1 00:00:00,400 --> 00:00:03,960 The Better Business Analysis Institute presence. 2 00:00:03,960 --> 00:00:12,560 The Better Business Analysis Podcast with Kenjamin Walsh Hi 3 00:00:12,560 --> 00:00:15,920 everybody, and welcome back to the Better Business Analysis 4 00:00:15,920 --> 00:00:19,520 Podcast with Benjamin Walsh. And today we're going to get to 5 00:00:19,520 --> 00:00:25,400 a topic which is often left to the side done notoriously badly 6 00:00:25,400 --> 00:00:30,680 by BAS, are sometimes done by our architects, sometimes list 7 00:00:31,280 --> 00:00:37,880 listed in a kind of a checklist, and have caused more product 8 00:00:38,480 --> 00:00:42,800 application failures than you know anything to do with the 9 00:00:42,800 --> 00:00:46,520 functional side. And they are non functional 10 00:00:46,520 --> 00:00:50,240 requirements. OK, so they're the unsung heroes 11 00:00:50,240 --> 00:00:54,160 of tick, the non functional requirements, and we've got to 12 00:00:54,160 --> 00:00:56,920 dive into what they actually are. 13 00:00:57,320 --> 00:01:00,440 There is debate in the borderline sometimes and we have 14 00:01:00,440 --> 00:01:04,000 to talk about them. And you know, this realm is 15 00:01:04,000 --> 00:01:07,360 often shrouded in mystery. It's a world where speed and 16 00:01:07,360 --> 00:01:12,800 security and even the happiness of your users hang in the 17 00:01:12,800 --> 00:01:17,080 balance. OK, and the Savior, the 18 00:01:17,080 --> 00:01:21,640 overlooked corner or hero is doing non functional 19 00:01:21,640 --> 00:01:24,640 requirements. Well, I do get asked about them 20 00:01:24,640 --> 00:01:27,920 quite a bit. And we do focus a lot when we 21 00:01:27,920 --> 00:01:31,080 talk about Agile or we talk about, you know, getting things 22 00:01:31,080 --> 00:01:35,080 out out the door or a typical day in the life of ABA. 23 00:01:35,560 --> 00:01:38,440 You're looking at jobs to be done and you look at the 24 00:01:38,440 --> 00:01:40,280 functions, right. You look at the features, you 25 00:01:40,280 --> 00:01:43,960 look at the the functional requirements of getting from A 26 00:01:43,960 --> 00:01:47,960 to B. But we often the getting from A 27 00:01:47,960 --> 00:01:50,000 to B is important. Yes, it is. 28 00:01:50,480 --> 00:01:53,240 And you know, you might have preferences around UX and UI and 29 00:01:53,240 --> 00:01:56,840 we'll we'll touch on that in terms of where that sits in 30 00:01:56,840 --> 00:01:58,840 terms of categorization of requirements. 31 00:01:59,280 --> 00:02:03,920 But a great example is, have you ever gone to a website? 32 00:02:03,920 --> 00:02:05,480 I know I've been on the opposite end. 33 00:02:05,480 --> 00:02:09,639 I've built a website and then it's bloody slow. 34 00:02:10,840 --> 00:02:15,520 Then you know there's nothing more frustrating then a slow 35 00:02:15,520 --> 00:02:18,680 website to kick users off and there's, you know, plenty of 36 00:02:18,680 --> 00:02:20,920 stats around how long it needs to take. 37 00:02:20,920 --> 00:02:24,240 And less than two seconds is the is the common term, which I'm 38 00:02:24,240 --> 00:02:27,720 sure will get shorter. If users aren't saying content 39 00:02:27,720 --> 00:02:31,000 on your website loading appropriately within two seconds 40 00:02:31,000 --> 00:02:34,320 they're going to move on. And it's even more frustrating 41 00:02:34,320 --> 00:02:37,760 when you don't have choice. So like a government website, 42 00:02:38,920 --> 00:02:43,200 you know you may be some meta form and then you wait and now 43 00:02:43,200 --> 00:02:47,320 you and then and and if things go wrong there is a a mistake. 44 00:02:48,120 --> 00:02:51,480 Then sometimes you go back to the form with your with all your 45 00:02:51,480 --> 00:02:55,000 information and then you need to submit again and that if that 46 00:02:55,000 --> 00:02:58,320 happens in a payment collection screen for example, you can 47 00:02:58,320 --> 00:03:02,440 start to think when I clicked submit the first time and the 48 00:03:02,720 --> 00:03:06,120 page started to spin was it taking my money? 49 00:03:06,680 --> 00:03:09,600 And now if I clicked submit again, am I now doing a double 50 00:03:09,600 --> 00:03:11,760 purchase? These are the kind of questions 51 00:03:11,760 --> 00:03:15,400 that users end up having when things aren't working well and 52 00:03:15,400 --> 00:03:20,240 it's not just around speed. So what are non functional 53 00:03:20,240 --> 00:03:24,440 requirements? If you're a BAI want you to 54 00:03:24,680 --> 00:03:28,320 think of a definition, I'll give you a few seconds to think of 55 00:03:28,320 --> 00:03:29,800 that. What is a non functional 56 00:03:29,800 --> 00:03:34,800 requirement? And a good enough answer isn't 57 00:03:35,200 --> 00:03:38,960 everything that isn't functional, despite the fact 58 00:03:38,960 --> 00:03:42,120 that that's usually the yardstick, it's everything else 59 00:03:42,120 --> 00:03:47,920 that might come up a non functional requirements are. 60 00:03:48,200 --> 00:03:51,080 You know, I'm not going to give you a formal definition, you can 61 00:03:51,520 --> 00:03:55,920 actually go on to Wikipedia or just Google that, but they're 62 00:03:55,920 --> 00:03:57,720 simply. I just want to explain what they 63 00:03:57,720 --> 00:04:00,920 are in a conceptual way, because I think that's easy to remember. 64 00:04:01,600 --> 00:04:03,720 That's simply the how behind the what. 65 00:04:04,040 --> 00:04:07,800 OK, so they tell us not what the system does, but how it should 66 00:04:07,800 --> 00:04:14,240 do it and there are actually clear categories of non 67 00:04:14,240 --> 00:04:17,079 functional requirements definitely come from the TOG 68 00:04:17,079 --> 00:04:18,880 LOFT world. It's just the architecture 69 00:04:19,279 --> 00:04:22,360 world, one of the bodies of knowledge there and we are 70 00:04:22,360 --> 00:04:26,440 talking about speed, security, usability and reliability. 71 00:04:26,680 --> 00:04:29,320 There are more but they they kind of are categorized into 72 00:04:29,320 --> 00:04:33,000 these higher level buckets and so you can actually start to 73 00:04:33,000 --> 00:04:39,680 have a bit of a it's not hard to prompt yourself is if you have 74 00:04:39,680 --> 00:04:44,440 these high level non functional requirement categories you can 75 00:04:44,440 --> 00:04:46,920 start to prompt yourself and and you can actually ask users. 76 00:04:46,920 --> 00:04:50,760 More importantly, is it important that there that this 77 00:04:51,400 --> 00:04:57,160 that the information you get or this process happens straight 78 00:04:57,160 --> 00:04:59,800 away or is it overnight, They'll always say straight away but you 79 00:04:59,800 --> 00:05:01,200 can push them on the cost of that. 80 00:05:02,120 --> 00:05:04,240 If you're working on web app then you know obviously you want 81 00:05:04,240 --> 00:05:08,040 fast feedback to users. But for example if you are 82 00:05:08,800 --> 00:05:13,640 taking data, a data feed which you get once a day and you're 83 00:05:13,640 --> 00:05:16,640 wanting to get that into the database, it look it might not 84 00:05:16,960 --> 00:05:21,520 matter whether or not that's done daily for example as 85 00:05:21,520 --> 00:05:25,000 opposed to hourly. That process overnight could be 86 00:05:25,000 --> 00:05:29,040 OK or otherwise you know it's going to cost more to build tech 87 00:05:29,040 --> 00:05:33,360 that works on a hourly basis. One of the other things around 88 00:05:33,360 --> 00:05:36,560 if we just go down that rabbit hole with cloud computing is 89 00:05:36,560 --> 00:05:39,560 that you're paying for commute computing power now. 90 00:05:39,960 --> 00:05:43,840 So non functional requirements and the relationship with the 91 00:05:43,840 --> 00:05:48,160 cost, the ongoing cost of your solution are really important. 92 00:05:48,440 --> 00:05:51,840 And I've seen a number of cloud implementations across 93 00:05:51,840 --> 00:05:54,600 government and the private sector where people have moved 94 00:05:54,600 --> 00:05:57,520 to cloud and non functional requirements haven't been 95 00:05:57,520 --> 00:06:00,320 captured. So simply just taken the 96 00:06:00,320 --> 00:06:04,720 application they had on Prem or pseudo on Prem or a SAS provider 97 00:06:04,720 --> 00:06:08,000 and brought it on to PES and they've moved, let's just say if 98 00:06:08,080 --> 00:06:10,880 you don't know what those acronyms mean, we'll go through 99 00:06:10,880 --> 00:06:12,640 those. But effectively you've taken 100 00:06:12,640 --> 00:06:15,200 your application, which might have been old, and you've moved 101 00:06:15,200 --> 00:06:17,400 to the cloud version. You've moved over all the 102 00:06:17,400 --> 00:06:21,480 functions and data that you need and you go success and and you 103 00:06:21,480 --> 00:06:24,600 should pat yourself on the back because that's easier said than 104 00:06:24,600 --> 00:06:26,800 done. But then suddenly you haven't 105 00:06:26,800 --> 00:06:31,880 captured how much it costs to hold that information. 106 00:06:31,960 --> 00:06:32,920 And you're like, oh, we've got enough. 107 00:06:33,360 --> 00:06:37,040 We've bought enough storage, just like your OneDrive, your 108 00:06:37,040 --> 00:06:40,000 Google Drive. But actually if you're running 109 00:06:40,000 --> 00:06:44,880 on an enterprise piece of software, there's transactions 110 00:06:44,880 --> 00:06:46,880 that happen. So you're sending information 111 00:06:46,880 --> 00:06:50,440 from one system to another and you'll find that that is charged 112 00:06:50,680 --> 00:06:55,200 and that can be very expensive. Transactions become can become 113 00:06:55,200 --> 00:06:57,640 exponentially expensive depending on how often you're 114 00:06:57,640 --> 00:07:00,440 running those. So any of those kind of speed to 115 00:07:00,440 --> 00:07:04,160 run processes really need to be written down in your 116 00:07:04,160 --> 00:07:07,480 requirements matrix, in your backlog. 117 00:07:07,520 --> 00:07:10,760 You know as a card, as a user story if you like. 118 00:07:11,960 --> 00:07:14,720 They need to be in there and I would even suggest running 119 00:07:14,720 --> 00:07:18,080 epochs for these high level non functional categories and then 120 00:07:18,080 --> 00:07:20,760 stories around them. They do need to be captured and 121 00:07:20,760 --> 00:07:23,240 you might think, well that doesn't matter, you know, it's 122 00:07:23,240 --> 00:07:28,080 not as important as getting, you know our new CRM system, maybe 123 00:07:28,080 --> 00:07:30,960 our in house CRM system onto the cloud because we've got to 124 00:07:30,960 --> 00:07:34,000 reduce kit and we're going to you know host it in the cloud 125 00:07:34,000 --> 00:07:35,880 and it's going to be great and everyone can access it. 126 00:07:36,520 --> 00:07:40,040 But if that CRM system has an integration point for example 127 00:07:40,040 --> 00:07:42,840 with another cloud provider, then you're paying what's called 128 00:07:42,880 --> 00:07:46,240 address fees or fees to send information in and out of the 129 00:07:46,240 --> 00:07:50,400 system and they are expensive. So if you're running that, you 130 00:07:50,720 --> 00:07:52,760 used to run it on Prem, it didn't matter. 131 00:07:52,960 --> 00:07:55,800 You're running it, you know, all the time, every second. 132 00:07:56,080 --> 00:07:59,040 If you moved it to the cloud, you're now paying a per second 133 00:07:59,040 --> 00:08:04,160 charge for for that transfer and the systems that control that. 134 00:08:04,400 --> 00:08:08,240 And I've seen people literally you know quote a system for a 135 00:08:08,240 --> 00:08:12,240 couple of $1,000,000 maybe $5 million of implementation cost 136 00:08:12,480 --> 00:08:17,280 and their operational cost for just transactions just for 137 00:08:17,280 --> 00:08:21,640 sending information in and out of systems be moved from say 138 00:08:21,640 --> 00:08:25,720 maybe zero, 100,000 to 5 million. 139 00:08:26,000 --> 00:08:28,680 So you know and and they didn't, they didn't budget for that, 140 00:08:28,680 --> 00:08:33,400 that was never catered for in the capital or or project cost. 141 00:08:33,640 --> 00:08:35,039 So no one ever talked about that. 142 00:08:35,640 --> 00:08:38,039 So you've got to be really careful with that and that non 143 00:08:38,039 --> 00:08:40,960 functional requirements are becoming, there's a bit of a 144 00:08:40,960 --> 00:08:44,840 trend to you know be hot on this again because of cloud computing 145 00:08:46,120 --> 00:08:48,360 even though we should have always been hot on this. 146 00:08:49,000 --> 00:08:50,560 OK. So non functional requirements 147 00:08:50,560 --> 00:08:55,800 are simply the how behind the what let's say we talk about and 148 00:08:55,800 --> 00:08:58,280 the and the different categories you can there's actually some 149 00:08:58,280 --> 00:09:01,920 really good templates out out there for going through here. 150 00:09:02,800 --> 00:09:06,440 If you look at cloud assessment matrix, they're actually a 151 00:09:06,440 --> 00:09:10,600 really good starting point. I actually have one that I've 152 00:09:10,600 --> 00:09:13,520 used in New Zealand. We have the we have the 153 00:09:13,520 --> 00:09:17,280 Department of Internal Affairs or the the I can't remember what 154 00:09:17,280 --> 00:09:19,760 the American equivalent is or the British one. 155 00:09:20,000 --> 00:09:24,920 But it's effectively the the government department that looks 156 00:09:24,920 --> 00:09:30,840 at looks at internal issues and internal things and they as a 157 00:09:30,840 --> 00:09:34,480 result they set standards sometimes for how other 158 00:09:34,480 --> 00:09:38,200 government departments or you know the government the New 159 00:09:38,200 --> 00:09:42,720 Zealand will interact or what systems we're allowed to have or 160 00:09:42,720 --> 00:09:44,840 not. For example you know if they're 161 00:09:44,840 --> 00:09:48,840 a security threat you know if there's any hosting overseas for 162 00:09:48,840 --> 00:09:51,680 example from a kind of a spine network point of view. 163 00:09:52,200 --> 00:09:56,120 And they put out early actually a cloud assessment tool just an 164 00:09:56,120 --> 00:09:58,600 excel spreadsheet which had a whole lot of non functional 165 00:09:58,600 --> 00:10:01,520 requirements and it kind of made you think a really really really 166 00:10:01,520 --> 00:10:04,040 good starting point for in these categories. 167 00:10:04,040 --> 00:10:08,440 But a whole lot of questions like you know the time it takes 168 00:10:08,440 --> 00:10:11,440 for a transaction to go through and into security, it was like 169 00:10:11,920 --> 00:10:16,520 does it does the system allow multi, multi center, multi 170 00:10:16,520 --> 00:10:22,320 factor authentication, TFA, all of that stuff that that's the 171 00:10:22,320 --> 00:10:26,080 requirements I'm talking about and actually you know multi 172 00:10:26,080 --> 00:10:28,920 factor authentication or two if I if you like. 173 00:10:28,920 --> 00:10:31,960 Which means that you've got two ways of authenticating who you 174 00:10:31,960 --> 00:10:34,440 are. You would have experienced which 175 00:10:34,440 --> 00:10:39,040 is you log into a new website, the website goes you know into 176 00:10:39,040 --> 00:10:40,920 your phone number. They send you a code, you enter 177 00:10:40,920 --> 00:10:44,200 the code and so they know that you're you're not only the 178 00:10:44,200 --> 00:10:47,360 person who is on the website, you're also the person with the 179 00:10:47,360 --> 00:10:50,240 phone number. And so those two things, two 180 00:10:50,240 --> 00:10:54,360 things, multi factor or two. Usually they use two as opposed 181 00:10:54,360 --> 00:10:57,600 to thousands. Those two things validate who 182 00:10:57,600 --> 00:11:00,320 you are and it makes it more secure next time you log on. 183 00:11:00,400 --> 00:11:03,480 So you create an account and then no one can copy who you are 184 00:11:03,480 --> 00:11:06,800 unless they've got both your mobile device to devices of 185 00:11:06,800 --> 00:11:10,120 yours. And so that can increase the 186 00:11:10,120 --> 00:11:15,120 security around your account. Now that won't happen, that 187 00:11:15,120 --> 00:11:17,560 there's there's some, there's some set up costs involved in 188 00:11:17,560 --> 00:11:20,440 setting that up and some cloud providers make it easier than 189 00:11:20,440 --> 00:11:23,640 others. And that whole kind of process 190 00:11:23,640 --> 00:11:26,600 of logging in, getting a code, getting it sent to your phone, 191 00:11:27,080 --> 00:11:31,280 you know, that's that's work. And if you haven't included that 192 00:11:31,280 --> 00:11:33,520 in your requirements as ABA, it won't be done. 193 00:11:34,360 --> 00:11:36,960 You know it'll just be a username and password so you 194 00:11:36,960 --> 00:11:41,840 have to explicitly ask for it. So that's a great example of a 195 00:11:41,840 --> 00:11:44,400 non functional requirement that that would hit most people 196 00:11:44,400 --> 00:11:46,480 today. Even things around the 197 00:11:46,480 --> 00:11:50,120 complexity around the the password and you know making X 198 00:11:50,120 --> 00:11:53,840 amount of characters long, which again is a security requirement, 199 00:11:53,880 --> 00:11:55,280 that's a non functional requirement. 200 00:11:55,640 --> 00:11:59,640 So a non functional requirement is anything that that you're 201 00:11:59,960 --> 00:12:02,680 it's connected to a what? So you don't have non functional 202 00:12:02,680 --> 00:12:05,520 requirements that aren't just out in the ether they're 203 00:12:05,520 --> 00:12:09,200 connected to a greater process step you're trying to perform. 204 00:12:09,440 --> 00:12:12,640 But it's like are there any business rules or any how rules 205 00:12:12,640 --> 00:12:15,920 that you need to worry about when that step happens. 206 00:12:16,280 --> 00:12:20,840 So the best thing to do is to focus on your process levels as 207 00:12:20,840 --> 00:12:23,240 you're running in your requirements and then you go OK 208 00:12:23,240 --> 00:12:26,080 well this step is logging in for example and you might go down 209 00:12:26,080 --> 00:12:28,320 lower and you might have some screens you go. 210 00:12:28,320 --> 00:12:31,200 What do we need to worry about in terms of logging in Look at 211 00:12:31,200 --> 00:12:33,680 the checklist go OK well these you know these lots of 212 00:12:33,680 --> 00:12:35,440 applications have done this before. 213 00:12:35,440 --> 00:12:37,560 What a list of non functional requirements I need to worry 214 00:12:37,560 --> 00:12:41,400 about Well OK well I need to think about multi factor 215 00:12:41,400 --> 00:12:43,920 authentication. I need to think about password 216 00:12:43,920 --> 00:12:46,720 resets, which is a function by the way. 217 00:12:47,280 --> 00:12:49,840 So not there might be non functional requirements there 218 00:12:50,000 --> 00:12:53,920 which is not to include the e-mail address from security 219 00:12:53,920 --> 00:12:57,720 point of view in the e-mail these a lot of these can non 220 00:12:57,720 --> 00:13:00,520 functional requirements also can come from your development team 221 00:13:00,520 --> 00:13:02,680 so they can just they just do it by default. 222 00:13:02,680 --> 00:13:05,040 Some of these things even though you don't ask them ask them so 223 00:13:05,040 --> 00:13:08,400 you need a conversation. I've once for example we're 224 00:13:08,400 --> 00:13:13,360 doing an MVP which was an internal an internal piece of 225 00:13:13,640 --> 00:13:16,800 cat and application. We just wanted to test it. 226 00:13:16,800 --> 00:13:21,480 I didn't really care about the function around multi factor 227 00:13:21,480 --> 00:13:24,040 authentication at this point. We could have added that later. 228 00:13:25,560 --> 00:13:27,760 You know it was an internal system, it was already. 229 00:13:28,200 --> 00:13:32,760 There's something called SSO as well which is Single Single Sign 230 00:13:32,760 --> 00:13:39,440 on which is allowing your credentials from your I guess 231 00:13:39,800 --> 00:13:42,800 Active Directory or your security system that controls 232 00:13:42,800 --> 00:13:46,240 who you are, your identity management system. 233 00:13:46,600 --> 00:13:51,040 For it to you only have to log in once and then say for example 234 00:13:51,040 --> 00:13:53,520 you logged onto the corporate network and then when you use 235 00:13:53,520 --> 00:13:56,840 this application it takes your details and knows you are who 236 00:13:56,840 --> 00:13:58,800 you are and so you don't need to sign in at all. 237 00:13:59,000 --> 00:14:02,680 So all those features anyway, I wasn't explicit about not 238 00:14:02,680 --> 00:14:06,520 wanting those features to start off with and I there was a delay 239 00:14:06,520 --> 00:14:10,200 in terms of getting this application out the door to show 240 00:14:10,200 --> 00:14:13,240 people and I just wanted a simple kind of username and 241 00:14:13,240 --> 00:14:15,760 password. And actually the devs, when I 242 00:14:16,520 --> 00:14:19,680 examined the work they'd done and they demoed it to me, I 243 00:14:19,680 --> 00:14:21,520 realized they had implemented those features. 244 00:14:21,960 --> 00:14:24,400 And you could say that's great and it would have been fantastic 245 00:14:24,880 --> 00:14:27,680 as they brought that up with me. But actually they were trying 246 00:14:27,680 --> 00:14:29,240 some new stuff, they wanted to do it. 247 00:14:29,520 --> 00:14:31,360 And so if you're not explicit about these things, sometimes 248 00:14:31,360 --> 00:14:34,040 your devs can actually just go and do them or do the wrong 249 00:14:34,040 --> 00:14:36,240 thing. And in that case you know maybe 250 00:14:36,240 --> 00:14:39,200 I should have said out of scope for this piece of work or a 251 00:14:39,200 --> 00:14:42,840 won't have requirement. Would have been a bit for me to 252 00:14:42,840 --> 00:14:44,960 manage that I should have done a won't have requirement said 253 00:14:45,240 --> 00:14:48,000 multi factor authentication and single sign and just won't 254 00:14:48,000 --> 00:14:51,680 require won't have requirements for now and make it really 255 00:14:51,680 --> 00:14:53,480 explicit that I'm not having those things. 256 00:14:53,840 --> 00:14:56,600 So some of those non functional requirements, your architect 257 00:14:56,760 --> 00:15:00,280 definitely your architect and your devs may even implement or 258 00:15:00,280 --> 00:15:02,680 worry about those non functional requirements and do them for 259 00:15:02,680 --> 00:15:05,240 you. So being ABA you should really 260 00:15:05,240 --> 00:15:08,360 be leading those through. They should be things that your 261 00:15:08,360 --> 00:15:10,640 end user has thought about that you've raised with them. 262 00:15:11,120 --> 00:15:14,320 It usually does come from bottom up, as opposed to them asking 263 00:15:14,320 --> 00:15:16,880 for it. Then a lot of times people won't 264 00:15:16,880 --> 00:15:19,520 ask. For example, we'll just assume 265 00:15:19,520 --> 00:15:21,200 that your website's going to work fast. 266 00:15:22,000 --> 00:15:24,640 Now the technical team might know that because you've got a 267 00:15:24,640 --> 00:15:29,600 lot of features on your website, for example, you know a low a 268 00:15:29,600 --> 00:15:33,080 very simple kind of content management system, WordPress for 269 00:15:33,080 --> 00:15:36,400 example, which is a a system you can use to make websites. 270 00:15:36,960 --> 00:15:39,920 It's notoriously yet slow as you add more and more features. 271 00:15:39,920 --> 00:15:41,960 Plug Insurance, they call it, because there's a whole lot of 272 00:15:41,960 --> 00:15:45,440 code that runs and it doesn't necessarily need to run. 273 00:15:45,440 --> 00:15:49,240 They call it bloatware. And so you install this and 274 00:15:49,240 --> 00:15:51,600 actually it's fantastic for making a quick website. 275 00:15:51,920 --> 00:15:54,760 But then as you add more and more features, the speed drops. 276 00:15:55,000 --> 00:15:57,400 And without someone who knows what they're doing and without 277 00:15:57,400 --> 00:16:00,480 optimizing it, their website could be very slow at the end. 278 00:16:00,880 --> 00:16:04,880 Now your customer may not be happy about that and they may 279 00:16:04,880 --> 00:16:06,680 not have asked for it to be fast. 280 00:16:06,960 --> 00:16:09,120 So you as a VA need to prompt these questions. 281 00:16:09,120 --> 00:16:10,600 You need to think about these things. 282 00:16:11,560 --> 00:16:12,840 OK. I hope that's clear. 283 00:16:13,800 --> 00:16:20,760 Now the other thing about non functional requirements is that 284 00:16:21,520 --> 00:16:25,120 they they impact your everyday life. 285 00:16:25,320 --> 00:16:32,000 OK, so we talked about the example of a slow website for 286 00:16:32,000 --> 00:16:34,600 online shopping, right? Like if you went to a website, 287 00:16:35,440 --> 00:16:39,480 maybe it's not like the eBay or Trade Me in New Zealand Where or 288 00:16:39,680 --> 00:16:43,280 Gumtree in the UK. Those websites where you would 289 00:16:43,280 --> 00:16:45,760 go to them anyway and if they were slow then they were you 290 00:16:45,760 --> 00:16:47,960 knew they were so big that they'd probably resolve the 291 00:16:47,960 --> 00:16:50,200 issue. But say you went, your friend 292 00:16:50,200 --> 00:16:54,360 recommended you going to, I don't know a local website to 293 00:16:54,360 --> 00:16:58,200 look up some crafts or some, I don't know jewelry they were 294 00:16:58,200 --> 00:17:01,200 making and you went to the website and it took you know a 295 00:17:01,200 --> 00:17:05,720 good 3 minutes to load. You might think about not 296 00:17:05,720 --> 00:17:07,800 visiting there again. It could be just put you off, 297 00:17:07,800 --> 00:17:11,880 especially if it was just a favor you were doing again. 298 00:17:11,880 --> 00:17:15,800 If that website was slow and you went to the checkout and you 299 00:17:15,800 --> 00:17:20,400 clicked pay and then it took two minutes to load or and you know 300 00:17:20,400 --> 00:17:24,760 and you moved on, you might get worried that your payment hasn't 301 00:17:24,760 --> 00:17:27,160 been successful and things like that. 302 00:17:28,319 --> 00:17:33,000 It it it isn't It isn't true that just because the website's 303 00:17:33,000 --> 00:17:36,720 slow there might be more bugs or functions that are not working 304 00:17:37,040 --> 00:17:39,920 and more you know other other things wrong with the website, 305 00:17:39,920 --> 00:17:43,160 for example like security. But it does mean that they that 306 00:17:43,160 --> 00:17:45,840 whoever's been involved in that hasn't thought about these non 307 00:17:45,840 --> 00:17:49,040 functional requirements. And there can be a perception 308 00:17:49,040 --> 00:17:53,800 for example with speed, that if a website is slow, you know is 309 00:17:53,800 --> 00:17:56,400 there something wrong and therefore there could be 310 00:17:56,400 --> 00:17:58,440 security concerns about the website. 311 00:17:59,520 --> 00:18:02,960 OK, security. Another area of non functional 312 00:18:02,960 --> 00:18:05,040 requirements is huge at the moment. 313 00:18:06,080 --> 00:18:10,160 I have obviously the Better Business Analysis Institute. 314 00:18:10,160 --> 00:18:13,760 We have a website and I get well, I get so many people 315 00:18:13,760 --> 00:18:17,160 signing up and that's great, thank you listeners, but not all 316 00:18:17,160 --> 00:18:19,960 of them are real people. Some of them are bots, some of 317 00:18:19,960 --> 00:18:23,840 them are effectively people that are trying to create fake 318 00:18:23,840 --> 00:18:25,560 accounts to see if they can get content. 319 00:18:25,560 --> 00:18:28,800 Probably most of it might be a little bit, you know, just 320 00:18:29,000 --> 00:18:32,720 scraping our website for content, but there could be well 321 00:18:32,720 --> 00:18:36,280 people in there who are trying to hack the website, probably 322 00:18:36,280 --> 00:18:40,320 mainly spammers who are trying to spam on on our content, but 323 00:18:40,320 --> 00:18:42,800 they could also hack the website and bring it down or try and 324 00:18:42,800 --> 00:18:45,360 find payment details. Now we have quite a lot of 325 00:18:45,360 --> 00:18:49,440 security plugins actually because it is it is running on 326 00:18:49,440 --> 00:18:53,960 WordPress, but which we've got advice on that blocks that. 327 00:18:54,040 --> 00:18:56,720 And then we have, you know, examples where IP addresses are 328 00:18:56,720 --> 00:18:59,960 blocked, which are the unique ID you get when you log onto the 329 00:18:59,960 --> 00:19:02,720 Internet. It's not fail safe because 330 00:19:02,720 --> 00:19:06,560 people use things called VPNs, virtual private networks to mask 331 00:19:06,560 --> 00:19:10,360 their IP address, but we have some automatic spam blocking. 332 00:19:10,680 --> 00:19:16,360 Now that's hard because you make it to put in spam blockers and 333 00:19:16,360 --> 00:19:19,640 capture, which is can be annoying when you have to say 334 00:19:19,640 --> 00:19:23,760 whether or not you know how many please pick the traffic light 335 00:19:23,760 --> 00:19:26,320 and you're not sure if that one square has the traffic light or 336 00:19:26,320 --> 00:19:27,360 it doesn't have the traffic light. 337 00:19:27,800 --> 00:19:32,760 All that all of that kind of extra functional work you have 338 00:19:32,760 --> 00:19:36,360 to do is driven by the non functional requirement of 339 00:19:36,360 --> 00:19:38,840 security. And so you know there are 340 00:19:38,840 --> 00:19:43,960 sometimes where non functional requirements are driving 341 00:19:43,960 --> 00:19:47,120 functional changes and that's a bit annoying. 342 00:19:47,120 --> 00:19:51,200 And I I would say, I'll give the example of the fact that, you 343 00:19:51,200 --> 00:19:53,880 know, the few are effectively wrecking it or making it more 344 00:19:53,880 --> 00:19:56,120 difficult for us to do some simple things. 345 00:19:56,720 --> 00:20:01,680 And there's a constant evolution, and I can see some 346 00:20:01,800 --> 00:20:05,120 great evolution from Microsoft and Google lately. 347 00:20:05,120 --> 00:20:08,080 We're using passcode, for example, where you have one code 348 00:20:08,080 --> 00:20:10,360 to get into your computer and then you can use that again and 349 00:20:10,360 --> 00:20:14,040 again with websites without holding a password, which is a 350 00:20:14,040 --> 00:20:17,280 functional way of dealing with a security problem, but also the 351 00:20:17,280 --> 00:20:20,280 problem of you having to reset passwords all the time. 352 00:20:21,280 --> 00:20:24,000 So that's fantastic. But I'll take another example. 353 00:20:24,000 --> 00:20:25,880 We just take it out of IT for a second. 354 00:20:27,120 --> 00:20:32,920 Is the airport and for example you know there were a couple of 355 00:20:32,920 --> 00:20:37,680 some obviously some serious terrorist incidents specifically 356 00:20:37,680 --> 00:20:41,760 you know some larger ones like 911 and and in the uki think it 357 00:20:41,760 --> 00:20:45,240 was 7 July there was some a nasty incident there too with 358 00:20:45,240 --> 00:20:50,040 the trains and buses. And though that fear and the 359 00:20:50,040 --> 00:20:54,520 fear of people threatening to do things on planes has made it 360 00:20:55,000 --> 00:20:57,200 really difficult. If you go through Heathrow, you 361 00:20:57,200 --> 00:21:00,840 go through JFK really difficult to get through the airport. 362 00:21:00,840 --> 00:21:03,440 Right. You've got screening you've got 363 00:21:03,440 --> 00:21:07,440 you know you can't have a bottle more than 100 milliliters to get 364 00:21:07,440 --> 00:21:10,920 on the plane. They check you know your hair 365 00:21:10,920 --> 00:21:13,600 gel to make sure it's not explosive and you can you know 366 00:21:13,600 --> 00:21:16,640 get that thrown away your whole new kit you just bought at the 367 00:21:16,640 --> 00:21:19,560 shop at the airport which you think they would have you know, 368 00:21:19,720 --> 00:21:21,280 managed that. But anyway, you have to take 369 00:21:21,280 --> 00:21:22,880 your shoes off, your belt off your laptop. 370 00:21:23,400 --> 00:21:28,280 Now that is all that whole process which costs money, costs 371 00:21:28,280 --> 00:21:30,800 more stuff for them. It's a big pain in the ass for 372 00:21:30,800 --> 00:21:36,400 anyone who has to catch an airplane is there as a as a a 373 00:21:36,400 --> 00:21:40,320 functional change to your life. More things you have to do slow 374 00:21:40,320 --> 00:21:43,080 things down because of the security concern, which is that 375 00:21:43,680 --> 00:21:47,840 you know, one in a million chance that someone will, you 376 00:21:47,840 --> 00:21:51,520 know, try to take down an airplane or you know, have 377 00:21:51,520 --> 00:21:53,760 something in their shoes. So they do all these things to 378 00:21:53,760 --> 00:21:57,880 minimize that chance. Now that's exactly the same with 379 00:21:57,880 --> 00:22:01,440 capture on your website or bots. You know, some of that could be 380 00:22:01,440 --> 00:22:05,440 just with a with a airplane. You know, taking down airplane 381 00:22:05,440 --> 00:22:07,720 is pretty damn serious and will affect a lot of people. 382 00:22:08,680 --> 00:22:10,840 With a website, you know, you could say that's not so much 383 00:22:10,840 --> 00:22:15,040 serious, but if you're stealing people's information or selling 384 00:22:15,040 --> 00:22:16,880 them on the black market, that can be quite serious. 385 00:22:18,160 --> 00:22:19,480 So you do need to worry about these things. 386 00:22:19,480 --> 00:22:22,600 So that if you think about when you're doing your work, just 387 00:22:22,600 --> 00:22:26,200 think about slow website and think about capture, I just keep 388 00:22:26,200 --> 00:22:28,880 those in the back of your head there and then that should be a 389 00:22:28,880 --> 00:22:31,400 trigger next time you're doing web app for example. 390 00:22:31,400 --> 00:22:34,200 And it could be any application that you need to worry about 391 00:22:34,200 --> 00:22:39,120 some things. We take the extreme, the extreme 392 00:22:39,120 --> 00:22:43,160 level here, we'll just ramp it up from planes and terrorists to 393 00:22:43,160 --> 00:22:48,680 nuclear power stations. And the fact that, for example, 394 00:22:49,840 --> 00:22:55,720 say you write some requirements for a new control system for a 395 00:22:56,160 --> 00:22:58,480 nuclear power station, right. You might go, well, you know, 396 00:22:58,480 --> 00:23:02,560 OK, this is a bit scary. But, you know, I understand what 397 00:23:02,640 --> 00:23:04,600 they want. They want this button to do the 398 00:23:04,600 --> 00:23:06,720 following and this button to do that, and they want some 399 00:23:07,080 --> 00:23:08,560 overrides and all the rest of it. 400 00:23:09,040 --> 00:23:12,440 Now if you've ever been involved in a mission, what we call 401 00:23:12,440 --> 00:23:16,560 mission critical requirements, you'll probably know that 402 00:23:16,640 --> 00:23:20,120 firstly those requirements need to be clear and the business 403 00:23:20,120 --> 00:23:22,880 rules need to be tight and there's a lot of peer review 404 00:23:22,880 --> 00:23:25,760 there. But equally the language, the 405 00:23:25,760 --> 00:23:29,280 even the I'm going to talk about programming languages here the 406 00:23:29,280 --> 00:23:34,840 we use some we when they program these features or these 407 00:23:34,840 --> 00:23:37,600 functions. The language they use isn't all 408 00:23:37,600 --> 00:23:41,680 the mod con languages like you know React or JavaScript and all 409 00:23:41,680 --> 00:23:43,920 these ones that you use to to use the website. 410 00:23:44,400 --> 00:23:47,880 They actually use languages that are more closely related to the 411 00:23:47,880 --> 00:23:52,240 operating system. Or C for example, which is an 412 00:23:52,240 --> 00:23:56,120 old programming language is used for control units for security 413 00:23:56,120 --> 00:24:00,840 in a lot of companies. And the amount of steps that the 414 00:24:00,840 --> 00:24:05,040 programmer writes and then you know the sorry, the amount of 415 00:24:05,040 --> 00:24:10,320 steps it takes for that Lang that those, those commands, 416 00:24:10,320 --> 00:24:14,440 those functions to be transferred, compiled to the 417 00:24:14,840 --> 00:24:19,200 actual hardware are really low. And so the chance of having a 418 00:24:19,200 --> 00:24:24,920 bug or something going wrong or the speed of that code not 419 00:24:24,920 --> 00:24:30,200 running fast enough or any any chance of anything going wrong 420 00:24:30,280 --> 00:24:34,280 between the the kind of programming language and the 421 00:24:34,280 --> 00:24:36,720 speed of that and the hardware is lessened. 422 00:24:37,200 --> 00:24:42,560 And so those in that situation, what do you think non functional 423 00:24:42,560 --> 00:24:47,080 requirements would would be in terms of the list of priority? 424 00:24:49,160 --> 00:24:53,320 It would be right up there, right the speed if something 425 00:24:53,320 --> 00:24:55,080 went wrong. You would have you know they 426 00:24:55,080 --> 00:24:58,120 have they have to be milliseconds or less than 427 00:24:58,120 --> 00:25:00,120 milliseconds in terms of override. 428 00:25:01,040 --> 00:25:06,120 You would have to have lots of you know error checking. 429 00:25:06,120 --> 00:25:07,840 You would have to know if things were going wrong. 430 00:25:07,840 --> 00:25:09,720 There would have to be hardware checks. 431 00:25:09,720 --> 00:25:11,360 There would have to be all sorts of bits and pieces. 432 00:25:11,360 --> 00:25:14,840 So you might find that the functional requirements around 433 00:25:14,840 --> 00:25:17,880 just having some buttons to control something are far little 434 00:25:18,280 --> 00:25:21,840 far smaller than the list of non functional requirements you need 435 00:25:21,840 --> 00:25:23,960 to have. So that's just an example of 436 00:25:23,960 --> 00:25:28,240 environment can actually change and technology can change what 437 00:25:28,240 --> 00:25:32,960 you may need in regards to the length and the amount of effort 438 00:25:32,960 --> 00:25:34,600 you put into your non functionals. 439 00:25:37,440 --> 00:25:40,960 So we talked about the fact that you're focusing on the how this 440 00:25:40,960 --> 00:25:46,440 is a what in terms of non functional requirements and we 441 00:25:46,440 --> 00:25:48,960 talked about the fact that non functional requirements describe 442 00:25:48,960 --> 00:25:52,200 how a system should work or how those steps should be carried 443 00:25:52,200 --> 00:25:54,480 out. Because it may it's a system in 444 00:25:54,480 --> 00:26:00,200 the in the sense of IT, but it also could be a physical system. 445 00:26:01,520 --> 00:26:06,360 It also should state what the system should not do. 446 00:26:09,000 --> 00:26:14,160 OK, so you're we talked about the fact that a login system 447 00:26:14,160 --> 00:26:20,200 needs to be secure, but it also should for example maybe say 448 00:26:20,200 --> 00:26:23,520 that what it shouldn't do, for example. 449 00:26:23,520 --> 00:26:30,040 And maybe if you've entered your name into a website, e-mail for 450 00:26:30,040 --> 00:26:32,160 example, and the sending of e-mail, even though you can do 451 00:26:32,160 --> 00:26:35,000 it in a secure way, e-mail isn't secure. 452 00:26:35,080 --> 00:26:38,720 OK, so don't think for a minute that your emails are secure. 453 00:26:38,760 --> 00:26:44,120 They really are not secure. A message within your WhatsApp 454 00:26:45,120 --> 00:26:47,400 is actually more secure than your e-mail. 455 00:26:47,600 --> 00:26:52,800 OK, if you've got NT and encryption on emails are not 456 00:26:52,840 --> 00:26:54,720 encrypted, they're text. So it's VE. 457 00:26:54,840 --> 00:26:58,960 They're very very very easy to hack unless you're using a 458 00:26:58,960 --> 00:27:02,960 secure e-mail system which is wrapped on top of it. 459 00:27:02,960 --> 00:27:06,240 But Gmail, Hotmail, not so lucky. 460 00:27:06,880 --> 00:27:14,920 So for example, it's not a great idea to ever e-mail a password 461 00:27:16,480 --> 00:27:21,040 to a user. So if you and I sometimes shake 462 00:27:21,040 --> 00:27:25,400 my head when there are some quite well to do websites or 463 00:27:25,440 --> 00:27:30,040 websites doing quite well where I reset my password or you know 464 00:27:30,040 --> 00:27:32,920 I asked for it to be changed or I do, I forgot my password 465 00:27:32,920 --> 00:27:39,520 option and it actually emails me the password one, you know, it's 466 00:27:39,520 --> 00:27:43,640 not I haven't even logged in. So it there's no way the system 467 00:27:43,640 --> 00:27:46,160 knows it's me. I just know that this e-mail 468 00:27:46,160 --> 00:27:48,640 address, you know I put my e-mail address in and that's it. 469 00:27:48,920 --> 00:27:50,320 So a lot of people know my e-mail address. 470 00:27:50,320 --> 00:27:54,920 I've emailed them all the time. So for example, I don't know, it 471 00:27:54,920 --> 00:27:58,000 could be your ex. You know, someone that you were 472 00:27:58,000 --> 00:28:00,880 seeing previously. Maybe they you know you, you 473 00:28:00,880 --> 00:28:02,800 didn't have a good break up. They know your e-mail address, 474 00:28:03,120 --> 00:28:06,000 They can put your e-mail address in, they click forgot password, 475 00:28:06,000 --> 00:28:08,160 maybe you shared your password. They can get into your e-mail 476 00:28:08,400 --> 00:28:10,360 and then they'll know what your password is there. 477 00:28:10,920 --> 00:28:13,160 There's a high likelihood that the password you've used for 478 00:28:13,160 --> 00:28:17,280 that website is another one or very close to a password you've 479 00:28:17,280 --> 00:28:19,880 used for other websites. And now I can get into all your 480 00:28:19,880 --> 00:28:25,080 websites and I can see I don't know who what your life's like. 481 00:28:25,080 --> 00:28:27,880 And you know maybe you're maybe you're banking app which is 482 00:28:27,880 --> 00:28:30,080 luckily probably more secure than anything else. 483 00:28:30,600 --> 00:28:33,520 So this, this, this is the kind of use cases that you need to 484 00:28:33,520 --> 00:28:37,440 think about here. The other thing around non 485 00:28:37,440 --> 00:28:41,880 functional requirements is they they're talking about I guess 486 00:28:42,560 --> 00:28:47,320 kind of quantitative areas. So when you're talking about 487 00:28:47,320 --> 00:28:51,000 we're talking about speed time measurables here. 488 00:28:51,440 --> 00:28:57,560 So you might say this. For example, the there's a 489 00:28:57,560 --> 00:29:00,360 functional requirement around the ability for the. 490 00:29:01,240 --> 00:29:07,440 I'm just going to, I'm not going to use use the story proper kind 491 00:29:07,440 --> 00:29:10,760 of terminology here. However, non functional 492 00:29:10,760 --> 00:29:13,920 requirements should and can be written in story form. 493 00:29:14,400 --> 00:29:23,040 But let's just say as a website application I would like to load 494 00:29:23,040 --> 00:29:26,080 within two seconds so that users are not frustrated and move on 495 00:29:26,240 --> 00:29:30,040 or try and refresh the page. You know what I mean. 496 00:29:30,040 --> 00:29:32,800 And so that's the example there. Whereas that's how you can write 497 00:29:32,800 --> 00:29:36,400 those requirements if you like. So usually it's Azar and then 498 00:29:36,400 --> 00:29:38,680 it's the solution that you're doing. 499 00:29:39,400 --> 00:29:42,280 If you're more comfortable when you're writing a functional 500 00:29:42,280 --> 00:29:48,160 requirement, split the non functional out because even if 501 00:29:48,720 --> 00:29:50,000 and there's a bit of confusion here. 502 00:29:50,000 --> 00:29:52,880 So for example, I've said as a user I want to be able to log 503 00:29:52,920 --> 00:29:56,600 log on with my username and password as an existing user. 504 00:29:56,680 --> 00:30:00,080 Actually let's take this as an existing user so this is a 505 00:30:00,080 --> 00:30:03,240 different user story to creating my account. 506 00:30:03,240 --> 00:30:07,080 So as an existing user, I want to use my username, e-mail 507 00:30:07,320 --> 00:30:12,280 address and select a password so I can log on to the application 508 00:30:12,560 --> 00:30:16,320 so I can view my details and be securely logged in. 509 00:30:16,840 --> 00:30:21,480 That might be just a really high level user story to start off 510 00:30:21,480 --> 00:30:24,160 with and you may have a non functional requirement that's 511 00:30:24,160 --> 00:30:29,080 linked to that which is around the fact that the password needs 512 00:30:29,080 --> 00:30:32,640 to be X amount of characters. Now the reason I'm bringing this 513 00:30:32,640 --> 00:30:35,200 up is that a lot of people can write that within the functional 514 00:30:35,200 --> 00:30:38,680 requirement as a business rule and that's OK too. 515 00:30:38,960 --> 00:30:43,840 But I do think it's probably worth looking at the response to 516 00:30:43,840 --> 00:30:45,840 that requirement and writing a non functional. 517 00:30:46,280 --> 00:30:48,800 What do I mean by that? If you've ever done a sequence 518 00:30:48,800 --> 00:30:52,240 diagram right, then you'll know what I'm talking about. 519 00:30:52,440 --> 00:30:55,640 If you haven't done a sequence diagram, think about a baton. 520 00:30:56,120 --> 00:31:00,880 OK, think about a baton. So as a existing user, I want to 521 00:31:00,880 --> 00:31:02,040 log in with my username and password. 522 00:31:02,440 --> 00:31:05,640 That's the function. Now what happens next? 523 00:31:05,800 --> 00:31:10,320 What logically happens next? And a lot of you might say, well 524 00:31:10,320 --> 00:31:15,920 then I can see my desktop. I'm logged in successfully, You 525 00:31:15,920 --> 00:31:17,400 know, if I've got my details right. 526 00:31:17,720 --> 00:31:22,360 And you know, that's cool. What actually happens next? 527 00:31:22,360 --> 00:31:26,880 What actor? What actor is as an as an actor? 528 00:31:27,240 --> 00:31:29,560 What actor is playing their part next? 529 00:31:29,560 --> 00:31:35,360 So, well, the baton is actually being handed over to the system. 530 00:31:36,600 --> 00:31:39,880 What do I mean by that? So as you log on, your details 531 00:31:39,880 --> 00:31:44,560 are being sent to the application, right, your 532 00:31:44,560 --> 00:31:46,920 username and password and that it was, it's going to say, you 533 00:31:46,920 --> 00:31:48,920 know it does that. It's going to do a couple of 534 00:31:48,920 --> 00:31:50,040 things. It's probably going to say is 535 00:31:50,040 --> 00:31:53,480 the e-mail registered? So are you an existing user And 536 00:31:53,480 --> 00:31:55,440 it's going to check your password and it's going to make 537 00:31:55,440 --> 00:31:58,720 sure that your password matches the password that it has on its 538 00:31:58,720 --> 00:32:01,280 system to know that you are who you are. 539 00:32:01,720 --> 00:32:04,840 And then it's probably going to check that even though you are 540 00:32:04,840 --> 00:32:07,840 who you say you are, what access you have. 541 00:32:07,840 --> 00:32:11,240 And then it's going to, you know, give you that access. 542 00:32:11,240 --> 00:32:14,920 For example, if your account has been suspended and might send 543 00:32:14,920 --> 00:32:18,080 you back to a suspension page, you know. 544 00:32:18,160 --> 00:32:22,720 And if your e-mail address isn't correct, or you're not 545 00:32:22,720 --> 00:32:26,480 registered, or your password is incorrect, then it needs to show 546 00:32:26,480 --> 00:32:28,640 that message. Or it might take you to a forgot 547 00:32:28,640 --> 00:32:32,680 password area now. So that battered the solution. 548 00:32:32,680 --> 00:32:34,120 There's a reply to the requirement. 549 00:32:34,120 --> 00:32:36,680 This is the mindset you as a BA need to worry about. 550 00:32:36,920 --> 00:32:40,320 No, you're not a systems analyst. 551 00:32:40,320 --> 00:32:44,440 You're not a solution designer, but you should know in a general 552 00:32:44,440 --> 00:32:48,440 logical sequence that there is a reply that something a process 553 00:32:48,440 --> 00:32:52,000 happens. So the process is actually, you 554 00:32:52,000 --> 00:32:55,160 know, if you drop down logging in, it's taking your details and 555 00:32:55,160 --> 00:32:57,920 it's doing something. It's doing functions by the way. 556 00:32:58,080 --> 00:32:59,960 Functions. It's doing functions. 557 00:33:00,360 --> 00:33:05,280 And some of those functions there are actually require you 558 00:33:05,280 --> 00:33:09,080 to tell it what you want it to do from a non functional point 559 00:33:09,080 --> 00:33:12,120 of view, right? So you're assuming that it knows 560 00:33:12,120 --> 00:33:14,400 how to do the login. That's OK and sometimes you 561 00:33:14,400 --> 00:33:18,840 don't need to get to that level. But what I would say is in have 562 00:33:18,840 --> 00:33:21,440 another requirement underneath the logging in the existing 563 00:33:21,440 --> 00:33:24,200 user. And you might say as a system I 564 00:33:24,200 --> 00:33:29,840 want to apply, you could just say best practice login security 565 00:33:30,000 --> 00:33:33,840 to verify accounts maybe. And then you list what is that 566 00:33:33,960 --> 00:33:39,240 and so then the the devs could have that as a separate card and 567 00:33:39,240 --> 00:33:42,440 then they could go through that. You could equally include that 568 00:33:42,440 --> 00:33:45,560 within the functional story and say you know the acceptance 569 00:33:45,560 --> 00:33:50,760 criteria are ABCD 3, but you need to explicitly say if 570 00:33:50,760 --> 00:33:52,760 there's anything special you want that to happen. 571 00:33:53,240 --> 00:33:56,440 And when I say special, that's over and above a pattern you've 572 00:33:56,440 --> 00:33:58,800 defined. So if you say best practice, 573 00:33:58,800 --> 00:34:01,600 that doesn't mean anything. But if you've got a standard at 574 00:34:01,600 --> 00:34:05,080 your organization for logging in like a pattern, you don't have 575 00:34:05,080 --> 00:34:06,960 to write it every single time you write a login. 576 00:34:07,320 --> 00:34:13,000 You might say our standard security pattern for logging in 577 00:34:13,000 --> 00:34:16,080 to a website and then that's defined as a separate document. 578 00:34:16,800 --> 00:34:19,199 OK, so you do. That's the good way of 579 00:34:19,199 --> 00:34:21,719 triggering non functional requirements, but it's also 580 00:34:21,719 --> 00:34:25,159 making you think about them by looking at the batten and the 581 00:34:25,159 --> 00:34:27,639 reply to it. And so drawing a sequence 582 00:34:27,639 --> 00:34:31,760 diagram, or going down to the steps, knowing that data travels 583 00:34:32,239 --> 00:34:35,320 from your step to the system and back is really important. 584 00:34:36,400 --> 00:34:40,120 You might say bin, which you know that's too much work. 585 00:34:40,360 --> 00:34:42,520 Well, it is if you're drawing a process diagram. 586 00:34:42,520 --> 00:34:45,600 This is what I suggest you do. Just show that there's an error 587 00:34:45,600 --> 00:34:48,760 between your process of logging in an existing user flow, 588 00:34:48,760 --> 00:34:53,360 because it will be different to, there will be different gates 589 00:34:53,360 --> 00:34:57,360 for a new user. Show an error going down to the 590 00:34:57,400 --> 00:35:01,040 system and then because it could be a a separate system, the 591 00:35:01,040 --> 00:35:04,240 website could be an authentication system and then 592 00:35:04,240 --> 00:35:06,760 show an error back and then you're following the error and 593 00:35:06,760 --> 00:35:10,240 then you're thinking about the login. 594 00:35:10,960 --> 00:35:13,400 So in that case, when I say an error back, you would have a box 595 00:35:13,640 --> 00:35:17,400 login to system for example, existing user logging in system, 596 00:35:17,400 --> 00:35:19,480 that would be your actor on there and maybe a timing 597 00:35:19,920 --> 00:35:24,640 indicator, it logs down to your system, your authentication 598 00:35:24,640 --> 00:35:27,920 system or your web app and then an error up to the next step. 599 00:35:28,080 --> 00:35:31,600 So you could say, well there's now a decision which is you're 600 00:35:31,600 --> 00:35:36,080 not verified and it could go back to a page of like sign up 601 00:35:36,400 --> 00:35:39,680 or you've forgotten your username and password and move 602 00:35:39,680 --> 00:35:43,440 on to the next step. So you know going there's no 603 00:35:43,440 --> 00:35:45,800 problem with your process diagram showing those system 604 00:35:45,800 --> 00:35:49,480 steps and a bottom swing line for example, and then connecting 605 00:35:49,480 --> 00:35:51,760 an arrow down there and then showing what the reply is. 606 00:35:52,000 --> 00:35:54,320 And then you're using the Batten technique all the way through 607 00:35:54,760 --> 00:35:57,120 and that's actually, even if you're just using it and show 608 00:35:57,160 --> 00:36:01,080 and then actually hiding those steps the system steps later for 609 00:36:01,080 --> 00:36:04,400 presentation purposes. It actually makes you think of 610 00:36:04,400 --> 00:36:06,480 all the non functional requirements you need to think 611 00:36:06,480 --> 00:36:08,520 about. And what you could do in the 612 00:36:08,520 --> 00:36:11,040 arrow is write down the timing that's expected or less the 613 00:36:11,040 --> 00:36:14,280 minimum maximum time that's expected for that to happen. 614 00:36:14,840 --> 00:36:17,440 OK. So if you just say, you could 615 00:36:17,440 --> 00:36:19,800 even do it on the login step, you could say well logging in, 616 00:36:19,800 --> 00:36:21,560 you know that should take X amount of time. 617 00:36:22,200 --> 00:36:26,800 And when you talk about when it's a new system that should be 618 00:36:26,800 --> 00:36:30,120 or you're using new technology, new system or new technology, 619 00:36:30,920 --> 00:36:34,360 you should be explicit about that timing or say the whole 620 00:36:34,360 --> 00:36:38,520 time to to log in or to navigate on the website, it needs to be 621 00:36:38,520 --> 00:36:40,800 quite fast. And when we remain fast, when 622 00:36:41,120 --> 00:36:45,880 you might say as fast as this website, you know and you can 623 00:36:45,880 --> 00:36:48,960 measure the speed for that. OK. 624 00:36:48,960 --> 00:36:54,160 So we've just talked about security and speed, but there's 625 00:36:54,160 --> 00:36:56,480 also the performance of the system which is around speed and 626 00:36:56,480 --> 00:36:59,960 it's a subcategory of but there's other performance steps 627 00:36:59,960 --> 00:37:05,080 in there. The other area that is important 628 00:37:05,080 --> 00:37:06,840 is kind of like around availability. 629 00:37:07,200 --> 00:37:11,080 So availability is how often is the website available. 630 00:37:11,440 --> 00:37:16,560 And sometimes I notice for example some American based 631 00:37:16,560 --> 00:37:19,640 website ancestry.com is one of them. 632 00:37:20,680 --> 00:37:24,320 You'll find that the maintenance jobs that they run every night 633 00:37:24,320 --> 00:37:28,240 to run their scripts or do whatever happens in the middle 634 00:37:28,240 --> 00:37:32,480 of the night for an American. Or you know, there's different 635 00:37:32,480 --> 00:37:35,360 time zones in the states, but generally at A at a time where 636 00:37:35,360 --> 00:37:39,080 most people would be sleeping and what that means and actually 637 00:37:39,080 --> 00:37:42,760 Xbox does the same sometimes or some games do it. 638 00:37:43,960 --> 00:37:47,800 The performance in New Zealand which is kind of at the other 639 00:37:47,800 --> 00:37:54,040 side of the world, it degrades and so they're like oh, up 640 00:37:54,040 --> 00:37:55,760 time's fine because no one's using it, but they haven't 641 00:37:55,760 --> 00:37:58,680 thought about the fact that that website and their their customer 642 00:37:58,680 --> 00:38:01,000 base is actually over the other side of the world as well. 643 00:38:01,400 --> 00:38:03,600 So that's another problem. The other thing is that 644 00:38:03,600 --> 00:38:06,760 sometimes systems do break, but you have to have a as up time is 645 00:38:06,760 --> 00:38:10,520 a is a measure we use in terms of in terms of availability, how 646 00:38:10,520 --> 00:38:12,080 often it's going to be available. 647 00:38:12,880 --> 00:38:15,360 If you're on a cloud system, you generally inherit that 648 00:38:15,360 --> 00:38:17,800 availability. So if they have an outage, you 649 00:38:17,800 --> 00:38:20,800 have an outage. We have things of our own 650 00:38:20,800 --> 00:38:25,520 reliability, but the one I want to just jump into here because 651 00:38:25,520 --> 00:38:33,200 this is a area which can get very confused when you're ABA. 652 00:38:34,720 --> 00:38:37,160 And so I just want to make it really clear that a non 653 00:38:37,160 --> 00:38:40,760 functional requirement, one of the non functional requirement 654 00:38:40,760 --> 00:38:45,480 areas is usability. And for some people that can be 655 00:38:45,480 --> 00:38:47,840 a bit of a shock. Usability. 656 00:38:48,040 --> 00:38:50,960 Usability means a lot of stuff. I I like the fact that usability 657 00:38:50,960 --> 00:38:53,720 in there as opposed to what used to be called a design or 658 00:38:53,720 --> 00:38:56,000 content. But usability is a better, a 659 00:38:56,000 --> 00:39:00,640 better term. And it's about not just the IT 660 00:39:00,640 --> 00:39:06,200 can impact the features that you have, but it makes you think 661 00:39:06,200 --> 00:39:10,760 about the design of your website and sometimes the design of the 662 00:39:10,760 --> 00:39:13,760 website which is done. You know, maybe after you've 663 00:39:13,760 --> 00:39:17,440 done your first cut of requirements, you just kind of 664 00:39:17,440 --> 00:39:20,040 just have them as pictures throughout your spec. 665 00:39:20,040 --> 00:39:22,120 Well, I do anyway, and I point to the requirements. 666 00:39:22,920 --> 00:39:25,400 But this is another area which triggers a whole lot of non 667 00:39:25,400 --> 00:39:28,280 functional requirements. So if you think about usability, 668 00:39:28,320 --> 00:39:31,080 I'm going to throw at some basic usability and then I'll look 669 00:39:31,080 --> 00:39:33,520 through about some specific usability we should all be 670 00:39:33,520 --> 00:39:36,560 worried about. Some basic usability is the 671 00:39:36,560 --> 00:39:41,120 design of the screens OK? It's the fact that if you're 672 00:39:41,240 --> 00:39:46,640 using a system which is made for data entry purposes, you've got 673 00:39:46,640 --> 00:39:50,800 tabs in and all the information that you enter more often or not 674 00:39:50,800 --> 00:39:54,440 is probably at the top and the stuff you enter later is down 675 00:39:54,440 --> 00:39:57,000 below. So you requirements around, 676 00:39:57,000 --> 00:39:59,720 they're all non functional requirements and I'm thinking 677 00:39:59,720 --> 00:40:04,480 about Dynamics 365 or Salesforce where you might have someone 678 00:40:04,480 --> 00:40:08,680 who's just dragging, dropping, configuring your system, you 679 00:40:08,680 --> 00:40:11,880 know adding some custom fields. Those non functional 680 00:40:11,880 --> 00:40:15,240 requirements there around screen layout They should be. 681 00:40:16,000 --> 00:40:17,480 Requirements. They should be non functional 682 00:40:17,480 --> 00:40:20,400 requirements and so for example, yeah, it should be around. 683 00:40:20,400 --> 00:40:22,480 Well you know, I want to easily get into this. 684 00:40:22,760 --> 00:40:25,000 You should be prompting your users, you should be asking 685 00:40:25,000 --> 00:40:27,680 questions around this sequence in which they enter their 686 00:40:27,680 --> 00:40:30,560 information. Or you know, are they going to 687 00:40:30,560 --> 00:40:32,320 be using a tablet? Are they going to be using a 688 00:40:32,320 --> 00:40:35,920 mouse? Can the screen, can the screen 689 00:40:35,920 --> 00:40:40,880 resize automatically to tablet? I actually just spent some time 690 00:40:40,880 --> 00:40:45,040 working on a project that I'm involved in and I was doing some 691 00:40:45,040 --> 00:40:48,520 very simple landing page website work, drag and dropping some 692 00:40:48,520 --> 00:40:53,400 stuff for this kind of MVP we're trialing out and I completed it 693 00:40:53,400 --> 00:40:54,680 and I thought it looked pretty good. 694 00:40:54,880 --> 00:40:58,200 To be honest I'm not a designer but I was using a template and I 695 00:40:58,200 --> 00:41:01,240 was mucking around and I got it sorted and I thought it was good 696 00:41:01,240 --> 00:41:03,880 and I sent it to a friend of mine who clicked on the link. 697 00:41:04,400 --> 00:41:09,240 Now I was using my PC, my laptop, and he was looking at it 698 00:41:09,320 --> 00:41:13,120 on his mobile device and he clicked on the website and he 699 00:41:13,120 --> 00:41:15,440 said, oh, OK. And I thought, oh man, that's a 700 00:41:15,480 --> 00:41:17,640 bit gutting. I just spent, you know, a good 701 00:41:17,640 --> 00:41:21,360 half day on this. And I clicked on the link on my 702 00:41:21,360 --> 00:41:27,280 mobile phone and the website wasn't what we call responsive 703 00:41:27,280 --> 00:41:32,520 or not, Well, responsive design or when it was being responsive, 704 00:41:32,520 --> 00:41:35,240 it was moving things around. So responsive design is the 705 00:41:35,240 --> 00:41:39,240 ability for a web app to kind of respond to the type of device 706 00:41:39,240 --> 00:41:44,120 you've got based on its size, which is all fine and dandy, but 707 00:41:44,120 --> 00:41:47,320 in this case there were some videos on there and there was 708 00:41:47,320 --> 00:41:49,880 some text and it moved everything around and I could 709 00:41:49,880 --> 00:41:51,920 read everything but it looked bad. 710 00:41:52,520 --> 00:41:57,560 So sometimes people especially with the move to mobile devices, 711 00:41:58,040 --> 00:42:01,000 a lot of people you have a non functional requirement around 712 00:42:01,000 --> 00:42:04,600 mobile first and mobile first means design for mobile so it 713 00:42:04,600 --> 00:42:08,520 looks good on that and then manage the desktop version after 714 00:42:08,520 --> 00:42:10,360 the fact. And that was that's a lesson for 715 00:42:10,360 --> 00:42:13,520 me because I'm going to have to redo it and or pay someone to do 716 00:42:13,520 --> 00:42:16,560 it and I should have designed for mobile first. 717 00:42:16,560 --> 00:42:19,080 I should have designed on a small screen and then allowed it 718 00:42:19,080 --> 00:42:24,880 to stretch out for for web work. So that's a non functional area. 719 00:42:24,880 --> 00:42:28,040 That's important when it comes to usability. 720 00:42:28,760 --> 00:42:30,880 So we've got those usability requirements around how people 721 00:42:30,880 --> 00:42:33,480 are going to be using it, what their preferences are. 722 00:42:33,800 --> 00:42:36,320 If you start getting into colors, then you really need to 723 00:42:36,320 --> 00:42:39,040 start to say, well you know, changing this from if it's an 724 00:42:39,040 --> 00:42:42,520 out-of-the-box product like Dynamics or Salesforce and 725 00:42:42,520 --> 00:42:45,080 they're saying, can I have that? Can I allow that button to be 726 00:42:45,080 --> 00:42:47,080 blue? Then you know you end up with 727 00:42:47,080 --> 00:42:50,160 the blue button scenario where you need to really talk about 728 00:42:50,160 --> 00:42:51,680 cost. There's preference. 729 00:42:51,680 --> 00:42:54,680 That's not usability. You also need to think about if 730 00:42:54,680 --> 00:42:58,680 it's external, not just you. What do I mean by that? 731 00:42:59,040 --> 00:43:03,960 Wow, a large percentage of our population in the world, if 732 00:43:03,960 --> 00:43:07,280 you're looking at launching to the world, don't speak English. 733 00:43:07,600 --> 00:43:10,720 So what are you going to do about bilingual languages? 734 00:43:10,760 --> 00:43:14,360 Are you going to have a language pack which does its best to 735 00:43:14,360 --> 00:43:17,720 change the language? Are you not going to bother if 736 00:43:17,720 --> 00:43:20,440 you're in a situation like New Zealand where we actually have 737 00:43:20,440 --> 00:43:25,320 an indigenous, indigenous people, the Maori, they, you 738 00:43:25,320 --> 00:43:28,000 know that that's hugely important to others New 739 00:43:28,000 --> 00:43:31,680 Zealanders or to most New Zealanders anyway, and we're 740 00:43:31,680 --> 00:43:34,400 trying to promote Maori as a language. 741 00:43:34,640 --> 00:43:38,360 Well, most government websites need to be in both in Maori and 742 00:43:38,360 --> 00:43:42,240 English, OK? There are two major languages 743 00:43:42,240 --> 00:43:48,080 there as well as sign language. So for example, if you are for 744 00:43:48,080 --> 00:43:53,640 example someone who's blind, then you need screen readers to 745 00:43:53,640 --> 00:43:57,400 read your website. And if you put a image on your 746 00:43:57,400 --> 00:44:01,880 website and you don't put text, then the whole experience of 747 00:44:01,880 --> 00:44:06,160 that image will just not have any impact. 748 00:44:06,800 --> 00:44:12,200 If for someone who has who's blind or has low vision, now 749 00:44:12,560 --> 00:44:16,440 there is something called alt tags, alternative tags, alt tags 750 00:44:16,440 --> 00:44:19,000 and websites. And you can actually add A tag 751 00:44:19,000 --> 00:44:20,600 in there. You can describe what the 752 00:44:20,600 --> 00:44:23,640 picture is. And if you go to a website and 753 00:44:23,640 --> 00:44:27,280 you add your old tags in, then people with low vision, they 754 00:44:27,280 --> 00:44:30,000 can, the screen reader will say there is an image on the right 755 00:44:30,000 --> 00:44:32,120 of, you know, a person kicking a soccer ball. 756 00:44:32,680 --> 00:44:36,280 And then so they get more of a interest around that. 757 00:44:36,480 --> 00:44:39,360 Sometimes, you know, it could be video about whatever and then 758 00:44:39,360 --> 00:44:43,000 they can play it so they know that it's a a video, so they can 759 00:44:43,000 --> 00:44:44,560 click on the video and listen to it. 760 00:44:45,880 --> 00:44:49,360 Google also will look for alt tags. 761 00:44:49,360 --> 00:44:52,640 It uses it for indexing and making sure that your content is 762 00:44:52,640 --> 00:44:55,760 good and it actually gives you a better rating. 763 00:44:55,760 --> 00:44:58,920 It's called ECO, a search engine optimization. 764 00:44:59,120 --> 00:45:01,960 It'll give you a better rating on Google if you've got alt tags 765 00:45:01,960 --> 00:45:05,000 on your website. So that's usability is not just 766 00:45:05,000 --> 00:45:10,320 thinking about, you know, the the simplest design features. 767 00:45:10,520 --> 00:45:14,000 We're also thinking about those who may have not had the same 768 00:45:14,000 --> 00:45:17,480 abilities as yourself or people that speak a different language 769 00:45:17,480 --> 00:45:20,320 to yourself. People with a lot of colorblind 770 00:45:20,320 --> 00:45:22,920 men out there, generally they're a woman who are colorblind, but 771 00:45:22,920 --> 00:45:24,560 men? There's a huge percentage 772 00:45:24,560 --> 00:45:27,080 because men don't generally talk about their things. 773 00:45:27,080 --> 00:45:30,160 But I know a lot of people that are colorblind have your website 774 00:45:30,160 --> 00:45:33,920 uses colors that are really hard to be seen by someone who's 775 00:45:33,920 --> 00:45:36,360 colorblind. They may not be able to read 776 00:45:36,360 --> 00:45:40,400 your text and so you're actually making them a little bit, you 777 00:45:40,400 --> 00:45:44,120 know, you're actually making it really difficult for them to 778 00:45:44,120 --> 00:45:47,160 navigate your website. Now the I guess there's a 779 00:45:47,160 --> 00:45:50,560 spectrum here. If you're if you're if you're 780 00:45:50,560 --> 00:45:54,240 got a very targeted audience and you think that disabilities of 781 00:45:55,280 --> 00:45:57,960 one way or another aren't important and you're just one of 782 00:45:57,960 --> 00:46:01,960 those kind of people, then maybe you don't really care about that 783 00:46:01,960 --> 00:46:05,080 and you know, good on whatever. If that's your preference, go 784 00:46:05,080 --> 00:46:07,240 for it. But it doesn't mean anyone's 785 00:46:07,240 --> 00:46:09,480 going to read your website. It doesn't mean that you know 786 00:46:09,480 --> 00:46:12,640 people you didn't know who had a disability. 787 00:46:12,640 --> 00:46:15,120 Maybe it's something like someone who's dyslexic and can't 788 00:46:15,120 --> 00:46:17,760 read big words and you're using big words on your website, but 789 00:46:17,760 --> 00:46:20,880 you've got to limit who wants to visit your website and you can 790 00:46:20,880 --> 00:46:24,320 literally isolate yourself. Plus, in Google's not going to 791 00:46:24,320 --> 00:46:27,200 do a good job of allowing your website to be clear across the 792 00:46:27,200 --> 00:46:29,240 Internet. Now if we go to the other 793 00:46:29,240 --> 00:46:34,600 extreme and you're for example working with a specific group of 794 00:46:34,600 --> 00:46:38,120 people that may have different abilities or different skills to 795 00:46:38,120 --> 00:46:40,880 you. For example you're working with 796 00:46:40,880 --> 00:46:44,920 indigenous people and you're a web design company that only you 797 00:46:44,920 --> 00:46:48,160 know doesn't have an expert in indigenous languages. 798 00:46:48,440 --> 00:46:51,600 Then you know that is something that's a really important, I 799 00:46:51,640 --> 00:46:54,200 would say functional and non functional requirement that 800 00:46:54,200 --> 00:46:57,560 needs to be captured and cost because you're going to have to 801 00:46:57,560 --> 00:47:00,560 get someone to translate all your content into the native 802 00:47:00,560 --> 00:47:03,000 language that you're using. You need to understand that 803 00:47:03,000 --> 00:47:05,760 there might be differences of design just because of that. 804 00:47:05,920 --> 00:47:10,040 There might be specific colors or even navigation or even ways 805 00:47:10,040 --> 00:47:14,440 of expressing different elements of the website that for example 806 00:47:14,440 --> 00:47:17,240 that you wouldn't have thought about or wouldn't have come up 807 00:47:17,240 --> 00:47:18,920 when you're working with another client. 808 00:47:20,360 --> 00:47:23,960 So non functional requirements are hugely important that you 809 00:47:23,960 --> 00:47:28,080 know as we said that the attribute that describe how the 810 00:47:28,080 --> 00:47:34,280 system function not what it does and there's an emphasis, there's 811 00:47:34,280 --> 00:47:37,480 an emphasis that they are really, really important. 812 00:47:38,000 --> 00:47:41,040 Now we're going to move to well, OK, who writes them. 813 00:47:41,680 --> 00:47:45,920 So if you have a if you're an internal team or you're working 814 00:47:45,920 --> 00:47:48,560 with an architecture team, they may have a great list of non 815 00:47:48,560 --> 00:47:51,480 functional requirements you should worry about and they may 816 00:47:51,480 --> 00:47:54,360 even ask us during say architectural review. 817 00:47:54,800 --> 00:47:58,880 So I would say first go to the architecture team and ask them 818 00:47:58,880 --> 00:48:00,240 about non functional requirements. 819 00:48:00,720 --> 00:48:04,920 It is your job as ABA to talk to users and to think about these 820 00:48:04,920 --> 00:48:08,400 and prompt them. But I would suggest just looking 821 00:48:08,400 --> 00:48:11,760 to see if there's a common list of that you should go through as 822 00:48:11,760 --> 00:48:14,000 well as anything you think of. So if you think of something 823 00:48:14,000 --> 00:48:15,800 that's not on their list, it's valid. 824 00:48:15,880 --> 00:48:19,640 If it gets brought up, it's valid response time, up time, 825 00:48:19,640 --> 00:48:22,360 you know how often upgrades happen. 826 00:48:22,680 --> 00:48:25,040 All those things are really, really really important. 827 00:48:25,400 --> 00:48:26,720 So if they're not on the list, add them. 828 00:48:26,880 --> 00:48:29,720 OK, It's not around having a perfect list, it's just making 829 00:48:29,720 --> 00:48:33,320 sure that those things that are important for whatever 830 00:48:33,320 --> 00:48:37,320 application system process you're improving put together. 831 00:48:38,240 --> 00:48:40,480 You know, having templates, having checklists, having 832 00:48:40,480 --> 00:48:42,240 articles on non functional requirements are really 833 00:48:42,240 --> 00:48:45,120 important. Having them listed in the 834 00:48:45,120 --> 00:48:48,080 project plan as a piece of work you need to do, not just the 835 00:48:48,080 --> 00:48:49,560 functional requirements. Have you captured the 836 00:48:49,560 --> 00:48:51,360 requirements? Yes, I'm going to do a whole 837 00:48:51,360 --> 00:48:53,000 work on non functional requirements. 838 00:48:53,560 --> 00:48:56,440 Doing interviews on non functional requirements on 839 00:48:56,480 --> 00:48:58,800 experts in those areas are really important. 840 00:48:59,800 --> 00:49:05,960 Make sure that you are spending time on this and making sure 841 00:49:05,960 --> 00:49:08,040 that everyone on your project is aware of it. 842 00:49:08,840 --> 00:49:12,240 Now before we go today, before we get on, I want to just talk 843 00:49:12,240 --> 00:49:16,960 about some real life examples just to bring in the importance 844 00:49:16,960 --> 00:49:18,240 of non functional requirements here. 845 00:49:18,880 --> 00:49:21,280 Why? I'll just give you 3 examples 846 00:49:21,280 --> 00:49:24,400 that have happened, you know, relatively recent in recent 847 00:49:24,400 --> 00:49:29,880 history when in there was a new website that was going to be 848 00:49:29,880 --> 00:49:33,440 launched called healthcare.gov OK. 849 00:49:33,440 --> 00:49:36,440 It was supposed to be launched in 2013. 850 00:49:37,240 --> 00:49:40,960 And this is in the states. So if you live in America, you 851 00:49:40,960 --> 00:49:44,040 may know about this. This was all to do with health 852 00:49:44,040 --> 00:49:45,800 insurance and changes in that area. 853 00:49:46,320 --> 00:49:51,120 Now no one thought about and this is another non functional 854 00:49:51,120 --> 00:49:53,640 requirement which is scalability. 855 00:49:53,800 --> 00:49:56,120 OK, I'm not I'm I'm purposely not giving you the loss. 856 00:49:56,400 --> 00:49:58,800 So you can go and actually research this bit of homework, 857 00:49:59,200 --> 00:50:01,760 but scalability is really important. 858 00:50:01,760 --> 00:50:06,040 And this is, this is scalability has hit us in recent times 859 00:50:06,040 --> 00:50:09,960 because of COVID-19 and people accessing information on mass. 860 00:50:10,320 --> 00:50:14,000 And so a lot of times things fail because they were written 861 00:50:14,000 --> 00:50:17,840 to handle 100,000 visits, not a million visits. 862 00:50:18,160 --> 00:50:22,240 OK, So scalability and performance of that, of the 863 00:50:22,240 --> 00:50:25,360 functions when you've got lots of people on board and security 864 00:50:25,360 --> 00:50:27,920 that were all overlooked. So with no functional 865 00:50:27,920 --> 00:50:31,320 requirements really focused on here, they probably work with a 866 00:50:31,320 --> 00:50:34,040 design firm and they got the functions done. 867 00:50:34,360 --> 00:50:37,880 And So what happened was that that website, healthcare.gov, it 868 00:50:37,880 --> 00:50:40,640 crashed due to overwhelming traffic. 869 00:50:41,080 --> 00:50:45,480 OK, So it meant that millions of Americans could not enroll in 870 00:50:45,480 --> 00:50:49,480 healthcare insurance. And what it meant, it looked 871 00:50:49,640 --> 00:50:52,400 politically terrible. I think it was a bummer at the 872 00:50:52,400 --> 00:50:56,240 time. Looked terrible for the 873 00:50:56,280 --> 00:50:59,760 Democrats at the time who would roll out this new function. 874 00:51:00,440 --> 00:51:04,000 It cost lots to repair because the architecture, the way in 875 00:51:04,000 --> 00:51:07,120 which the system was designed and never no one had ever 876 00:51:07,120 --> 00:51:10,600 thought about the fact that millions of Americans or 10s of 877 00:51:10,600 --> 00:51:13,720 millions of Americans would want to access the website on the 878 00:51:13,720 --> 00:51:15,880 same time. Now that doesn't mean you need 879 00:51:15,880 --> 00:51:19,120 to spend hundreds of billions of dollars allowing that to happen. 880 00:51:19,920 --> 00:51:21,720 You can deal with peak performance. 881 00:51:22,240 --> 00:51:24,880 But what they could have done was just had like a queuing 882 00:51:24,880 --> 00:51:27,080 system. And there's some problems with 883 00:51:27,080 --> 00:51:30,440 that design as well. You know you have a queue system 884 00:51:30,440 --> 00:51:35,880 like if you buy tickets for a sporting event or for example 885 00:51:35,880 --> 00:51:38,600 you buy tickets for to see a band you like. 886 00:51:38,600 --> 00:51:40,800 This happens all the time. You'll notice you go into a 887 00:51:40,800 --> 00:51:43,040 queue and so you just get let in. 888 00:51:43,040 --> 00:51:45,840 And that really a really good experts actually about dealing 889 00:51:45,840 --> 00:51:51,920 with high volume requests at one time without having you know 890 00:51:51,920 --> 00:51:56,440 hugely expensive long term equipment and design that allows 891 00:51:56,440 --> 00:51:59,600 that to happen every day or you know, every single event. 892 00:51:59,880 --> 00:52:01,280 So they're good people to speak to. 893 00:52:01,280 --> 00:52:04,760 If you are going to scale quickly to that level, sometimes 894 00:52:04,760 --> 00:52:06,880 it's not possible to worry about scale. 895 00:52:06,880 --> 00:52:10,760 You just become really popular. A popular website just becomes 896 00:52:10,760 --> 00:52:13,600 popular overnight as a fad and the website crashes. 897 00:52:13,600 --> 00:52:18,080 That's kind of different to rolling out government website 898 00:52:18,080 --> 00:52:20,320 that everyone should have access to now. 899 00:52:20,640 --> 00:52:23,200 Yeah, there was huge reputational damage. 900 00:52:23,200 --> 00:52:26,440 This was in 2013 reputational damage. 901 00:52:26,520 --> 00:52:28,600 It was costly repairs, It was a disaster. 902 00:52:29,000 --> 00:52:31,840 All because those non non functional requirements weren't 903 00:52:32,160 --> 00:52:34,160 just a checklist wasn't gone through. 904 00:52:34,160 --> 00:52:36,240 They should have known that there could have been a chance 905 00:52:36,600 --> 00:52:41,760 of a scalability problem there. There was also an example with 906 00:52:41,760 --> 00:52:44,840 Knights Capital. There was a trading glitch in 907 00:52:44,840 --> 00:52:49,440 2012. Software testing is you could 908 00:52:49,440 --> 00:52:53,800 say as a as a now an integrated part of your project plan, but 909 00:52:53,800 --> 00:52:57,080 it's actually a non functional requirement and risk management 910 00:52:57,080 --> 00:52:58,920 or the management of risk wasn't. 911 00:52:59,440 --> 00:53:03,720 Those two things weren't measured well or taken care of. 912 00:53:04,040 --> 00:53:06,840 So no one was worried about the what would happen if there was a 913 00:53:06,840 --> 00:53:10,080 mistake and what would be the consequences there. 914 00:53:10,480 --> 00:53:16,600 So in that example, there was a problem with an algorithm within 915 00:53:16,640 --> 00:53:24,760 the trading mechanism. And what it did is it meant that 916 00:53:24,800 --> 00:53:32,400 there was a problem with they weren't able to execute these 917 00:53:32,400 --> 00:53:36,320 trades, these high speed trades. And you know, trading is hugely 918 00:53:36,320 --> 00:53:37,720 important. I mean it's one of the areas 919 00:53:37,720 --> 00:53:41,440 where I know that, for example, Rupert Murdoch, I have a friend 920 00:53:41,440 --> 00:53:45,440 of mine who worked for routers which Rupert Murdoch owns. 921 00:53:45,440 --> 00:53:48,760 He's a rich, very rich Australian guy who owns a lot of 922 00:53:48,760 --> 00:53:50,680 media around the world and owns Fox News. 923 00:53:50,680 --> 00:53:52,880 So if you're from the States, this is your buddy. 924 00:53:52,880 --> 00:53:57,240 So he you know he's a character and has strong political views 925 00:53:57,240 --> 00:54:01,120 on the right, but equally he also makes most of his money not 926 00:54:01,120 --> 00:54:03,800 from his news outlets. He makes his money from trading 927 00:54:04,200 --> 00:54:06,520 foreign exchange and doing other bits and pieces. 928 00:54:06,880 --> 00:54:12,840 Now there's no law or stopping Rupert from spending multi 929 00:54:12,840 --> 00:54:15,960 billions of dollars on having better equipment than everyone 930 00:54:15,960 --> 00:54:18,080 else. And so this friend of mine was 931 00:54:18,080 --> 00:54:24,240 working for doing some work for routers which was, which is the 932 00:54:24,240 --> 00:54:26,920 company that sends information through Stock Exchange and and 933 00:54:26,920 --> 00:54:32,880 news and he was installing these very premium routers with 934 00:54:32,920 --> 00:54:35,760 routers. Sorry routers, full routers gets 935 00:54:35,760 --> 00:54:39,200 a bit confusing but effectively switches which allowed 936 00:54:39,200 --> 00:54:42,480 information to travel through routers much quicker than the 937 00:54:42,480 --> 00:54:47,080 competition which actually meant that rapid trading team, it's 938 00:54:47,080 --> 00:54:50,160 not him, it's he's got thousands of people that work for him 939 00:54:51,520 --> 00:54:53,840 allowed them to get information very quickly and they were able 940 00:54:53,840 --> 00:54:56,600 to execute on trades. So that was done the right way 941 00:54:57,400 --> 00:55:00,520 from what I hear. However, this example here was, 942 00:55:00,560 --> 00:55:02,200 you know, there was a faulty algorithm. 943 00:55:02,200 --> 00:55:04,720 They didn't do testing. They didn't think about the cost 944 00:55:04,720 --> 00:55:07,600 of doing extensive testing. What would be the reputational 945 00:55:07,600 --> 00:55:12,440 cost? They lost 440 US million in 45 946 00:55:12,440 --> 00:55:16,760 minutes, OK. And it meant that they, they 947 00:55:16,760 --> 00:55:20,800 lost so much money and the shareholders, you know no one 948 00:55:20,800 --> 00:55:23,880 was happy and the investors weren't happy and they got 949 00:55:23,920 --> 00:55:26,160 acquired by a competitor as a result. 950 00:55:26,640 --> 00:55:30,920 So you've got to be really in, in those examples you could say 951 00:55:30,920 --> 00:55:33,680 mission critical. I would say well you know 952 00:55:34,200 --> 00:55:38,920 trading is a kind of a bonus, but still it is critical to that 953 00:55:38,920 --> 00:55:40,880 organization. And so if you're ahead of 954 00:55:40,880 --> 00:55:43,720 testing there, you would need to really push for that and work 955 00:55:43,720 --> 00:55:46,680 with the BA to make sure that people are aware of the testing. 956 00:55:46,680 --> 00:55:52,840 And if they decided to go live with a change without everything 957 00:55:52,840 --> 00:55:56,440 being tested to the NTH degree, then you need to make it really 958 00:55:56,440 --> 00:55:59,600 clear from a risk management point of view that we're outside 959 00:55:59,600 --> 00:56:04,720 the risk profile that the board expects or the organization as 960 00:56:04,720 --> 00:56:06,400 well. It could even recover from. 961 00:56:07,000 --> 00:56:10,640 I'll give you one more. It was around Target. 962 00:56:11,480 --> 00:56:17,680 So Target is in Australia but it's also in the US and they had 963 00:56:17,680 --> 00:56:22,440 a data breach in 2013. So there was a data security 964 00:56:22,440 --> 00:56:25,680 breach and access control. So around security, about 965 00:56:25,680 --> 00:56:28,840 security, non functionals, access control. 966 00:56:28,840 --> 00:56:37,520 So what happened was that they really hadn't implemented modern 967 00:56:37,520 --> 00:56:39,440 day security techniques around access. 968 00:56:39,920 --> 00:56:42,720 OK, so things like we did talk about modern passwords, we 969 00:56:42,720 --> 00:56:44,840 talked about resetting passwords, we talked about two 970 00:56:44,840 --> 00:56:48,560 thing factor authentication. They just went up to the speed 971 00:56:48,560 --> 00:56:52,200 and and the problem with these large organizations like Target 972 00:56:52,200 --> 00:56:55,560 and even if you're not Amazon or Google or tech company, there's 973 00:56:55,560 --> 00:56:58,560 even more important Walmart, Target, all those big companies, 974 00:56:59,200 --> 00:57:02,920 McDonald's, they need to be at the forefront of technology as 975 00:57:02,920 --> 00:57:05,200 well. So what happened was effectively 976 00:57:05,200 --> 00:57:07,400 hackers stole personal information. 977 00:57:07,400 --> 00:57:10,360 There were 70 million customers there. 978 00:57:11,720 --> 00:57:15,360 They not only that is that the way in which they stored 979 00:57:15,360 --> 00:57:18,320 information, they were able to get into the user accounts, but 980 00:57:18,320 --> 00:57:22,040 they were also able to get into their credit card numbers. 981 00:57:22,240 --> 00:57:26,120 So they shouldn't been storing that information in a place 982 00:57:26,120 --> 00:57:29,760 where you know, if there was an access threat that information 983 00:57:29,760 --> 00:57:32,480 could, they could get to both personal information as well as 984 00:57:32,480 --> 00:57:35,440 financial information like credit card information and they 985 00:57:35,440 --> 00:57:37,880 also connected to their address information. 986 00:57:37,880 --> 00:57:44,000 OK, it ended up costing just indirect expenses, about 200 987 00:57:44,000 --> 00:57:47,800 million for them to solve and it tarnished its brand image. 988 00:57:48,920 --> 00:57:52,400 You and I were pretty bad. I would say most people are 989 00:57:52,400 --> 00:57:56,280 pretty bad at kind of ignoring that or even knowing a data leak 990 00:57:56,280 --> 00:57:58,680 happened. I actually got notified the 991 00:57:58,680 --> 00:58:03,200 other week, just had a little a little e-mail suggesting that 992 00:58:03,200 --> 00:58:06,040 there was a data breach on a a big application. 993 00:58:06,040 --> 00:58:08,400 On that I've used. I can't actually remember what 994 00:58:08,400 --> 00:58:09,920 it was. I have to go through my inbox 995 00:58:10,880 --> 00:58:13,320 and I knew it was bad. It meant that mostly my 996 00:58:13,320 --> 00:58:14,440 information was going to be leaked. 997 00:58:15,120 --> 00:58:18,560 I do respect those companies that come out and then tell you 998 00:58:18,800 --> 00:58:21,480 there has been a data breach. We highly recommend you change 999 00:58:21,480 --> 00:58:25,040 your password because they've got your password and then even 1000 00:58:25,040 --> 00:58:28,000 doesn't. If there isn't a direct stealing 1001 00:58:28,000 --> 00:58:30,600 of your information or your credit card information in terms 1002 00:58:30,600 --> 00:58:32,960 of you needing to cancel your credit card, at least they're 1003 00:58:32,960 --> 00:58:35,760 coming out and telling you that your password's been stolen so 1004 00:58:35,760 --> 00:58:39,080 you can reset that. Google has some good tools for 1005 00:58:39,080 --> 00:58:42,000 telling you if you've been hacked and your password's been 1006 00:58:42,000 --> 00:58:45,200 put on the Internet, so they're just some examples. 1007 00:58:45,200 --> 00:58:47,160 I just want to emphasize how important non functional 1008 00:58:47,160 --> 00:58:49,960 requirements are. I'll summarize by saying they're 1009 00:58:49,960 --> 00:58:53,360 not optional extras, they are critical for system success. 1010 00:58:54,280 --> 00:58:56,880 Ignoring non functional requirements can lead to cost, 1011 00:58:57,000 --> 00:59:00,560 costly failures, reputational damage, political damage, even 1012 00:59:00,560 --> 00:59:03,880 business collapse. You need to proactively 1013 00:59:03,880 --> 00:59:06,920 identify, prioritize, and manage non functional requirements. 1014 00:59:07,160 --> 00:59:10,480 There should be a whole area on your requirements matrix. 1015 00:59:10,480 --> 00:59:15,120 They should be on your backlog. You need to worry about user 1016 00:59:15,120 --> 00:59:16,720 experience. You need to worry about data 1017 00:59:16,720 --> 00:59:17,920 security. You need to worry about 1018 00:59:17,920 --> 00:59:22,440 availability, performance, scalability and business 1019 00:59:22,440 --> 00:59:25,480 continuity. So I hope you've learned 1020 00:59:25,480 --> 00:59:27,880 something today and I'll speak to you. 1021 00:59:27,880 --> 00:59:30,000 Next time. Remember to think about non 1022 00:59:30,000 --> 00:59:31,680 functional requirements.