Business Analyst Interview Question: What is a non-functional requirement, and how does it differ from a functional one?
A non-functional requirement describes a feature or trait that a business solution must have, but that is not directly related to the core business functions of the solution.
Functional requirements are easy to understand: they’re basically about what you want a solution to DO. A website enabling you to place an order, an application needing to send an email, a system required to create a report; these are all examples of things you want a solution to do. You describe these activities through functional requirements.
But consider this: would you want a website that someone can easily hack to see customer information after they place an order? What about an application that sends an email only half the time it’s supposed to? Or how about a system that creates a report with garbage data?
Of course, you would never want any of these things. Yet these things are not about what you want your solution to DO. They’re more about the terms and conditions in which your solution does its functions, or the manner in which it behaves. They describe how functions the manner in which functions should happen, rather than being about the functions themselves. These are non-functional requirements.
What kinds of non-functional requirements can you create?
There are several kinds of non-functional requirements you can create. Here are a few of the more important ones you should know about (not an exhaustive list.)
Availability. What percentage of the time does the business require the system to be available? Is it OK if it’s down for maintenance 5% of the time? Can maintenance happen ad hoc, or must it happen on a certain schedule to ensure reliability?
Disaster Recovery. How do you recover if your system crashes or a hacker succeeds in damaging it? Does your business need backups of technology or data to be kept anywhere in case that happens? Is there a duplicate of the technology somewhere else to switch on and help ensure continuity of operations if the main site goes down? This type of non-functional requirement describes how to guard against things going terribly wrong.
Interoperability. Does your solution play well with other systems? If not, then how does the system need to properly interface and exchange data with others?
Performance. This type of non-functional requirement is about how you want your solution to perform. It’s about how fast, how accurate, how often, that kind of thing. They are things you can measure by capturing data and metrics about the activity.
Reliability. How close to 100% reliable does the system need to be?
Scalability/Capacity. How must the solution react during times of peak or unexpected demand? Must it be scalable so that it can adjust as demands increase? Or is there a maximum number of users, transactions, or whatever that it should be able to process?
Security. This is exactly what it sounds like. Security requirements describe the manner in which the business and IT departments plan to keep a solution safe and secure against unauthorized intrusions.
Do I always have to add non-functional requirements to my Business Requirements Document?
If in doubt, the answer is yes. However, the answer may vary depending on whether you are creating a new system or changing an existing one. And if it’s the latter, the extent and complexity of the change matters too.
When creating a new system from scratch, you must generally always define any non-functional requirement because there’s nothing there right now. If the solution exists already and you’re making minor changes, it’s possible that existing non-functional capabilities may already cover what you’re trying to do. But if your changes are large, then at a minimum you should examine the existing non-functional capabilities and see whether they need to change.
How would you answer a Business Analyst interview question about the definition of a non-functional requirement? Leave your thoughts in the comments!