2017 (1)
- February 2017 (3)
- January 2017 (1)
- November 2016 (1)
- October 2016 (6)
- September 2016 (1)
- August 2016 (5)
- July 2016 (3)
- June 2016 (4)
- May 2016 (7)
- April 2016 (13)
- March 2016 (8)
- February 2016 (8)
- January 2016 (7)
- December 2015 (9)
- November 2015 (12)
- October 2015 (4)
- September 2015 (2)
- August 2015 (3)
- July 2015 (8)
- June 2015 (7)
- April 2015 (2)
- March 2015 (3)
- February 2015 (2)
- December 2014 (4)
- September 2014 (2)
- July 2014 (1)
- June 2014 (2)
- May 2014 (9)
- April 2014 (1)
- March 2014 (2)
- February 2014 (2)
- December 2013 (1)
- November 2013 (2)
- October 2013 (3)
- September 2013 (2)
- August 2013 (6)
- July 2013 (2)
- June 2013 (1)
- May 2013 (4)
- April 2013 (5)
- March 2013 (2)
- February 2013 (2)
- January 2013 (2)
- December 2012 (1)
- November 2012 (1)
- October 2012 (2)
- September 2012 (3)
- August 2012 (3)
- July 2012 (3)
- June 2012 (1)
- May 2012 (1)
- April 2012 (1)
- February 2012 (1)
- December 2011 (4)
- November 2011 (2)
- October 2011 (2)
- September 2011 (4)
- August 2011 (2)
- July 2011 (3)
- June 2011 (4)
- May 2011 (2)
- April 2011 (2)
- March 2011 (3)
- February 2011 (1)
- January 2011 (4)
- December 2010 (2)
- November 2010 (3)
- October 2010 (1)
- September 2010 (1)
- May 2010 (1)
- February 2010 (1)
- July 2009 (1)
- April 2009 (1)
- October 2008 (1)