Security
Confidentiality
Specify here who will have authorised access to the system, and under what circumstances access will be granted or denied. This requirement will help the understanding of customer confidentiality expectations.
Issues that will need to be considered include questions such as:
-
Is there any data that should only be seen by management?Are there any processes that might cause damage or might be used for personal gain?
-
Are there any people who should not have access to the system?
It is important in this requirement only to specify what the requirement is, and not to design the security features of the product. Computer security is a technical and complex field, and it may be advisable to employ the services of a security consultant.
Integrity
This requirement states the expectations of the integrity of the system's data (databases and files).
For example, "The clients shall receive updated customer files every 24 hours".
It will be important to consider how the information will be used; what the impact will be if the information is out of date; will there be a problem if two different users have different versions of the same system.
Audit
Specify the required audit checks so the new system will comply with the appropriate audit rules. There might be legal implications involved for this requirement.
|
