SEN204-Software Requirements.pdf

Full Transcript

4
Requirements
engineering

Objectives
The objective of this chapter is to introduce software requirements and to
explain the processes involved in discovering and documenting these
requirements. When you have read the chapter, you will:
understand the concepts of user and system requirements and why
these requirements should be written in different ways;
understand the differences between functional and non-functional
software requirements;
understand the main requirements engineering activities of elicitation,
analysis, and validation, and the relationships between these
activities;
understand why requirements management is necessary and how it
supports other requirements engineering activities.

Contents
4.1 Functional and non-functional requirements
4.2 Requirements engineering processes
4.3 Requirements elicitation
4.4 Requirements specification
4.5 Requirements validation
4.6 Requirements change
102 Chapter 4 Requirements engineering

The requirements for a system are the descriptions of the services that a system should
provide and the constraints on its operation. These requirements reflect the needs of
customers for a system that serves a certain purpose such as controlling a device, placing
an order, or finding information. The process of finding out, analyzing, documenting
and checking these services and constraints is called requirements engineering (RE).
The term requirement is not used consistently in the software industry. In some
cases, a requirement is simply a high-level, abstract statement of a service that a
system should provide or a constraint on a system. At the other extreme, it is a
detailed, formal definition of a system function. Davis (Davis 1993) explains why
these differences exist:

If a company wishes to let a contract for a large software development project,
it must define its needs in a sufficiently abstract way that a solution is not pre-
defined. The requirements must be written so that several contractors can bid
for the contract, offering, perhaps, different ways of meeting the client organi-
zation’s needs. Once a contract has been awarded, the contractor must write a
system definition for the client in more detail so that the client understands
and can validate what the software will do. Both of these documents may be
called the requirements document for the system†.

Some of the problems that arise during the requirements engineering process are
a result of failing to make a clear separation between these different levels of descrip-
tion. I distinguish between them by using the term user requirements to mean the
high-level abstract requirements and system requirements to mean the detailed
description of what the system should do. User requirements and system require-
ments may be defined as follows:

1. User requirements are statements, in a natural language plus diagrams, of what ser-
vices the system is expected to provide to system users and the constraints under
which it must operate. The user requirements may vary from broad statements of the
system features required to detailed, precise descriptions of the system functionality.
2. System requirements are more detailed descriptions of the software system’s
functions, services, and operational constraints. The system requirements docu-
ment (sometimes called a functional specification) should define exactly what is
to be implemented. It may be part of the contract between the system buyer and
the software developers.

Different kinds of requirement are needed to communicate information about a
system to different types of reader. Figure 4.1 illustrates the distinction between user
and system requirements. This example from the mental health care patient informa-
tion system (Mentcare) shows how a user requirement may be expanded into several
system requirements. You can see from Figure 4.1 that the user requirement is quite
†Davis, A.M. 1993. Software Requirements: Objects, Functions and States. Englewood Cliffs, NJ:
Prentice-Hall.
 Chapter 4 Requirements engineering 103

User requirements definition

1. The Mentcare system shall generate monthly management reports
showing the cost of drugs prescribed by each clinic during that month.

System requirements specification

1.1 On the last working day of each month, a summary of the drugs
prescribed, their cost and the prescribing clinics shall be generated.
1.2 The system shall generate the report for printing after 17.30 on the
last working day of the month.
1.3 A report shall be created for each clinic and shall list the individual
drug names, the total number of prescriptions, the number of doses
prescribed and the total cost of the prescribed drugs.
1.4 If drugs are available in different dose units (e.g. 10mg, 20mg, etc.)
separate reports shall be created for each dose unit.
1.5 Access to drug cost reports shall be restricted to authorized users as
listed on a management access control list.
Figure 4.1 User and
system requirements

general. The system requirements provide more specific information about the ser-
vices and functions of the system that is to be implemented.
You need to write requirements at different levels of detail because different
types of readers use them in different ways. Figure 4.2 shows the types of readers of
the user and system requirements. The readers of the user requirements are not usu-
ally concerned with how the system will be implemented and may be managers who
are not interested in the detailed facilities of the system. The readers of the system
requirements need to know more precisely what the system will do because they are
concerned with how it will support the business processes or because they are
involved in the system implementation.
The different types of document readers shown in Figure 4.2 are examples of
system stakeholders. As well as users, many other people have some kind of interest
in the system. System stakeholders include anyone who is affected by the system in
some way and so anyone who has a legitimate interest in it. Stakeholders range from
end-users of a system through managers to external stakeholders such as regulators,

Client managers
System end-users
User
Client engineers
requirements
Contractor managers
System architects

System end-users
Figure 4.2 Readers of System Client engineers
different types of requirements System architects
requirements Software developers
specification
104 Chapter 4 Requirements engineering

Feasibility studies

A feasibility study is a short, focused study that should take place early in the RE process. It should answer three
key questions: (1) Does the system contribute to the overall objectives of the organization? (2) Can the system
be implemented within schedule and budget using current technology? and (3) Can the system be integrated
with other systems that are used?

If the answer to any of these questions is no, you should probably not go ahead with the project.

http://software-engineering-book.com/web/feasibility-study/

who certify the acceptability of the system. For example, system stakeholders for the
Mentcare system include:

1. Patients whose information is recorded in the system and relatives of these patients.
2. Doctors who are responsible for assessing and treating patients.
3. Nurses who coordinate the consultations with doctors and administer some
treatments.
4. Medical receptionists who manage patients’ appointments.
5. IT staff who are responsible for installing and maintaining the system.
6. A medical ethics manager who must ensure that the system meets current ethi-
cal guidelines for patient care.
7. Health care managers who obtain management information from the system.
8. Medical records staff who are responsible for ensuring that system information
can be maintained and preserved, and that record keeping procedures have been
properly implemented.

Requirements engineering is usually presented as the first stage of the software
engineering process. However, some understanding of the system requirements may
have to be developed before a decision is made to go ahead with the procurement or
development of a system. This early-stage RE establishes a high-level view of what
the system might do and the benefits that it might provide. These may then be con-
sidered in a feasibility study, which tries to assess whether or not the system is tech-
nically and financially feasible. The results of that study help management decide
whether or not to go ahead with the procurement or development of the system.
In this chapter, I present a “traditional” view of requirements rather than require-
ments in agile processes, which I discussed in Chapter 3. For the majority of large
systems, it is still the case that there is a clearly identifiable requirements engineering
phase before implementation of the system begins. The outcome is a requirements
document, which may be part of the system development contract. Of course, subsequent
changes are made to the requirements, and user requirements may be expanded into
 4.1 Functional and non-functional requirements 105

more detailed system requirements. Sometimes an agile approach of concurrently
eliciting the requirements as the system is developed may be used to add detail and
to refine the user requirements.

4.1 Functional and non-functional requirements

Software system requirements are often classified as functional or non-functional
requirements:

1. Functional requirements These are statements of services the system should
provide, how the system should react to particular inputs, and how the system
should behave in particular situations. In some cases, the functional require-
ments may also explicitly state what the system should not do.
2. Non-functional requirements These are constraints on the services or functions
offered by the system. They include timing constraints, constraints on the devel-
opment process, and constraints imposed by standards. Non-functional require-
ments often apply to the system as a whole rather than individual system features
or services.

In reality, the distinction between different types of requirements is not as clear-
cut as these simple definitions suggest. A user requirement concerned with security,
such as a statement limiting access to authorized users, may appear to be a non-
functional requirement. However, when developed in more detail, this requirement
may generate other requirements that are clearly functional, such as the need to
include user authentication facilities in the system.
This shows that requirements are not independent and that one requirement often
generates or constrains other requirements. The system requirements therefore do not
just specify the services or the features of the system that are required; they also specify
the necessary functionality to ensure that these services/features are delivered effectively.

4.1.1 Functional requirements
The functional requirements for a system describe what the system should do. These
requirements depend on the type of software being developed, the expected users of the
software, and the general approach taken by the organization when writing requirements.
When expressed as user requirements, functional requirements should be written in natu-
ral language so that system users and managers can understand them. Functional system
requirements expand the user requirements and are written for system developers. They
should describe the system functions, their inputs and outputs, and exceptions in detail.
Functional system requirements vary from general requirements covering what
the system should do to very specific requirements reflecting local ways of working
or an organization’s existing systems. For example, here are examples of functional
106 Chapter 4 Requirements engineering

Domain requirements

Domain requirements are derived from the application domain of the system rather than from the specific
needs of system users. They may be new functional requirements in their own right, constrain existing func-
tional requirements, or set out how particular computations must be carried out.

The problem with domain requirements is that software engineers may not understand the characteristics of
the domain in which the system operates. This means that these engineers may not know whether or not a
domain requirement has been missed out or conflicts with other requirements.

http://software-engineering-book.com/web/domain-requirements/

requirements for the Mentcare system, used to maintain information about patients
receiving treatment for mental health problems:

1. A user shall be able to search the appointments lists for all clinics.
2. The system shall generate each day, for each clinic, a list of patients who are
expected to attend appointments that day.
3. Each staff member using the system shall be uniquely identified by his or her
eight-digit employee number.

These user requirements define specific functionality that should be included in
the system. The requirements show that functional requirements may be written at
different levels of detail (contrast requirements 1 and 3).
Functional requirements, as the name suggests, have traditionally focused on
what the system should do. However, if an organization decides that an existing off-
the-shelf system software product can meet its needs, then there is very little point in
developing a detailed functional specification. In such cases, the focus should be on
the development of information requirements that specify the information needed
for people to do their work. Information requirements specify the information needed
and how it is to be delivered and organized. Therefore, an information requirement
for the Mentcare system might specify what information is to be included in the list
of patients expected for appointments that day.
Imprecision in the requirements specification can lead to disputes between custom-
ers and software developers. It is natural for a system developer to interpret an ambig-
uous requirement in a way that simplifies its implementation. Often, however, this is
not what the customer wants. New requirements have to be established and changes
made to the system. Of course, this delays system delivery and increases costs.
For example, the first Mentcare system requirement in the above list states that a
user shall be able to search the appointments lists for all clinics. The rationale for this
requirement is that patients with mental health problems are sometimes confused.
They may have an appointment at one clinic but actually go to a different clinic. If they
have an appointment, they will be recorded as having attended, regardless of the clinic.
 4.1 Functional and non-functional requirements 107

A medical staff member specifying a search requirement may expect “search” to
mean that, given a patient name, the system looks for that name in all appointments at all
clinics. However, this is not explicit in the requirement. System developers may interpret
the requirement so that it is easier to implement. Their search function may require the
user to choose a clinic and then carry out the search of the patients who attended that
clinic. This involves more user input and so takes longer to complete the search.
Ideally, the functional requirements specification of a system should be both
complete and consistent. Completeness means that all services and information
required by the user should be defined. Consistency means that requirements should
not be contradictory.
In practice, it is only possible to achieve requirements consistency and complete-
ness for very small software systems. One reason is that it is easy to make mistakes
and omissions when writing specifications for large, complex systems. Another rea-
son is that large systems have many stakeholders, with different backgrounds and
expectations. Stakeholders are likely to have different—and often inconsistent—
needs. These inconsistencies may not be obvious when the requirements are origi-
nally specified, and the inconsistent requirements may only be discovered after
deeper analysis or during system development.

4.1.2 Non-functional requirements
Non-functional requirements, as the name suggests, are requirements that are not
directly concerned with the specific services delivered by the system to its users.
These non-functional requirements usually specify or constrain characteristics of the
system as a whole. They may relate to emergent system properties such as reliability,
response time, and memory use. Alternatively, they may define constraints on the
system implementation, such as the capabilities of I/O devices or the data represen-
tations used in interfaces with other systems.
Non-functional requirements are often more critical than individual functional
requirements. System users can usually find ways to work around a system function
that doesn’t really meet their needs. However, failing to meet a non-functional
requirement can mean that the whole system is unusable. For example, if an aircraft
system does not meet its reliability requirements, it will not be certified as safe for
operation; if an embedded control system fails to meet its performance requirements,
the control functions will not operate correctly.
While it is often possible to identify which system components implement spe-
cific functional requirements (e.g., there may be formatting components that imple-
ment reporting requirements), this is often more difficult with non-functional
requirements. The implementation of these requirements may be spread throughout
the system, for two reasons:

1. Non-functional requirements may affect the overall architecture of a system
rather than the individual components. For example, to ensure that performance
requirements are met in an embedded system, you may have to organize the
system to minimize communications between components.
108 Chapter 4 Requirements engineering

Non-functional
requirements

Product Organizational External
requirements requirements requirements

Efficiency Dependability Security Regulatory Ethical
requirements requirements requirements requirements requirements

Usability Environmental Operational Development Legislative
requirements requirements requirements requirements requirements

Performance Space Accounting Safety/security
requirements requirements requirements requirements

Figure 4.3 Types of
non-functional 2. An individual non-functional requirement, such as a security requirement, may
requirements
generate several, related functional requirements that define new system ser-
vices that are required if the non-functional requirement is to be implemented.
In addition, it may also generate requirements that constrain existing require-
ments; for example, it may limit access to information in the system.

Nonfunctional requirements arise through user needs because of budget con-
straints, organizational policies, the need for interoperability with other software or
hardware systems, or external factors such as safety regulations or privacy legisla-
tion. Figure 4.3 is a classification of non-functional requirements. You can see from
this diagram that the non-functional requirements may come from required charac-
teristics of the software (product requirements), the organization developing the
software (organizational requirements), or external sources:

1. Product requirements These requirements specify or constrain the runtime
behavior of the software. Examples include performance requirements for how
fast the system must execute and how much memory it requires; reliability
requirements that set out the acceptable failure rate; security requirements; and
usability requirements.
2. Organizational requirements These requirements are broad system require-
ments derived from policies and procedures in the customer’s and developer’s
organizations. Examples include operational process requirements that define
how the system will be used; development process requirements that specify the
 4.1 Functional and non-functional requirements 109

PRODUCT REQUIREMENT
The Mentcare system shall be available to all clinics during normal working hours (Mon–Fri, 08:30–17:30).
Downtime within normal working hours shall not exceed 5 seconds in any one day.

ORGANIZATIONAL REQUIREMENT
Users of the Mentcare system shall identify themselves using their health authority identity card.

EXTERNAL REQUIREMENT
The system shall implement patient privacy provisions as set out in HStan-03-2006-priv.

Figure 4.4 Examples of
possible non-functional programming language; the development environment or process standards to
requirements for the be used; and environmental requirements that specify the operating environ-
Mentcare system
ment of the system.
3. External requirements This broad heading covers all requirements that are
derived from factors external to the system and its development process. These
may include regulatory requirements that set out what must be done for the sys-
tem to be approved for use by a regulator, such as a nuclear safety authority;
legislative requirements that must be followed to ensure that the system oper-
ates within the law; and ethical requirements that ensure that the system will be
acceptable to its users and the general public.

Figure 4.4 shows examples of product, organizational, and external requirements
that could be included in the Mentcare system specification. The product require-
ment is an availability requirement that defines when the system has to be available
and the allowed downtime each day. It says nothing about the functionality of the
Mentcare system and clearly identifies a constraint that has to be considered by
the system designers.
The organizational requirement specifies how users authenticate themselves to
the system. The health authority that operates the system is moving to a standard
authentication procedure for all software where, instead of users having a login
name, they swipe their identity card through a reader to identify themselves. The
external requirement is derived from the need for the system to conform to privacy
legislation. Privacy is obviously a very important issue in health care systems, and
the requirement specifies that the system should be developed in accordance with a
national privacy standard.
A common problem with non-functional requirements is that stakeholders pro-
pose requirements as general goals, such as ease of use, the ability of the system to
recover from failure, or rapid user response. Goals set out good intentions but cause
problems for system developers as they leave scope for interpretation and subse-
quent dispute once the system is delivered. For example, the following system goal
is typical of how a manager might express usability requirements:

The system should be easy to use by medical staff and should be organized in
such a way that user errors are minimized.
110 Chapter 4 Requirements engineering

Property Measure
Speed Processed transactions/second
User/event response time
Screen refresh time
Size Megabytes/Number of ROM chips
Ease of use Training time
Number of help frames
Reliability Mean time to failure
Probability of unavailability
Rate of failure occurrence
Availability
Robustness Time to restart after failure
Percentage of events causing failure
Probability of data corruption on failure
Portability Percentage of target dependent statements
Number of target systems

Figure 4.5 Metrics for
specifying non-
functional requirements I have rewritten this to show how the goal could be expressed as a “testable” non-
functional requirement. It is impossible to objectively verify the system goal, but in
the following description you can at least include software instrumentation to count
the errors made by users when they are testing the system.

Medical staff shall be able to use all the system functions after two hours of
training. After this training, the average number of errors made by experienced
users shall not exceed two per hour of system use.

Whenever possible, you should write non-functional requirements quantitatively
so that they can be objectively tested. Figure 4.5 shows metrics that you can use to
specify non-functional system properties. You can measure these characteristics
when the system is being tested to check whether or not the system has met its non-
functional requirements.
In practice, customers for a system often find it difficult to translate their goals into
measurable requirements. For some goals, such as maintainability, there are no sim-
ple metrics that can be used. In other cases, even when quantitative specification is
possible, customers may not be able to relate their needs to these specifications. They
don’t understand what some number defining the reliability (for example) means in
terms of their everyday experience with computer systems. Furthermore, the cost of
objectively verifying measurable, non-functional requirements can be very high, and
the customers paying for the system may not think these costs are justified.
Non-functional requirements often conflict and interact with other functional or
non-functional requirements. For example, the identification requirement in
Figure 4.4 requires a card reader to be installed with each computer that connects to
the system. However, there may be another requirement that requests mobile access
to the system from doctors’ or nurses’ tablets or smartphones. These are not normally
 4.2 Requirements engineering processes 111

equipped with card readers so, in these circumstances, some alternative identifica-
tion method may have to be supported.
It is difficult to separate functional and non-functional requirements in the
requirements document. If the non-functional requirements are stated separately
from the functional requirements, the relationships between them may be hard to
understand. However, you should, ideally, highlight requirements that are clearly
related to emergent system properties, such as performance or reliability. You can do
this by putting them in a separate section of the requirements document or by distin-
guishing them, in some way, from other system requirements.
Non-functional requirements such as reliability, safety, and confidentiality
requirements are particularly important for critical systems. I cover these dependa-
bility requirements in Part 2, which describes ways of specifying reliability, safety,
and security requirements.

4.2 Requirements engineering processes

As I discussed in Chapter 2, requirements engineering involves three key activities.
These are discovering requirements by interacting with stakeholders (elicitation and
analysis); converting these requirements into a standard form (specification); and
checking that the requirements actually define the system that the customer wants
(validation). I have shown these as sequential processes in Figure 2.4. However,
in practice, requirements engineering is an iterative process in which the activities
are interleaved.
Figure 4.6 shows this interleaving. The activities are organized as an iterative
process around a spiral. The output of the RE process is a system requirements docu-
ment. The amount of time and effort devoted to each activity in an iteration depends
on the stage of the overall process, the type of system being developed, and the
budget that is available.
Early in the process, most effort will be spent on understanding high-level business
and non-functional requirements, and the user requirements for the system. Later in the
process, in the outer rings of the spiral, more effort will be devoted to eliciting and
understanding the non-functional requirements and more detailed system requirements.
This spiral model accommodates approaches to development where the require-
ments are developed to different levels of detail. The number of iterations around the
spiral can vary so that the spiral can be exited after some or all of the user require-
ments have been elicited. Agile development can be used instead of prototyping so
that the requirements and the system implementation are developed together.
In virtually all systems, requirements change. The people involved develop a bet-
ter understanding of what they want the software to do; the organization buying the
system changes; and modifications are made to the system’s hardware, software, and
organizational environment. Changes have to be managed to understand the impact
on other requirements and the cost and system implications of making the change.
I discuss this process of requirements management in Section 4.6.
112 Chapter 4 Requirements engineering

Requirements
specification

System requirements
specification and
modeling

User requirements
specification

Business requirements
specification

Start
Feasibility
System study
Requirements req. Requirements
elicitation elicitation User validation
requirements
elicitation Prototyping

Reviews

Figure 4.6 A spiral view
of the requirements System requirements
engineering process document

4.3 Requirements elicitation

The aims of the requirements elicitation process are to understand the work that
stakeholders do and how they might use a new system to help support that work.
During requirements elicitation, software engineers work with stakeholders to find
out about the application domain, work activities, the services and system features
that stakeholders want, the required performance of the system, hardware con-
straints, and so on.
Eliciting and understanding requirements from system stakeholders is a difficult
process for several reasons:

1. Stakeholders often don’t know what they want from a computer system except
in the most general terms; they may find it difficult to articulate what they want
the system to do; they may make unrealistic demands because they don’t know
what is and isn’t feasible.
 4.3 Requirements elicitation 113

1. Requirements
discovery and
understanding

4. Requirements 2. Requirements
documentation classification and
organization

3. Requirements
Figure 4.7 The prioritization and
requirements elicitation negotiation
and analysis process

2. Stakeholders in a system naturally express requirements in their own terms and
with implicit knowledge of their own work. Requirements engineers, without
experience in the customer’s domain, may not understand these requirements.
3. Different stakeholders, with diverse requirements, may express their require-
ments in different ways. Requirements engineers have to discover all potential
sources of requirements and discover commonalities and conflict.
4. Political factors may influence the requirements of a system. Managers may
demand specific system requirements because these will allow them to increase
their influence in the organization.
5. The economic and business environment in which the analysis takes place is
dynamic. It inevitably changes during the analysis process. The importance of
particular requirements may change. New requirements may emerge from new
stakeholders who were not originally consulted.

A process model of the elicitation and analysis process is shown in Figure 4.7.
Each organization will have its own version or instantiation of this general model,
depending on local factors such as the expertise of the staff, the type of system being
developed, and the standards used.
The process activities are:

1. Requirements discovery and understanding This is the process of interacting with
stakeholders of the system to discover their requirements. Domain requirements
from stakeholders and documentation are also discovered during this activity.
2. Requirements classification and organization This activity takes the unstruc-
tured collection of requirements, groups related requirements and organizes
them into coherent clusters.
3. Requirements prioritization and negotiation Inevitably, when multiple stake-
holders are involved, requirements will conflict. This activity is concerned with
prioritizing requirements and finding and resolving requirements conflicts
114 Chapter 4 Requirements engineering

Viewpoints

A viewpoint is a way of collecting and organizing a set of requirements from a group of stakeholders who have
something in common. Each viewpoint therefore includes a set of system requirements. Viewpoints might come
from end-users, managers, or others. They help identify the people who can provide information about their
requirements and structure the requirements for analysis.

http://www.software-engineering-book.com/web/viewpoints/

through negotiation. Usually, stakeholders have to meet to resolve differences
and agree on compromise requirements.
4. Requirements documentation The requirements are documented and input into
the next round of the spiral. An early draft of the software requirements docu-
ments may be produced at this stage, or the requirements may simply be main-
tained informally on whiteboards, wikis, or other shared spaces.

Figure 4.7 shows that requirements elicitation and analysis is an iterative process
with continual feedback from each activity to other activities. The process cycle
starts with requirements discovery and ends with the requirements documentation.
The analyst’s understanding of the requirements improves with each round of the
cycle. The cycle ends when the requirements document has been produced.
To simplify the analysis of requirements, it is helpful to organize and group the
stakeholder information. One way of doing so is to consider each stakeholder group
to be a viewpoint and to collect all requirements from that group into the viewpoint.
You may also include viewpoints to represent domain requirements and constraints
from other systems. Alternatively, you can use a model of the system architecture to
identify subsystems and to associate requirements with each subsystem.
Inevitably, different stakeholders have different views on the importance and pri-
ority of requirements, and sometimes these views are conflicting. If some stakehold-
ers feel that their views have not been properly considered, then they may deliberately
attempt to undermine the RE process. Therefore, it is important that you organize
regular stakeholder meetings. Stakeholders should have the opportunity to express
their concerns and agree on requirements compromises.
At the requirements documentation stage, it is important that you use simple lan-
guage and diagrams to describe the requirements. This makes it possible for stake-
holders to understand and comment on these requirements. To make information
sharing easier, it is best to use a shared document (e.g., on Google Docs or Office 365)
or a wiki that is accessible to all interested stakeholders.

4.3.1 Requirements elicitation techniques
Requirements elicitation involves meeting with stakeholders of different kinds to
discover information about the proposed system. You may supplement this information
 4.3 Requirements elicitation 115

with knowledge of existing systems and their usage and information from docu-
ments of various kinds. You need to spend time understanding how people work,
what they produce, how they use other systems, and how they may need to change to
accommodate a new system.
There are two fundamental approaches to requirements elicitation:

1. Interviewing, where you talk to people about what they do.
2. Observation or ethnography, where you watch people doing their job to see
what artifacts they use, how they use them, and so on.

You should use a mix of interviewing and observation to collect information and,
from that, you derive the requirements, which are then the basis for further discussions.

4.3.1.1 Interviewing
Formal or informal interviews with system stakeholders are part of most require-
ments engineering processes. In these interviews, the requirements engineering team
puts questions to stakeholders about the system that they currently use and the sys-
tem to be developed. Requirements are derived from the answers to these questions.
Interviews may be of two types:

1. Closed interviews, where the stakeholder answers a predefined set of questions.
2. Open interviews, in which there is no predefined agenda. The requirements
engineering team explores a range of issues with system stakeholders and hence
develops a better understanding of their needs.

In practice, interviews with stakeholders are normally a mixture of both of these.
You may have to obtain the answer to certain questions, but these usually lead to
other issues that are discussed in a less structured way. Completely open-ended dis-
cussions rarely work well. You usually have to ask some questions to get started and
to keep the interview focused on the system to be developed.
Interviews are good for getting an overall understanding of what stakeholders do,
how they might interact with the new system, and the difficulties that they face with
current systems. People like talking about their work, and so they are usually happy
to get involved in interviews. However, unless you have a system prototype to dem-
onstrate, you should not expect stakeholders to suggest specific and detailed require-
ments. Everyone finds it difficult to visualize what a system might be like. You need
to analyze the information collected and to generate the requirements from this.
Eliciting domain knowledge through interviews can be difficult, for two reasons:

1. All application specialists use jargon specific to their area of work. It is impos-
sible for them to discuss domain requirements without using this terminology.
They normally use words in a precise and subtle way that requirements engi-
neers may misunderstand.
116 Chapter 4 Requirements engineering

2. Some domain knowledge is so familiar to stakeholders that they either find it
difficult to explain or they think it is so fundamental that it isn’t worth mention-
ing. For example, for a librarian, it goes without saying that all acquisitions are
catalogued before they are added to the library. However, this may not be obvi-
ous to the interviewer, and so it isn’t taken into account in the requirements.

Interviews are not an effective technique for eliciting knowledge about organiza-
tional requirements and constraints because there are subtle power relationships
between the different people in the organization. Published organizational structures
rarely match the reality of decision making in an organization, but interviewees may
not wish to reveal the actual rather than the theoretical structure to a stranger. In
general, most people are generally reluctant to discuss political and organizational
issues that may affect the requirements.
To be an effective interviewer, you should bear two things in mind:

1. You should be open-minded, avoid preconceived ideas about the requirements,
and willing to listen to stakeholders. If the stakeholder comes up with surprising
requirements, then you should be willing to change your mind about the system.
2. You should prompt the interviewee to get discussions going by using a spring-
board question or a requirements proposal, or by working together on a proto-
type system. Saying to people “tell me what you want” is unlikely to result in
useful information. They find it much easier to talk in a defined context rather
than in general terms.

Information from interviews is used along with other information about the sys-
tem from documentation describing business processes or existing systems, user
observations, and developer experience. Sometimes, apart from the information in
the system documents, the interview information may be the only source of informa-
tion about the system requirements. However, interviewing on its own is liable to
miss essential information, and so it should be used in conjunction with other
requirements elicitation techniques.

4.3.1.2 Ethnography
Software systems do not exist in isolation. They are used in a social and organiza-
tional environment, and software system requirements may be generated or con-
strained by that environment. One reason why many software systems are delivered
but never used is that their requirements do not take proper account of how social
and organizational factors affect the practical operation of the system. It is therefore
very important that, during the requirements engineering process, you try to under-
stand the social and organizational issues that affect the use of the system.
Ethnography is an observational technique that can be used to understand opera-
tional processes and help derive requirements for software to support these pro-
cesses. An analyst immerses himself or herself in the working environment where
 4.3 Requirements elicitation 117

the system will be used. The day-to-day work is observed, and notes are made of the
actual tasks in which participants are involved. The value of ethnography is that it
helps discover implicit system requirements that reflect the actual ways that people
work, rather than the formal processes defined by the organization.
People often find it very difficult to articulate details of their work because it is
second nature to them. They understand their own work but may not understand its
relationship to other work in the organization. Social and organizational factors that
affect the work, but that are not obvious to individuals, may only become clear when
noticed by an unbiased observer. For example, a workgroup may self-organize so
that members know of each other’s work and can cover for each other if someone is
absent. This may not be mentioned during an interview as the group might not see it
as an integral part of their work.
Suchman (Suchman 1983) pioneered the use of ethnography to study office work.
She found that actual work practices were far richer, more complex, and more
dynamic than the simple models assumed by office automation systems. The differ-
ence between the assumed and the actual work was the most important reason why
these office systems had no significant effect on productivity. Crabtree (Crabtree
2003) discusses a wide range of studies since then and describes, in general, the use
of ethnography in systems design. In my own research, I have investigated methods
of integrating ethnography into the software engineering process by linking it with
requirements engineering methods (Viller and Sommerville 2000) and documenting
patterns of interaction in cooperative systems (Martin and Sommerville 2004).
Ethnography is particularly effective for discovering two types of requirements:

1. Requirements derived from the way in which people actually work, rather than
the way in which business process definitions say they ought to work. In prac-
tice, people never follow formal processes. For example, air traffic controllers
may switch off a conflict alert system that detects aircraft with intersecting
flight paths, even though normal control procedures specify that it should be
used. The conflict alert system is sensitive and issues audible warnings even
when planes are far apart. Controllers may find these distracting and prefer to
use other strategies to ensure that planes are not on conflicting flight paths.
2. Requirements derived from cooperation and awareness of other people’s activi-
ties. For example, air traffic controllers (ATCs) may use an awareness of other
controlles’ work to predict the number of aircraft that will be entering their con-
trol sector. They then modify their control strategies depending on that pre-
dicted workload. Therefore, an automated ATC system should allow controllers
in a sector to have some visibility of the work in adjacent sectors.

Ethnography can be combined with the development of a system prototype
(Figure 4.8). The ethnography informs the development of the prototype so that
fewer prototype refinement cycles are required. Furthermore, the prototyping
focuses the ethnography by identifying problems and questions that can then be dis-
cussed with the ethnographer. He or she should then look for the answers to these
questions during the next phase of the system study (Sommerville et al. 1993).
118 Chapter 4 Requirements engineering

Ethnographic Debriefing Focused
analysis meetings ethnography
Prototype
evaluation
Figure 4.8 Ethnography Generic system System
and prototyping for development protoyping
requirements analysis

Ethnography is helpful to understand existing systems, but this understanding
does not always help with innovation. Innovation is particularly relevant for new
product development. Commentators have suggested that Nokia used ethnography
to discover how people used their phones and developed new phone models on that
basis; Apple, on the other hand, ignored current use and revolutionized the mobile
phone industry with the introduction of the iPhone.
Ethnographic studies can reveal critical process details that are often missed by
other requirements elicitation techniques. However, because of its focus on the end-
user, this approach is not effective for discovering broader organizational or domain
requirements or for suggestion innovations. You therefore have to use ethnography
as one of a number of techniques for requirements elicitation.

4.3.2 Stories and scenarios
People find it easier to relate to real-life examples than abstract descriptions. They
are not good at telling you the system requirements. However, they may be able to
describe how they handle particular situations or imagine things that they might do
in a new way of working. Stories and scenarios are ways of capturing this kind of
information. You can then use these when interviewing groups of stakeholders to
discuss the system with other stakeholders and to develop more specific system
requirements.
Stories and scenarios are essentially the same thing. They are a description of how
the system can be used for some particular task. They describe what people do, what
information they use and produce, and what systems they may use in this process.
The difference is in the ways that descriptions are structured and in the level of detail
presented. Stories are written as narrative text and present a high-level description of
system use; scenarios are usually structured with specific information collected such
as inputs and outputs. I find stories to be effective in setting out the “big picture.”
Parts of stories can then be developed in more detail and represented as scenarios.
Figure 4.9 is an example of a story that I developed to understand the requirements
for the iLearn digital learning environment that I introduced in Chapter 1. This story
describes a situation in a primary (elementary) school where the teacher is using the
environment to support student projects on the fishing industry. You can see this is a
very high-level description. Its purpose is to facilitate discussion of how the iLearn
system might be used and to act as a starting point for eliciting the requirements for
that system.
 4.3 Requirements elicitation 119

Photo sharing in the classroom

Jack is a primary school teacher in Ullapool (a village in northern Scotland). He has decided that a class project
should be focused on the fishing industry in the area, looking at the history, development, and economic impact
of fishing. As part of this project, pupils are asked to gather and share reminiscences from relatives, use newspa-
per archives, and collect old photographs related to fishing and fishing communities in the area. Pupils use an
iLearn wiki to gather together fishing stories and SCRAN (a history resources site) to access newspaper archives
and photographs. However, Jack also needs a photo-sharing site because he wants pupils to take and comment
on each other’s photos and to upload scans of old photographs that they may have in their families.
Jack sends an email to a primary school teachers’ group, which he is a member of, to see if anyone can rec-
ommend an appropriate system. Two teachers reply, and both suggest that he use KidsTakePics, a photo-sharing
site that allows teachers to check and moderate content. As KidsTakePics is not integrated with the iLearn
authentication service, he sets up a teacher and a class account. He uses the iLearn setup service to add
KidsTakePics to the services seen by the pupils in his class so that when they log in, they can immediately use
the system to upload photos from their mobile devices and class computers.

Figure 4.9 A user story
for the iLearn system The advantage of stories is that everyone can easily relate to them. We found this
approach to be particularly useful to get information from a wider community than
we could realistically interview. We made the stories available on a wiki and invited
teachers and students from across the country to comment on them.
These high-level stories do not go into detail about a system, but they can be
developed into more specific scenarios. Scenarios are descriptions of example user
interaction sessions. I think that it is best to present scenarios in a structured way
rather than as narrative text. User stories used in agile methods such as Extreme
Programming, are actually narrative scenarios rather than general stories to help
elicit requirements.
A scenario starts with an outline of the interaction. During the elicitation process,
details are added to create a complete description of that interaction. At its most
general, a scenario may include:

1. A description of what the system and users expect when the scenario starts.
2. A description of the normal flow of events in the scenario.
3. A description of what can go wrong and how resulting problems can be handled.
4. Information about other activities that might be going on at the same time.
5. A description of the system state when the scenario ends.

As an example of a scenario, Figure 4.10 describes what happens when a student
uploads photos to the KidsTakePics system, as explained in Figure 4.9. The key dif-
ference between this system and other systems is that a teacher moderates the
uploaded photos to check that they are suitable for sharing.
You can see this is a much more detailed description than the story in Figure 4.9,
and so it can be used to propose requirements for the iLearn system. Like stories,
scenarios can be used to facilitate discussions with stakeholders who sometimes may
have different ways of achieving the same result.
120 Chapter 4 Requirements engineering

Uploading photos to KidsTakePics

Initial assumption: A user or a group of users have one or more digital photographs to be uploaded to the
picture-sharing site. These photos are saved on either a tablet or a laptop computer. They have successfully
logged on to KidsTakePics.
Normal: The user chooses to upload photos and is prompted to select the photos to be uploaded on the
computer and to select the project name under which the photos will be stored. Users should also be given the
option of inputting keywords that should be associated with each uploaded photo. Uploaded photos are named
by creating a conjunction of the user name with the filename of the photo on the local computer.
On completion of the upload, the system automatically sends an email to the project moderator, asking them to
check new content, and generates an on-screen message to the user that this checking has been done.

What can go wrong: No moderator is associated with the selected project. An email is automatically generated to
the school administrator asking them to nominate a project moderator. Users should be informed of a possible
delay in making their photos visible.
Photos with the same name have already been uploaded by the same user. The user should be asked if he or she
wishes to re-upload the photos with the same name, rename the photos, or cancel the upload. If users choose to
re-upload the photos, the originals are overwritten. If they choose to rename the photos, a new name is
automatically generated by adding a number to the existing filename.
Other activities: The moderator may be logged on to the system and may approve photos as they are uploaded.

System state on completion: User is logged on. The selected photos have been uploaded and assigned a status
“awaiting moderation.” Photos are visible to the moderator and to the user who uploaded them.

Figure 4.10 Scenario
for uploading photos
in KidsTakePics

4.4 Requirements specification

Requirements specification is the process of writing down the user and system require-
ments in a requirements document. Ideally, the user and system requirements should
be clear, unambiguous, easy to understand, complete, and consistent. In practice, this
is almost impossible to achieve. Stakeholders interpret the requirements in different
ways, and there are often inherent conflicts and inconsistencies in the requirements.
User requirements are almost always written in natural language supplemented
by appropriate diagrams and tables in the requirements document. System require-
ments may also be written in natural language, but other notations based on forms,
graphical, or mathematical system models can also be used. Figure 4.11 summarizes
possible notations for writing system requirements.
The user requirements for a system should describe the functional and nonfunctional
requirements so that they are understandable by system users who don’t have detailed
technical knowledge. Ideally, they should specify only the external behavior of the sys-
tem. The requirements document should not include details of the system architecture
or design. Consequently, if you are writing user requirements, you should not use soft-
ware jargon, structured notations, or formal notations. You should write user require-
ments in natural language, with simple tables, forms, and intuitive diagrams.
 4.4 Requirements specification 121

Notation Description
Natural language The requirements are written using numbered sentences in natural language.
sentences Each sentence should express one requirement.
Structured natural The requirements are written in natural language on a standard form or
language template. Each field provides information about an aspect of the requirement.
Graphical notations Graphical models, supplemented by text annotations, are used to define the
functional requirements for the system. UML (unified modeling language) use
case and sequence diagrams are commonly used.
Mathematical These notations are based on mathematical concepts such as finite-state
specifications machines or sets. Although these unambiguous specifications can reduce the
ambiguity in a requirements document, most customers don’t understand a
formal specification. They cannot check that it represents what they want, and
they are reluctant to accept it as a system contract. (I discuss this approach, in
Chapter 10, which covers system dependability.)

Figure 4.11 Notations
for writing system System requirements are expanded versions of the user requirements that soft-
requirements ware engineers use as the starting point for the system design. They add detail and
explain how the system should provide the user requirements. They may be used as
part of the contract for the implementation of the system and should therefore be a
complete and detailed specification of the whole system.
Ideally, the system requirements should only describe the external behavior of the
system and its operational constraints. They should not be concerned with how the
system should be designed or implemented. However, at the level of detail required
to completely specify a complex software system, it is neither possible nor desirable
to exclude all design information. There are several reasons for this:

1. You may have to design an initial architecture of the system to help structure the
requirements specification. The system requirements are organized according to
the different subsystems that make up the system. We did this when we were
defining the requirements for the iLearn system, where we proposed the archi-
tecture shown in Figure 1.8.
2. In most cases, systems must interoperate with existing systems, which constrain
the design and impose requirements on the new system.
3. The use of a specific architecture to satisfy non-functional requirements, such as
N-version programming to achieve reliability, discussed in Chapter 11, may be
necessary. An external regulator who needs to certify that the system is safe may
specify that an architectural design that has already been certified should be used.

4.4.1 Natural language specification
Natural language has been used to write requirements for software since the 1950s.
It is expressive, intuitive, and universal. It is also potentially vague and ambiguous,
and its interpretation depends on the background of the reader. As a result, there
122 Chapter 4 Requirements engineering

3.2 The system shall measure the blood sugar and deliver insulin, if required, every 10 minutes. (Changes in
blood sugar are relatively slow, so more frequent measurement is unnecessary; less frequent measurement
could lead to unnecessarily high sugar levels.)
3.6 The system shall run a self-test routine every minute with the conditions to be tested and the associated
actions defined in Table 1. (A self-test routine can discover hardware and software problems and alert the user
to the fact the normal operation may be impossible.)

Figure 4.12 Example
have been many proposals for alternative ways to write requirements. However,
requirements for the
insulin pump software none of these proposals has been widely adopted, and natural language will continue
system to be the most widely used way of specifying system and software requirements.
To minimize misunderstandings when writing natural language requirements, I
recommend that you follow these simple guidelines:

1. Invent a standard format and ensure that all requirement definitions adhere to
that format. Standardizing the format makes omissions less likely and requirements
easier to check. I suggest that, wherever possible, you should write the requirement
in one or two sentences of natural language.
2. Use language consistently to distinguish between mandatory and desirable
requirements. Mandatory requirements are requirements that the system must
support and are usually written using “shall.” Desirable requirements are not
essential and are written using “should.”
3. Use text highlighting (bold, italic, or color) to pick out key parts of the requirement.
4. Do not assume that readers understand technical, software engineering language.
It is easy for words such as “architecture” and “module” to be misunderstood.
Wherever possible, you should avoid the use of jargon, abbreviations, and acronyms.
5. Whenever possible, you should try to associate a rationale with each user
requirement. The rationale should explain why the requirement has been
included and who proposed the requirement (the requirement source), so that
you know whom to consult if the requirement has to be changed. Requirements
rationale is particularly useful when requirements are changed, as it may help
decide what changes would be undesirable.

Figure 4.12 illustrates how these guidelines may be used. It includes two require-
ments for the embedded software for the automated insulin pump, introduced in
Chapter 1. Other requirements for this embedded system are defined in the insulin
pump requirements document, which can be downloaded from the book’s web pages.

4.4.2 Structured specifications
Structured natural language is a way of writing system requirements where require-
ments are written in a standard way rather than as free-form text. This approach
maintains most of the expressiveness and understandability of natural language but
 4.4 Requirements specification 123

Problems with using natural language for requirements specification

The flexibility of natural language, which is so useful for specification, often causes problems. There is scope for
writing unclear requirements, and readers (the designers) may misinterpret requirements because they have a
different background to the user. It is easy to amalgamate several requirements into a single sentence, and
structuring natural language requirements can be difficult.

http://software-engineering-book.com/web/natural-language/

ensures that some uniformity is imposed on the specification. Structured language
notations use templates to specify system requirements. The specification may use
programming language constructs to show alternatives and iteration, and may high-
light key elements using shading or different fonts.
The Robertsons (Robertson and Robertson 2013), in their book on the VOLERE
requirements engineering method, recommend that user requirements be initially
written on cards, one requirement per card. They suggest a number of fields on each
card, such as the requirements rationale, the dependencies on other requirements, the
source of the requirements, and supporting materials. This is similar to the approach
used in the example of a structured specification shown in Figure 4.13.
To use a structured approach to specifying system requirements, you define one
or more standard templates for requirements and represent these templates as struc-
tured forms. The specification may be structured around the objects manipulated by
the system, the functions performed by the system, or the events processed by the
system. An example of a form-based specification, in this case, one that defines how
to calculate the dose of insulin to be delivered when the blood sugar is within a safe
band, is shown in Figure 4.13.
When a standard format is used for specifying functional requirements, the fol-
lowing information should be included:

1. A description of the function or entity being specified.
2. A description of its inputs and the origin of these inputs.
3. A description of its outputs and the destination of these outputs.
4. Information about the information needed for the computation or other entities
in the system that are required (the “requires” part).
5. A description of the action to be taken.
6. If a functional approach is used, a precondition setting out what must be true
before the function is called, and a postcondition specifying what is true after
the function is called.
7. A description of the side effects (if any) of the operation.

Using structured specifications removes some of the problems of natural language
specification. Variability in the specification is reduced, and requirements are organized
124 Chapter 4 Requirements engineering

Insulin Pump/Control Software/SRS/3.3.2

Function Compute insulin dose: Safe sugar level.
Description Computes the dose of insulin to be delivered when the current measured sugar level is in the
safe zone between 3 and 7 units.
Inputs Current sugar reading (r2), the previous two readings (r0 and r1).
Source Current sugar reading from sensor. Other readings from memory.
Outputs CompDose—the dose in insulin to be delivered.
Destination Main control loop.
Action: CompDose is zero if the sugar level is stable or falling or if the level is increasing but the rate of
increase is decreasing. If the level is increasing and the rate of increase is increasing, then
CompDose is computed by dividing the difference between the current sugar level and the
previous level by 4 and rounding the result. If the result, is rounded to zero then CompDose is
set to the minimum dose that can be delivered. (see Figure 4.14)
Requires Two previous readings so that the rate of change of sugar level can be computed.
Precondition The insulin reservoir contains at least the maximum allowed single dose of insulin.
Postcondition r0 is replaced by r1 then r1 is replaced by r2.
Side effects None.

Figure 4.13 The
structured specification
of a requirement for more effectively. However, it is still sometimes difficult to write requirements in a
an insulin pump
clear and unambiguous way, particularly when complex computations (e.g., how to
calculate the insulin dose) are to be specified.
To address this problem, you can add extra information to natural language
requirements, for example, by using tables or graphical models of the system. These
can show how computations proceed, how the system state changes, how users inter-
act with the system, and how sequences of actions are performed.
Tables are particularly useful when there are a number of possible alternative
situations and you need to describe the actions to be taken for each of these. The
insulin pump bases its computations of the insulin requirement on the rate of change
of blood sugar levels. The rates of change are computed using the current and previ-
Figure 4.14 The
ous readings. Figure 4.14 is a tabular description of how the rate of change of blood
tabular specification sugar is used to calculate the amount of insulin to be delivered.
of computation in an
insulin pump

Condition Action
Sugar level falling (r2 6 r1) CompDose = 0
Sugar level stable (r2 = r1) CompDose = 0
Sugar level increasing and rate of increase CompDose = 0
decreasing ((r2 - r1)