Business Analysis Approach to Achieve CMMI 2.0 through FURPS+

CMMI Maturity Levels

As a process and behavioral model , Capability Maturity Model Integration (CMMI) has been practicing by so many companies to improve internal disciplines while introducing industry leading practices to each division within in the company. FURPS/FURPS+ is one of industry proven practice which has specifically designed for business analysts to follow when gathering and analyzing requirement based on CMMI practice environment. Therefore, the main objective of this article is to introduce CMMI and lay out detail explanation of adopting FURPS/FURPS+ in to business analysis practices.

As a Business Analyst, I got the opportunity to experience and went through a structural and process changes due to CMMI 2.0 adaptation of the company I’m currently working in. Even though the process is not completed all the milestones of the CMMI road map by the time I’m writing this article, each one of us have a very clear idea about the changes which is happening and going to happen in the future within the company, due to complete transparency that the management maintain with employees.

What is CMMI 2.0?

CMMI is comprised of a set of “Process Areas.” Each Process Area is intended be adapted to the culture and behaviors of your own company. The CMMI is not a process, it is a book of “whats” not a book of “hows,” and does not define how your company should behave. More accurately, it defines what behaviors need to be defined. In this way, CMMI is a “behavioral model” and well as a “process model.”

The CMMI also helps us to identify and achieve measurable business goals, build better products, keep customers happier, and ensure that we are working as efficiently as possible. With five “Maturity Levels” or three “Capability Levels,” the CMMI defines the most important elements that are required to build great products, or deliver great services, and wraps them all up in a comprehensive model.

I won’t dive deep into CMMI maturity models since my intention of this article is to discuss on FURPS/FURPS+. (Will share some resource relate to CMMI at the end of the article)


FURPS is a technique to validate the prioritized requirements after an understanding with client’s needs and necessities. The main focus of this concept has been to identify non-functional requirements and capture it in the requirement document giving the same importance as functional requirements.

The acronym FURPS is

  1. Functionality
  2. Usability
  3. Reliability
  4. Performance
  5. Supportability

You can use this guideline when speaking to stakeholders to ensure that all topics are discussed during the requirement gathering sessions. Make sure that stakeholders understand the costs of their selections and do not end up wanting everything that is on the list.


Been first of the list, it describes usual functionality point of a system that Business Analyst has to focus during a requirement gathering session. Below points have been highlighted to focus more during requirement gatherings to drive the Business Analyst through out functional requirements.

· Feature Set and Capabilities: State the feature list of the system and required capabilities of each functionality.

· Auditing: Is there a need to track who used the system and when they used it? State requirements for providing audit trails when running the system.

· Authentication: Will access to the system be controlled? State requirements for authentication.

· Licensing: Will the system or parts of the system be licensed? If open-source software has been used in the system, have all open-source agreements been respected? State requirements for acquiring, installing, tracking, and monitoring licenses.

· Printing: Will printing capability be required? State requirements for printing.

· Reporting: Is reporting capability required? State requirements for reporting.

· Scheduling: Will certain system actions need to be scheduled? State requirements for scheduling capability.

· Security: Will elements of the system or system data need to be secure? State requirements to protect access to certain resources or information.

  1. Are functional requirements that affect multiple use cases identified? For example, all use cases may be subject to access control, audit trails, general responses to abnormal situations (overflow, communication facilities, error handling and recovery and so on).
  2. For each of these requirements, are they behavioral and could be better captured in a common use case?
  3. For each of these functions, is it clear how input and shared data generate output and shared data?


Usability requirements are critical to the success of any system. Unfortunately, usability requirements are often the most poorly specified requirements. Consider this common requirement: The system shall be easy to use. This doesn’t help much, because it cannot be verified.

While capturing usability requirements, it is a good idea to identify issues and concerns first, and then refine these into verifiable requirements later. According to a traditional definition, usability consists of five factors:

  • Ease of learning: A user with a specified level of experience must be able to learn how to use the system in a specified amount of time.
  • Task efficiency: A user should be able to complete a specified task in a specified time (or number of mouse clicks).
  • Ease of remembering: A user should be able to remember how to accomplish specified tasks after not using the system for a specified period of time.
  • Understandability: A user must be able to understand system prompts and messages and what the system does.
  • Subjective satisfaction: A specified percentage of the user community must express satisfaction with using the system.

You may want to use the following method to identify and specify usability requirements:

  1. Identify the key usability issues by looking at critical tasks, user profiles, system goals, and previous usability problems.
  2. Choose the appropriate style to express the requirements:
  • Performance style: Specify how fast users can learn various tasks and how fast they can perform the tasks after training.
  • Defect style: Rather than measuring task times, identify usability defects and specifies how frequently they may occur.
  • Guideline style: Specify the general appearance and response time of the user interface by reference to an accepted and well-defined standard
  1. Write the actual requirements, including performance criteria.
  2. Are the requirements specified in a way that is verifiable, including metrics and target values?
  3. Have the efficiency and usability factors of user tasks been considered?
  4. Have novice as well as expert users been considered?


Reliability includes the system’s ability to continue running under stress and adverse conditions. In the case of an application, reliability relates to the amount of time that the software is available and running as opposed to time unavailable. Specify reliability acceptance levels, as well as how they will be measured and evaluated. Describe reliability criteria in measurable terms. This is usually expressed as the allowable time between failures or the total allowable failure rate. Other important reliability considerations include:

  • Accuracy: Specify requirements for the precision (resolution) and the accuracy (by some known standard) that is required in any calculation performed or in system output.
  • Availability: Specify requirements for the percentage of time the system is available for use, hours of use, maintenance access, and degraded-mode operations. Availability is typically specified in terms of the Mean Time Between Failures (MTBF).
  • Recoverability: Specify requirements for recovery from failure. This is typically specified in terms of the Mean Time to Repair (MTTR).
  • Frequency and severity of failures: Specify the maximum defect rate (typically expressed as defects/KSLOC or defects/function-point) and severity of failures. Severity may be categorized in terms of minor, significant, and critical defects. The requirements must define each of these terms unambiguously. For example, a critical defect could be defined as one that results in loss of data or complete inability to use certain functionality of the system.
  1. Have reliability requirements been specified as measurable requirements or prioritized design goals?
  2. Is error checking and recovery required?
  3. Are undesired events considered and their required responses specified?
  4. Are initial or special states considered (such as cold starts or abnormal termination)?


  • Response times: Specify the amount of time available for the system to complete specified tasks and transactions (average, maximum). Use units of measurement. Examples:
  • Any interface between a user and the system shall have a maximum response time of 2 seconds.
  • The product shall download the new status parameters within 5 minutes of a change.
  • Throughput: Specify the capacity of the system to support a given flow of information (for example, transactions per second).
  • Capacity: Specify on the volumes that the product must be able to deal with and the numbers of data stored by the product. Make sure that the requirement description is quantified, and thus can be tested. Use unit of measurement such as: the number of customers or transactions the system can accommodate, resource usage (memory, disk, . . . ) or degradation modes (what is the acceptable mode of operation when the system has been degraded in some manner) Examples:
  • The product shall cater for 300 simultaneous users within the period from 9:00 AM to 11 AM.
  • Maximum loading at other periods will be 150.
  • Start-up: The time for the system to start up.
  • Shut-down: The time for the system to shut down.

Have the resource and performance margin requirements been stated (for example speed, response time, recovery time of various software functions)?


  • Adaptability: Are there any special requirements regarding adaptation of the software (including upgrading)? List requirements for the ease with which the system is adapted to new environments.
  • Compatibility: Are there any requirements regarding this system and its compatibility with previous versions of this system or legacy systems that provide the same capability?
  • Configurability: Will the product be configured after it has been deployed? In what way will the system be configured?
  • Installation: State any special requirements regarding system installation
  • Level of Support: What is the level of support that the product requires? This is often done using a Help desk. If there are to be people who provide support for the product, is that support considered part of what you are providing to the customer? Are there any requirements for that support? You might also build support into the product itself, in which case this is the place to write those requirements. Consider the level of support that you anticipate providing and what forms it might take.
  • Maintainability: Are there any special requirements regarding system maintenance? What are the requirements for the intended release cycle for the product and the form that the release will take? Quantify the time necessary to make specified changes to the product. There may also be special requirements for maintainability, such as a requirement that the product must be able to be maintained by its end-users or developers who are not your development team. This has an effect on the way that the product is developed, and there may be additional requirements for documentation or training. Describe the type of maintenance and the amount of effort required. Examples:
  • A new weather station must be able to be added to the system overnight.
  • The maintenance releases will be offered to end-users once a year.
  • Scalability: What volumes of users and data will the system support? This specifies the expected increases in size that the product must be able to handle As businesses grow (or are expected to grow), the software products must increase their capacities to cope with the new volumes. This may be expressed as a profile over time.
  • Testability: Are there any special requirements regarding the testability of the system?
  • Localization: Is there any requirement of localization for the system?
  1. Are there any requirements that will enhance the supportability or maintainability of the system being built?

Interface Requirements (+)

Describe both the user interface and interfaces with external systems.

User interface

Describe requirements related to user interfaces that are to be implemented by the software. The intention of this section is to state the requirements, but not to describe the user interface itself, because interface design may overlap the requirements-gathering process. This is particularly true if you are using prototyping as part of your requirements gathering process. As you develop prototypes, it is important to capture the requirements that relate to the look and feel of the user interface. In other words, be sure that you understand your client’s intentions for the product’s look and feel. Record these as requirements, rather than merely using a prototype for approval.

  • Look and feel: A description of the aesthetic appearance and layout of the interface. Your client may have given you particular demands, such as style, colors, degree of interaction, and so on. This section captures the requirements for the interface, rather than the design for the interface. The motivation is to capture the expectations, the constraints, and the client’s demands for the interface before designing it. Examples:
  • The product shall have the same layout as the district maps from the engineering department.
  • The product shall use the company color.
  • Layout and navigation requirements: Specify requirements on major screen areas and how they should be grouped together.
  • Consistency: Consistency in the user interface enables users to predict what will happen. This section states requirements on the use of mechanisms to be employed in the user interface. This applies both within the system, and with other systems and can be applied at different levels: navigation controls, screen areas sizes and shapes, placements for entering / presenting data, terminology
  • User personalization and customization requirements: Requirements on content that should automatically displayed to users or available based on user attributes. Sometimes users allowed to customize the content displayed or to personalize displayed content.

Interfaces to external systems or devices

  • Software interfaces: Are there any external systems with which this system must interface? Are there any constraints on the nature of the interface between this system and any external system, such as the format of data passed between these systems? Do they use any particular protocol? Describe software interfaces with other components. These may be purchased components, components reused from another application, or components being developed for subsystems outside of the scope of the system under consideration, but with which this it must interact. For each system, consider both provided and required interfaces.
  • Hardware interfaces: Define any hardware interfaces that are to be supported by the software, including logical structure, physical addresses, expected behavior, and so on.
  • Communications interfaces: Describe any communications interfaces to other systems or devices, such as local area networks (LANs), remote serial devices, and so on.
  1. Is it clear how the software interacts with people, the system’s hardware, other hardware, and other software?
  2. Have all critical data elements that cross system boundaries been identified for those scenarios that will be implemented next?

Business Rules (+)

Besides technical requirements also consider the particular business domain in which the system needs to fit.

Business rules or policies that the system must conform to may constrain system functionality. Business rules are referred to by system use cases and can be in the form of decision tables, computation rules, decision trees, algorithms, and so forth. Describing the rules in the flows of the use cases usually clutters the use-case specifications. Therefore, they are normally captured in separate artifacts or as annexes related to the use-case specifications. In many cases, a business rule applies to more than one use case. Shared business rules should be stored in a single repository or document.


As per the conclusion, here what I have summarized all the self studies and articles I read to learn those concepts. Of course, there are content which I have gotten directly from the internet to make sure to give the correct content of each concept without interpreting differently. And also, there are many more things to add into this context which you are free to comment down there.

Clap 👏🏼 for the article if you find it interesting, and share it with your friends. This will motivate me to make more : )

Thanks for reading! If you want to collaborate, talk about Business Analysis and Product Designing, give some suggestions or just want to say hello, hit me up at or connect via LinkedIn or Twitter





Business Analyst by Day | Amateur Writer at Night

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How Google has crushed it with Colaboratory

Understanding Python strings

Idena Chronicles

Slow Developers Destroy Work Ethic

Unix Commands I — cat

The role of custom apps in digital transformation

Cloud-native Hello World for Bioinformatics

Benchmarking with details

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Shashika Nanayakkara`

Shashika Nanayakkara`

Business Analyst by Day | Amateur Writer at Night

More from Medium

[The API Book] Developing a Product Vision

Planning The Training For Developers’ Bootcamp: Challenges, Tips & Tricks

Validating Your Product

Link High Quality Data to Your Favorite Data Software