Framework

Functional requirements: What the system does Non-functional requirements: How well it does it

NFR TypeExamples
PerformanceLatency < 200ms, throughput > 1000 req/sec
Reliability99.9% uptime, recover from failures in < 5min
ScalabilityHandle 10x traffic surge without degradation
SecurityEncrypt all data in transit, no SQL injection
UsabilityAccessible to color-blind users, intuitive UI
ComplianceGDPR-compliant, SOC 2 certified

Most PMs focus on functional. Non-functional requirements differentiate.

Actionable Steps

1. List Non-Functional Requirements

For each major feature, specify performance, security, scalability requirements.

2. Define Acceptance

NFRs are testable. "Secure" isn't enough. "No unauthenticated access to user data" is.

3. Monitor Post-Launch

Track: Latency, uptime, security incidents. If trends degrade, fix.

Key Takeaways

  • Non-functional requirements are often forgotten until they fail. Specify upfront.
  • Test NFRs as rigorously as functional requirements. Load testing, security audits, etc.