Coming from an IT background, I am often overly critical of a bank’s IT department. I get frustrated when they appear to be more worried about technical standards than viable functionality.  In truth, of course, both of these need to be balanced. Good functionality cannot exist without good IT - just as good technical capabilities are useless if they're not functionally relevant.

Today, let’s look at the world of non-functional requirements (NFRs). The glue that keeps the solution working and ultimately lets you sleep at night.

The list is simple and in no particular order: Security, reliability, resilience, availability, scalability, extensibility, flexibility and testability. Actually, I don’t think that some of those are even real words, but when has that stopped us in the industry before?

Security is obviously one that leaps out given the recent Heartbleed problems. But it isn’t just about secure internet connections, or plugging in card readers or biometrics; this has to be fundamental to the solution. With the financial services industry an obvious target for hackers, has its software been swept for code that could put the bank at risk? Does the software company perform due diligence in how it builds code in the first place?  Is the vendor trustworthy? A great test is whether you would trust them with your own money.

Next up is reliability and resilience. This is where there is often IT versus business conflict. We all want the latest technology, and when you’re installing new IT assets, you want something that is robust as well as future proof. But there’s a fine line between modern technology and a science project. Too innovative is often less proven and that adds risk. That’s why innovative solutions need reliability built in from the ground up and by engineers who know the industry. You can only conduct business if you’re open for business, and that’s only possible if your solution is reliable, and if something bad does happen, you can handle the repercussions.

Availability is about it working around the clock, just like the world does. We're seeing a move to real-time payments around the world and with that comes the need for permanent availability -24x7/365.

Scalability (can it grow as my business grows?), extensibility (is there provision for adding incremental features and data?) and flexibility (can I adjust what I want to do today?) all go hand in hand.  Service-oriented architecture (SOA) has been seen as a utopia to solve all these things, but this assumption has also caused problems. Too complex an environment with too many components has not been conducive to providing a reliable environment. And having to have too many components has also made the environment too complex (and too expensive)--not the improvement some had imagined. SOA is great, don't get me wrong, but you still need well-architected solutions, not components.

Finally let's talk about testability. The ability not just to test a solution, but also the ability to perform recurring tests to show a proven result. But it goes beyond that too. You need knowledge of what to test. And complexity adds exponentially to the different cases and failure scenarios that must be tested.  If you're not testing it, then how do you know everything works? Work with your specialist (whether it be your systems integrator or the vendor) to make sure you're testing every aspect of your new business solution.

A lot of lost sleep has happened in the past couple of years caused by a multitude of factors. Care and attention to these NFRs certainly goes a long way to achieving a long, restful sleep.