Non-Functional Requirements Glossary
Non-Functional Requirements (NFRs) are critical to the success of any system, as they define how a system performs rather than what it does. This glossary provides clear and concise definitions of key terms and acronyms related to NFRs, along with examples of practical NFRs for each concept.
The glossary spans a wide range of areas, including accessibility, performance, security, deployment models, and disaster recovery. It also covers modern architectural concepts like cloud computing, containerisation, and serverless models, ensuring it is relevant to contemporary system design and implementation.
By referencing this glossary, business analysts, developers, and stakeholders can better understand the terminology, align their expectations, and specify actionable NFRs that drive quality, reliability, and user satisfaction. Whether you’re evaluating deployment models, designing for resilience, or ensuring compliance, this resource is a practical guide for ensuring robust system performance.
A
- Accessibility
The degree to which a system or software can be used by people with varying levels of ability or disabilities, including visual, auditory, physical, speech, cognitive, or neurological impairments.- Example NFR: “The application must meet WCAG 2.1 AA accessibility standards to ensure usability for users with visual impairments.”
- API (Application Programming Interface)
A set of rules and tools allowing different software applications to communicate with each other. NFRs for APIs often include performance, scalability, and security requirements.- Example NFR: “The API must handle 1,000 requests per second with a maximum latency of 100ms.”
- Availability
The proportion of time a system is operational and accessible when needed. It is typically expressed as a percentage, such as “99.9% uptime” (also called “three nines”).- Example NFR: “The system must achieve an uptime of 99.95% over any 30-day period.”
B
- Business Continuity Planning (BCP)
A strategic process that ensures critical business operations can continue during and after a disruption, such as a natural disaster, cyberattack, or system failure.- Example NFR: “The system must support failover to a backup data centre within 30 minutes of a major disruption.”
C
- Capacity
The maximum load a system can handle, often in terms of users, transactions, or data storage, while maintaining acceptable performance levels.- Example NFR: “The system must support 10,000 concurrent users during peak hours without performance degradation.”
- Cloud Computing
A model for delivering computing resources (e.g., servers, storage, applications) over the internet. Cloud solutions can be classified as public, private, hybrid, or multi-cloud and offer scalability and cost efficiency.- Example NFR: “The application must scale dynamically to accommodate traffic spikes of up to 50% over baseline usage.”
- Community Cloud
A cloud model where infrastructure is shared among multiple organisations with similar requirements or regulatory needs.- Example NFR: “The system must comply with the shared data governance policies of all participating organisations.”
- Compliance
The adherence to laws, regulations, and standards such as GDPR, HIPAA, or ISO/IEC standards.- Example NFR: “The system must ensure data handling practices comply with GDPR Article 5 for data minimisation.”
- Confidentiality
An attribute of security that ensures sensitive information is protected from unauthorised access.- Example NFR: “All sensitive data must be encrypted in transit using TLS 1.2 or higher.”
- Containerisation
A lightweight alternative to full machine virtualisation, where applications and their dependencies are packaged together in a container.- Example NFR: “All application containers must be deployed using an orchestration tool such as Kubernetes to ensure availability and scalability.”
D
- Data Integrity
The assurance that data is accurate, consistent, and unaltered from its original state during storage, transmission, or retrieval.- Example NFR: “The system must validate all data inputs against predefined schemas to ensure consistency.”
- Data Retention
The policies governing how long data is stored and the processes for securely archiving or deleting it.- Example NFR: “All user data must be retained for a maximum of five years and securely deleted thereafter.”
- Disaster Recovery
Strategies and measures to restore operations and data after a catastrophic event such as a server failure, natural disaster, or cyberattack.- Example NFR: “Full data recovery must be achievable within 4 hours of a major outage.”
E
- Edge Computing
A decentralised deployment model where computation and data storage are brought closer to the data sources (e.g., IoT devices) to reduce latency and bandwidth usage.- Example NFR: “The system must process 95% of IoT sensor data locally with a latency of less than 50ms.”
F
- Fault Tolerance
The ability of a system to continue operating properly in the event of a failure of one or more components.- Example NFR: “The system must operate with no more than a 5% degradation in performance after the failure of one node in the cluster.”
H
- Hybrid Cloud
A deployment model that combines public and private cloud resources, allowing organisations to benefit from both scalability (public cloud) and control (private cloud).- Example NFR: “Data must synchronise between private and public cloud environments within 5 minutes of a change.”
I
- IaaS (Infrastructure as a Service)
A cloud computing model that provides virtualised computing resources over the internet, such as servers, storage, and networking.- Example NFR: “The system must auto-scale IaaS resources to support a 50% increase in traffic within 10 minutes.”
- Interoperability
The ability of a system to interact with and exchange data with other systems, applications, or components effectively.- Example NFR: “The system must support data exchange in JSON and XML formats to integrate with external systems.”
L
- Latency
The time delay between a user action and the system’s response.- Example NFR: “The system must respond to user actions within 2 seconds 95% of the time.”
- Load Testing
A type of performance testing that evaluates how a system behaves under expected or peak user loads.- Example NFR: “The system must maintain response times under 500ms with a load of 5,000 concurrent users.”
M
- Maintainability
The ease with which a system can be modified to correct defects, improve functionality, or adapt to a changing environment.- Example NFR: “All code changes must pass automated tests with at least 90% code coverage.”
- Multi-Cloud
The use of multiple cloud providers or platforms to meet diverse business needs.- Example NFR: “The application must route traffic to a secondary cloud provider within 2 minutes of a primary provider failure.”
O
- On-Premise
A software or system deployment model where all hardware, software, and infrastructure are hosted within the organisation’s physical facilities.- Example NFR: “The system must operate on the organisation’s internal network with zero dependency on external internet services.”
- Operational Resilience
The ability of an organisation or system to anticipate, prepare for, respond to, and adapt to incremental change or sudden disruptions, ensuring continued operations or rapid recovery.- Example NFR: “The system must maintain 80% of functionality during network disruptions.”
P
- PaaS (Platform as a Service)
A cloud computing model where a provider delivers hardware and software tools as a service, enabling developers to build and deploy applications without managing infrastructure.- Example NFR: “The platform must support continuous integration pipelines to deploy updates within 15 minutes.”
S
- SaaS (Software as a Service)
A cloud-based software delivery model where applications are hosted by a service provider and accessed by users over the internet.- Example NFR: “The SaaS application must be available to users globally with a latency of less than 200ms.”
- Serverless Computing (Function as a Service, FaaS)
A model where developers write and deploy code in discrete functions, and the infrastructure provisioning and management are fully handled by the cloud provider.- Example NFR: “Each serverless function must execute within 300ms under a load of 1,000 concurrent invocations.”
V
- Virtualised Environments
The use of virtual machines (VMs) to emulate physical hardware, allowing multiple systems to run on a single physical machine.- Example NFR: “Virtual machines must achieve at least 95% uptime with minimal resource contention.”