Select Page


Non-Functional Requirements in IT Projects – Minimal Checklist
By Mike Griffiths

All IT systems at some point in their lifecycle need to consider non-functional requirements and their testing. For some projects these requirements warrant extensive work and for other project domains a quick check through may be sufficient. As a minimum, the following list can be a helpful reminder to ensure you have covered the basics. Based on your own project characteristics, I would recommend the topics are converted into SMART (Specific, Measurable, Attainable, Realisable, Timeboxed / Traceable) requirements with the detail and rigour appropriate to your project.


  • Login requirements – access levels, CRUD levels
  • Password requirements – length, special characters, expiry, recycling policies
  • Inactivity timeouts – durations, actions


  • Audited elements – what business elements will be audited?
  • Audited fields – which data fields will be audited?
  • Audit file characteristics – before image, after image, user and time stamp, etc


  • Response times – application loading, screen open and refresh times, etc
  • Processing times – functions, calculations, imports, exports
  • Query and Reporting times – initial loads and subsequent loads


  • Throughput – how many transactions per hour does the system need to be able to handle?
  • Storage – how much data does the system need to be able to store?
  • Year-on-year growth requirements


  • Hours of operation – when is it available? Consider weekends, holidays, maintenance times, etc
  • Locations of operation – where should it be available from, what are the connection requirements?


  • Mean Time Between Failures – What is the acceptable threshold for down-time? e.g. one a year, 4,000 hours
  • Mean Time To Recovery – if broken, how much time is available to get the system back up again?


  • Fault trapping (I/O) – how to handle electronic interface failures, etc
  • Bad data trapping – data imports, flag-and-continue or stop the import policies, etc
  • Data integrity – referential integrity in database tables and interfaces
  • Image compression and decompression standards


  • Recovery process – how do recoveries work, what is the process?
  • Recovery time scales – how quickly should a recovery take to perform?
  • Backup frequencies – how often is the transaction data, set-up data, and system (code) backed-up?
  • Backup generations – what are the requirements for restoring to previous instance(s)?


  • Compatibility with shared applications – What other systems does it need to talk to?
  • Compatibility with 3rd party applications – What other systems does it have to live with amicably?
  • Compatibility on different operating systems – What does it have to be able to run on?
  • Compatibility on different platforms – What are the hardware platforms it needs to work on?


  • Conformance to architecture standards – What are the standards it needs to conform to or have exclusions from?
  • Conformance to design standards – What design standards must be adhered to or exclusions created?
  • Conformance to coding standards – What coding standards must be adhered to or exclusions created?


  • Look and feel standards – screen element density, layout and flow, colours, UI metaphors, keyboard shortcuts
  • Internationalization / localization requirements – languages, spellings, keyboards, paper sizes, etc


  • Required documentation items and audiences for each item

Mike Griffiths is an independent consultant specializing in effective project management. Mike was involved in the creation of DSDM in 1994 and has been using agile methods (Scrum, FDD, XP, DSDM) for the last 13 years. He serves on the board of the Agile Alliance and the Agile Project Leadership Network (APLN). He maintains a leadership and agile project management blog at

Recommended PM App

Recommended PM App