Lesson 2 – Requirements & Architecture

Lesson 2 of 9

Requirements & Architecture

FR & NFR · SMART · Software Architectures · Why architecture matters for testers

→ next slide | ESC overview

Lesson 1 Reflection

What Is Quality?

Last lesson you wrote down 3 sentences on what quality means to you.

Quality is hard to define but easy to notice when it's missing.

Lesson Plan

Lesson 2: Requirements & Architecture
Focus: FR/NFR and how systems are built

1. Software Requirements — what they are, FR vs NFR, user stories vs requirements

2. SMART Requirements — Specific, Measurable, Achievable, Realistic, Timely

3. Software Architectures — Monolith vs Microservices vs Layered & more

4. Why Architecture Matters — where data flows = where things break

Requirements

What Are Requirements?

Requirements are documented needs that a product or service must satisfy.

Business Requirements The goal — why a change is needed.
High-level, from stakeholders.

"Increase user retention by 20%"

Software / System Requirements The what — detailed enough to code and test from.

"Users can log in with Google OAuth"

Source: BABOK — International Institute of Business Analysis

FR vs NFR

Functional vs Non-Functional

Functional Requirements (FR) Describe what the system must do.

System must allow login with email + password
Users can log in with Google / Facebook / LinkedIn
Users can reset password via email link
Employers can post jobs with title, description, salary

Non-Functional Requirements (NFR) Describe how the system must behave.

System available 99% during business hours
Page loads within 3s for 10,000 concurrent users
Passwords hashed + salted; TLS for all data in transit
App works on Chrome, Firefox, Safari, Edge

User Story vs FR

Don't Confuse These

User Story (high-level intent) "As a registered user, I want to be able to log into my account."

Functional Requirements derived from it:

The system must allow login with email and password
The system must support social login (Google, Facebook, LinkedIn)
Users can reset their password via a verified email link

User stories express intent. Functional requirements specify that behaviour.

Good vs Bad FR

Requirement Quality Examples

Bad ❌	Good ✅
The system should allow users to post jobs.	Employers can post job listings with: job title, description, location, salary range, and job type (full-time / part-time / contract).
Users should be able to search for jobs.	Users can search by keywords and filter by location, salary range, and job type. Results display in a list sortable by relevance, date posted, or salary.

NFR Categories

Non-Functional Requirement Types

AvailabilitySystem accessible when required

PerformanceFunctions timely, minimum resources

SecurityProtected against malicious access

ScalabilityGrows with increased workload

ReliabilityPerforms per spec over time

UsabilityEasy to learn and use

MaintainabilityEasily modified to new requirements

PortabilityTransferable between environments

ComplianceMeets regulatory/legal constraints

Good vs Bad NFR

NFR Quality Examples

Bad ❌	Good ✅
The system must respond quickly.	Each request must be processed within 3 seconds with 10,000 concurrent users on a standard server setup.
The system should be secure.	All user data must be encrypted in transit using TLS 1.2+. Passwords must be hashed with bcrypt (cost factor ≥ 12). CVs accessible only to authorized personnel.

SMART

SMART Requirements

A requirement that isn't SMART can't be tested.

S — SpecificClear, unambiguous, no room for interpretation

M — MeasurableCan be verified — pass/fail, a number, threshold

A — AchievableTechnically and practically possible

R — RealisticWithin scope, budget, and timeline

T — TimelyHas a defined timeframe or version target

SMART in Practice

Is This SMART?

NFR example

Not SMART ❌ "The app should be fast and easy to use on mobile."

SMART ✅ "The mobile app shall load the home screen within 2 seconds on a 4G connection for 95% of users. All primary actions (search, book, pay) shall be reachable within 3 taps from the home screen."

FR example

Not SMART ❌ "Users must be able to reset their password."

SMART ✅ "Registered users can request a password reset by entering their email address. A reset link is sent within 30 seconds and expires after 24 hours. An error message is shown if the email is not registered."

If you can't write a test case for a requirement — the requirement isn't good enough.

Teams Activity

✍️ Live Requirements Rewrite

Read the "bad" requirement below. Rewrite it in SMART format in the chat.

Read the bad requirement
Type your SMART rewrite in the Teams chat
Let's analyse the responses.
What makes it SMART? What's still missing?

Bad requirement to rewrite:
"Users should be able to register quickly and the system should handle errors."

Architecture

What Is Software Architecture?

Software architecture describes the structure of a system — how components are arranged and how they communicate.

Good architecture ensures scalability, maintainability, and adaptability.

🏗️
Monolithic

🔗
Microservices

🎂
Layered

⚡
Event-Driven

☁️
Serverless

🧩
Modular / Monorepo

Monolith vs Microservices

The Big Two

🏗️ Monolithic

One unified app — all code tightly coupled in one deployment.

✓ Simple to develop & deploy for small apps
✓ Easy to test end-to-end
✗ Hard to scale and maintain as it grows
✗ One bug can take down everything
E.g. early e-commerce sites, small web apps

🔗 Microservices

Small independent services that communicate via APIs.

✓ Scalable, independent deployments
✓ Each service can use best-fit tech
✗ Complex deployment and debugging
✗ Network failures, contract mismatches
E.g. Netflix, Amazon, Wolt

Architecture Diagram

Visualising the Difference

Monolithic

┌─────────────────────┐
│      UI (Front)     │
├─────────────────────┤
│  Backend (all logic)│
├─────────────────────┤
│      Database       │
└─────────────────────┘

Microservices

  Browser  Mobile App
    └────────┘
         │
  ┌──────-───────────-┐
  │    API Gateway    │
  │  auth·route·limit │
  └──┬──-─-─┬──────┬──┘
     │      │      │
  [User] [Order]  [Pay]
   DB      DB    Stripe
            │    (async)
   ═══ Message Bus ═══
     │           │
  [Notify]    [Search]
  Email·SMS     DB

For testing:
monolith = one system to test
microservices = each service needs its own tests + integration/contract tests

More Architectures

Layered, Event-Driven, Serverless

🎂 Layered Architecture

Divided into layers: presentation → business logic → data access.
✓ Clear separation, easy to maintain
✗ Can become rigid with tight coupling between layers
E.g. traditional enterprise systems

⚡ Event-Driven

Components react to events (messages, triggers). Loosely coupled.
✓ Excellent for real-time, distributed systems
✗ Event chains are hard to trace and debug
E.g. real-time fintech, IoT platforms

☁️ Serverless

App logic runs as cloud functions. No server management.
✓ Auto-scales, zero infrastructure overhead
✗ Cold starts; suited for small isolated tasks
E.g. AWS Lambda, Google Cloud Functions

🧩 Modular / Monorepo

System as independent modules. All projects in one repo (Monorepo).
✓ Flexible, reusable code, fast CI in Monorepo
✗ Dependency graph management gets complex
Monorepo: Google, Uber, Airbnb.
Modular: Chrome plugins

For Testers

Why Architecture Matters for Testers

Knowing how data flows tells you where things break.

Monolith Implications

All integration in one place — easier to test end-to-end
One deployment = full regression needed
DB schema changes ripple everywhere

Microservices Implications

Contract testing between services becomes critical
Network failures, latency, and timeouts are failure modes
Each service needs isolated tests + integration tests
API versioning pitfalls — breaking changes silently

Ask developers: "Where does data go after this step?" — that single question reveals more bugs than any checklist.

🏗️ Broking Manager Product Architecture

SRS

What Is an SRS Document?

A Software Requirements Specification (SRS) is a document that describes what a system must do and how well it must do it — before anyone writes a single line of code.

What it contains

Purpose and scope of the system
Functional requirements (what it does)
Non-functional requirements (how well)
Architecture overview
Constraints and assumptions

Why it matters for testers

Requirements are the basis for every test case
No SRS = no clear definition of "correct"
Ambiguous requirements = untestable software
It's the contract between business and dev team

We won't build the full SRS in this course, but you need to know what goes in it and be able to write the requirements section.

📄 SRS Example 1 · 📄 SRS Example 2 · 📝 SRS Template (.docx)

Homework

📋 Lesson 2 Homework

Use your own project or cvkeskus.ee if you don't have one yet.

If using cvkeskus.ee, focus on the job search functionality (search bar, filters, results list).

Write the requirements for the project:

5 Functional Requirements — e.g. what the search must do, what filters exist, what a result shows
5 Non-Functional Requirements — e.g. response time, availability, security
All must be SMART — if you can't test it, rewrite it

Architecture:

Sketch an architectural diagram showing the main components
Prepare an explanation of your architecture choice

Submit to Teams assignments.