Skip to content

Non-Functional Requirements

Overview

This section outlines the non-functional requirements for Conference Expo Portal v2.0. These requirements ensure the platform is robust, secure, scalable, and maintainable, and that it meets all relevant compliance obligations.

Performance Requirements

  • The system must provide a response time of less than 500ms for 95% of API requests under normal load.
  • The portal must support at least 200 concurrent users without significant degradation in performance.
  • File uploads and downloads should complete within acceptable timeframes for files up to 1 GB.
  • The dashboard and reporting features should load within 2 seconds for typical event sizes (up to 75 sponsors).

Scalability

  • The platform must support scaling to accommodate growth in user numbers, events, and data volume.
  • Infrastructure should allow for horizontal scaling of application and database layers.
  • The system should support the addition of new features and integrations with minimal disruption.
  • Caching strategies should be used to optimise performance for frequently accessed data.

Security

  • All data in transit must be encrypted using TLS 1.2 or higher.
  • Sensitive data at rest (e.g. passwords, payment tokens) must be encrypted or securely hashed.
  • The system must implement role-based access control for all user actions.
  • Regular security audits and vulnerability assessments must be conducted.
  • The platform must protect against common web vulnerabilities (OWASP Top 10).
  • Audit logs must be maintained for all critical actions and access to sensitive data.
  • Static analysis tools must be used to detect security vulnerabilities in the codebase.

Reliability

  • The system must achieve 99.9% uptime, excluding planned maintenance.
  • Automated monitoring and alerting must be in place for all critical services.
  • The platform must support automated daily backups of all critical data.
  • Disaster recovery procedures must be documented and tested at least annually.
  • The system must degrade gracefully in the event of partial outages.

Maintainability

  • The codebase must follow established coding standards and be well documented.
  • Automated tests must cover all critical business logic and integrations.
  • The system must support zero-downtime deployments for routine updates.
  • Configuration should be managed via environment variables and not hard-coded.
  • The platform must provide clear error messages and logging for troubleshooting.
  • Static analysis tools must be used to enforce code quality and detect vulnerabilities.

Compliance

  • The platform must comply with UK GDPR and other relevant data protection regulations.
  • Data retention and deletion policies must be implemented in line with legal requirements.
  • The system must support user requests for data export and deletion.
  • All third-party integrations must meet relevant compliance standards (e.g. PCI DSS for payments).

Accessibility

  • The platform must comply with WCAG 2.1 AA accessibility standards.
  • All interactive elements must be operable via keyboard navigation.
  • The system must support screen readers and provide appropriate ARIA labels.
  • Sufficient colour contrast must be maintained for all text and interface elements.
  • All images and icons must have meaningful alternative text.
  • Forms must be accessible, with clear labels, instructions, and error messages.
  • Focus indicators must be visible for all interactive elements.
  • Accessibility must be considered in all new features and updates.