5. Non-Functional Requirements (NFRs)
Non-functional requirements (NFRs) define the system’s operational characteristics, quality attributes, and constraints rather than specific behaviors. They describe how a system performs (e.g., speed, usability, security, scalability), focusing on user experience and system reliability. NFRs are generally testable, measurable, and crucial for ensuring the system meets stakeholder expectations.
Key Aspects of NFRs in an SRS:
- Definition: They define the system’s quality attributes or “how well” it performs a function.
- Purpose: They set constraints and quality goals for the functionality.
- Key Characteristics (Common Types):
- Performance: Speed, response time, and throughput (e.g., “Page loads within 2 seconds”).
- Security: Protection against unauthorized access (e.g., “Data encrypted using AES-256”).
- Usability: Ease of use and training requirements.
- Reliability: Uptime, availability, and error rates.
- Scalability: Ability to handle increased load.
- Maintainability: Ease of updating or fixing the software.
- Compatibility: Ability to run on different environments.
Examples:
- Functional: “User can log in.”
- Non-Functional: “User authentication must occur within 1 second.”
- Measurement: NFRs must be quantified for validation, such as specifying response times, error rates, or compliance standards.
NFRs are distinct from functional requirements, which detail what the system does. Neglecting them can lead to a system that functions correctly but is unusable or fails under load.
5.1 Performance Requirements
The system must remain responsive under the projected load.
| ID | Metric | Requirement |
|---|---|---|
| NFR-P1 | Response Time | 90% of API requests must be served in < 200ms. |
| NFR-P2 | Throughput | System must support at least 500 concurrent users. |
| NFR-P3 | Startup Time | The application must be interactive within 3s on 4G connections. |
5.2 Security Requirements
Security is a high-priority Must-Have. Failure to meet these requirements will block production deployment.
- NFR-S1: Encryption - All data at rest must be encrypted using AES-256. All data in transit must use TLS 1.3.
- NFR-S2: Authentication - Multi-Factor Authentication (MFA) must be available for all Administrative accounts.
- NFR-S3: Data Residency - User data must be stored in [Region, e.g., EU-West-1] to comply with GDPR.
5.3 Availability & Reliability
| ID | Attribute | Target |
|---|---|---|
| NFR-R1 | Uptime | 99.9% uptime (excluding scheduled maintenance). |
| NFR-R2 | Backup | Database backups must be performed every 24 hours. |
| NFR-R3 | Recovery | Mean Time to Recovery (MTTR) must be less than 1 hour. |
5.4 Maintainability & Scalability
- NFR-M1: Documentation - All source code must follow [Style Guide] and include TSDoc comments.
- NFR-SC1: Horizontal Scaling - The backend must be able to scale horizontally via Kubernetes based on CPU utilization (>70%).