Compliance with NFRs

Published January 26, 2020
by Doug Klugh

Safeguarding Quality

Ensure on-going compliance with Non-Functional Requirements (NFRs) by defining each in your quality model and including them as acceptance criteria for each user story.  These qualities must be continuously evaluated through inspection or verification (preferably automated testing) to determine compliance.  These requirements will likely affect user experience along with the many characteristics of your software product.

However, it is not enough to include these as part of your regression test suite.  Do not wait until the end of your SDLC to evaluate compliance — Shift Left.  Including these NFRs as part of the acceptance criteria will trigger the team to evaluate that criteria early and adjust the moment any of these requirements fail.  This will promote agility along with higher product quality.

What are NFRs?

Non-Functional Requirements (NFRs) define the qualities, or overall characteristics, of a system and may impose constraints on the design or implementation.  These qualities, many of which are documented in ISO/IEC Standard 25010, may include functionality, performance, security, and maintainability to name a few.  The implementation of non-functional requirements is described in the system architecture.

Building a Quality Model

Building a quality product requires understanding which characteristics must be optimized (and to what degree) to fulfill the requirements of the system.  A quality model defines the set of characteristics and relationships needed to specify the NFRs of a system. 

The ISO/IEC 25000 series of standards, also known as SQuaRE (System and Software Quality Requirements and Evaluation), defines a framework for the evaluation of software product quality.  ISO/IEC Standard 25010 defines a quality model framework for computer systems and software products, while ISO/IEC Standard 25012 defines a quality model framework for data.

ISO/IEC 25010
ISO/IEC 25010
Figure 1 - ISO/IEC 25010
Functional Suitability

This characteristic represents the degree to which a product or system provides functions that meet stated and implied needs when used under specified conditions.  This characteristic is composed of the following sub-characteristics:

  • Functional Completeness
    Degree to which the set of functions covers all the specified tasks and user objectives.
  • Functional Correctness
    Degree to which a product or system provides the correct results with the needed degree of precision.
  • Functional Appropriateness
    Degree to which the functions facilitate the accomplishment of specified tasks and objectives.
Performance Efficiency

This characteristic represents the performance relative to the amount of resources used under stated conditions.  This characteristic is composed of the following sub-characteristics:

  • Time Behaviour
    Degree to which the response and processing times and throughput rates of a product or system, when performing its functions, meet requirements.
  • Resource Utilization
    Degree to which the amounts and types of resources used by a product or system, when performing its functions, meet requirements.
  • Capacity
    Degree to which the maximum limits of a product or system parameter meet requirements.
Compatibility

Degree to which a product, system or component can exchange information with other products, systems or components, and/or perform its required functions while sharing the same hardware or software environment.  This characteristic is composed of the following sub-characteristics:

  • Co-Existence
    Degree to which a product can perform its required functions efficiently while sharing a common environment and resources with other products, without detrimental impact on any other product.
  • Interoperability
    Degree to which two or more systems, products or components can exchange information and use the information that has been exchanged.
Usability

Degree to which a product or system can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified context of use.  This characteristic is composed of the following sub-characteristics:

  • Appropriateness Recognizability
    Degree to which users can recognize whether a product or system is appropriate for their needs.
  • Learnability
    Degree to which a product or system can be used by specified users to achieve specified goals of learning to use the product or system with effectiveness, efficiency, freedom from risk and satisfaction in a specified context of use.
  • Operability
    Degree to which a product or system has attributes that make it easy to operate and control.
  • User Error Protection
    Degree to which a system protects users against making errors.
  • User Interface Aesthetics
    Degree to which a user interface enables pleasing and satisfying interaction for the user.
  • Accessibility
    Degree to which a product or system can be used by people with the widest range of characteristics and capabilities to achieve a specified goal in a specified context of use.
Reliability

Degree to which a system, product or component performs specified functions under specified conditions for a specified period of time.  This characteristic is composed of the following sub-characteristics:

  • Maturity
    Degree to which a system, product or component meets needs for reliability under normal operation.
  • Availability
    Degree to which a system, product or component is operational and accessible when required for use.
  • Fault Tolerance
    Degree to which a system, product or component operates as intended despite the presence of hardware or software faults.
  • Recoverability
    Degree to which, in the event of an interruption or a failure, a product or system can recover the data directly affected and re-establish the desired state of the system.
Security

Degree to which a product or system protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization.  This characteristic is composed of the following sub-characteristics:

  • Confidentiality
    Degree to which a product or system ensures that data are accessible only to those authorized to have access.
  • Integrity
    Degree to which a system, product or component prevents unauthorized access to, or modification of, computer programs or data.
  • Non-Repudiation
    Degree to which actions or events can be proven to have taken place so that the events or actions cannot be repudiated later.
  • Accountability
    Degree to which the actions of an entity can be traced uniquely to the entity.
  • Authenticity
    Degree to which the identity of a subject or resource can be proved to be the one claimed.
Maintainability

This characteristic represents the degree of effectiveness and efficiency with which a product or system can be modified to improve it, correct it or adapt it to changes in environment, and in requirements.  This characteristic is composed of the following sub-characteristics:

  • Modularity
    Degree to which a system or computer program is composed of discrete components such that a change to one component has minimal impact on other components.
  • Reusability
    Degree to which an asset can be used in more than one system, or in building other assets.
  • Analysability
    Degree of effectiveness and efficiency with which it is possible to assess the impact on a product or system of an intended change to one or more of its parts, or to diagnose a product for deficiencies or causes of failures, or to identify parts to be modified.
  • Modifiability
    Degree to which a product or system can be effectively and efficiently modified without introducing defects or degrading existing product quality.
  • Testability
    Degree of effectiveness and efficiency with which test criteria can be established for a system, product or component and tests can be performed to determine whether those criteria have been met.
Portability

Degree of effectiveness and efficiency with which a system, product or component can be transferred from one hardware, software or other operational or usage environment to another.  This characteristic is composed of the following sub-characteristics:

  • Adaptability
    Degree to which a product or system can effectively and efficiently be adapted for different or evolving hardware, software or other operational or usage environments.
  • Installability
    Degree of effectiveness and efficiency with which a product or system can be successfully installed and/or uninstalled in a specified environment.
  • Replaceability
    Degree to which a product can replace another specified software product for the same purpose in the same environment.