Non-Functional Requirements
The quality attributes a system must exhibit — performance, reliability, security, scalability, accessibility — that often determine success or failure more decisively than functional features.
Definition
Non-functional requirements (NFRs) describe how a system behaves rather than what it does. Where functional requirements specify features (the user can place an order), NFRs specify qualities (the order is confirmed within 500ms at the 99th percentile, with 99.95% availability, and PCI-DSS compliant data handling). NFRs are sometimes called quality attributes, system qualities, or "the -ilities" — reliability, scalability, maintainability, observability, accessibility, security, portability.
Why They Matter
Most large IT failures I have audited were not failures of functionality. They were failures of NFRs — systems that worked in demo and fell over under real load, that passed UAT and failed accessibility audit, that shipped on time and were breached three months later. Construction has its analogue: a building that meets every architectural drawing but fails its acoustic, thermal, or commissioning tests.
Common Categories
- Performance and latency
- Scalability and capacity
- Availability and reliability
- Security and privacy
- Accessibility (e.g., WCAG 2.2 AA)
- Maintainability and observability
- Compliance and regulatory
- Usability
Real-World IT Example
A national retailer launched a checkout redesign that met every functional acceptance criterion. On the first Black Friday, the system collapsed at 1.4× normal load. The post-incident review found that the team had captured one NFR ("the system must be fast") without numbers behind it. The rebuild defined explicit latency, throughput, and degradation targets and survived the following peak season without incident.
Real-World Construction Example
NFRs translate cleanly to building performance criteria: thermal U-values, acoustic insulation indices, fire ratings, vibration tolerances. On a $310M concert hall, the acoustic NFRs were measured by independent specialists at 14 stages of construction; one early failure triggered a £180k redesign of a wall buildup that would otherwise have cost millions to correct after fit-out.
Common Mistakes
- Stating NFRs without numbers. "Fast", "secure", "available" mean nothing without thresholds.
- Treating them as a backlog item rather than cross-cutting constraints.
- Defining them late. NFRs drive architecture; late NFRs trigger expensive rework.
- No testing strategy. An untested NFR is wishful thinking.
- Ignoring trade-offs. Optimising security may slow performance; the team must own the choice.
Expert Tips
- Capture NFRs as measurable, testable statements with explicit thresholds and percentile.
- Tie NFRs to architecture decision records so the connection between requirement and design is traceable.
- Build NFR validation into CI/CD pipelines wherever possible.
- Review NFRs at the kickoff meeting and at every major milestone.
- Include NFR ownership in the RACI; without an owner, NFRs drift.
Practical Lessons Learned
- The cost of fixing a missed NFR rises exponentially with discovery time — load capacity discovered in production costs 50–100× what it would have cost in architecture.
- Stakeholder workshops always over-discuss functional features and under-discuss NFRs. Force the agenda.
- Accessibility is the most-cited and least-funded NFR. Funding it early is cheaper and morally correct.
Key Takeaways
- NFRs describe how a system behaves; functional requirements describe what it does.
- Most large-system failures are NFR failures, not feature failures.
- State NFRs with numbers, thresholds, percentiles, and test strategies.
- NFRs drive architecture and must be defined early.
- The same discipline applies to physical building performance criteria.
Related Encyclopedia Entries
Related Research Articles, Case Studies & Tools
Frequently Asked Questions
What is the difference between functional and non-functional requirements?
Functional = what the system does; non-functional = how well it does it (performance, security, availability, etc.).How specific should NFRs be?
Measurable and testable. 'Response within 500ms at p95 under 5x normal load' beats 'fast'.Who owns NFRs?
The architect typically authors them; the product owner and engineering lead jointly own delivery; QA validates.When should NFRs be defined?
At inception, before architecture is finalised. Late NFRs cause architectural rework.Are NFRs relevant in agile?
Absolutely — captured as cross-cutting constraints or in the Definition of Done.How do I test NFRs?
Performance tests, chaos engineering, security scans, accessibility audits, observability dashboards.Do construction projects have NFRs?
Yes — building performance criteria like thermal, acoustic, fire, and vibration ratings are the equivalent.Which calculators on PMMilestone.org apply to Non-Functional Requirements?
For Non-Functional Requirements, the most relevant tools on the flagship platform are the Schedule Health Checker and DCMA 14-point quality assessment. They reproduce the formulas referenced in this entry against your own project data.What is a common misconception about Non-Functional Requirements?
That quality cost only includes inspection. The cost-of-quality model includes prevention, appraisal, internal failure and external failure — and on capital projects external failure (rework, claims, defect liability) usually dwarfs the others.Which related encyclopedia entries should I read alongside Non-Functional Requirements?
Read Earned Value Management, Critical Path Method and the DCMA 14-point assessment next. The full A–Z is available in the PMMilestone Encyclopedia, and quick one-line definitions live in the PM Glossary on the flagship platform.How does Dr. Hassan Eliwa's research treat Non-Functional Requirements?
Dr. Hassan Eliwa's research focuses on owner-side project controls, schedule integrity and forensic delay analysis on capital construction and power programmes. Non-Functional Requirements is treated through that lens — what a planning or controls engineer is expected to do with it on a live project, not its textbook definition alone. See the full research library at PMMilestone Research Articles.How is Non-Functional Requirements defined on PMMilestone Research & Insights?
The quality attributes a system must exhibit — performance, reliability, security, scalability, accessibility — that often determine success or failure more decisively than functional features. For the full treatment, see the definition, principles, applications and related entries above — every encyclopedia entry follows the same research-grade structure.
People also ask
Follow-up questions practitioners search for next — each one points to the calculator, template or reference entry that answers it.
Which learning track covers this end-to-end?
Structured tracks from beginner planner to programme controls director. Project Controls Academy ↗
Which book goes deeper than this entry?
Practitioner field handbooks with worked numerical examples. Books & Publications ↗
Which calculator on PMMilestone.org applies here?
The integrated EVM workbook covers most cost-schedule diagnostics. EVM Calculator ↗
Where is this in the glossary?
Quick-lookup definitions across 1,200+ PM terms. PM Glossary on PMMilestone.org ↗
Related Entries
Further reading on PMMilestone.org
Curated companion resources hosted on the flagship platform, PMMilestone.org.
- For practitioners who want to go deeper, the Learning Tracks.
- Engineers researching this topic typically continue with the Books & Publications.
- A practical companion to this entry is the EVM Calculator.
- Closely related on the flagship platform is the Schedule Health Checker.
- Useful alongside this article is the PMMilestone.org knowledge hub.