OctoPlasm

Application Non-Functional Requirements with Examples

Non-functional requirements (NFRs) define how a system should perform rather than what it should do. While functional requirements describe specific features or behaviors, NFRs cover the broader attributes that ensure the system is usable, reliable, secure, maintainable, and scalable under real-world conditions. These requirements are crucial for long-term success, as they directly impact user satisfaction, system stability, regulatory compliance, and operational costs.

To make this document more practical, we’ve updated key NFRs with real-world examples inspired by high-scale systems like Facebook.

Availability

System must be up and running as agreed in SLA.
Examples:

  • Global infrastructure with multiple availability zones across continents (e.g., AWS US-East-1, EU-West-1).
  • 99.99% uptime SLA monitored using Prometheus and alerting via PagerDuty.

Latency (Performance / Response Time)

Responsiveness under load.
Examples:

  • Personalized feed loads in under 200ms globally by combining Redis, Memcached, and CDN edge caching.
  • Lightweight ML models executed in memory at request time to reorder feed results.

Scalability

Ability to handle growing load.
Examples:

  • System handles 5B feed reads/day and 10B likes/comments using sharded relational databases (MySQL) and wide-column stores (Cassandra).
  • Uses hybrid fan-out/fan-in strategy for feed generation to prevent overload from celebrity users.

Durability

Ensure no data loss even under failure.
Examples:

  • Photo and video uploads stored in blob storage with 11 nines durability (e.g., AWS S3 or internal solution).
  • Redundant backups across multiple zones, and media records tracked in metadata DBs.

Throughput

Amount of work done in a time frame.
Examples:

  • Write operations: ~20K posts/sec and 350K likes/comments/sec at peak traffic.
  • Read operations: 175K feed reads/sec via precomputed timeline caching.

Capacity Planning

Handle current and projected loads.
Examples:

  • Designed for 500M Daily Active Users uploading ~750TB of media daily.
  • Peak traffic is 3× average, so systems scale automatically via cluster autoscalers.

Escrow

Ensure software can be maintained if the vendor disappears.
Examples:

  • Public GitHub repository with open license and active community.
  • For proprietary software, escrow contract provisions with access to source and deployment scripts.

Emotional Factors

Positive user experience and delight.
Examples:

  • Metrics like user retention, session duration, and engagement rates are continuously monitored.
  • Custom animations, interactive UI, and modern design increase the "Wow!" factor.

Auditability and Control

Ability to trace user and system actions.
Examples:

  • Git commit logs track code-level changes.
  • Application-level audit trails log data changes, logins, and permission updates.
  • Kafka or event-sourced logs track business operations with replayable history.

Security

Protection from threats.
Examples:

  • Encrypted secrets and tokens stored in vaults.
  • TLS enforced for all endpoints and MFA for admin access.
  • API rate limiting to prevent abuse (e.g., 10 likes/sec/user).

Disaster Recovery

Recover from major failures efficiently.
Examples:

  • Infrastructure-as-code with Terraform enables full environment rebuilds.
  • Media files geo-replicated, and DB snapshots taken every 6 hours with PITR (point-in-time recovery).

Media Handling

Efficiently process and deliver large files like images/videos.
Examples:

  • Clients upload media directly to blob storage via signed URLs (bypassing app server bandwidth).
  • Video/image processing happens asynchronously via Kafka pipeline.
  • CDN caches final media with regional edge delivery for instant playback.

Feed Optimization (Instagram-Specific Example)

Efficient delivery of real-time, personalized content.
Examples:

  • Feed timeline precomputed and stored in Cassandra per user for fast lookup.
  • Hybrid fan-out/fan-in strategy for celebrities avoids write storms.
  • Redis used to cache top 100 posts in user's feed with pre-ranked ML scores.

Additional Non-Functional Requirements

Accessibility

Ensure the system is usable by everyone, including those with disabilities.
Examples:

  • Mobile-first web app with PWA features like offline mode and push notifications.
  • WCAG 2.1 compliance (e.g., ARIA roles, keyboard navigation, screen reader support).

Adaptability

Support for different interfaces and changing business needs.
Examples:

  • RESTful APIs that allow integration with web, mobile, and IoT apps.
  • Modular microservices allowing for language-specific or domain-specific scalability.

Backup

Regular data and image backup policies in place.
Examples:

  • Nightly PostgreSQL DB backups stored in S3.
  • Docker images versioned and stored in GitLab Container Registry.

Certification

Qualified personnel and audited practices.
Examples:

  • Certified professionals such as AWS Certified Developers, CISSP, or ISO 27001 Lead Implementers.
  • Regular audits conducted by ISO-accredited firms.

Compliance

Adherence to legal and industry regulations.
Examples:

  • GDPR: "Delete my data" API endpoint with audit log.
  • PCI-DSS: Encrypted payment data stored in vault.

Configuration Management

Safeguarding and managing environment settings.
Examples:

  • Config stored securely using Vault/Kubernetes secrets.
  • Version-controlled and encrypted with CI/CD promotion flow.

Cost Management

Optimize for both startup and lifetime costs.
Examples:

  • Serverless for infrequent tasks (e.g., image recognition).
  • Auto-scaling compute clusters to reduce idle costs.

Data Integrity

Ensure accuracy and consistency of data.
Examples:

  • Foreign key constraints, checksums, replication consistency.
  • Audit triggers for critical tables.

Data Retention

Policy for storing and purging data.
Examples:

  • Log retention = 90 days.
  • Anonymization of user data after inactivity (e.g., GDPR compliance).

Dependency Management

Reliance on third-party tools/libraries.
Examples:

  • Use packages with >1k GitHub stars and active maintenance.
  • Dependabot for patch updates.

Deployment

Automated and repeatable deployment process.
Examples:

  • Helm charts + ArgoCD in Kubernetes.
  • CI/CD with canary rollout support.

Development Environment

Stable and consistent dev experience.
Examples:

  • Docker Compose and Dev Containers.
  • Pre-commit hooks and GitHub Actions.

Documentation

Comprehensive and up-to-date references.
Examples:

  • Swagger for APIs, Confluence for design.
  • Public-facing changelog and architecture diagrams.

Efficiency

Optimal use of system resources.
Examples:

  • Quarkus/Spring WebFlux over traditional thread-per-request models.
  • Node.js streams for file processing.

Maintainability

Ease of changes and fixes.
Examples:

  • Clear separation of concerns and modular design.
  • Code linting, pre-merge quality gates.

Monitoring and Reporting

Visibility into system behavior.
Examples:

  • Prometheus + Grafana dashboards.
  • Business metrics in DataDog or Looker.

Network Topology

Resilient and secure network layout.
Examples:

  • Private subnets for DBs and caching layers.
  • Public traffic routed via API Gateway and WAF.

Privacy

Protect user-identifiable data.
Examples:

  • Data minimization practices.
  • Pseudonymization and encrypted audit logs.

Quality Gates

Automated quality enforcement.
Examples:

  • SonarQube thresholds (bugs/vulnerabilities/blockers).
  • Coverage >80%, duplication <3%.

Readability

Ease of understanding the system/code.
Examples:

  • Descriptive variable names, comments, and diagrams.
  • Architectural decision records (ADR).

Reusability

Repurpose code/components.
Examples:

  • Shared libraries and UI kits.
  • Internal component registries.

Resilience

Recover gracefully under stress.
Examples:

  • Graceful degradation, fallback pages.
  • Rate-limiting and circuit breakers.

Resource Constraints

Work within CPU/memory/storage limits.
Examples:

  • Kubernetes resource limits and quotas.
  • Compression of large datasets before processing.

Safety

Protect users and the environment.
Examples:

  • CSRF and input validation.
  • Consent management and disclaimers.

Stability

Consistent behavior over time.
Examples:

  • Reproducible builds and tests.
  • Controlled dependency updates.

Supportability

Ease of user and technical support.
Examples:

  • Knowledge base and ticketing integration.
  • Structured error messages with trace IDs.

Testability

Ease of writing and running tests.
Examples:

  • Mocking and test containers.
  • 100% CI test pass rate before merges.

Transparency

Make operations visible to users/devs.
Examples:

  • Activity history in UI.
  • Logging and trace headers in responses.

Usability

Ease of use for the end user.
Examples:

  • Accessibility score >90 (Lighthouse).
  • UX testing via sessions and surveys.

Volume

Support expected data/user scale.
Examples:

  • DB optimized for 100M+ rows.
  • Message queues configured for 1M+ messages/hr.
  • Adaptive throttling if system load exceeds thresholds.

References

#architecture#systemdesign#non-functional#nfr#requirements