Strategies for Verifying Non-Functional Requirements
Early in the lifecycle, during the Inception phase, disciplined agile teams will invest some time in initial requirements envisioning and initial architecture envisioning. One of the issues to be considered as part of requirements envisioning is to identify non-functional requirement (NFRs), also called quality of service (QoS) or simply quality requirements. The NFRs will drive many of your technical decisions that you make when envisioning your initial architectural strategy. These NFRs should be captured someone, in a previous blog I explored the options available to you, and implemented during Construction. It isn’t sufficient to simply implement the NFRs, you must also validate that you have done so appropriately. In this blog posting I overview a collection of agile strategies that you can apply to validate NFRs.
A mainstay of agile validation is the philosophy of whole team testing. The basic idea is that the team itself is responsible for validating its own work, they don’t simply write some code and then throw it over the wall to testers to validate. For organizations new to agile this means that testers sit side-by-side with developers, working together and learning from one another in a collaborative manner. Eventually people become generalizing specialists, T-skilled people, who have sufficient testing skills (and other skills).
Minimally your developers should be performing regression testing to the best of their ability, adopting a continuous integration (CI) strategy in which the regression test suite(s) are run automatically many times a day. Advanced agile teams will take a test-driven development (TDD) approach where a single test is written just before sufficient production code which fulfills that test. Regardless of when tests are written by the development team, either before or after the writing of the production code, some tests will validate functional requirements and some will validate non-functional requirements.
Whole team testing is great in theory, and it is strategy that I wholeheartedly recommend, but in some situations it proves insufficient. It is wonderful to strive to have teams with sufficient skills to get the job done, but sometimes the situation is too complex to allow that. There are some types of NFRs which require significant expertise to address properly: NFRs pertaining to security, usability, and reliability for example. To validate these types of requirements, worse yet even to identify them, requires skill and sometimes even specialized (read expensive) tooling. It would be a stretch to assume that all of your delivery teams will have this expertise and access to these tools.
Recognizing that whole team testing may not sufficiently address validating NFRs many organizations will supplement their whole team testing efforts with parallel independent testing . With this approach a delivery team makes their working builds available to a test team on a regular basis, minimally at the end of each iteration, and the testers perform the types of testing on it that the delivery team is either unable or unlikely to perform. Knowing that some classes of NFRs may be missed by the team, independent test teams will look for those types of defects. They will also perform pre-production system integration testing and exploratory testing to name a few. Parallel independent testing is also common in regulatory compliance environments.
From a verification point of view some agile teams will perform either formal or informal reviews. Experienced agilists prefer to avoid reviews due to their inherently long feedback cycle, which increases the average cost of addressing found defects, in favor of non-solo development strategies such as pair programming and modeling with others. The challenge with non-solo strategies is that managers unfamiliar with agile techniques, or perhaps the real problem is that they’re still overly influenced by disproved traditional theories of yesteryear, believe that non-solo strategies reduce team productivity. When done right non-solo strategies increase overall productivity, but the political battle required to convince management to allow your team to succeed often isn’t worth the trouble.
Another strategy for validating NFRs code analysis, both dynamic and static. There is a range of analysis tools available to you that can address NFR types such as security, performance, and more. These tools will not only identify potential problems with your code many of them will also provide summaries of what they found, metrics that you can leverage in your automated project dashboards. This strategy of leveraging tool-generated metrics such as this is a technique which IBM calls Development Intelligence and is highly suggested as an enabler of agile governance in the DAD framework. Disciplined agile teams will include invocation of code analysis tools from you CI scripts to support continuous validation throughout the lifecycle.
Your least effective validation option is end-of-lifecycle testing, in the traditional development world this would be referred to as a testing phase. The problem with this strategy is that you in effect push significant risk, and significant costs, to the end of the lifecycle. It has been known for several decades know that the average cost of fixing defects rises the longer it takes you to identify them, motivating you to adopt the more agile forms of testing that I described earlier. Having said that I still run into organizations in the process of adopting agile techniques that haven’t really made embraced agile, as a result still leave most of their testing effort to the least effective time to do such work. If you find yourself in that situation you will need to validate NFRs in addition to functional requirements.
To summarize, you have many options for validating NFRs on agile delivery teams. The secret is to pick the right one(s) for the situation that you find yourself in. The DAD framework helps to guide you through these important process decisions, describing your options and the trade-offs associated with each one. For a more detailed discussion of agile validation techniques you may find my article Agile Testing and Quality Strategies to be of value.