Type	Short Definition or example
Accessibility	Make accessible by design buildings, products, software or environments to people with special needs.
Adaptability	In software engineering and IT: “Adaptability is the ease with which software satisfies differing system constraints and user needs. Adaptability is defined as the ease with which a system or parts of the system may be adapted to the changing requirements.” [7]
Auditability and control	Making sure that an IT solution can generate or obtain artifacts that systems assets are safe, data integrity is maintained and that it is operating effectively. For a software, compliance with requirements, standards, service level agreement (SLA), policies, laws, etc. could be audited.
Availability	Availability is the technique to measure the expected reliability of a computer system including hardware, network and software.
Backup	A backup is a copy of server/computer data taken an optimally stored elsewhere so it may be used to restore the original after a data loss or corruption event. Things to consider: Backups frequency Expected backup time  Expected Data restore time Data loss tolerance Storage media type (Tape, hard disk, solid state drive Management (online, near-line, off-line, etc.) Optimization (compression, deduplication, encryption,etc.)
Capacity, current and forecast	“Capacity management is responsible for ensuring that adequate capacity is available at all times to meet the agreed needs of the business in a cost-effective manner.” [8]. “This is reflected by the three subprocesses of capacity management: business capacity management, service capacity management, and component capacity management.” [8]. As a business analyst you need to know how much users will utilize the solution being developed, how many transactions will be processed per second and what is the expected growth year over year for that solution.
Certification	It is not infrequent to see a solution that needs certain level of certification for its hardware, software, architecture, process or operating personnel. Certification also referred as accreditation can be an internal requirement or asked by an external third party. ISO/IEC 27001 for information security management NIST for cybersecurity Key certificate (public or private key certificate) Certified Information Systems Auditor Certified in Risk and Information Systems and Control Certified in the Governance of Enterprise IT Certified Information Manager
Compliance	“Compliance is either a state of being in accordance with established guidelines or specifications, or the process of becoming so. Software, for example, may be developed in compliance with specifications created by a standards body, and then deployed by user organizations in compliance with a vendor’s licensing agreement. The definition of compliance can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation.” [9] Some of the most well-known standards affecting IT: The Sarbanes -Oxley Act (SOX) of 2002 Gramm-Leach-Bliley Act (GLBA) HIPAA The Payment Card Industry Data Security Standard of 2001 (PCI DSS) Statement on Standards for Attestation Engagements (SSAE 16) Basel III IT Governance framework: ITIL CobiT ISO 27007 Financial Compliance in Canada Bank Act FINTRAC Canadian Seurities Administrator Health Canada
Configuration management	Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) and an IT Service Management (ITSM) process that tracks all of the individual Configuration Items (CI) in an IT system which may be as simple as a single server, or as complex as the entire IT department. Many modern tools are using the CMDB as a single source of truth. Without a well maintained CMDB, such things as automation, AI, monitoring and incident/problem management and capacity management will become more difficult or simply impossible.
Cost, initial and Life-cycle cost	Help follow the Total Cost Ownership (TCO) of an asset over its life cycle. If a chargeback model is in place it will also enable IT to charge the proper department or customer for its usage. “This includes the costs of training support personnel and the users of the system, costs associated with failure or outage (planned and unplanned), diminished performance incidents (i.e. if users are kept waiting), costs of security breaches (in loss of reputation and recovery costs), costs of disaster preparedness and recovery, floor space, electricity, development expenses, testing infrastructure and expenses, quality assurance, boot image control, marginal incremental growth, decommissioning, e-waste handling, and more. When incorporated in any financial benefit analysis (e.g., ROI, IRR, EVA, ROIT, RJE) TCO provides a cost basis for determining the economic value of that investment.” [10]
Data integrity	“Data integrity is the overall accuracy, completeness, and consistency of data. Data integrity also refers to the safety of data in regard to regulatory compliance — such as GDPR compliance — and security. It is maintained by a collection of processes, rules, and standards implemented during the design phase. When the integrity of data is secure, the information stored in a database will remain complete, accurate, and reliable no matter how long it’s stored or how often it’s accessed. Data integrity also ensures that your data is safe from any outside forces.” [11] It includes: Physical integrity Logical integrity Entity integrity Referential integrity Domain integrity User-defined integrity
Data retention	Data retention defines the data and records management for meeting legal and business data archival requirements. On top of the National Bank data retention policies most countries have their own laws and framework regarding data retention. GDPR in the EU PIPEDA in Canada
Decommission & Disposition of IT Assets	Ensuring the proper disposition of decommissioned assets while making sure that potential data security breaches are addressed, and that environmental hazards are mitigated. Activites and processes involved are: Configuration Management updates (CMDB) Backups, wiping or transfer of data Unracking of assets or deletion of Virtual Machines (VM) if applicable Secure transportation of assets if applicable Re-assignment or destruction of assets Certification/audit of data destruction if applicable Certification of destruction if applicable Physical verification and audit of performed work.
Dependency on other parties	Not usually documented as NFR but are often a source of them. The same logic applies to other dependencies, constraints & assumptions.
Deployment	This category usually covers the following subject: “Describing the deployment requirements of the software. Packaging the software and associated metadata for delivery between the software producer and the deployer. Receiving and configuring the software into the deployer’s environment before deployment decisions are made. Describing the facilities of the targeted distributed execution infrastructure. Planning (making decisions for) how the software will be deployed onto the targeted distributed execution infrastructure. Performing the actual preparation of the application for execution, e.g., moving parts of the software to their location of execution. Launching, monitoring, and terminating the application.” [12]
Development environment	This category is rarely defined as part of NFR unless there are specific parameters or constraints to be addressed. (e.g.: Off/In/Nearshoring coding, military software development or imposed corporate framework) This is the working environment of individual developers, programming pairs, or individual feature teams. The purpose of this environment is for the developer/pair/team to work in seclusion from the rest of their project team, enabling them to make and validate changes without having to worry about adversely affecting the rest of their project team. These environments are likely to have their own databases to enable regression testing and more importantly agile testing strategies.
Disaster recovery	“Disaster recovery is a plan for restoring and accessing your data in the event of a disaster that destroys part or all of a business’s resources. It is a key component involving many aspects of business operations that requires this information to function. The job of a DR plan is to ensure that whatever happens, your vital data can be recovered and mission-critical applications will be brought back online in the shortest possible time.” [13]
Documentation	The following are typical IT project and operational documentation types.  The following are typical software documentation types Request for Information/Proposal (RFI/RFP) Requirements/ Statement of work/ Scope of Work (SOW) Software Design and Functional Specification System Design and Functional Specifications Change Management, Error and Enhancement Tracking User Acceptance Testing User Guides The following are typical hardware and service documentation types Equipment Build & Run Book (server, appliance, network, etc.) Network diagrams Network maps Datasheet for IT systems (Server, Switch, e.g.) Documentation include such as feasibility report, technical documentation, operational documentation, log book, etc. Service Catalog and Service Portfolio (ITIL) CMDB Operational processes input
Durability	“Durability can encompass several specific physical properties of designed products, including: Ageing (of polymers) Dust resistance Resistance to fatigue Fire resistance Radiation hardening Thermal resistance Rot-proofing Rustproofing Toughness Waterproofing” [14]
Efficiency	“Efficiency is operational in nature and asks questions such as ‘How will it be created?’ and ‘How will it be delivered?’’ [15]
Effectiveness	Effectiveness can be documented as business objectives, benefits, losses and the desired results of a project.  “Effectiveness is strategic in nature and asks questions such as “What is the business objective?” and “What is the best possible outcome?” [15]
Emotional factors	Measuring the “Wow” factor of an interface On the fly interface changes based on emotional/physical factors
Environmental protection
Escrow	“As the continued operation and maintenance of custom software is critical to many companies, they usually desire to make sure that it continues even if the licensor becomes unable to do so, such as because of bankruptcy. This is most easily achieved by obtaining a copy of the up-to-date source code. The licensor, however, will often be unwilling to agree to this, as the source code will generally represent one of their most closely guarded trade secrets. As a solution to this conflict of interest, source code escrow ensures that the licensee obtains access to the source code only when the maintenance of the software cannot otherwise be assured, as defined in contractually agreed-upon conditions.” [16]
Exploitability	A design process that make solutions exploitable “as commodities in an aggregated revenue stream” [17]
Extensibility	“We define extensibility as the ability of a system to be extended with new functionality with minimal or no effects on its internal structure and data flow.” [18] It is closely coupled with the modifiability, maintainability and scalability categories.
Failure management	Process oriented category covering not only incident and problem management but communication, changes failures, sponsorship, knowledge of technology, support training, vendor management.
Fault tolerance	Encompass both fault avoidance and fault tolerance. “fault avoidance: how to prevent, by construction, fault occurrence fault tolerance: how to provide by redundancy, service complying with the specification in spite of faults having occurred or occurring” [19]
Geographical Distribution (users, systems, etc.)	Special considerations are often needed when users or distributed systems are geographically far apart. Technological constraints might be presents on widely distributed environments Geopolitics, laws, information security, risks must be carefully considered when creating or operating an extraterritorial solution