Determining Technical Requirements

Posted June 13, 2008

Estimates for software are terrible, terrible things. When I was a budding web developer, I thought I had it pretty much figured out: X hours to solve the stated problem, X hours to write the code and tests, then double the sum (aka, "the optimistic compensation adjustment").

That worked alright when my job was just writing code, but utterly failed when I struck out on my own. Aside from figuring out how to budget for planning, communication, integration, and deployment ... I also realized that I brought a huge number of technical assumptions to the table, and that my assumptions weren't always in line with what the customer needed.

So, over the last several years I've compiled a set of questions that help me better understand the general technical requirements for a project. It isn't comprehensive or complete -- you can't fill out the form, pull a lever, and have an estimate shoot out -- but it is a good starting point, and has helped me quickly figure out a the client's expectations and experience with building web applications.

Chances are you'll have to put on your expert hat and coach your clients through some of these questions (and their implications) ... but that's what they're paying you for, right?

So, without further ado ...


  • What are the minimum requirements for devices and browsers we should support? (eg: a modern computer running IE 6+, FF 2+, or Safari 2+)
  • What accommodations are necessary for impaired individuals? (eg: adjustable font sizes for the visually impaired, tactile interfaces for the blind and deaf)
  • Are there specific accessibility regulations that may apply to this project? (eg: Section 508)

Reliability and Recovery

  • What are the primary usage hours? (eg: business hours across the continental United States)
  • What is the maximum acceptable downtime during primary usage hours? (eg: 4 hours down per month)
  • What disaster scenarios should we have a contingency plan for? (eg: failed hard drive, hurricane, nuclear war)

Performance and Scaling

  • Approximately how many people are expected to interact with the system during peak hours?
  • Approximately how much tabular data will the system be managing? (eg: contact information, dates, product descriptions, etc.)
  • Approximately how much binary data will the system be managing? (eg: photographs, music, video, etc.)
  • How many reports need to be available in real time, and how many can be run in periodic batches?
  • What is the minimum acceptable load time for interactive pages? (eg: a wizard for creating a new member accounts)
  • What is the minimum acceptable load time for data intensive pages (eg: a report, or complex searches across the database)
  • How quickly do you expect the site to grow? (eg: 2000 users within 12 months, 1M photos within 3 years)


  • Will we be managing sensitive information? (eg: passwords, bank account/credit card information, etc.)
  • What are the requirements for encrypting data sent over the public Internet? (eg: checkout process involving credit card transactions)
  • What are the requirements for restricting physical access to the hardware? (eg: sealed cabinet at hardened telco hotel)
  • Is a shared hardware hosting plan acceptable, or are physically separate servers required?
  • Is operating system access control of network resources sufficient, or is a separate hardware firewall device required?
  • What security breaches should we develop contingency plans for? (eg: customer account compromised, theft of physical server)
  • Are there any specific security regulations that may apply to this project? (eg: PCI-DSS, government security clearance)


  • Will this system interact with any other systems? (eg: credit card gateway, LDAP server, Google Maps)
  • What contingency provisions should we have if those systems are not reachable?
  • Will this system provide services for other systems? (eg: this system provides single sign on, or web services for accessing data)


  • Does your company have any specific requirements around languages, protocols, or deployment environments? (eg: Oracle database server, Java EE 5)


  • How comprehensive should the technical documentation be? (eg: inline comments in the source code, UML modeling, interaction diagrams, API documentation, etc.)
Anyone have other things to contribute?

comments powered by Disqus