10.1 Scalability Requirement Pattern 241
10.2 Extendability Requirement Pattern 246
10.3 Unparochialness Requirement Pattern 254
10.4 Multiness Requirement Pattern 261
10.5 Multi-Lingual Requirement Pattern 272
10.6 Installability Requirement Pattern 274
A flexible system is one that can adapt to suit changing circumstances. What sort of circumstances might they be? That's for you to decide: you need to write a specific requirement for each kind of flexibility you want. It's meaningless to try saying, "The system shall be flexible." Building flexibility into a system is done for longer term benefits; it usually doesn't make much (if any) difference to the system when it's first delivered, though it makes it easy to react to changes in requirements in the areas that are built flexibly. Flexibility requirements generally contribute to a "good," robust system, in addition to satisfying specific goals. But some kinds of flexibility are expensive to implement, so ask for them only if they're necessary.
The requirement patterns in this chapter cover those types of flexibility most commonly needed in commercial systems, as shown in Figure 10-1. Observe that multi-lingual is a specific kind of multiness, and so is multi-organization unit in the commercial domain. Also, installability isn't exactly flexibility in the same sense, but this is the most convenient place for it.
Software grows old. A new system is as pure as a newborn baby, but alterations accumulated during its life leave scars and cause its joints to creak. Each modification places a little extra stress on the system's architecture. Steadily they become harder to make, until eventually every tweak risks nasty side effects. Building flexibility into a system from the outset means it takes many kinds of changes in its stride, leaving less cause to interfere with its vital workings—so it grows older more slowly. Refactoring, a conscious effort to tidy up software, can be viewed as an attempt to remove symptoms of the aging process. It's more effective and less effort to lessen the deterioration in the first place. Flexible means agile in the dictionary sense of the word: supple and healthy. Extendability is perhaps the type of flexibility that contributes most to software longevity.
Always give flexibility requirements a high priority, because flexibility is not something that can just be bolted on afterwards: it's fundamental to the system design. Adding it later could involve so much effort you might as well not bother trying.
There's a complex relationship between flexibility requirements and performance requirements. Flexibility requirements primarily influence the nature of the software; performance requirements primarily affect the hardware needed. Used together, performance requirements can tell us just what sort of numbers we're talking about when contemplating scalability. Recognize that there's often a trade-off between flexibility and software efficiency (which translates into lower performance, assuming the same hardware), because flexibility prevents streamlining and tuning the software for just one thing. Pay serious attention to the short-term and long-term trade-offs between flexibility and performance. Unless squeezing the last smidgen of speed from the software is critical, opt for flexibility.
Flexibility is often difficult to test. One option is to talk to the development team: ask them what one would do to modify the system in a way specified in a flexibility requirement. Use their response to get a feel for whether they've actually thought about it properly and are ready for it. This theme is revisited in several of the flexibility requirement patterns in this chapter.
Regardless of whether you choose to use any of these flexibility requirement patterns, you can include the following requirement (or one like it) to spur developers to avoid one type of limitation that could lead to trouble in later life:
Summary | Definition |
|---|---|
The system shall impose no artificial limitations on how many entities of any particular type can exist (regardless of the quantity and power of the hardware). For example, it would be unacceptable if a maximum of 20 suppliers were allowed, or 100 types of product. This requirement does not apply to genuine limitations imposed for sound reasons (such as the biggest integer allowed by a programming language or the database, or the number of countries a 3-character code permits)—which are usually much larger than are ever likely to be needed in practice. This requirement also does not apply to external systems that are outside the company's control. (But encourage external suppliers to avoid or remove such limitations where possible.) |
Related patterns: | None |
Anticipated frequency: | Zero or one requirement; rarely more |
Pattern classifications: | Affects database: Yes |
Use the scalability requirement pattern to specify a way in which a system must be able to expand without undue pain, typically to accommodate growth in business volume.
Do not use the scalability requirement pattern to demand a particular level of performance; use one of the performance requirement patterns for that.
Scalability means never having to say you're sorry that the system can't cope with more. Scalability means being prepared when the load on the system increases, having ways to react without resorting to drastic changes or redevelopment. Scalability doesn't happen by accident, and if you don't ask for this ability, don't be surprised if you don't get it. Scalability can be expensive, so if you want it, you'd better be prepared to pay for it. And if don't need it, don't ask for it; when you're building a system for a small environment and the chances of using it elsewhere are low, think twice about whether it's worth it.
A scalability requirement is an instruction to developers to design the system such that it can grow in a particular direction, with no obstacles in its way. It is a signal that the system must not be restricted to any stated business volume.
Scaling is often driven by an increase in a single factor only. In a commercial system, it's usually the number of customers (or, more generally, the number of users). Rarely are there are more factors whose growth independently causes a proportionate increase in load on the system (and, consequently, a need for a separate scalability requirement). For example, doubling the number of products a retail business offers for sale is unlikely to double the load directly. A single scalability requirement usually suffices.
Scaling a system's overall performance is of two main types. First is scaling out, the ability to spread the processing load across as more machines. Second is scaling up, by increasing the power of individual machines. Generally, requirements should be concerned only that the system can scale, without caring how. But an ability to scale out is sometimes worth demanding in requirements because it influences a system's basic software architecture and cannot be retrofitted, whereas scaling up typically doesn't affect the software at all. A system can accommodate a growing load only if the quantity and/or power of its hardware are increased accordingly, in proportion. A system isn't scalable if the hardware needed grows at a faster rate than the load; for instance, if doubling the load demands four times the hardware, we'd soon be unable to keep up with increasing load.
Performance requirements implicitly apply regardless of the extent to which the system has been scaled, unless otherwise stated in either the scalability or performance requirements. This is especially relevant to response time and availability requirements (because we can expect overall throughput and capacity to grow as the system grows): they must not become progressively worse as the system scales. In practice, performance measures are likely to change marginally with the system's load. This is acceptable if it's barely perceptible to users. Nevertheless, if you sense there's a risk that the importance of maintaining performance levels could be forgotten as the system grows, you could strengthen the relevant requirements to make it clear.
Consider flow-on scalability demands upon third parties—that is, all systems you interface to and all third-party products you use. Investigate whether they are all suitably scalable; if they're not, you're in trouble. This applies to products you are forced to use and any the project is at liberty to choose for itself. For the latter, impose our scalability requirements on them too, when evaluating their suitability.
A scalability requirement should contain the following:
Type of item to be scalable What aspect of the system needs to be scalable? For example, it could be the number of customers.
Indicative high business volume Just how far might the system need to scale? Indicate only a rough order of magnitude: tens, hundreds, thousands, millions, or whatever it might be. Expressing it in vague terms is a positive advantage, because it prevents the development team building to accommodate a specific number (as if it were a performance requirement)—with the risk of that number representing an absolute limit.
No system can be scaled without limit, so don't use words like "infinite" or "unlimited" to describe the extent of scalability. What we're saying is that we want the system to be capable of scaling as big as we're ever likely to need. I like the word "unrestricted," because it conveys that we want nothing in the way of expansion, without implying expanding for ever. At least, that's what it conveys to me; admittedly it's a fine distinction. Pick a different word if you wish.
Ease of expansion How easy must it be to expand the system? How dynamically? In ideal circumstances, an extra machine could be added while the system's running. Is it worth it? If omitted, it is reasonable to assume that scalability can be achieved by shutting down the system, adding extra hardware, doing a bit of reconfiguration, and starting it up again. If you want more than this—or if less will suffice—then say so. (The upgradability aspects of the installability requirement pattern, which appears later in this chapter, cover these issues, too.)
Motivation Why do we need this kind of scalability? The commonest motivation is to cater for growth in business.
Summary | Definition |
|---|---|
The system shall be scalable to accommodate unrestricted growth in the number of customers (prospectively to several hundred thousands). The motivation for this requirement is to cater for future growth in the business. | |
The system shall be scalable to allow its use by an unrestricted number of distributed offices of the company. (Eventually there could be over one hundred offices.) The motivation for this requirement is to allow the system to be used across the whole company and all its subsidiaries (including future acquisitions). | |
The document management system shall be scalable to manage an unrestricted number of electronic documents. (There could be millions of such documents, with a total size of several terabytes.) |
Making a system scalable can (and usually does) have significant implications that go beyond simply being able to handle a bigger load. Consider the following topics, and write extra requirements as necessary:
Characteristics that must not degrade as the system grows In what ways must the system keep performing just as well as it grows? This is covered in the "Characteristics That Must Not Degrade with Growth" subsection coming up.
Steps to take to contribute to scalability Are there any specific features we want our system to have to help it be scalable? Or so it'll continue to be as easy to use as volumes grow? This topic is discussed in the "Steps That Contribute to Scalability" subsection.
Scaling the number of sites If we achieve scalability by running the system in more and more sites, we need to consider how to co-ordinate them. See the "Scaling the Number of Sites" subsection.
Monitoring functions We need functions to tell us how close to maximum load the system is, which will help us plan expansion. See the information about measuring and monitoring in the performance requirement patterns and in the introduction to the performance domain.
Not wasting hardware If you're especially concerned to make the most of precious money spent on hardware, insist on being able to keep old hardware in service whenever new hardware is purchased. That is, you can write a requirement that it shall be possible to add hardware in order to expand the system.
Characteristics That Must Not Degrade with Growth It's sometimes useful to specify that a particular characteristic of how the system behaves must not noticeably degrade as the system scales—that is, as the factor identified in the main scalability requirement increases. For example, regular downtime for housekeeping must not increase in proportion to volume. Do this if you're worried that this area is at risk of being left behind—of performing badly as business volume grows. Explicitly identifying things that shouldn't degrade as the system scales spells out the implications of a scalability requirement. These things can themselves then be examined to see if there are specific steps we can take to help achieve them, as described in the "Steps That Contribute to Scalability" subsection that follows.
Here are a few examples of requirements for this purpose:
Summary | Definition |
|---|---|
The time taken to produce any report or inquiry showing information about transactions shall depend predominantly upon the quantity of data to show (and not the total quantity of data stored). This requirement does not apply to any report or inquiry that allows the user to enter arbitrary selection criteria. | |
The effort needed to administer the system (as measured in hours per week of system administrators' time) shall not grow as the number of customers grows. That is, if there is any increase in system operation work, it shall be proportionately less than the increase in customers. | |
Availability unaffected by growth | Any increase in the number of customers shall not degrade system availability to an extent noticeable by any users. |
There shall be no limit upon the size of a report. A report can be as large as necessary to show all the data it is asked to show. It shall be practical to manipulate very large reports. This requirement has significant implications for the reporting infrastructure. For a start, it implies that a large report should not be stored as a monolithic blob. |
Observe that the first three are hard to test. They're intended mainly factors for developers to take into account.
Steps That Contribute to Scalability When thinking about scalability, the emphasis is on performance factors: having enough sheer horsepower to cope with an increasing load, being able to process more transactions, being able to store more data, and so on. But that's not the whole story. All the system's functions must continue to be practical to use as the system scales. Scan all the specified functions to see which ones might involve more work for users as the system grows. Pay special attention to the following areas:
Inquiries and reports Specify functions such that an increase in the quantity of data in the system is notaccompanied by a similar increase in the amount a user must plough through. One way to do this is to allow the work to be shared among several users, perhaps by segregating the data so that each user is responsible for only part of the data.
Maintaining and administering Tasks that are straightforward at low volumes can become time-consuming, tedious, increasingly liable to human error, and finally impractical as volumes grow. Making such functions just as easy to use as the system scales up means they must be more sophisticated and consequently more expensive to develop (though that might be justified by reduced operational costs).
Consider the impact of a large number of configuration entities and of a large number of server machines. One way to reduce the problem is to arrange for some information to be shared by multiple configuration entities (so that one change affects them all)—that is, structuring data with the maintenance implications of scalability in mind. A more sophisticated approach is for maintenance functions to be able to apply a change to multiple entities at once.
Installing and upgrading How frequently is extra hardware likely to be added? How much advance warning are we likely to get? Just how many machines might be end up with? The answers to these questions might justify special steps to make it as easy as possible to install the system on a machine, to upgrade the software on a machine, and to slot a new machine into the live environment. This topic builds on what a scalability requirement says about "ease of expansion." (See the installability requirement pattern for more.)
Scaling the Number of Sites A system that scales by being installed in more sites has an extra kind of complexity: how to co-ordinate those sites, both technically and businesswise. A head office and a number of satellites is the most common situation (and the simplest, except for the case of no co-ordination at all). Investigate the relationships between sites and the extra functionality needed: functions used by head office only, data to be sent to head office, dissemination of data to satellites (for example, configuration information that embodies aspects of business rules or corporate policy), and possibly numerous other things.
Then, what kinds of corporate restructuring might happen (such as merging two satellites)? Does the system need to be ready for such eventualities? If no provision at all is made, achieving them later might be very difficult indeed—if, for example, different sites allocate the same customer number to different customers.
Complexity of this kind could go unnoticed if you concentrate on an initial implementation in a single site, so ask yourself whether you need to worry about it. It is important, is bound to have a major impact on how the system is implemented, and must be properly specified.
Scalability can be achieved by choosing underlying technology built to help spread processing load across multiple machines, or it can be achieved by our own software, or by a mixture of both. Distributing loads across machines is a lot more complicated to implement than it at first appears, so use a third-party product to do the hard work for you whenever possible.
Consider whether the scalability being asked for can be achieved by a single database. If not, work through the implications of having multiple databases. How closely do they need to work together? What would need to be done to co-ordinate them? Can the overall system be divided into a number of islands that work largely independently of one another?
Take special care with the design of database tables that are directly or indirectly affected by the kind of scalability being demanded and with the design of functions that maintain this data. Avoid duplicating data for which many entities could share the same values, to save having to modify a value many times (a number of times that increases as the system scales up).
Scalability is difficult to test at all. One exercise is to get the system running and verify that adding extra resources is as easy as it should be. Then test that the new configuration can cope with a proportionately increased load. Measure the actual performance gain as the resources scale. If you get that far, you've done well. But it doesn't prove that you can keep on adding hardware with the same effect. It's unrealistic to test that the system possesses "unrestricted" scalability.
You can probably get a subjective feel for how scalable the system is by talking to the developers about it. What steps have they taken? How did they approach the subject? Are there any design documents that deal with scalability? Have they discovered any potential problems? The depth to which they can answer these questions should give you an insight into how much faith you can place in the scalability of their work.
Scalability is an infinite area. You must determine when you have done enough and are satisfied with the results. Performance requirements can give you a feel for what is a reasonable point at which to stop.
Related patterns: | Inter-system interface, documentation |
Anticipated frequency: | For most systems no more than two requirements; for complex systems fewer than 10 requirements |
Pattern classifications: | None |
Use the extendability requirement pattern to mandate that a specific aspect of the system be built to make it easy to extend by "plugging in" extra software. In particular, use it in situations where there are (or might be in the future) several different ways of doing things and we want to be able to add more without major disruption.
Do not use the extendability requirement pattern for alternatives that cannot be achieved by slotting in extra software. Common examples are differences achievable solely by configuration, including some multinesses (such as multi-lingual and multi-currency), and variations that affect the system as a whole, such as being able to run on multiple named operating systems (you can't just "plug in" the ability to run on Unix).
An extendability requirement acts as a way to tell developers to build a particular part of the system in a flexible manner so that we can extend it by simply slotting in new software without revamping the underlying architecture each time. Some kinds of flexibility aren't amenable to being treated in this way—including anything that can be regarded as a multiness (according the multiness requirement pattern) and anything that can't be achieved simply by adding software to support it. If you have a fixed list of alternatives that cannot grow, you don't need extendability but it can still be good practice to apply it, because extendability promotes modularity: it's a subtle way of encouraging good design in one area. In any case, it's rash to assume something will never, ever change.
This requirement pattern calls a piece of software that is plugged in a driver, as in a device driver or a printer driver. This term is used only to make this discussion easier to read; requirements themselves don't need to use it. An extendability requirement is invariably followed by at least one requirement for a driver, because without it the ability to extend serves no immediate purpose.
An extendability requirement usually sits amid a sequence of requirements: first a requirement that defines an aspect of the system; second the requirement that this aspect be extendable; and finally one or more requirements for drivers and possibly other requirements (all of which are covered in the Extra Requirements section later in this pattern). The extendability of an aspect of the system can be combined with its definition, but separating them gives the need for extendability added weight and allows it to be given a different priority. This sequence is shown in Figure 10-2.
Here are a few typical examples of extendability:
Available payment methods. (See the example requirement later in this pattern.)
Supported file formats. Regard each circumstance in which files are accessed as a separate kind of extendability. For example, if one part of a system reads graphics files and another part reads text files, treat them separately. Also treat input and output as distinct.
External systems to interface to—provided they all play the same role.
Types of notification methods. (See the example requirement in this pattern and the driver requirements in the Extra Requirements section.)
Types of devices to control—for example, printers or EFTPOS terminals.
Supported communication protocols.
Allowed encryption algorithms. Don't mix fundamentally different types of encryption though: a public key algorithm and a symmetric algorithm aren't interchangeable.
Extendability is much more important and valuable when building a software product to be sold to multiple organizations than when building for one organization only. It makes it easier to tailor each installation, without affecting the core product.
Sometimes building in the ability to easily extend in a certain way turns out to be harder than it appeared at requirements time. For example, the things on your list of alternatives might have less in common than they appear; they might vary a lot more. This might not become clear until design time. So there are limits to how much we can expect from extendability.
An extendability requirement needs to cover:
The aspect of the system that is to be extendable Which can be expressed in terms of the type of driver to slot in.
Ease of extendability How easy should it be to slot in a new driver? Usually it's best to simply insist that a new driver be added without software changes to the core system. This is equivalent to being able to plug a new electrical device into the main grid's power without having to modifying the socket you plug it in. Occasionally you might need to demand more—some kind of plug-and-play capability, perhaps—so that a new driver can be added without shutting down the system.
Configuration details In addition to its software, configuration information is needed for each driver so that the system knows it's there and how to call it. This too is largely a matter for the developers to sort out. The requirements need to worry only about anything that's visible to users, such as the name by which it's presented to them. If you want anything else to be visible—such as a help page—then say so.
Perhaps surprisingly, extendability requirements tend to be remarkably straightforward, simple even. The main reason is that they should ignore technical details. They merely need to state what we want; how it's achieved is the developers' responsibility.
Summary | Definition |
|---|---|
«System aspect» extendable | It shall be possible to extend the «System aspect» by developing and "plugging in" an extra software module. The introduction of any such module shall not require fundamental changes to the core software of the system to allow its introduction. «Ease of extendability». [«Configuration details».] |
«Subcomponent type» pluggable | It shall be possible to add a new «Subcomponent type» by developing and "plugging in" the software necessary to support it. A new «Subcomponent type» shall not require fundamental changes to the core software of the system to allow its introduction. «Ease of extendability». [«Configuration details».] |
Summary | Definition |
|---|---|
Notification methods pluggable | It shall be possible to add a new method for notifying users by developing and "plugging in" the software necessary to support that method. A new notification method shall not require changes to the core software of the system to allow its introduction. |
Payment methods pluggable | It shall be possible to add a new method by which customers can pay by developing and "plugging in" the software necessary to support that method. A new payment method shall not require changes to the core software of the system to allow its introduction. |
An extendability requirement can be followed by several extra requirements. There is usually at least one of first type from the list that follows; the others are topics you should give at least cursory thought to, although they're not often relevant:
A type of driver, one requirement for each.
Installation, to specify how easy it must be to install and configure a driver.
Third-party driver development, if people outside your development team will need to develop and test drivers.
Each of these is discussed in its own subsection that follows.
You might encounter extra dilemmas when specifying some types of drivers, but most turn out to be due to the nature of the driver rather than making this area extendable. Be alert to the distinction. Here are a few such situations:
Driver securityConvenient extendability can open security holes: making it easy to slot in new software makes it easy to slot in malicious software. If this is a concern, take steps to guard against it. Give driver security particular thought if third parties will develop drivers. (See the "Third-Party Driver Development Requirements" subsection later in this pattern).
Switching from using one driver to anotherFor example, if we can plug in encryption algorithms, we could decide to stop using one and start using another. This might be a hard thing to do (if we have to re-encrypt anything encrypted using the old algorithm), but any difficulty has nothing to do with extendability.
Catering for multiple different versions of a driverTreat each version as a separate driver, but define the configuration information such that it recognizes the relationship between the two and perhaps their order (that is, which comes first). How to decide which version to use is nothing to do with extendability; neither are the complications you might face in gradually moving from an old version to a new version or in dropping an old version as soon as it's no longer needed. But these issues must be confronted.
Distinguishing between multiple different drivers and multiple instances of the same driverSome drivers need instances to be created, and some drivers don't. For example, for printers you need a driver for each type, and then each physical printer is an instance (and you can have two printers that use the same driver). For output file formats you don't need to worry about this: once you have a driver for a particular format, you simply use it whenever you like.
Driver Type RequirementsHaving a separate requirement for each type of unit to plug in lets us prioritize them individually and gives us space to say whatever's useful about each one. It also reduces the temptation to gloss over each one, which a simple list within another requirement encourages—and it denies us the opportunity to end such a list with an insidiously nasty and unacceptable "etc."
A requirement for a type of driver needs to contain these items:
Driver description, of what is to be slotted in, to whatever level of detail is needed—although a brief summary often suffices. Mention any special characteristics you think are relevant, especially things that might affect its complexity (and, consequently, any estimate of how much it will cost to implement). Say enough to make clear what needs to be done. For example, for a file format, state which version and give the location of the standard that defines it. For a payment method, don't just say "credit card"; consider the types you need to support and the financial institution(s) you need to clear transactions with.
The system aspect to which the driver relates—or the type of driver being plugged in—as per the parent extendability requirement. You can often express this in passing. You might think this is obvious from the context of the requirement (that is, because it follows its parent requirement), but it needs to be clear when read in isolation.
Special information (if any) needed by the driver each time it is invoked. For example, pager notification needs a pager number, email notification needs an email address, and credit card payment needs credit card details. Say where this information comes from.
You might also need to specify special configuration details for a specific driver.
Responsibility for underlying infrastructure—a description of who is responsible for specifying and implementing it. If a driver is neatly self-contained (such as one for a file format), no more needs to be said. But a driver often involves considerable behind-the-scenes infrastructure functionality—for example, a credit card payment mechanism or pager notification service—functionality that must be properly specified and implemented. Who's responsible? Is it within the scope of this system? Is the necessary infrastructure already in place? You must answer these questions. If you're going to leave this until later, you must make that clear: make it obvious that specification work is incomplete. The easiest answer is to say it's outside the scope and that the necessary infrastructure must be properly specified before this requirement can be satisfied.
These requirements tend to be as straightforward as extendability requirements (although the responsibility part can be awkward to express and can end up looking like picky legalese). It's easy to see why: we're interested in only the extendability aspect here; everything needed to deliver it is omitted. That's why further requirements must be written—somewhere—if some kind of supporting infrastructure is needed. Implementing each infrastructure deserves to be a project (or subproject) in its own right, or it might not receive the attention it deserves. In any situation where a large amount of work hides behind one innocuous requirement, it's likely to be given an inadequate budget and to be rushed. Developers are apt to dash out and find the first open source product they lay their eyes on. An infrastructure could be used for other purposes, too.
Any driver whose real work is done by a separate component (such as a third-party product or an external system) acts as an adapter. See the inter-system interface requirement pattern's "Interface Adapters" sidebar (in Chapter 5) for a description of what adapters are all about.
Here are a few example follow-on requirements that specify drivers for notification methods (and notice the stressing of the infrastructures that are needed):
Summary | Definition |
|---|---|
It shall be possible to notify users of relevant events via the system message inquiry (as specified in requirement XR8.2), if they have it running. | |
Notify via email | It shall be possible to notify users of relevant events via email. To notify a user, an email address must have been entered for them. This requirement assumes the presence of an infrastructure for sending emails.Specifying and implementing such an infrastructure is outside the scope of this system, but must be done in order to satisfy this requirement. |
Notify via mobile phone instant message | It shall be possible to notify users of relevant events via instant messages to a mobile phone. To notify a user, a mobile phone number must have been set for them. This requirement assumes the presence of an instant messaging infrastructure.Specifying and implementing such an infrastructure is outside the scope of this system, but must be done in order to satisfy this requirement. |
Notify via pager | It shall be possible to notify users of relevant events via pager. To notify a user, a pager number must have been set for them. This requirement assumes the presence of an infrastructure for sending messages to a pager service.Specifying and implementing such an infrastructure is outside the scope of this system but must be done in order to satisfy this requirement. |
Driver Installation Requirements Installing a driver takes two steps, both of which can be influenced by requirements if you want to:
Install its software If nothing is said about this, it's reasonable for everyone to assume that driver software will be installed in exactly the same way as any other software. If it needs to be easier (and, technology permitting, it can be made easier), add requirements to say so. The technology might let you install driver software while the system is running—but press for that only if there's a sound business need behind it.
Configure it Each type of driver needs a function for configuring it. The presence of such a function is often left unstated, but it's a good idea to specify it explicitly.
A driver's configuration can also control its availability—that is, whether it's "switched on" or not. You could write a requirement asking for the ability to install a driver but not make it available immediately.
Here are a couple of example requirements related to the installation and control of drivers:
Summary | Definition | ||
|---|---|---|---|
Notification method maintenance | There shall be a maintenance function to allow the entry of details about a new notification method and the editing of existing methods. | Notification method availability | It shall be possible to specify for each notification method whether it is available for use or not. When a new notification method is added, it shall by default be unavailable. It shall be possible to change this value by using the notification method maintenance function. |
Third-Party Driver Development Requirements Is anyone outside your development team likely to be developing software to slot in? If so, they'll need to know how to do it. At the very least we have to publish a definition of the interface they must build to, but it's better to insist that a "Driver Developer's Guide" be written for this type of driver. Here's an example of such a requirement:
Summary | Definition |
|---|---|
Notification method development guide | A development guide shall be written containing sufficient information to allow a competent software engineer with suitable skills to develop a notification method driver. |
Requirements very similar to this are also used to allow third-party development of inter-system interfaces, as described in the inter-system interface requirement pattern in Chapter 5. See also the documentation requirement pattern, also in Chapter 5, for more about what to say.
You also need to be alert to the security implications of adding software written by a third party into your system. How much do you trust them? What steps can you take to protect your system? Here are a few suggestions [which indicate, within square brackets, who the work is to be done by]:
Insist that the source code be supplied for all driver software written by third parties. Also insist on adequate documentation, including commenting of the source code. [To be done by the third party]
Examine the source code for suspicious activities. [To be done by a suitable member of the development team or the testing team]
Compile the source code, and install that object code (rather than object code supplied by the third party). If you've checked the source code, that'd be a waste of time if the supplied compiled code is different. [To be done by a member of the development team or a system administrator]
Test the driver thoroughly. [To be done by the development team and/or the testing team]
Requirements aren't necessarily the best place to state these things, but you could write a requirement saying that precautions along these lines be taken.
An extendability requirement is in effect an instruction to the development team saying, "Build this part in a flexible way; don't hard-code it." Development depends on the type of extendability and the technology being used, so little more can be said here. A few things to bear in mind are as follows:
Configuration for drivers Every type of driver needs its own configuration. What does it need to contain? Possibilities include:
Driver ID, for internal use.
Driver name, for display to users.
Driver software location. This might be its main class name. (You will, of course, have to figure out how to invoke this software.)
State: is it available (switched on)?
Version number.
Developed by, especially if by a third party.
Help page file name and location.
Also consider what effect changing any of this information would have. If it could cause damage, think of ways to prevent it.
Switching from one driver to another For some types of driver, it is necessary to impose restrictions or to define guidelines for use. For example, you might be building a product that allows your customer to choose which encryption algorithm to use—but if letting them change their mind after going live is too hard, prevent them doing so.
Upgrading a driver See the inter-system interface requirement pattern in Chapter 5, because similar issues apply in both situations.
Treat the testing of a driver the same as the testing of any other software. Much depends on the nature of the driver: testing the saving of data in a pluggable file format is a different matter from testing credit card payments.
If there are multiple drivers, test that the results obtained from each one is compatible with the others. For example, if all drivers are expected to deliver identical results, do they? This doesn't apply to all types of driver. For instance, drivers for saving data in different formats will be expected to produce difference results.
Test adding a new driver. Is it as easy as it should be? When testing the initial system, begin with at least one driver of each type missing and then watch closely as they are installed. Because an extendability requirement is basically a message to developers, talk to the developers about what they've done about it; ask them what they'd have to do to add a new driver.
Test different versions of the same driver. Test upgrading from one version of a driver to the next version. These kinds of tests might not be possible if only one version of each driver exists, which is often true for a new system. If not, quiz the development team about the provisions they have made for upgrading drivers.
Related patterns: | Multiness, data type, extendability |
Anticipated frequency: | One requirement per aspect, with extra requirements for the implications |
Pattern classifications: | None |
Use the unparochialness requirement pattern to specify a particular way in which the system must not be limited to one business environment. The unparochialness requirement pattern says how a single installation of the system needs to be able to adapt to the organization and the place where it is installed.
Do not use the unparochialness requirement pattern to specify that the system must support multiple instances of anything simultaneously (such as multiple currencies); use the multiness requirement pattern, the next pattern in this chapter, for that.
Parochial: narrow in outlook or scope, merely local. So says the dictionary. If you build a system for one organization, that's what you'll get—no more, no less. Don't assume it'll suit any other organization, even one down the road that's in the same business. It's unreasonable to expect otherwise, unless you expressly insist. Yet companies sometimes do: executives impressed by their new system have the bright idea of making money by selling it. But they're probably in for an unpleasant surprise if suitable provisions weren't made in the first place—which is where unparochialness requirements come in.
When building a product or a system for multiple sites, it must suit each of the environments in which it will be installed—or, at least, the system will be much better received (and, for a product, more competitive) if it's not obviously been built for someone else, somewhere else, or for a different market. But also take sensible steps to make a system amenable to installation in other environments it might encounter, without lots of rework, because adding it all later is invariably much harder than incorporating it from the outset.
Look beyond the narrow confines of a single target environment. It's natural for analysts and developers to specify and build systems that they, the customer, and the people they know would like to use—systems for us—and in the main it makes systems more friendly, more complete, and more sensible. But we can't allow this inclination to be our only guide, because we'll then get a system built just for us. People aren't intentionally parochial; when they're parochial, they are without thinking about it. Requirements to make systems less parochial are scarcer than they should be, which probably contributes significantly to systems being harder to implement successfully outside their home environment. This requirement pattern aims to prompt analysts to write requirements on this topic when they otherwise wouldn't.
Specifying unparochialness is a two-stage process. First, identify everywhere the system might be installed—not as a detailed list of installations, but in broad terms. Second, figure out what sorts of variation from one installation to another is needed to accommodate them all. The rest of this section covers the first stage, and the second stage is dealt with in the Extra Requirements subsection coming up.
Write an unparochialness requirement to sum up the scope of prospective installations—a statement of what we have in mind (such as selling to other companies in the same business in the same country). Then, write more detailed requirements to spell out what that really means in terms of specific ways in which the system shouldn't be tied down. But once we have the detailed requirements, the original requirement can be dropped—or demoted to being an introductory statement rather than a formal requirement. In a two-level hierarchy of requirements, the original unparochialness requirement equates to a high-level business requirement, and the rest are detailed requirements.
The first step, then, is to consider where the system might be installed. The most common possibilities are these:
Single site If it's a system for one site only (say, for internal use), can you be sure it'll never be installed anywhere else? If you believe you are sure, state it explicitly as an assumption—both to spur any reader with grander ideas to speak up, and to defend against possible accusations of inflexibility in the future.
Different sites If it's to be installed in multiple sites—or departments or operating units—belonging to the same organization, how diverse are they? What differs from one to another?
Different organizations Is it possible that the system will be installed by other organizations? If so, in what ways could their business practices be different? Answering this question usually involves serious investigation. If you assume everyone does things the same way, you're likely to be wrong. Even an expert in this business area who assumes that is likely to be wrong.
Different industries If you're building a system for use in one industry but would like to extend its use to others, what do they do differently? Fundamentally the industries might be very similar yet still vary in minor details (such as terminology used).
Different countries and regions Even the most cubicle-bound recluse is aware that other countries speak different languages and use different currencies, but they also do lots of other things differently. What things must our system worry about? The Extra Requirements subsection discusses a few. But that doesn't mean the system needs to adapt to every local difference. An overseas subsidiary might be accustomed to working in our language and quite happy to use our system in its original language.
It's worth repeating that we're just talking about tailoring the whole system to suit its local environment—not catering for multiple variations at the same time, which is what the multiness requirement pattern is for. For example, one installation being able to support users from multiple countries at the same time—in multiple languages, multiple currencies, and so on—involves a lot more than just avoiding a parochial outlook. Variable single-thing is not the same as multi-thing. A system that allows its base currency to be configured is definitely not automatically multi-currency.
Don't go overboard, though. Don't demand things that are likely to be expensive to implement but have a low chance of being needed (because they're speculative or no more than a gleam in someone's eye). Also, some things. such as data types, are so fundamental that allowing them to vary from one installation to another is just too hard.
An unparochialness requirement should convey:
Suitability conditions How broad (and how limited) is the set of environments for which the system should be suitable? Be as specific as you can. If it might be installed in other countries but only in one continent (say, Europe), point that out. It might help the developers to know it won't be installed anywhere with a language that needs a multi-byte character set (as in much of Asia).
Motivation Why do we want the system to be installable in these different environments? For example, we might want to sell the system there, or perhaps the company has offices there. If these are only secondary goals and the first installation is what we're really building the system for, say so in order to put this requirement into perspective.
Example variations What are the implications of needing to install the system in this range of environments? Give some examples of the sorts of variation from one installation to another that's needed (such a different base currency).
Summary | Definition |
|---|---|
Not specific to «Single environment name» | The system shall be suitable for use by any organization that «Suitability conditions». «Motivation statement». For example, «Aspect variation statement(s)». |
The following requirement aims to be a guard against temporal parochialness for all time:
Summary | Definition |
|---|---|
No time restrictions | There shall be nothing about the system to prevent it being used for an arbitrarily long period (decades) into the future. That is, there shall exist no date beyond which the system shall cease to work normally. The motivation of this requirement is to prevent anything equivalent to Y2K problems. |
Assuming we've identified (as in the preceding sections) the range of environments in which our system is liable to be installed, we now come to stage two: specifying the implications, in the form of all the possible types of variation from one installation to another. How can we work out in which ways other places do things differently? This can involve considerable investigation. This general purpose requirement pattern can't delve into matters that are specific to a particular organization or industry. But it can mention a number of things that can vary from country to country and common ways in which organizations vary—and it does so in the following two subsections.
One last extra requirement that might be worthwhile is to demand that the system's documentation not be parochial. Here's an example of such a requirement:
Summary | Definition |
|---|---|
Documentation suitable for all installations | All documentation produced for the system shall be suitable for use by and readily understandable by any organization and in any country in which the system is liable to be installed (as per requirement XR19). In particular, no documentation for the system shall contain confidential Acme information. This requirement does not, however, extend to foreign languages: documentation only in English is satisfactory (though it does not preclude other requirements stipulating documentation in other languages). |
Differences between Countries Here is a range of things that vary from one country to another, with some resulting complications mentioned:
Currency Switching a system's base currency (the one all monetary amounts are taken to be denominated in) can take more than just nominating a different one to use. It can affect the number of decimal places to which to display monetary amounts: not all currencies use two. If you have both a company base currency and a local currency, you might need to worry which way round exchange rates are quoted (for example, it's Yen to the U.S. Dollar, but U.S. Dollars to the Pound).
Numeric display format The primary differences are in the symbols used for decimal points and thousand separators. Also, the thousand separators aren't put between the thousands in all countries (viz India with its 99,99,99,999 format made up of lakhs and crores and so on).
Date display formats Is 1/4 the 4th January or 1st April? Simply allowing the system to conform to the local convention might not be enough to avoid confusion. For example, a report for head office might use a format different to that used in a local office that produces it. If there's any risk of confusion, you could add a requirement that the date format be explained explicitly wherever dates are shown.
Language It's a large undertaking to translate a whole system into another language. If you want to make the system amenable to being used in a place with a different language, some of the things to consider include:
Ban the hard-coding of all language-specific text, including error messages, menu contents, and other fragments for display to users. If yours is a Web-based system, don't assume the whole user interface is defined in HTML pages themselves.
Text isn't the only medium that can be language-specific: the content of images, audio, and video can be too.
Some languages (such as Chinese) require a multi-byte character set.
Some countries (such as Canada and Switzerland) have multiple official languages.
Keyboard layouts can vary, often to accommodate characters with accents or different alphabets.
A user could be running their operating system and other products in another language, even if your system is monolingual. So, wherever possible, avoid making assumptions about the names, prompts, and message texts that other software presents to the user. This applies mainly to user guides, help pages, and other documentation.
Dialect Just because another country speaks the same language as you do, don't assume they say or spell everything the same or will understand the same colloquialisms (say, from sports popular in your country but not in others). If possible, use words that are spelled the same in all dialects. For example, "bookmark" is preferable to "favorite" because it avoids inflicting the American spelling of the latter on speakers of British English. This book takes trouble to talk about "how systems behave" rather than "their behavior/behaviour" for the same reason (except when it's awkward to do so).
Time zone Bear in mind that not all time zones vary from one another in whole-hour increments. Daylight saving time varies: it doesn't start or end on the same date everywhere; some countries don't have it at all; and when clocks go forward in the Northern hemisphere, they go back in the Southern (and vice versa).
Financial year The date on which the financial year ends varies from country to country.
Calendar The working days of the week aren't the same everywhere. Public holidays are not necessarily countrywide (and of course they vary from country to country). Public holidays can be for a full day or for a half-day only. The Gregorian calendar is in practice the international standard, and commercial systems rarely need to deal with any other, but it's not the only one in day-to-day use. Some businesses, especially in Europe, use the ISO calendar (defined by the ISO 8601 standard), which states the day number in the calendar year instead of the month and day-in-month.
Geographic regions Countries divide themselves up in different ways: states, territories, provinces, counties (and those are just in English-speaking countries).
Post codes Some countries use simple numbers; some use more complex schemes.
Address formats Even beyond region and post code differences, countries vary in how they conventionally display addresses.
Telephone numbers The number of digits and the usual placement of separators vary.
Measurement system Metric or that other one, whose very name varies between countries. In the U.S., it's called U.S. or English; in England, it's called Imperial. Plus, a country might use metric for some units but not for others.
Punctuation Which characters should be used for quotes, question marks, exclamation marks, and so on?
Cultural differences For example, images that are acceptable (even innocuous) in one culture might not be tolerated in another.
The country itself We don't want the name of the local country itself to be fixed—or for the system to assume, in some hard-coded way, that it knows which country it's in.
This isn't a comprehensive list. It ignores areas that differ functionally from one place to another, such as tax, regulatory, and legal regimes. (Some of these differences can be dealt with by using the extendability requirement pattern we saw earlier in this chapter.) Ways of doing calculations could also vary—for example, bank interest calculations. (See the fee/tax requirement pattern in Chapter 12 and the calculation formula requirement pattern in Chapter 6.) It also ignores variations that are usually of no concern to systems but that just might affect yours, such as national flag, continent, and hemisphere.
You're unlikely to need to worry about all of these things, but run through this list asking yourself whether each one is relevant.
Differences between Organizations Organizations differ from one another in numerous ways, even in the same industry, and it's impossible to do more than scratch the surface here. But you might want to consider these few common topics:
Data types Our company might use numeric codes for something; another company might use 3-character strings. It's usually impractical to switch from one data type to another, so avoid writing a requirement for the system to be able to. But you could consider adopting data types that are more flexible, such as strings rather than numbers.
Organization structure Our company might have a two-level hierarchy of operational units; another company might have four. Take steps to accommodate the more complicated structures the system is likely to encounter. (See the multi-organization unit requirement pattern in Chapter 12 for more.)
Employee roles It's always good practice to make employee roles configurable—if nothing else, to cater for change in our own organization. But it's more important if the system's going to be installed elsewhere. (See the access control requirement patterns in Chapter 11 for more.)
Accounting entries If your system generates information for use by an accounting system, consider whether it's tied too closely to how your own organization performs its accounting.
External systems For each external system our system connects to (via an inter-system interface), another organization might be running a different system. Make it as easy as possible to slot in a different inter-system interface (as per the extendability requirement pattern discussed previously in this chapter). If you interface to an external system for more than one purpose, another organization might use separate systems for each of them. In this case, it's better to treat each purpose as a distinct inter-system interface.
Terminology One company might use different names for certain things.
Treat an unparochialness requirement like an instruction not to hard-code this area. That advice doesn't apply in every case: some things need different code to be called in different installations, which means allowing code to be plugged in (as described in the extendability requirement pattern covered earlier).
Properly testing that a system is suitable for installation in the range of places demanded is a major undertaking. A reasonable simplification is to envisage two installations that differ from each other in every possible way. If we have a primary installation, it will be one; make the other as different as you can. This simplification still means we need two full test implementations of the system. If you don't want to go that far, perhaps because secondary installations are a low priority, perform one full pass plus a targeted set of spot checks for selected alternative values. Or try "anecdotal" checking: ask developers what they've done to satisfy the unparochialness requirements, read the documentation for signs that variations are catered for, and run configuration functions to see whether they allow the relevant base values to be changed.
Related patterns: | Unparochialness, extendability, multi-lingual, multi-currency, multi-organization unit |
Anticipated frequency: | Up to three requirements, rarely more |
Pattern classifications: | Pervasive: Maybe; Affects database: Yes |
Use the multiness requirement pattern to specify that the system must accommodate multiple something-or-others at the same time, each of which has its own fundamentally distinct user interface or whose data must be kept rigorously apart from that of the others. (See the sections that follow for more detailed explanation of the suitability criteria.)
Do not use the multiness requirement pattern when the system need support only one from a range of alternatives; use the unparochialness requirement pattern in that case. The difference is that unparochialness allows an aspect to vary but the same variant is used systemwide; multiness allows multiple instances of an aspect to coexist at once. Also, do not use the multiness requirement pattern when support for multiple things is natural or built-in.
(Relative simplicity is the reason "multiness" was coined for this pattern's name. "Multiplicability" might be a more logical word to use, but what a mouthful it is.)
A multi-lingual user interface, for instance, is obviously a major undertaking and one that deserves to be dealt with seriously in the requirements (if you need it). It adds an extra dimension to the system, and it is for adding this kind of richness that the multiness requirement pattern is intended. We could say our system is multi-customer, multi-product and so on (multi-anything-with-a-database-table, in fact)—but nothing is gained by doing so, and the multiness requirement pattern is not for them. There are other cases that are less clear-cut. How, then, can we decide whether something is significant enough to warrant a multiness requirement? It must satisfy one or more of the following criteria:
Criterion 1: Distinct user experiences, where each alternative instance has its own version of much of what the user sees, such as a separate set of Web pages for each alternative. (For multi-lingual support, for example, everything language-dependent the user sees must be duplicated in each supported language.)
Criterion 2: Segregated data, where the data associated with one alternative instance must be presented on its own, separately from the data of the others. A user might be able to see data for one alternative only, and users who can see more mustn't see them mixed up. (For example, if we're running a multi-department system, a user might be able to see the activities of their own department.) Each alternative in effect has its own little world, which operates to a greater or lesser extent as if it had its own system. There might be people, however, who can span several or all of them. The degree of separation can vary; it's not all-or-nothing.
Criterion 3: Unaddable data, where data is incompatible, and is meaningless if added together. This occurs in any system that has amounts in multiple different units. And that's the test for this criterion: are they like apples and oranges that can't be added together? (For example, in a multi-currency system we cannot simply add an amount denominated in U.S. Dollars to an amount in Euros.) By this test, amounts belonging to different companies can be added together, so their data can be aggregated (though, depending on how rigorously their data must be segregated, it might never actually be aggregated).
It is possible for something to satisfy more than one of these criteria. For example, a system that supports multiple companies could fall into both of the first two: each company might have its own Web pages, and their data must be segregated. If something satisfies none of these criteria, it's not a multiness. What do we do then? The system still needs to support multiple of them in some way or another—but don't apply this requirement pattern to it. Examine its characteristics and define requirements for them. I suggest reserving the prefix "multi" in a requirements specification for things that are multinesses.
A multiness requirement is not necessary if an extendability requirement will suffice (which it will if we're able to support multiple things by plugging in extra software for them). Sometimes multiness goes hand in hand with extendability and you might need both—for example, in a system that supports multiple companies, each of which can slot in its own special software in certain areas.
No kind of multiness is trivial to implement. You can never say "The system shall be multi-whatsit" and leave it at that. You must spell out precisely what you mean: how much multi-whatsit support you need, and how far you want to take it. Different systems might treat multi-whatsit in very different ways—and quite right too, if they have different circumstances. Sometimes we have just a façade of multiness, not the real thing. That's good, because it means there's less work to do. For example, if a Web retail site wants to display indicative prices in a customer's currency of choice, that could be merely a little candy on the user interface that doesn't affect the main processing or the database—so it doesn't count as multi-currency because the difficult bits are missing (even though we need a few of the easier bits, such as knowing exchange rates).
This book contains specific requirement patterns for two types of multiness that are commonly encountered: multi-lingual and multi-organization unit (for multi-company, multi-office, multi-department, and such like). The latter resides in the commercial domain (that is, in Chapter 12). These requirement patterns make it easier to specify these topics without the distractions of the broader discussions in this base multiness requirement pattern itself.
The multinesses in a system can be found and specified using the following process (each step of which is spelled out in its own subsection immediately following):
Perform Steps 2 to 4 for each multiness you identify in Step 1. If you're using this requirement pattern to help specify a kind of multiness you've already identified, skip the first two steps.
Step 1: Identify Candidate Multinesses There are three places to fish for possible multinesses:
Place 1: Definitions of data entities (We assume these exist already, so specify their requirements before tackling multinesses.) You don't need to scour every entity: concentrate on the important living entities (such as customer and employee) and transactions (such as customer order). For each candidate entity, run through its data items. Any data item that has one of the following characteristics is potentially a multiness:
The data item identifies a configuration entity. For example, in a customer entity we might unearth country and region of residence, preferred language, owning company, and club membership type.
The data item could be used to determine how to treat that entity. For example, for customer we might stumble upon date of birth, and thus implicitly their age, which would let us give teenagers a different experience at our Web site if we want.
The data item is an amount that has a unit of measure, whether or not the unit is explicitly present. For example, a monetary amount always has a currency as a unit of measure (even if in a parochial single-currency system the same currency is assumed everywhere).
Pay special attention to data items used for identification (or indexing).
Place 2: The structure of the organization Or the structure of all the organizations involved, if there are more than one. Use the multi-organization unit requirement pattern both to specify organizational structure and to decide whether any kind of organization unit needs to be segregated enough to count as a multiness.
Place 3: Types of extendability Each type lets us plug in software for a particular purpose and often involves database tables shared by all the extensions of that type. We need a multiness if each extension's data must be segregated from that of the others or if they are mutually unaddable. For example, if our system provides an environment for multiple service providers (each able to slot in its own software), we probably need to isolate each service provider's data from the others.
This exercise isn't as daunting as it looks, and it can, in fact, be conducted quickly. Discard as many candidate multinesses as you can the moment they come to light. Drop without further ado any multiness that's clearly not needed. If in doubt, leave it out.
Figure 10-3 is a magical representation of how several candidate multinesses might be discovered in a few important logical entities.
The three examples on the left all use the multi-organization unit requirement pattern. Multi-lingual has its own requirement pattern, too.
Looking for candidate multinesses can be a creative activity. It can unearth possibilities you never thought of (such as separate user interfaces for different age groups, I imagine). But don't get carried away. Don't include some wild capability just because you can: make sure you can justify the cost it will surely add.
Be alarmed if your system has more than one multiness that has a need for multiple user experiences—multi-multinesses—because they lead to a multiplicative explosion. For example, if you need a set of Web pages for each of five companies and also for each of three languages, you need fifteen sets of Web pages altogether. This sounds like a nightmare in the making. Each multiness truly does behave like an independent dimension in this respect.
Step 2: Decide Whether Something Is a Multiness Having identified a candidate multiness, work out how much support the system must provide for it. Do you need rich functionality, or will a superficial façade suffice? Consider what variations there might be in how we handle each of these things. We need multiness if there is sufficient difference between the possibilities—if they need different processing, or if they must be kept separate (for example, if they can't be added together, which applies to amounts in different currencies). Then test what's needed against the three criteria stated previously: distinct user experiences, segregated data, and unaddable data. If it matches any of these three, it is a multiness.
Asking whether putting "multi-" as a prefix in front of the name can sometimes give you a sense of whether it's suitable. If the result sounds over the top, maybe it's not important enough to be a multiness. If it sounds right and it deserves such grandeur, it's a vote in favor of treating it as a multiness.
Step 3: Specify a Multiness Requirement Write a requirement that defines the extent of support you need for a particular type of multiness, as per the Content section coming up.
Step 4: Investigate Implications and Specify Extra Requirements What must the system do to deliver this kind of multiness? Look at the effects it has on entity definitions and then on user functions such as inquiries and reports. Refer to the Extra Requirements subsection for the details. If the type of multiness in question has its own requirement pattern, refer to its Extra Requirements section too.
A multiness requirement should contain the following:
Multiness type What kind of thing are we asking the system to support multiple of? (For example, multiple languages.)
Extent of support Give a summary of what level of support is expected from the system. For example, only our external Web site might need to be multi-lingual (not internal functions). Don't go into great detail; use extra requirements to spell out specific aspects.
Expected number of instances When we say multiple, how many are we talking about? This is only significant when a distinct user interface must be constructed for each one—for example, for each supported language—and then it's very important. Either express it as a number (or range), or describe a condition that determines how many (for example, one for each company configured in the system).
This raises the question of whether we're just specifying a system with an inherent multiness capability (say, multi-lingual), or whether in addition we expect the system to be delivered with support for a specific set of instances (say, English, French, and German). The main multiness requirement should limit itself to the former. If you need the latter, write extra requirements for them—one for each instance, if they are small in number, so that each can be assigned its own priority.
Limitations What simplifications are acceptable? Don't force the developers to confront difficult aspects if they're unnecessary.
A requirement demanding that provision be made to implement this multiness in the future is similar but can be less detailed. The extent and limitations clauses should describe how much provision to make (and not to make), rather than how much multiness support. The expected number of instances can be omitted.
Summary | Definition |
|---|---|
Multi-«Multiness name» | The system shall support multiple «Multiness type description». «Statement of extent». [«Number of instances statement».] [«Limitations statement».] |
Provision to be multi-«Multiness name» [in future] | The system shall make provision for the future introduction of support for multiple «Multiness type description». «Statement of extent». [«Limitations statement».] |
If most of the examples here look somewhat obscure, it's because the more obvious subjects reside in their respective requirement patterns (multi-lingual in this chapter and multi-organization unit in Chapter 12).
Each of these four requirements matches one of the three criteria for multiness: the first requirement involves multiple user interfaces, the second has segregated data, and the third and fourth have unaddable data.
A multiness requirement tells us the system must cater for multiple whatever-they-are. But that's not enough. We need to spell out how much support the system must provide, for which we need extra requirements. The topics to cover depend on which of the three multiness criteria are satisfied. These are discussed in the following three subsections.
Distinct User Experiences Providing multiple distinct user interfaces (such as one for each of several languages) takes more than creating multiple sets of Web pages. Other kinds of resources vary from one instance to another: snippets of text (such as error messages), images, audio, video, animations, and bundles to download, among others. Some of these could themselves contain text, or their content could vary in its own right (for example, company logos, legal terms, and conditions). Examine every kind of resource the system uses, and for each one ask whether it could vary from one multiness instance to another.
Other things might vary from one instance to another too, including the visual space needed to display a piece of text and the order in which words and clauses should be presented (especially if you're assembling text containing variables). The size (and shape) of an image might vary from one instance to another. If you want developers to take these variations properly into account, you have to write requirements for them.
Extra requirements might be needed for the following:
Instances to implement Write requirements that identify specific multiness instances that are to be implemented. Avoid this if you can—because it smacks of specifying data rather than the system itself. How unclean this is depends on the nature of the multiness: naming particular languages is more acceptable than naming companies.
Default instance Allow one instance to be nominated as the default, the datum. This is the one to use in the absence of any guidance to the contrary. Its implementation needs to be complete, with no resources missing. It is advisable for this to be the first instance implemented, to constitute the reference instance.
Choosing instance If there are several instances available, how does the system decide which one to use for a particular user? Typically a user session continues to use one instance until told to change. There are four common ways to choose an instance other than the default: 1. The user visits a specific address (URL); 2. Temporary selection by the user; 3. Permanent selection by the user (as a user preference); 4. Derive from other known information (such as the customer's country). A system could use more than one of these ways.
Substituting if a resource is missing What happens when something is missing for a particular instance (either a piece of text or a "resource" such as a Web page)? The smart—and resilient—answer is to use instead the equivalent resource for another instance. The easiest approach is to always use the resource belonging to the default instance, but there are more sophisticated possibilities, such as nominating for each instance the substitution instance to use, which makes it relatively easy to create "dialects" that contain few resources of their own.
If each instance's resources are owned by its own legal entity (for example, if we're supporting multiple companies), check whether it's acceptable to substitute resources belonging to someone else. The system might need to accommodate rules determining what's allowed. If there's no instance that can be used as a default of last resort, the substitution mechanism might find itself without a resource it can use.
Input interpretation Does the system ask the user to enter values from which it interprets meaning? If so, are any of those values tied to a particular instance of a multiness? For example, if the user typing Yes or No into a certain field conveys special meaning, a multi-lingual system should accept the equivalent words in the user's chosen language. A user interface can't be considered multi-lingual if you force the user to speak to you in a single language.
Customer support If you're offering a customer support service, you might want different contact addresses for each multiness instance (phone numbers or email addresses, or both), which means telling customers what they are (perhaps via an instance-specific help page). Then you need customer service operators prepared to deal with each multiness instance (for example, who speak different languages or represent different companies). It also helps if the customer service operator is able to "see what the customer sees, which means being able to display the same function for the same multiness instance (even if not the same data).
Resource editing function(s) Creating one set of resources is hard enough. Creating another set that's exactly equivalent but different in some respect (such as in a different language) is harder, unless you provide functions that help. For snippets of text (including error messages and so on), a function that displays one version and asks you to enter another version makes life a lot easier. It also helps if you show each one's context, because it's sometimes impossible to make an appropriate translation without it. You could keep track of a change to any resource, because it might signal that its equivalent instances need to be changed too. These are just some of the ways to help with the creation and managing of multiple sets of resources. Deciding which ones are worthwhile depends on how many user interface instances and how many different resources you have, how often they are likely to change, and how important the best possible user interface is to you—that is, how much you're willing to spend.
Missing resource checker It's tedious, time-consuming, and unreliable to check by hand whether all the resources needed for an instance of a multiness are present. A utility can do this job a lot more dependably.
Here are sample requirements for a couple of these kinds of extra requirements:
Summary | Definition |
|---|---|
Default «Multiness name» | The system shall have a default «Multiness name». The user interface shall be displayed according to this «Multiness name» unless and until an alternative is chosen. Every element of the user interface shall be present in the default «Multiness name». |
Substitute missing «Multiness name» resources | If a «Multiness name»-specific resource is missing (not present) for a particular «Multiness name», the equivalent resource for the default «Multiness name» shall be used instead. This shall apply for any type of "resource" displayed in a user interface, including (but not limited to): Web pages, messages, pieces of text, images, and multimedia resources. An error shall be logged (with low severity) whenever a substitution of this kind is made. The motivation for this requirement is resilience: to display the best user interface even when resources it needs are missing. |
For good measure here's a universal requirement to prevent developers burying text in code where it can't be modified and isn't amenable to multiple user interfaces:
Summary | Definition |
|---|---|
No hard-coding of user-visible text | No piece of text that might be displayed to a user shall reside in source code. That is, every piece of text that a user might see must be modifiable without changing source code. |
Segregated Data The purpose of segregated data is to divide a single system into a number of distinct compartments so that a user who works in one compartment cannot access other compartments. This can be summed up like so: inaccessible instances of a multiness shall be invisible. The primary aim of extra requirements is to prevent a few likely kinds of holes in the compartments, but that's not all:
Prevent cross-instance access Don't allow a user associated with one instance to access data belonging to another. This is straightforward enough to build into specific functions, but care needs to be taken whenever flexible selection criteria are allowed. In particular, no normal user should be able to run SQL queries, nor to use any product that permits free queries (such as a report writer product).
Give users access to instances Each user must be granted access to the multiness instances they should be able to work with. That raises the interesting question of who is allowed to grant this access. For example, in a system supporting multiple companies, each company will want only its own employees granting authority to its precious data—but there must be some kind of overall controlling body. The answer is for each company to have users who are able to set up other users for their company only, and for a "system manager" to create each company's special users in the first place. Extra checks can be put in place to restrict what a system manager can do, especially to prevent them accessing companies' data and to prevent them creating other users. Everything's possible—but it can get fiddly.
Don't let the brevity of this subsection fool you: this subject is not to be taken lightly. It deserves serious investigation, or you might find your system doesn't properly segregate its data.
Unaddable Data When we have multiple kinds of data that can't be added together, extra requirements could be needed for the following:
Cross-instance conversion Is there some way to convert an amount belonging to one instance into an equivalent amount belonging to another instance? For example, an amount in one currency can be converted to an equivalent amount in another currency. If cross-instance conversion is possible (and in some cases it isn't), specify how to perform it. Where do the conversion "rates" come from? The rates are likely to change over time. How? How frequently? Do you need different rates for different purposes? Consider specifying a "base" instance of the multiness to use as a datum for conversions—both to have a standard in which to report (for example, your local currency) and to save having to manage a "rate" for every permutation of instances.
Never simply add values for different instances You could write a requirement stating that two or more incompatible amounts shall never be added together, although it might sound too obvious to warrant saying and often is.
Distinct totals for each instance Any inquiry or report that lists data belonging to multiple instances and shows totals should show separate totals for each instance for which data is listed. For example, if an inquiry lists a number of transactions that are denominated in several currencies, totals should be shown for each currency. You could write a pervasive requirement that insists on this rule being applied across the whole system, which saves having to say it for each function to which it applies and it also covers those that might be added in future.
Don't sort on unaddable amounts Presenting a list of customer bank accounts in descending order of balances is meaningless if they're in several different currencies and that wasn't taken into account. That's common sense, and it's reasonable to assume a developer will come up with a sensible solution. But if a general purpose tool (perhaps a third-party product) is used, it won't understand the data and might produce silly results. If you're worried that something like this might happen, write a requirement to prevent it.
Check that the extent of the multiness is clear. Can you tell how much the system must do?
Verify that third-party products are capable of satisfying the multiness requirements—both products you already have and those you need to acquire.
Testing a multiness involves testing every function that might be affected, which is often many of them. First prepare a full range of representative data for more than one instance of the multiness. Then execute each of these functions, and visually scrutinize the results according to each of the multiness criteria this type of multiness satisfies. Each of the three multiness criteria that's satisfied has its own considerations:
Criterion 1: Distinct user experiences First decide whether you're testing an inherent ability to support multiple user interfaces or whether you're testing support for a specific set of instances, or both. This determines how many instances you need to test: in the first case, two is probably enough. It also affects how seriously to treat the omission of specific "resources" for an instance; in the first case, this might be unimportant. If testing an inherent ability to support multiple user experiences, consider what is called pseudo-localization (or pseudo-loc) testing, in which a set of resources is created automatically for a second user experience based on a full set for the first—typically by adding a fixed character (say, X) at the start and end of each value. This saves a large amount of manual effort creating a new version of everything. It also makes it easy to spot if a value from the wrong instance is being displayed, and it's understandable by everyone on the project (unlike if the second instance were in a different language).
If the system's smart enough to use a substitute resource when one is missing for a particular instance, test an instance for which all resources are missing. Check that the user interface for every function looks satisfactory.
If there's a "missing resource checker" utility, run it.
Criterion 2: Segregated data Test that a user restricted to data belonging to one instance of the multiness cannot access data (or other resources) belonging to any other. Pay special attention to any function that offers flexible selection criteria: is it possible to do a query, for example, that delves into forbidden data? Check whether there are any interfaces or other "unusual" ways to access the system. If so, verify that they enforce the same restrictions as the rest of the system. Third-party products are at particular risk of falling foul here, because they're unlikely to understand the need for segregation.
Criterion 3: Unaddable data Test that values for multiple instances of a multiness are never simply added together: they must either be shown separately or converted as specified in the requirements (for example, currency conversion using the correct exchange rates). Look especially at totals shown in inquiries and reports. Again, watch out for functions offering flexible selection criteria and for third-party products that are unaware when data is unaddable.
The multiness requirement pattern assumes that each instance is handled in exactly the same way by the software, so there is no need to test variations in logic. If there is a need for different software for a particular instance, see the extendability requirement (covered earlier).
Provision for something in the future can't be tested directly, because it hasn't been implemented yet. To tell whether some provision has actually been made, first look at the structure of database tables: are the necessary columns there? Second, look at configuration to see if this area is at least handled in an unparochial way. Third, look at inquiries and reports to see if their total lines look like they are amenable to separate totals for each multiness entity (for example, each currency).
Related patterns: | Extends multiness |
Anticipated frequency: | Zero or one requirement |
Pattern classifications: | Pervasive: Maybe |
Use the multi-lingual requirement pattern to specify that the system is capable of displaying its user interface in more than one alternative natural language (for at least one class of user, though not necessarily all). Also use it to specify that the system can produce output (for example, printing letters or generating stock emails) or accept input in more than one language.
Most of what's involved in specifying multi-lingualness is said in general terms in the multiness requirement pattern, which this pattern extends. This pattern is here to make specifying multi-lingual requirements easier and to point out some specific considerations.
Decent support for more than one language is a lot of work; it's not just a matter of creating an extra set of Web pages for each language. Don't ask for it just because it sounds impressive. Only require it if it's essential.
Other variations often go hand in hand with language differences, such as date and number formats. Some of these differences have a geographical element rather being than simply language dependent, and the word locale is used for a geographical region for which specific characteristics of this kind can be defined. Multi-locale is therefore perhaps a more accurate name for this requirement pattern, but multi-lingual makes more sense because this meaning of "locale" is unfamiliar to nontechnical readers and because the multi-lingual aspect is usually by far the most complicated. See the unparochialness requirement pattern earlier in this chapter for a list of factors that vary geographically in this way.
Multi-lingualness can be used for "dialects" as well as distinct languages—for example, American/British English and phraseology for different age groups. Having the system use substitutes for missing resources is especially effective in such cases, because for a dialect you need create only those resources you genuinely want to be different. Everything else works fine and can be expected to make sense to the user.
Consider cultural differences and national sensitivities, too. Is each language version simply a direct translation of another, or should we do more? What's acceptable in the home culture of people who speak one language can differ from what's acceptable somewhere else. This applies to text and images and other kinds of resources.
The international standard that defines codes to use for languages is ISO 639.
A multi-lingual requirement should contain:
Extent of support How much multi-lingual support do we need from the system? Asking for a multi-lingual user interface for only one class of users can dramatically cut the amount of work. Consider each class of users separately. Typically a multi-lingual support is delivered to customers only, and poor employees must make do with one language only.
Expected number of instances How many languages are we likely to support? If we're planning to support dialects, state a separate number for them because they're less work and less risk.
Limitations How can we make implementing multi-lingualness less onerous? If we can do without support for languages with multi-byte character sets (such as Chinese and Japanese), say so. Similarly, say so if we don't need to worry about languages that are read right-to-left (such as Arabic).
(This is a tailoring of the content described in the multiness requirement pattern just described.)
Summary | Definition |
|---|---|
Multi-lingual [«Scope qualifier»] | The system shall support multiple languages. «Statement of extent». [«Number of instances statement».] [«Limitations statement».] |
Provision [for «Scope qualifier»] to become multi-lingual | The system shall make provision for the future introduction of support for multiple languages. «Statement of extent». [«Limitations statement».] |
Summary | Definition |
|---|---|
Multi-lingual customer user interface | The system shall allow the customer user interface to be available in multiple languages. Each customer shall nominate which of a range of supported languages they wish to use, and then every piece of information displayed to them by the system shall be in that language. This shall include screen prompts, messages, and graphics, audio, and video that contain language-specific content. It is anticipated that no more than three languages will be supported. Languages that use a multi-byte character set need not be supported. This requirement does not apply to the user interface of functions used only by employees (which is needed in one language only). |
Provision to be multi-lingual | The system shall make provision for the future introduction of support for multiple languages. Provision shall include at least the following:
|
All the types of extra requirements in the "Distinct User Experiences" subsection of the multiness requirement pattern apply to multi-lingualness.
Here are a couple of specific examples:
Related patterns: | None |
Anticipated frequency: | Between zero and two requirements |
Pattern classifications: | Affects database: Yes |
Use the installability requirement pattern to specify how easy it must be to install or upgrade the system (or a part of the system).
Whenever you go to the trouble of building a system, it's handy to be able to install it. You can always rely on the developers to install it ad hoc somehow, and that can be acceptable if you're installing it in only one or two places. Something better is called for if (a) you want other people to be able to install it, (b) you'll have more than a handful of installations, (c) you can't afford an installation to go wrong, or (d) you don't want to give developers unfettered access to production machines. That's where installability requirements come in—to impose order on installation, to indicate how important installation is and how much trouble we're prepared to take, and as a reminder to allocate adequate resources to it.
The subject of installation is rarely mentioned in requirements. When it isn't, it's as if there were an implicit requirement that says "There shall be a way to install the system. It doesn't matter how unpleasant, time-consuming, unreliable, or insecure it is." Installation is often considered at all only when the (first) installation date draws near, but it deserves to be "on the radar" from the beginning. A common sentiment is, let's worry about installation when we've got a system to install. But that's not good enough. It often involves developing installation software and instructions, which should be treated just like any other software and documentation—and as an integral part of the system. Otherwise they'll be uncontrolled and under-scrutinized—and probably unbudgeted too.
The importance of good installability depends on how many installations there'll be (both discrete sites and number of machines in each site), which organization(s) will be doing them (yours or, if it's a product, a customer), the skills possessed by the installer, the complexity of the system, and the cost if it goes wrong. Installation is often the first a customer sees of a system in the flesh, and if it's awkward or frustrating it can create a negative impression that's very difficult to correct. They might even give up and decide not to install your system at all.
Write an installability requirement for each part of the system that will be installed independently—for example, server software and client software separately.
If you like, you can omit a requirement of this kind and specify only those specific installation features you want, as covered in the Extra Requirements subsection coming up.
An installability requirement should contain:
Which part of the system (or all of it)Different parts of a system might be installed in different ways and at different times, although every part must be installed somehow (otherwise there's no point in having it). Write an installation requirement for each installable unit, and check that every piece of software belongs to one unit or another.
Who can install Who should be able to install this part of the system? What minimum level of skill should they need?
Ease of installation How easy must the software be to install? How smart should installation software be? Don't stray over the line into how the installation itself will happen—that is, its design. Don't go over the top either.
Installation medium (optionally) How do we put the stuff to install into the installer's hands? This is separate from preparing the installation bundle, and it can itself involve a reasonable amount of work. For example, if the software will be downloaded, we must set up a place from which to download it; if we're going to supply the software on CD, we must prepare installation CDs. Avoid mentioning particular media technologies as far as possible.
Summary | Definition |
|---|---|
Client application installability | It shall be possible for the Web Shop client application to be installed by a typical customer who has no special expertise. The installation process shall be convenient and involve the entry of little information by the user. The client application shall be downloaded from the service's Web site. |
Main system installability | It shall be possible for the system's main (server) software to be installed by a competent system administrator who has no previous knowledge of the system or of the third-party products it uses (but who is familiar with the operating system of the machines on which it is to be installed). The software shall be installed from a popular portable medium (such as a CD). |
Installing a system is a complex business, especially if we don't want it to look complex. Consider the following additional aspects, and ask yourself whether they deserve their own requirements:
Installation instructions Even the simplest and easiest installation needs some instructions to tell an installer what to do. This constitutes documentation, so refer to the documentation requirement pattern (in Chapter 5), which has an example requirement for installation instructions.
Authorization to install Is possession of the installable software enough to install the system? If you're selling a product, you might want additional control, such as asking the installer to register the software or enter a license key allocated to them. Even if you allow anyone to install it, you might want to be notified each time it is installed.
Upgrading This is a special case of installing the system when a previous version is already installed. It has its own complications—and they tend to be neglected. See the "Upgrading" subsection in this pattern for further details.
Troubleshooting If something goes wrong during installation, provide ways for the installer (a person) to determine what the problem is and to fix it in as many cases as possible. If not, provide information they can pass on to an expert to assist them. Don't expect installation software to be able to figure out every difficulty, but ask for it to handle anything that has a reasonable chance of going wrong.
Security risks Sloppy installation can have security implications. Consider what they might be for your system, and write requirements to guard against them. For example, you might not want installation software lying around after it's been run (especially powerful general-purpose utilities). Or you could restrict an installer's access to sensitive data.
Training You might need to organize training for the people who will carry out installations, if you have enough of them.
Uninstalling Any piece of software that gets installed might one day need to be uninstalled. How easy it must be to uninstall a piece of software varies greatly depending on its nature. One usually expects a client or desktop application to have a properly packaged uninstall routine that will completely remove it at the click of a button. Expectations of server software are lower and typically nil for systems developed in-house. Write requirements for any uninstall demands you have. Write a separate requirement for each part of the system that has its own uninstall needs—for example, one for a client application and another for server software.
Uninstalling an upgrade can be particularly troublesome (to the extent that it is sometimes impractical), so don't impose unreasonable requirements. For instance, if an upgrade involves converting data, it is normally not necessary to demand a reverse conversion process (because normally no one would need it).
Upgrading We can expect a system to have several upgrades in its lifetime. (It better had—or it'll have a short life expectancy!) When specifying requirements for upgrading, we're not dealing with a particular upgrade but setting rules to be followed by all future upgrades.
The biggest question, when releasing a new version of a system, is: from which previous versions we must be able to upgrade to it? The answer depends on which versions are out there being used. Make sure the system is ready for every likely eventuality but don't go to the trouble of making provision for situations that, while conceivable, will never occur in practice in your environment. If you can, operationally, arrange for every site to upgrade whenever a new version is released; life will be simpler for everyone. Here's an example requirement to let us upgrade from any previous version:
Summary | Definition |
|---|---|
Upgrade from any previous version | When a new version of the main system is released, it shall be possible to upgrade to it from any previous version. |
Instructions and software for upgrading are likely to be different from installing from scratch. They could be so different as to warrant separate instructions and software.
If an upgrade fails, do your utmost to allow the previous release to be still usable. Insist that the system be backed up before starting an upgrade.
It can be irritating when you've gone to a lot of trouble to tweak a system to suit you, only for an upgrade to set them all back to their defaults. If you want to avoid upsetting your users in this way, write a requirement to prevent it, such as this one:
Summary | Definition |
|---|---|
Upgrade not to affect configuration | Installing an upgrade shall not modify existing configuration values. An exception is made for any values that the new version uses in different ways from the previous version. The motivation for this requirement is to avoid wasting the time of users who have spent considerable time configuring the system to suit themselves. |
Treat installation software as seriously as any other software, and treat it as a proper part of the system. Even if it's unsexy, it's still important. Automate as much as is cost-effective.
Create one or more utilities to check if a machine is ready to have the system installed: is there enough space, does it have the right operating system, are all required third-party products installed already, and are any other prerequisites met? Clearly explain every problem discovered.
Provide a reliable way of determining which version of the system is installed on each machine.
If you need to be able to upgrade to the latest version from any previous version, this can be achieved by a series of upgrades. For example, upgrading from version 1 to version 4 can be achieved by upgrading to 2 then 3 then 4. It's not necessary to properly install the software for in-between versions. We're talking mainly about information-related steps: creating database tables, converting data, and such like. This might be the easiest way to achieve upgrades from old versions, but it does mean that no installation software is ever short-lived; it's needed until every site has upgraded to a later version. But beware that upgrading via intermediate versions isn't always ideal. For example, if version 2 simplified some data (say, for performance) and version 3 restored the original complexity (because too much functionality was lost), upgrading from 1 to 3 via might cause loss of data that can be avoided if we go directly from 1 to 3. This might seem like a trivial matter to you, but it won't to users of the system.
If the system is installed on multiple machines, consider what might happen if some run one version of the system and some run another. If they reside in different locations, it might be impractical to upgrade them all at the same time, so you must arrange for old and new versions to run smoothly together.
If installability is important enough to deserve requirements, it deserves to be tested properly, and that means going to the trouble of installing it from scratch purely to test how easy it is.
Test upgrades separately. Test the upgrading to a new version of the system from each previous version that is likely to happen in practice.
Ask the development team for a list of all the files that are loaded or created during the installation process and all the changes that are made to the environment of each machine by the installation. Check that installation makes the expected changes. See if you can detect any additional changes beyond those expected.
Beware of combinatorial explosion if you have several old versions, several machine environments (say, operating systems and/or databases), and several software components installed separately. Do all combinations work together? Does installation of the system work equally well in all cases? It's impossible to test all permutations, but you should prepare several different installation scenarios that together span every individual product and version that must be supported.
Test installation instructions at the same time as performing an installation—if there are instructions. If not, expect the installation to be self-explanatory. Do the same for an upgrade. Check that the instructions do this:
Describe prerequisites. These should explain everything you need before starting the installation and should list everything that should already be installed beforehand.
Adequately explain what the person installing needs to do.
Warn you against things you could easily do wrong during the installation.
State prompts and messages exactly as the installation itself presents them. If the instructions include sample screens, do they look the same as those displayed during the installation? Instructions that are even slightly incompatible can cause confusion.
Describe all the steps in the installation, in the same sequence.
Comprehensively testing installation also involves making mistakes. Draw a flow chart of the steps in the installation process and possible missteps. Consider things that could go wrong. What happens if an installation is abandoned before it finishes? Is it possible to restart it or to remove everything and try again? What happens if you try to install the system in an incorrect environment (for example, trying to use an unsupported version of the database, or with an essential third-party product missing)? Is the installation software smart enough to spot problems?
Test uninstalling the system. If there are requirements that cover uninstallation, test that it works to the degree and level of convenience demanded. If there are no such requirements, test whether uninstallation is practical. After uninstalling the system, verify that no traces of it remain (such as odd configuration files). Then reinstall the system as an extra check that the uninstall didn't leave anything behind.