Introduction — Why Requirements Matter
Here is a statistic that should alarm every software professional: according to the Standish Group's CHAOS Report, over 60% of software project failures trace back not to bad code, not to poor architecture, not to infrastructure problems — but to requirements issues. Incomplete requirements. Ambiguous requirements. Wrong requirements. Missing requirements.
The cost multiplier is devastating. A requirements error caught during the requirements phase itself costs roughly $1 to fix. Caught during design, it costs $5. During coding, $10. During testing, $20. In production? $100 to $1,000. This is the famous "1-10-100" rule, validated repeatedly by researchers from Barry Boehm (1981) to modern empirical studies.
The Requirements Gap
The requirements gap is the distance between what stakeholders actually need and what the development team actually builds. This gap exists because:
- Stakeholders can't articulate what they want — they know it when they see it, but they can't describe it precisely in advance
- Engineers assume context — they fill in gaps with their own assumptions, often incorrectly
- Language is inherently ambiguous — the word "fast" means something different to a UX designer, a database administrator, and an end user
- Requirements change — the business environment shifts, competitors launch new features, regulations evolve
- Translation loss — every time requirements pass from one person to another (stakeholder → analyst → architect → developer), information degrades
flowchart LR
A[What stakeholders
actually need] --> B[What stakeholders
say they want]
B --> C[What analysts
document]
C --> D[What architects
design]
D --> E[What developers
build]
E --> F[What users
actually get]
style A fill:#3B9797,color:#fff
style F fill:#BF092F,color:#fff
At every arrow in this diagram, information is lost, assumptions are injected, and the gap widens. Requirements engineering exists to minimise this gap systematically.
What Are Requirements?
Requirements answer the question: "What should the system do?" — not "How should the system do it?" This distinction is fundamental. Requirements live in the problem space; solutions live in the solution space.
Consider these examples:
- Requirement: "Customers must be able to track their order status in real time."
- NOT a requirement: "The system shall use WebSockets to push order status updates to a React frontend component."
The first describes a user need. The second describes an implementation decision. Both are valid and necessary — but they belong in different documents, are owned by different people, and change for different reasons.
The Bridge Metaphor
Think of requirements as a bridge between two worlds that speak different languages:
- The Business World — speaks in terms of revenue, customers, compliance, competitive advantage, user satisfaction
- The Engineering World — speaks in terms of APIs, databases, latency, throughput, error handling, scalability
Requirements are the translation layer. They take business intent and express it in terms precise enough for engineers to build against, while remaining understandable to business stakeholders. This dual-audience nature is what makes requirements hard.
Requirements vs Specifications
Many engineers use "requirements" and "specifications" interchangeably. This is a mistake that leads to confusion, scope creep, and miscommunication. They are different artefacts with different purposes.
A requirement says what the user needs. A specification says precisely how the system will satisfy that need at the boundary between the system and its environment.
Here is a concrete example:
Notice the leap in precision. The specification adds timing constraints, security properties, rate limiting, and specific trigger conditions — all of which are engineering decisions that refine the original user need.
Comparison Across Dimensions
| Dimension | Requirements | Specifications |
|---|---|---|
| Audience | Business stakeholders, product owners, users | Engineers, architects, QA teams |
| Language | Natural language, business terminology | Precise, often using SHALL/SHOULD/MAY (RFC 2119) |
| Detail Level | High-level intent and constraints | Detailed behaviour at system interfaces |
| Ownership | Product owner / business analyst | Systems engineer / architect |
| Stability | Changes with business needs (moderate churn) | Changes with design decisions (higher churn) |
| Testability | Often qualitative ("easy to use") | Always quantitatively verifiable |
| Perspective | Problem space (what the world needs) | Solution space (what the system does) |
| Example Format | User stories, use cases | SRS sections, interface contracts |
Functional vs Non-Functional Requirements
Requirements divide into two fundamental categories: functional (what the system does) and non-functional (how well the system does it). This distinction shapes architecture, testing strategies, and project priorities.
Functional Requirements
Functional requirements describe specific behaviours or functions of the system — the features users interact with directly. They answer: "What should the system do when X happens?"
- Users can create an account with email and password
- The system processes credit card payments via Stripe
- Administrators can export reports as CSV files
- The search function returns results ranked by relevance
- Users receive email notifications when their order ships
Non-Functional Requirements (Quality Attributes)
Non-functional requirements (NFRs) describe qualities or constraints on how the system performs its functions. They are often called "quality attributes" or "-ilities" (reliability, scalability, maintainability, etc.).
| NFR Category | Description | Example | How to Measure |
|---|---|---|---|
| Performance | Speed and throughput | Page loads in <2 seconds at P95 | Load testing, APM metrics |
| Scalability | Handling growth in load | Support 10,000 concurrent users | Stress testing, auto-scaling metrics |
| Reliability | Consistency of correct operation | 99.9% uptime (8.76 hours downtime/year) | Uptime monitoring, MTBF |
| Security | Protection against threats | All data encrypted at rest (AES-256) | Penetration testing, audits |
| Usability | Ease of use | New users complete onboarding in <5 minutes | User testing, SUS score |
| Maintainability | Ease of modification | New payment provider integrates in <2 sprints | Code complexity metrics, change lead time |
| Portability | Adaptability to environments | Runs on AWS, Azure, and GCP | Deployment testing across platforms |
| Accessibility | Usability for all users | WCAG 2.1 AA compliance | Automated a11y scanning, manual audit |
The FURPS+ Model
Hewlett-Packard developed FURPS+ as a comprehensive classification system for requirements. It remains widely used in enterprise software:
- F — Functionality (features, capabilities, security)
- U — Usability (aesthetics, consistency, documentation, responsiveness)
- R — Reliability (availability, failure rate, recoverability, predictability)
- P — Performance (speed, throughput, capacity, resource consumption)
- S — Supportability (testability, extensibility, adaptability, maintainability, configurability)
- + — Design constraints, implementation constraints, interface requirements, physical requirements
The "+" covers constraints that don't fit neatly into the five categories — things like "must use Java 17", "must integrate with SAP", or "must run on hardware with ≤ 512MB RAM".
Requirements Elicitation Techniques
Elicitation is the process of drawing out requirements from stakeholders, domain experts, and existing systems. It's harder than it sounds — stakeholders often don't know what they need, can't articulate what they know, or disagree with each other.
| Technique | Description | Best For | Limitations |
|---|---|---|---|
| Interviews | One-on-one structured or semi-structured conversations | Deep understanding of individual perspectives | Time-intensive, subject to interviewer bias |
| Surveys | Questionnaires distributed to large groups | Gathering data from many stakeholders quickly | Shallow responses, low response rates |
| Observation | Watching users perform their current tasks | Uncovering implicit/tacit knowledge | Hawthorne effect, time-consuming |
| Prototyping | Building quick mockups for feedback | Validating UI/UX assumptions early | Can anchor stakeholders to prototype limitations |
| Workshops | Facilitated group sessions (JAD sessions) | Resolving conflicts, building consensus | Dominant personalities can skew outcomes |
| Use Cases | Structured descriptions of actor-system interactions | Complex workflows with multiple actors | Can become overly detailed, hard to maintain |
| User Stories | "As a [role], I want [goal] so that [benefit]" | Agile teams, incremental delivery | Too brief for complex or safety-critical systems |
| Domain Analysis | Studying existing systems, regulations, standards | Compliance-heavy domains (healthcare, finance) | May inherit legacy assumptions |
Choosing the Right Technique
In practice, you combine multiple techniques. A typical elicitation strategy might look like:
- Domain analysis first — understand the landscape before talking to people
- Interviews with key stakeholders — build rapport, uncover high-level needs
- Workshops to resolve conflicts between stakeholder groups
- Prototyping to validate understanding — "Is this what you meant?"
- User stories or use cases to document agreed requirements
- Observation to catch what people forgot to mention
The WRSPM Reference Model
The WRSPM model (pronounced "wrist-pm") is a formal reference framework from requirements engineering that clarifies where requirements fit in the relationship between the real world and software. It was developed by Gunter, Gunter, Jackson, and Zave (2000) and remains one of the most rigorous ways to think about what requirements really mean.
The Five Layers
W — World (Domain/Environment): The real-world environment in which the system operates. This includes physical laws, business rules, human behaviour, organisational policies, and domain knowledge that exists independently of the software. World assumptions are things we take for granted — gravity exists, users have email addresses, banks close on weekends.
R — Requirements: What stakeholders need the system to achieve in the world. Requirements describe desired changes to the world state. "Customers can track their packages" is a requirement — it describes something that should be true in the world.
S — Specifications: The precise description of system behaviour at the interface boundary between the software and the environment. Specifications describe what the system does in response to inputs and what outputs it produces — expressed solely in terms of phenomena observable at that interface.
P — Program (Software): The actual implementation — source code, algorithms, data structures, frameworks. The program is the engineer's creation that (hopefully) satisfies the specification.
M — Machine (Hardware/Platform): The computing platform on which the program executes — servers, operating systems, networks, devices. Machine properties include processing speed, memory limits, network latency, and failure modes.
flowchart LR
W["W
World
(Environment)"] <--> R["R
Requirements
(Stakeholder Needs)"]
R <--> S["S
Specifications
(System Interface)"]
S <--> P["P
Program
(Software)"]
P <--> M["M
Machine
(Hardware)"]
style W fill:#3B9797,color:#fff
style R fill:#16476A,color:#fff
style S fill:#132440,color:#fff
style P fill:#BF092F,color:#fff
style M fill:#666666,color:#fff
The Key Insight: Separation of Concerns
The power of WRSPM is that it forces you to ask: Which layer am I working in right now? Problems arise when layers are conflated:
- Confusing R with S: Writing specifications when you should be understanding requirements (premature solution design)
- Confusing W with R: Treating domain assumptions as requirements (they're not — they're givens)
- Confusing S with P: Putting implementation details in specifications (over-constraining the solution)
- Ignoring W: Building a system that works perfectly in theory but fails in the real world because world assumptions were wrong
Variables and Interfaces
WRSPM introduces four types of variables that describe how information flows between the world and the machine:
| Variable Type | Direction | Description | Example (Thermostat) |
|---|---|---|---|
| Monitored Variables | World → System | Real-world phenomena the system observes | Room temperature |
| Controlled Variables | System → World | Real-world phenomena the system changes | Heater on/off state |
| Input Variables | Environment → Machine | Data received by the program (sensor readings) | Digital temperature reading (22.5°C) |
| Output Variables | Machine → Environment | Data sent from the program (commands) | Relay control signal (HIGH/LOW) |
The distinction between monitored/controlled and input/output variables is crucial. Monitored and controlled variables exist in the world — they're real physical phenomena. Input and output variables exist at the machine interface — they're digital representations. The gap between them is where sensors, actuators, and physical constraints live.
Concrete Example: Smart Thermostat
Smart Home Thermostat
Let's apply all five WRSPM layers to a smart thermostat system:
- W (World): Rooms have thermal mass. Heat dissipates. Outside temperature varies. Humans have comfort preferences (typically 20-22°C). Heaters have lag time. Electricity costs vary by time of day.
- R (Requirements): The home should maintain a comfortable temperature. Energy costs should be minimised. Users should be able to set schedules. The system should learn user preferences over time.
- S (Specifications): The system SHALL maintain room temperature within ±1°C of the setpoint. The system SHALL activate the heater when temperature drops 0.5°C below setpoint. The system SHALL provide a REST API for schedule configuration. Response time for temperature queries SHALL be <200ms.
- P (Program): PID control algorithm, machine learning model for schedule prediction, REST API server, mobile app, database for historical data.
- M (Machine): Raspberry Pi 4, DHT22 temperature sensor (±0.5°C accuracy), relay module, Wi-Fi connectivity, 5V power supply.
flowchart TD
subgraph World
A[Room Temperature
Monitored Variable]
B[Heater State
Controlled Variable]
C[User Comfort
Preference]
end
subgraph Interface
D[Sensor Reading
Input Variable]
E[Relay Signal
Output Variable]
F[API Request
Input Variable]
end
subgraph Machine
G[PID Algorithm]
H[Schedule Engine]
I[REST API Server]
end
A -->|DHT22 Sensor| D
D --> G
G --> E
E -->|Relay Module| B
C -->|Mobile App| F
F --> H
H --> G
Notice how the world assumptions (thermal mass, lag time) affect the specification (±1°C tolerance, 0.5°C hysteresis). If we ignored the world — for instance, assuming instant heating — our specification and program would fail in reality.
WRSPM Applied: Real-World Systems
Example 1: ATM System
Automated Teller Machine (ATM)
The ATM is a classic requirements engineering example because it has clear physical-digital boundaries.
- W (World): Banks have accounts with balances. Customers have PINs and cards. Physical cash exists in denominations. Banks have daily withdrawal limits. Network connections can fail. Criminals attempt fraud.
- R (Requirements): Customers must be able to withdraw cash from their account. The system must prevent unauthorised access. Transactions must be atomic (no partial withdrawals). The system must be available 24/7.
- S (Specifications): The system SHALL authenticate users via 4-digit PIN with max 3 attempts before card capture. Withdrawals SHALL be dispensed in multiples of £10. The system SHALL communicate with the bank's core system via ISO 8583 messages. If network connectivity is lost, the system SHALL queue transactions for ≤ 5 minutes before declining.
- P (Program): Transaction processing engine, PIN verification module, cash dispensing controller, receipt printer driver, network communication stack, transaction log.
- M (Machine): Industrial PC, card reader (EMV chip + magnetic stripe), PIN pad (encrypted, PCI-DSS compliant), cash dispenser (note counter, reject bin), receipt printer, network interface (primary + fallback).
Where WRSPM catches gaps: Consider the world assumption "physical cash exists in denominations." If the ATM only stocks £20 notes, a customer requesting £30 cannot be served — even though the requirement ("withdraw cash") is met and the software is correct. The gap is between W (available denominations) and R (any amount withdrawal). Without explicitly modelling the world, this gap hides until deployment.
Example 2: Ride-Sharing Application
Ride-Sharing App (Uber-like)
A modern ride-sharing app demonstrates WRSPM in a complex distributed system context.
- W (World): Roads have traffic. GPS has ±5m accuracy in cities (worse in urban canyons). Drivers are independent contractors (not employees). Passengers may cancel. Surge pricing depends on supply/demand. Local regulations vary by city. Payment processors have latency.
- R (Requirements): Passengers can request rides and be matched with nearby drivers. Passengers can see estimated arrival time and fare. Drivers can accept or decline ride requests. Payments are processed automatically after ride completion. Both parties can rate each other.
- S (Specifications): The system SHALL match passengers with the nearest available driver within a 5km radius within 30 seconds. ETA estimates SHALL be accurate within ±3 minutes for trips under 30 minutes. The system SHALL process payment within 60 seconds of ride completion. Driver location SHALL be updated every 4 seconds via GPS. The system SHALL handle 100,000 concurrent ride requests globally.
- P (Program): Microservices architecture — matching service (graph algorithms), pricing service (dynamic pricing ML model), payment service (Stripe/payment gateway integration), location service (geospatial indexing), notification service (push notifications), rating service.
- M (Machine): Cloud infrastructure (AWS/GCP), CDN for static assets, Redis for real-time location cache, PostgreSQL for transactional data, Kafka for event streaming, mobile devices (iOS/Android) with GPS and cellular connectivity.
Where WRSPM catches gaps: The world assumption "GPS has ±5m accuracy" directly impacts the specification. If the matching algorithm assumes exact driver positions, it will make poor matches in areas with GPS inaccuracy (tunnels, downtown high-rises). By explicitly modelling the world, the specification accounts for location uncertainty — perhaps requiring drivers to confirm they've arrived rather than relying purely on GPS proximity.
The Requirements Engineering Frameworks Landscape
WRSPM is the primary reference model for this article — but it sits within a rich ecosystem of frameworks, each approaching the requirements problem from a different angle. Some use formal mathematics to prove correctness; others use visual models, agile backlogs, or goal hierarchies. Understanding the landscape lets you choose the right tool for your context — or combine tools from multiple traditions.
The frameworks organise into four broad categories:
| Category | Framework | Core Focus | Best Suited For |
|---|---|---|---|
| Formal & Academic | |||
| Formal | WRSPM (Zave & Jackson) | Environment-to-machine chain | Safety-critical, embedded, rigorous analysis |
| Formal | Four-Variable Model (Parnas) | Monitored/controlled variable relationships | Real-time and safety-critical systems |
| Formal | Twin Peaks (Nuseibeh) | Co-evolution of requirements and architecture | Complex systems, evolutionary development |
| Formal | KAOS Framework | Goal refinement to system constraints | Safety/security requirements, regulated domains |
| Methodological & Conceptual | |||
| Conceptual | Jackson's Problem Frames | Problem archetypes (behaviours, commands, information) | Understanding problem structure before solution |
| Goal-Oriented | GORE / i* Framework | Actor intentions, goals, tasks, resources | Enterprise systems, stakeholder analysis |
| Object-Oriented | Use Case / Actor-Boundary (UML) | Actor interactions at system boundary | Business workflows, OO design alignment |
| Model-Driven & MBSE | |||
| MBSE | SysML | Integrated requirements + parametric + behavioural models | Systems engineering, aerospace, defence |
| MBSE | Capella / Arcadia | Four-layer operational-to-physical decomposition | Complex engineered systems (transport, energy) |
| MBSE | CIM / MDA (OMG) | Platform-independent business model | Enterprise architecture, technology-neutral specs |
| Agile & Iterative | |||
| Agile | BDD / Gherkin | Executable specifications as Given/When/Then tests | Agile teams, test-driven development |
| Agile | User Story Mapping | User journey backbone with prioritised backlog slices | Product discovery, release planning |
Formal & Academic Reference Models
Formal reference models apply mathematical rigour to requirements engineering — using logic, set theory, and formal semantics to make requirements reasoning precise and verifiable. They dominate in safety-critical domains where ambiguity is unacceptable.
The Four-Variable Model (Parnas & Madey)
Published by David Parnas and Jan Madey in 1995, the Four-Variable Model predates WRSPM and provides a mathematical framework for understanding how software systems relate to their environment. It defines four sets of variables:
- Monitored (MON): Environmental quantities the system observes but cannot change — temperature, pressure, user inputs, arriving packets
- Controlled (CON): Environmental quantities the system changes — actuator positions, display content, output files, signals sent
- Input (IN): Digital representations of monitored variables as seen by the program — the ADC reading, the parsed HTTP request
- Output (OUT): Digital representations of what the program sends to the environment — the control word written to a register, the HTTP response bytes
The model expresses four fundamental relationships:
| Relationship | Maps From → To | Represents | Example (Thermostat) |
|---|---|---|---|
| REQ | MON → CON | What the system must achieve in the world | Room temperature → Heater state |
| NAT | MON → IN | Natural (physical) sensing process | Temperature → ADC reading |
| SOFT | IN → OUT | The software specification | ADC reading → Relay control word |
| NAT' | OUT → CON | Physical actuation process | Relay control word → Heater state |
flowchart TD
MON["Monitored Variables"]
IN["Input Variables"]
SOFT["SOFT — Software"]
OUT["Output Variables"]
CON["Controlled Variables"]
MON -->|"NAT: Physical sensing"| IN
IN --> SOFT
SOFT --> OUT
OUT -->|"NAT': Physical actuation"| CON
MON -.->|"REQ: desired relationship"| CON
style MON fill:#3B9797,color:#fff
style IN fill:#16476A,color:#fff
style SOFT fill:#BF092F,color:#fff
style OUT fill:#16476A,color:#fff
style CON fill:#3B9797,color:#fff
Compared to WRSPM, the Four-Variable Model focuses specifically on the sensing and actuation relationships between world and machine. Where WRSPM's W layer captures the entire domain context, the Four-Variable Model drills into the precise mathematical relationships between observed phenomena and system actions — making it the preferred foundation for formally verified real-time control systems.
The Twin Peaks Model (Nuseibeh)
Bashar Nuseibeh proposed the Twin Peaks model in 2001 to address a fundamental weakness in linear requirements engineering: the assumption that requirements must be complete before architecture begins. He observed that in practice, requirements and architectural design must evolve together in progressive feedback loops.
flowchart LR
R1["Requirements v1"] -->|"Arch constraints"| A1["Architecture v1"]
A1 -->|"Reveals req gaps"| R2["Requirements v2"]
R2 -->|"Refines arch"| A2["Architecture v2"]
A2 -->|"Validates feasibility"| R3["Requirements v3"]
R3 -->|"Finalises design"| A3["Architecture v3"]
style R1 fill:#16476A,color:#fff
style R2 fill:#16476A,color:#fff
style R3 fill:#16476A,color:#fff
style A1 fill:#3B9797,color:#fff
style A2 fill:#3B9797,color:#fff
style A3 fill:#3B9797,color:#fff
The Twin Peaks model has strong practical support. It aligns with the reality of agile development — where sprints involve both refining requirements and designing architecture — and with modern systems engineering practices like iterative prototyping and architectural spikes.
Where it complements WRSPM: WRSPM defines the layers (W, R, S, P, M) and their logical relationships at a point in time. Twin Peaks describes the process by which those layers are populated and refined. You can apply WRSPM to understand what layer you're working in, while Twin Peaks explains how you move between those layers iteratively over multiple sprints.
KAOS: Goal-Oriented Requirements Engineering
KAOS (Keep All Objectives Satisfied) is a formal goal-oriented requirements engineering framework. Where WRSPM starts from the environment and asks "what phenomena must the system monitor and control?", KAOS starts from strategic objectives and asks "what goals must the system achieve, and how do we decompose them into precise requirements?"
KAOS structures requirements around a goal refinement tree:
- Goals — High-level objectives expressed in linear temporal logic: "The train shall always stop before a closed barrier"
- Sub-goals — Refined decompositions (AND/OR) until goals are assigned to individual agents
- Agents — Components responsible for satisfying goals (software components, humans, devices)
- Operations — Behaviours of agents that satisfy assigned goals
- Obstacles — Conditions that prevent goal achievement, used for safety hazard analysis
flowchart TD
G0["Passengers reach destinations safely"]
G0 -->|"AND"| G1["Train stops when obstacle detected"]
G0 -->|"AND"| G2["Speed stays within limits"]
G1 -->|"AND"| G3["Obstacle sensor reports hazards within 500ms"]
G1 -->|"AND"| G4["Brake system activates within 200ms"]
G2 -->|"ASSIGN TO"| G5["Agent: Speed Controller"]
G3 -->|"OBSTACLE"| O1["Obstacle: Sensor blocked by debris"]
O1 -->|"RESOLUTION"| G3
style G0 fill:#132440,color:#fff
style G1 fill:#16476A,color:#fff
style G2 fill:#16476A,color:#fff
style G3 fill:#3B9797,color:#fff
style G4 fill:#3B9797,color:#fff
style G5 fill:#BF092F,color:#fff
style O1 fill:#666666,color:#fff
KAOS is particularly powerful for safety and security requirements — the obstacle analysis forces engineers to enumerate what could go wrong, producing a comprehensive hazard register alongside the requirements. Industrial tools like DOORS and ObJECTive KAOS support KAOS modelling at scale. The Trace-Based Reification Model extends KAOS by using execution traces and reachability rules to formally verify that goal refinements are mathematically consistent with the WRSPM chain.
Methodological & Conceptual Alternatives
While formal models focus on mathematical rigour, methodological frameworks focus on how to structure the thinking process around requirements — how to decompose a problem, how to model stakeholder relationships, and how to translate between problem and solution spaces.
Jackson's Problem Frames
Michael Jackson developed Problem Frames as the sister methodology to WRSPM. While WRSPM defines what requirements engineering must achieve (the W→R→S→P→M chain), Problem Frames provide a systematic way to classify and decompose the problem before choosing a solution.
The core insight is that most software problems are instances of a small set of standard archetypes. Recognising the archetype tells you what questions to ask, what world assumptions to document, and what specification structure to use:
| Frame | Problem Type | Machine Controls | Example |
|---|---|---|---|
| Required Behaviour | Make the real world behave in a certain way autonomously | Physical processes (causal) | Traffic light controller, HVAC system |
| Commanded Behaviour | Enable a user to control real-world behaviour | Causal domain + human operator | Industrial process control, CAD tool |
| Information Display | Keep a display in sync with the world | Lexical domain (display state) | Stock ticker, patient monitoring display |
| Transformation | Convert existing data into a different form | Lexical input/output data | Compiler, report generator, ETL pipeline |
| Workpieces | Create and edit a persistent model | Lexical data structures | Word processor, database editor, IDE |
Most real systems are composite frames — combinations of several archetypes. An e-commerce checkout, for example, combines Transformation (cart → order), Information Display (inventory levels), and Required Behaviour (payment processing) frames. By identifying the component frames, you can apply the appropriate requirements technique to each part independently.
Goal-Oriented Requirements Engineering (GORE) & i*
Goal-Oriented Requirements Engineering (GORE) shifts the fundamental question from "What should the system do?" to "Why is this system needed, and what goals must it achieve?" It treats requirements as goals at different levels of abstraction, progressively refined from strategic business objectives to precise system behaviours.
- Goals: Objectives stakeholders want the system to achieve — "Reduce order processing time by 50%"
- Tasks: Specific ways of achieving goals — "Automate order validation"
- Resources: Physical or informational entities needed — "Order database", "Payment processor"
- Softgoals: Quality goals without clear satisfaction criteria — "System should be maintainable" (no binary pass/fail)
- Conflicts: Where one goal's achievement degrades another — security vs. usability, performance vs. cost
The i* (i-star) framework, developed by Eric Yu, is a prominent GORE technique that models the environment as a network of interdependent social actors. Rather than treating the software system in isolation, i* models the entire socio-technical system: who the actors are, what they want, and how they depend on each other. It produces two models:
- Strategic Dependency (SD) model: Shows relationships between actors — which actor depends on which other for what goal, task, or resource
- Strategic Rationale (SR) model: Shows the internal reasoning of each actor — how their goals, tasks, resources, and softgoals interrelate
i* is particularly useful for requirements in multi-stakeholder systems where organisational politics and competing objectives are as important as technical constraints — enterprise ERP systems, healthcare platforms, government services.
Use Case / Actor-Boundary Model (UML)
The Use Case model, formalised in UML, is the most widely used requirements notation in object-oriented software development. It provides a pragmatic, widely-understood notation for capturing actor-system interactions at the system boundary — bypassing the deep environmental modelling of WRSPM in favour of communication clarity.
| Element | Meaning | Maps to WRSPM |
|---|---|---|
| Actor | External entity (human or system) that interacts with the system | Part of W (World) — external participants |
| Use Case | A specific interaction or function visible to actors | Part of R/S — observable system behaviour |
| System Boundary | The box separating the system from its environment | The W↔S interface in WRSPM |
| «include» | One use case always includes another | Decomposition within S |
| «extend» | One use case optionally extends another under conditions | Conditional paths within S |
The Use Case model's strength is communication clarity with non-technical stakeholders. Its weakness — which WRSPM explicitly addresses — is that it says little about world assumptions: what environmental context makes actors behave as they do, what physical constraints bound the system, and what happens when the real world doesn't conform to the model.
Model-Driven Architecture & MBSE Approaches
Model-Based Systems Engineering (MBSE) replaces text-heavy specifications with formal, integrated digital models that link requirements, architecture, behaviour, and verification in a single authoritative source. These approaches dominate in systems engineering domains — aerospace, defence, automotive, and complex infrastructure.
SysML — Systems Modeling Language
SysML is a visual modelling language (an extension of UML) specifically designed for systems engineering. Its key innovation is the Requirements Diagram — a first-class diagram type that connects natural-language requirements directly to the architectural and behavioural elements that satisfy them, enabling automated traceability checking.
| Diagram Type | Purpose | Requirements Relevance |
|---|---|---|
| Requirements Diagram | Captures requirements and their relationships | Primary requirements artefact — traces REQ to tests |
| Block Definition Diagram (BDD) | System structure and component relationships | Links requirements to satisfying architectural elements |
| Parametric Diagram | Constraints on system parameters (performance, safety) | Formalises NFR constraints as equations |
| Use Case Diagram | Actor-system interactions | Functional requirements capture |
| Activity Diagram | Process flows and data transformations | Behavioural specifications |
SysML models in tools like Cameo Systems Modeler or IBM Rhapsody support automated traceability checking — verifying that every requirement traces to a satisfying architectural element and a verifying test case. This automation is what makes MBSE attractive for large, complex programmes where manual traceability is impractical.
Capella & the Arcadia Method
Capella is an open-source MBSE workbench (developed by Thales) that implements the Arcadia method — a structured, four-layer approach that begins with operational analysis and progressively refines to physical implementation. Each layer answers a specific question:
flowchart TD
OA["OA: Operational Analysis"]
SA["SA: System Needs Analysis"]
LA["LA: Logical Architecture"]
PA["PA: Physical Architecture"]
OA -->|"Operational needs inform system missions"| SA
SA -->|"Functions allocated to logical blocks"| LA
LA -->|"Logical components realised physically"| PA
style OA fill:#3B9797,color:#fff
style SA fill:#16476A,color:#fff
style LA fill:#132440,color:#fff
style PA fill:#BF092F,color:#fff
The Arcadia layers map naturally to the WRSPM chain: Operational Analysis corresponds to W (world and stakeholders), System Needs to R (requirements), Logical Architecture to S (specifications), and Physical Architecture to P/M (program and machine). Capella enforces traceability between layers, making it possible to trace any hardware choice back to the original operational need that justified it.
CIM / MDA — Computation Independent Model
The Object Management Group's Model-Driven Architecture (MDA) framework decomposes the modelling space into three levels of abstraction, separating business concerns from technical implementation:
| Level | Model Type | Describes | Maps to WRSPM |
|---|---|---|---|
| CIM | Computation Independent Model | Business environment — completely independent of any software or technology | W (World) and R (Requirements) |
| PIM | Platform Independent Model | System logic and structure, independent of specific platform | S (Specifications) |
| PSM | Platform Specific Model | System realised on a specific technology (Java, .NET, cloud) | P (Program) and M (Machine) |
MDA's key contribution to requirements engineering is the CIM — a model of the business world that is entirely independent of any software decision. By maintaining an explicit CIM, organisations can change their technology stack (PSM) without affecting core business rules (CIM), and can validate that every system capability traces to a genuine business need.
Agile & Iterative Requirements Frameworks
Agile frameworks embrace change as a constant. Rather than attempting to document requirements completely upfront, they treat requirements as a living backlog — progressively refined, continuously reprioritised, and verified through working software. The two most impactful agile requirements frameworks are BDD (which you've seen in the Documentation section as a notation) and User Story Mapping.
BDD / Gherkin — Executable Specifications
Behaviour-Driven Development (BDD), popularised by Dan North, solves a longstanding requirements problem: specifications that are written down but never verified against the running system. BDD replaces static specifications with executable Given/When/Then tests — requirements documents that can be run as automated acceptance tests.
- Given — World state (W): the pre-conditions that describe the environment before the interaction
- When — Trigger at the specification boundary (S): the event or input the system receives
- Then — Observable output (S → W): what the system produces or changes in the world
The Gherkin syntax enforces WRSPM's W↔S separation. "Given" statements belong in the world domain; "Then" statements must be observable at the system boundary — ensuring your acceptance tests remain decoupled from implementation.
BDD tools (Cucumber, SpecFlow, Behave) parse Gherkin scenarios and execute them as automated tests, creating a living specification — a document that simultaneously serves as requirements, acceptance criteria, and regression test suite.
User Story Mapping
Jeff Patton's User Story Mapping technique addresses a critical weakness of simple backlogs: a flat list of user stories has no structure, making it impossible to see the "big picture" of the user experience or plan coherent, releasable product increments.
Story maps organise stories in two dimensions:
- Horizontal axis (backbone): User activities in narrative order — the user journey spine, from first touch to goal completion
- Vertical axis (depth): Stories at different priority levels — from the minimum viable skeleton down to edge cases and enhancements
flowchart LR
A["Browse Products"] --> B["Add to Cart"] --> C["Checkout"] --> D["Track Order"]
A --> A1["View product list"]
A --> A2["Filter by price"]
B --> B1["Update quantity"]
C --> C1["Enter payment"]
D --> D1["View order status"]
style A fill:#132440,color:#fff
style B fill:#132440,color:#fff
style C fill:#132440,color:#fff
style D fill:#132440,color:#fff
style A1 fill:#3B9797,color:#fff
style A2 fill:#3B9797,color:#fff
style B1 fill:#3B9797,color:#fff
style C1 fill:#3B9797,color:#fff
style D1 fill:#3B9797,color:#fff
Story maps answer a question that flat backlogs cannot: "If we only build the stories in this horizontal slice, do we have a coherent, releasable product?" Each horizontal slice through the map represents a release candidate — not a random collection of features, but a complete (if minimal) user journey.
Choosing Your Framework — Comparison
No framework covers every requirements engineering need perfectly. Here is a comparative guide across the key dimensions that matter in practice:
| Framework | Formality | World Modelling | Agile-Compatible | Tool Support | Best For |
|---|---|---|---|---|---|
| Formal & Academic | |||||
| WRSPM | High | Explicit (W layer) | Partial | Academic + manual | Safety-critical, embedded, rigorous analysis |
| Four-Variable Model | Very High | Explicit (MON/CON) | Low | Formal verification tools | Real-time control, formal verification |
| Twin Peaks | Medium | Implicit | High | Process guidance only | Complex systems with evolving constraints |
| KAOS | High | Via obstacles | Low–Medium | DOORS, ObJECTive KAOS | Safety/security requirements, regulated domains |
| Methodological & Conceptual | |||||
| Problem Frames | Medium | Via domain analysis | Medium | Manual / diagramming | Problem decomposition before solution design |
| GORE / i* | Medium | Via actor dependencies | Medium | iStar toolkit, OpenOME | Multi-stakeholder enterprise systems |
| Use Case / UML | Low–Medium | Minimal (actors only) | High | Enterprise Architect, Rational Rose | OO systems, business workflows |
| Model-Driven & MBSE | |||||
| SysML | High | Via operational analysis | Low | Cameo, Rhapsody, Papyrus | Aerospace, defence, complex engineered systems |
| Capella / Arcadia | High | Explicit (OA layer) | Low | Capella (open-source) | Thales-type systems engineering programmes |
| CIM / MDA | Medium | Explicit (CIM layer) | Medium | Enterprise Architect, MagicDraw | Enterprise architecture, platform migration |
| Agile & Iterative | |||||
| BDD / Gherkin | Low (executable) | Via Given pre-conditions | Very High | Cucumber, SpecFlow, Behave | Agile teams, continuous delivery |
| User Story Mapping | Very Low | None (journey-only) | Very High | Mural, Miro, physical sticky notes | Product discovery, MVP scoping, roadmapping |
Requirements Documentation
Once requirements are elicited and analysed, they must be documented in a form that's accessible, unambiguous, and maintainable.
The Software Requirements Specification (SRS)
The IEEE 830-1998 standard (now superseded by ISO/IEC/IEEE 29148:2018) defined the classic SRS document structure:
- Introduction — Purpose, scope, definitions, references, overview
- Overall Description — Product perspective, functions, user characteristics, constraints, assumptions
- Specific Requirements — Functional requirements, non-functional requirements, interface requirements
- Appendices — Supporting information, analysis models
While formal SRS documents are still used in regulated industries (aerospace, medical devices, defence), most modern software teams use lighter-weight alternatives.
Modern Alternatives
User Stories with Acceptance Criteria:
Story: As a customer, I want to reset my password so that I can
regain access to my account.
Acceptance Criteria:
- Given I am on the login page
When I click "Forgot Password"
Then I see a form asking for my email address
- Given I enter a registered email address
When I submit the form
Then I receive a password reset email within 2 minutes
- Given I click the reset link in the email
When the link is less than 30 minutes old
Then I can set a new password
- Given I click the reset link in the email
When the link is more than 30 minutes old
Then I see an "expired link" message with option to request again
BDD (Behaviour-Driven Development) Format:
# Feature: Password Reset
# Scenario: Successful password reset request
Given the user "john@example.com" has a registered account
And the user is on the login page
When the user clicks "Forgot Password"
And enters "john@example.com" in the email field
And clicks "Send Reset Link"
Then the system sends a password reset email to "john@example.com"
And the email contains a unique token valid for 30 minutes
And the system displays "Check your email for reset instructions"
Decision Records (ADRs) for NFRs:
{
"title": "ADR-007: Response Time Requirements",
"status": "accepted",
"context": "Users report frustration with page load times. Analytics show 40% bounce rate when pages take >3s.",
"decision": "All API endpoints must respond within 200ms at P95. Page loads must complete within 2s on 4G connections.",
"consequences": "Requires caching layer, CDN for static assets, database query optimisation. May limit feature complexity per page."
}
Requirements Validation
Validation ensures that documented requirements actually represent what stakeholders need and that they're of sufficient quality to build against. The "VCCUUT" qualities of good requirements are:
| Quality | Question | Red Flag |
|---|---|---|
| Valid | Does this represent a genuine stakeholder need? | "Gold plating" — features nobody asked for |
| Consistent | Does this contradict any other requirement? | "The system must be open-source" + "The system must use proprietary DRM" |
| Complete | Are all scenarios covered? Are edge cases addressed? | No mention of error handling, timeouts, or failure modes |
| Unambiguous | Can this be interpreted in only one way? | "The system should be fast" — fast means what? |
| Verifiable | Can we write a test that proves this is met? | "The system should be user-friendly" — how do you test this? |
| Traceable | Can we trace this to a business need and forward to tests? | Orphan requirements with no known origin or purpose |
Validation Techniques
- Requirements Reviews: Formal inspections where stakeholders, analysts, and engineers walk through requirements together, checking for completeness and consistency
- Prototyping: Building throwaway or evolutionary prototypes to validate understanding — "Is this what you meant?"
- Model Validation: Using formal models (state machines, sequence diagrams, Petri nets) to check for impossible states or deadlocks
- Test-First Validation: Writing acceptance tests before implementation — if you can't write a test, the requirement isn't clear enough
- Traceability Matrices: Mapping every requirement to its source (business need) and its verification method (test case)
Common Requirements Pitfalls
After decades of requirements engineering practice, the same failure patterns repeat across organisations and industries:
1. Scope Creep
Requirements grow continuously without corresponding adjustments to timeline, budget, or team size. Each individual addition seems small, but cumulatively they transform the project. The antidote: a formal change control process and a definition of "done" for the requirements phase.
2. Gold Plating
Engineers adding features that weren't requested because they seem "obvious" or "cool." This wastes effort and complicates testing. The antidote: strict adherence to documented requirements — if it's not written down, it doesn't get built.
3. Ambiguous Language
- "The system should be fast" — fast means what? 100ms? 1 second? 10 seconds?
- "The system should handle many users" — many means 100? 10,000? 10 million?
- "The system should be easy to use" — for whom? A developer? A grandmother?
- "The system should be secure" — against what threats? At what cost?
- "The system may support..." — is this required or optional?
- "The system should usually respond..." — what about when it doesn't?
4. Missing Non-Functional Requirements
Teams document what the system does but not how well it should do it. Performance, security, scalability, and maintainability requirements are left implicit — which means they're left to individual developers' judgement (which varies wildly).
5. Assumption Bias
Both stakeholders and engineers bring assumptions from their previous experience. A stakeholder who previously used System A assumes the new system will work similarly. An engineer who previously built microservices assumes the new system needs them. These assumptions go unexamined until they clash with reality.
6. Stakeholder Conflicts
Different stakeholders want different things. Sales wants features fast. Security wants everything locked down. Operations wants simplicity. Finance wants cost minimisation. Without explicit conflict resolution, requirements become contradictory.
7. Requirements Churn
Requirements changing faster than the team can implement them. This indicates either premature implementation (building before requirements are stable) or a genuinely volatile domain (where iterative/agile approaches are essential).
AI-Enhanced Requirements Engineering
Large Language Models and AI tools are beginning to augment (not replace) requirements engineering practices. Here's how practitioners are using them today:
- Generating acceptance criteria from user stories: Given a user story, AI can generate comprehensive Given/When/Then scenarios including edge cases that humans often miss
- Ambiguity detection: AI can flag vague language ("should be fast", "many users") and suggest quantitative alternatives
- Completeness checking: AI can identify categories of requirements that are missing — "You have performance requirements but no security or accessibility requirements"
- Consistency analysis: AI can detect contradictions between requirements documents written by different teams
- Test case generation: AI can generate test cases directly from specifications, improving requirements-to-test traceability
- Requirements rewriting: Converting informal stakeholder language into structured, testable specifications
Exercises
Write 5 functional requirements and 5 non-functional requirements for a university library management system. For each non-functional requirement, specify the category (performance, security, usability, etc.) and provide a measurable acceptance criterion.
Hint: Consider scenarios like book checkout, overdue returns, inter-library loans, search, and accessibility compliance.
Apply the WRSPM model to a smart home thermostat that supports: multi-zone control, energy-saving schedules, voice commands, and weather-based pre-heating. For each layer (W, R, S, P, M), write at least 3 specific items. Identify at least 2 monitored variables and 2 controlled variables.
Hint: Think about what world assumptions (W) could invalidate your specifications — e.g., what if the weather API is unavailable?
The following requirements contain ambiguities. Identify each ambiguity and rewrite the requirement to be testable and unambiguous:
- "The system should respond quickly to user requests."
- "The application must support a large number of concurrent users."
- "Data should be backed up regularly."
- "The interface should be intuitive for all users."
- "The system should handle errors gracefully."
Convert these vague requirements into precise, testable specifications using the SHALL keyword and quantitative measures:
- "The website should load fast."
- "The system should be secure."
- "The app should work on mobile."
- "Reports should be generated quickly."
Hint: For each, ask: Who? What? When? How much? How do we verify?
Conclusion & Next Steps
Requirements engineering is where software projects are won or lost. This article has surveyed the full landscape of the discipline — from the rigorous WRSPM reference model through formal academic alternatives, goal-oriented methods, model-based systems engineering, and agile iterative practices. No single framework covers every context: the art of requirements engineering lies in choosing and combining the right tools for the project at hand.
Key takeaways from this article:
- Requirements ≠ specifications — requirements describe what stakeholders need; specifications describe precise system behaviour at the system boundary
- Non-functional requirements often matter more than functional ones for system success
- The WRSPM model separates World, Requirements, Specifications, Program, and Machine — forcing explicit documentation of world assumptions that other frameworks ignore
- Formal models (WRSPM, Four-Variable, KAOS) provide mathematical rigour for safety-critical systems; conceptual frameworks (Problem Frames, GORE, i*) structure the thinking process
- Twin Peaks reminds us that requirements and architecture must co-evolve — neither can be finalised in isolation
- MBSE approaches (SysML, Capella/Arcadia, CIM) automate traceability from business need to physical component
- BDD and User Story Mapping make requirements executable and user-journey-structured for agile teams
- Ambiguous language is the enemy — always quantify, always ask "how would we test this?"
Next in the Series
In Part 6: Software Architecture & Design Patterns, we'll explore architectural patterns like Client-Server, Pipe-and-Filter, Layered, and Master-Slave — and learn how to make design decisions that shape entire systems.