Requirements

6.4. Requirements#

The Requirements Definition stage is where developers determine exactly what the software needs to do (functional requirements) and how it needs to perform and comply (non-functional requirements).

6.4.1. Functional Requirements#

Functional requirements detail the core tasks and behaviors the software must fulfill from an end-user perspective. They define what the system should do and how it should interact with users, external systems, or devices.

Examples

  • User Authentication: The system must allow users to create accounts and log in securely.

  • Data Input & Output: The system must let users submit posts or feedback, and must display relevant data on screen.

  • Business Logic: If it’s an e-commerce platform, it must process payments, generate invoices, and handle inventory.

6.4.2. Non-Functional Requirements#

Non-functional requirements capture the qualities and constraints of the software. This is how the software should behave beyond basic functionality. They often include performance, reliability, usability, privacy and security aspects.

User Capabilities and Secure Design#

Experience and Capabilities

Understanding the experience level of end users guides the complexity of secure features. For example, less tech-savvy audiences may need simpler authentication flows e.g. clear password guidelines or simple multi-factor authentication.

You must also be aware of making your software accessible for those with impairments or disabilities. Secure software should be available to everyone equally and it should not be compromised.

Error Handling

If your users are non-technical, error messages should be clear yet not overly detailed detailed errors can inadvertently reveal system internals to malicious actors.

Privacy as a Requirement#

Privacy Policy & Transparency

Users must be informed about how their data is collected, used, and stored. Requirements should specify the creation or update of privacy policies, with easy access and transparent language.

Obtaining User Consent

Consent must be explicitly gained for data collection whenever required by law or good practice. Requirements should clarify the “opt-in” and “opt-out” mechanisms.

Data Minimisation

Collect only what is essential. The system’s requirements should limit personal data fields to what’s strictly needed to operate features.

Retention & Deletion

Requirements should define how long data is kept and under what conditions it will be deleted to uphold users’ rights.

Compliance with Regulations#

Privacy Act 1988 (Australia)

Software developed or used in Australia is subject to Australian law and must comply with the principles of the Privacy Act 1988, including rules around personal information handling, disclosure, and consent.

Global / Other Jurisdictions

Projects with international reach may need to address other frameworks like the GDPR (Europe) or CCPA (California).

User Data Rights

Regulatory requirements often include the right to access, rectify, and delete personal data. The system’s non-functional requirements should address how users can request these actions, how the system will honor them, and how quickly.