Discovering System Requirements
Discovering System Requirements
A. Terry Bahill
Systems and Industrial Engineering
University of Arizona
P.O. Box 210020
Tucson, AZ 85721-0020
terry@sie.arizona.edu
Frank F. Dean
New Mexico Weapons Systems Engineering Center
Sandia National Laboratories
Albuquerque, NM 87185-0435
ffdean@sandia.gov
Copyright © 1996 and 1997 Bahill and Dean
A paper similar to this has been published by: Bahill, A.T. and Dean, F., Discovering system requirements, Chapter 4 in the Handbook of Systems Engineering and Management, A.P. Sage and W.B. Rouse (Eds), John Wiley & Sons, 175-220, 1999. An earlier version is available at http://infoserve.library.sandia.gov/sand.html as document 96-1620.
Take me to:
Note: If you clicked on an item near the end of the above list, and it took you to the beginning of the document instead of to that section, then you probably did not wait long enough for the entire file to be transferred.
No two systems are exactly alike in their requirements. However, there is a uniform and identifiable process for logically discovering the system requirements regardless of system purpose, size, or complexity (Grady, 1993). The purpose of this chapter is to reveal this process.
This chapter presents the philosophy and terminology used by the New Mexico Weapons Systems Engineering Center at Sandia National Laboratories for discovering system requirements. Other organizations may use different procedures and terminology. However, we think a consensus is developing in the Systems Engineering community. It is hoped that this chapter is consistent with that consensus. Like Systems Engineering in general, the statements in this chapter are not dogmatic. Each statement has been rightfully violated many times (see for example Martin, 1995). However, these statements are generalizations of good engineering practices.
This chapter only explains a part of the systems requirements
process. Large projects should use a computer tool to help write,
decompose and maintain system requirements. Many such computer
tools are commercially available (NCOSE, 1995). Each project design
team will select a specific tool and then provide training for
it. Because such training is tool specific, this chapter will
not discuss such tools. Another part of the requirements process
is modeling the proposed system. Dozens of tools are available;
two recently popular ones are object-oriented design and functional
decomposition (Bharathan, Poe, & Bahill, 1995; chapter 25
of this handbook). This chapter does not discuss tools for modeling
systems, because of the sheer magnitude of the task.
Stating the problem is one of the Systems Engineer's most important tasks. The problem must be stated in a clear, unambiguous manner.
State the problem in terms of what the world would be like if the problem did not exist, and not in terms of preconceived solutions. In 1982 a flood washed out a bridge across the Santa Cruz River and made it difficult for the Indians at Mission San Xavier del Bac to get to the Bureau of Indians Affairs Health Center. A common way to state this problem would be "We must rebuild the bridge across the Santa Cruz River." A better way would be to say "The Indians at San Xavier Mission do not have a convenient way to get to their health center."
It is good engineering practice to state the problem in terms
of the top-level function that the system must perform. However,
it is better to state the problem in terms of the deficiency that
must be ameliorated. This stimulates consideration of more alternative
designs.
Example 1
| Top-level function: | The system shall hold together 2 to 20 pieces of 8½ by 11-inch, 20 pound paper. |
| Alternatives: | stapler, paper clip, fold the corner, put them in a folder |
Example 2
| The deficiency: | My reports are typically composed of 2 to 20 pieces of 8½ by 11-inch, 20 pound paper. The pages get out of order and become mixed up with pages of other reports. |
| Alternatives: | stapler, paper clip, fold the corner, put them in a folder, number the pages, put them in an envelope, throw away the report, convert it to electronic form, have it bound as a book, put it on audio tape, distribute it electronically, put it on a floppy disk, put it on microfiche, transform the written report into a videotape. |
Do not believe the first thing your customer says. Verify the
problem statement with the customer, and expect to iterate this
procedure several times. For an excellent (and enjoyable) reference
on stating the problem, see Gause and Weinberg (1990).
The word optimal should not appear in the statement of the problem, because there is no single optimal solution for a complex systems problem. Most system designs have several performance and cost criteria. Systems Engineering creates a set of alternative designs that satisfies these performance and cost criteria to varying degrees. Moving from one alternative to another will usually improve at least one criterion and worsen at least one criterion, i.e., there will be trade-offs. None of the feasible alternatives is likely to optimize all the criteria (Szidarovszky, Gershon, & Duckstein, 1986). Therefore, we must settle for less than optimality.
It might be possible to optimize some subsystems, but when they are interconnected, the overall system will not be optimal. The best possible system is not that made up of optimal subsystems. An all star team might have optimal people at all positions, but is it likely that such an all star team could beat the world champions? For example, a Pro Bowl football team is not likely to beat the Super Bowl champions.
Humans are not optimal animals. Shrews are smaller: Elephants are bigger. Cheetahs can run faster. Porpoises can swim faster. Dolphins have bigger brains. Bats have better auditory systems. Deer have better olfactory systems. Pronghorn antelope have sharper vision. Man has not used evolution to optimize these systems. Man has remained a generalist. The frog's visual system has evolved much farther than man's: Frogs have cells in the superior colliculus that are specialized to detect moving flys. Leaf Cutting ants had organized agricultural societies millions of years before humans. Although humans are not optimal in any sense, they seem to rule the world.
Furthermore, if the system requirements demanded an optimal system, data could not be provided to prove that any resulting system was indeed optimal. In general, it can be proven that a system is at a local optimum, but it cannot be proven that it is at a global optimum.
If it is required that optimization techniques be used, then they
should be applied to subsystems. However, total system performance
must be analyzed to decide if the cost of optimizing a subsystem
is worthwhile. Furthermore, total system performance should be
analyzed over the whole range of operating environments, because
what is optimal in one environment will not necessarily be optimal
in another.
The term customer includes anyone who has a right to impose requirements on the system. This includes end users, operators, bill payers, owners, regulatory agencies, victims, sponsors, etc. Because Systems Engineering delivers both a product and a process for manufacturing it, we must also consider the customer of the process.
Let us now illustrate some of these customer roles for a commercial airliner, such as the Boeing 777. The users are the passengers that fly on the airplane. The operators are the crew that fly the plane and the mechanics that maintain it. The bill payers are the airline companies, such as United, TWA, etc. The owners are the stockholders of these companies. The Federal Aviation Administration (FAA) writes the regulations and certifies the airplane. Among others, people who live near the airport are victims of noise and air pollution. If the plane is tremendously successful, McDonnell Douglas (the manufacturer of a competing airplane) would also be a victim. The sponsor, in this example, would be the corporate headquarters of Boeing.
The users and operators of the process would be the employees
in the manufacturing plant. The bill payer would be Boeing. The
owner would be the stockholders of Boeing. Occupational Safety
and Health Administration (OSHA) would be among the regulators.
Victims would include physically injured workers and, according
to Deming, workers who have little control of the output but who
are reviewed for performance (Latzko & Saunders, 1995).
Before writing a document you should consider who the audience is going to be. For a requirements document, the audience is the client and the designers.
System requirements communicate the customer's needs to the technical community that will design and build the system, and therefore they must be understandable by both. One of the most difficult tasks in creating a system is communicating with all subgroups within both groups (IEEE P1233).
The client and the designers have different backgrounds and needs. Wymore (1993) suggests two different documents for these two different groups: The Operational Need Document for the client and the System Requirements Document for the design engineers.
The Operational Need Document is a detailed description of the problem in plain language. It is intended for management, the customer and systems engineering....The Systems Requirement Document is a succinct mathematical description or model of the...requirements as described in the Operational Need Document. Its audience is systems engineering. (Chapman, Bahill, & Wymore, 1992)
Sometimes these are referred to as user (or customer) requirements
and technical (or system) requirements, respectively.
Requirements are the necessary attributes defined for a system
before and during design. The customer's need is the ultimate
system requirement from which all other requirements flow (Grady,
1993). In addition, requirements are statements that identify
the essential needs of a system in order for it to have value
and utility. Requirements may be derived or based upon interpretation
of other stated requirements to assist in providing a common understanding
of the desired characteristics of a system. Finally, requirements
should state what the system is to do, but they should not specify
how the system is to do it. Section 4.3.1 presents an example
of a requirement.
The graphic editor facility. To assist in positioning items on a diagram, the user may turn on a grid in either centimeters or inches, via an option on a control panel. Initially the grid is off. The grid may be turned on or off at any time during an editing session and can be toggled between inches and centimeters at any time. The grid option will also be provided on the reduce-to-fit view, but the number of grid lines shown will be reduced to avoid filling the diagram with grid lines.
Good points about this requirement: It provides rationale for the items: it explains why there should be a grid. It explains why the number of grid lines should be reduced for the reduce-to-fit view. It provides initialization information: initially the grid is off.
Bad points: The first sentence has three different components:
(1) it states that the system should provide a grid, (2) it gives
detailed information about grid units (centimeters and inches),
and (3) it tells how the user will activate the grid. This requirement
provides initialization information for some but not all similar
items: it specifies that initially the grid is off, but it does
not specify the units when it is turned on. Section 4.3.2 shows
how this requirement might be improved.
4.3.2.1.1 The graphic-editor grid facility shall produce a pattern of horizontal and vertical lines forming squares of uniform size as a background to the editor window. The grid shall be passive rather than active. This means that alignment is the responsibility of the user and the system shall not automatically align items with grid lines.
Rationale: A grid helps the user to create a neat diagram with well-spaced entries. Although an active grid might be useful, it is best to let the user decide where the items should be positioned.
4.3.2.1.2 When used in the "reduce-to-fit" mode, the logical grid line spacing should be increased.
Rationale: If the logical grid line spacing were not increased, the background would become cluttered with grid lines.
Specification: Eclipse/Workstation/Defs:Section 2.6
This requirement definition refers to the requirement specification,
which provides details such as units of centimeters and inches
and the initialization preferences.
There are many orthogonal characterizations of system requirements.
Four of these are types, sources, expressions or modalities, and
input-output trajectories. A thumbnail synopsis of these characterizations
follows.
There are two types of system requirements: mandatory and preference.
Mandatory requirements:
(1) specify the necessary and sufficient conditions that a minimal system must have in order to be acceptable and are usually expressed with shall and must,
(2) are passed or failed (must not use scoring functions), and
(3) must not be susceptible to trade-offs between requirements.
After mandatory requirements have been identified, Systems Engineers propose alternative candidate designs, all of which satisfy the mandatory requirements. Preference requirements are then evaluated to determine the "best" designs.
Preference requirements:
(1) state conditions that would make the customer happier and are often expressed with should and want,
(2) should use scoring functions (Chapman, et al., 1992) to produce figures of merit (see Figure 4.1), and
(3) should be evaluated with a multicriteria decision technique (Szidarovszky, et al., 1986) because none of the feasible alternatives is likely to optimize all the criteria, and there will be trade-offs among these requirements.
Sometimes there is a relationship between mandatory and preference requirements in which a mandatory requirement might be a lower threshold of a preference requirement. For example, for one computer program 8 Mbytes of RAM are required, but 12 Mbytes are preferred.
A scoring function is used to give a system a normalized score that reflects how the requirement has been met for each criterion. The value of the figure of merit, using the example of Mbytes of RAM, is put into the scoring function and a normalized score is returned. The use of scoring functions allows different criteria to be compared and traded off against each other. In other words, scoring functions allow apples to be compared to oranges and nanoseconds to be compared to billions of dollars.
Figure 4.1. A scoring function for the amount of RAM.
In this section we list two dozen sources of requirements. However,
Wymore (1993) says that only the first six sources are necessary:
Input-Output, Technology, Performance, Cost, Trade-off, and System
Test. He says all of the other sources can be put into one of
these six. Grady (1993) says we should have only five sources:
Functional, Performance, Constraints, Verification, and Programmatic.
He thinks that most of our sources are constraints. The EIA/ANSI-632
Standard on Systems Engineering says there are only three: Functional,
Performance, and Constraints (Martin personal communication).
Project managers say that there are only three: Cost, Schedule
and Performance (Kerzner, 1995). We leave it to the reader to
decide whether or not our list of sources can be condensed.
Perhaps the most common requirements relate the inputs of the
system to its outputs. For example, an input-output requirement
for an electronic amplifier could be stated as "The ratio
of the output to the input at 10 kHz shall be +20 dB." Wymore
(1993) maintains that functional requirements are a subset of
input-output requirements. If an input-output requirement is very
tight, then it describes a function. The above input-output requirement
describes the function "Amplify the input signal." The
functional requirement "The system shall fasten pieces of
paper" is covered by the input-output requirement "The
system shall accept 2 to 20 pieces of 8½ by 11 inch, 20-pound
paper and secure them so that the papers cannot get out of order."
One function of an automobile is to accelerate. The input is torque
(perhaps developed with an engine) and the output is a change
in velocity.
The technology requirement specifies the set of components --
hardware, software, and bioware -- that is available to build
the system. The technology requirement is usually defined in terms
of types of components that cannot be used, that must
be used, or both. For example, Admiral Rickover required that
submarine nuclear instrumentation be done with magnetic amplifiers.
Your Purchasing Department will often be a source of technology
constraints.
Performance requirements include quantity (how many, how much),
quality (how well), coverage (how much area, how far), timeliness
(how responsive, how frequent), and readiness (ability, MTBF).
System functions often map to performance requirements. For example,
"The car shall accelerate from 0 to 60 mph in 7 seconds or
less." Performance is an attribute of products and processes.
Its requirements are initially defined through requirements analyses
and trade studies using customer need, objective, and/or requirements
statements (MIL-STD-499B).
There are many types of cost, such as manpower, resources, and
monetary cost. An example cost requirement would be that the purchase
price cannot be more than $10,000, and the total life cycle cost
cannot exceed $18,000.
Trade-off between performance and cost is defined as the different
relative value assigned to each factor. For example, the performance
figures of merit may have a weight of 0.6, and the cost figures
of merit may be given a weight of 0.4.
The purpose of the system test is to verify that the design and
the system satisfy the requirements. For example, in an electronic
amplifier, a 3-mV, 10-kHz sinusoid will be applied to the input,
and the ratio of output to input will be calculated.
Company policy is another way of stating requirements. For example,
Learjet Inc. has stated, "We will make the airframe, but
we will buy the jet engines and the electronic control systems."
Corporate business policies might require Work Breakdown Structures,
PERT Charts, Quality Manuals, Environmental Safety and Health
Plans, or a certain return on investment.
Systems or Software Engineering might require that every portable
disk (e.g., floppy or Bernoulli) have a Readme file that describes
the author, date, contents, software program, and version (e.g.,
Word 6.0 or Excel 4.0).
Access to source code for all software might be a project management
requirement. It takes time and money to install new software.
This investment would be squandered if the supplier went bankrupt
and the customer could no longer update and maintain the system.
Therefore, most customers would like to have the source code.
However, few software houses are willing to provide source code,
because it might decrease their profits and complicate customer
support. When there is any possibility that the supplier might
stop supporting a product, the source code should be provided
and placed in escrow. This source code remains untouched as long
as the supplier supports the product. But if the supplier ceases
to support the product, the customer can get the source code and
maintain the product in-house. Therefore, placing the source code
in escrow can be a requirement.
The marketing department wants features that will delight the
customer. Kano calls them exciters. They are features that customers
did not know they wanted. In the 1970's, IBM queried customers
to discover their needs. No one mentioned portability, so IBM
did not make it a requirement. Compaq made a portable PC and then
a laptop, dominating those segments of the market. In the 1950's
IBM could have bought the patents for Xerox's photocopy machine.
But they did a market research study and concluded that no one
would pay thousands of dollars for a machine that would replace
carbon paper. They did not realize that they could delight their
customers with a machine that provided dozens of copies in just
minutes.
Sometimes we might require a certain manufacturing process or
environment. We might require our semiconductor manufacturer to
have a Class 10 clean room. Someone might specify that Quality
Function Deployment (QFD) be used to help elicit customer desires
(although this would be in bad form because it states how not
what). Recently, minimization of the waste stream has become a
common requirement.
Design engineers impose requirements on the system. These are
the "build to," "code to," and "buy to"
requirements for products and "how to execute" requirements
for processes.
Reliability could be a performance requirement, or it could be
broken out separately.
Some requirements may come from safety considerations. These may
state how the item should behave under both normal and abnormal
conditions.
Concern for the environment will produce requirements, such as
forbidding the use of chlorofluorocarbons (CFCs) or tetraethylchloride
(TEC).
Ethics could require physicians to obtain informed consent before
experimenting on human subjects.
Sometimes the desires of the customer will be hard to quantify,
such as for intangible items such as aesthetics, national or company
prestige (e.g., putting a man on the moon in the Apollo project),
or ulterior motives such as trying to get a foot in the door using
a new technology (e.g., the stealth airplanes), or starting business
in a new country (e.g., China).
Many requirements will not be stated because they are believed
to be common sense. For example, characteristics of the end user
are seldom stated. If we are designing a computer terminal, it
would not be stated that the end user would be a human with two
hands and ten fingers. Common sense also dictates that computers
not be damaged if they are stored at temperatures as high as 140°F.
Furthermore, we do not write that there can be no exposed high
voltage conductors on a personal computer, but it certainly is
a requirement. Many of these requirements can be found in de facto
standards.
Requirements could specify compliance with certain laws or standards,
such as the National Electrical Code, City/County Building codes,
ISO-9000, or the IEEE 1220 Standard for Systems Engineering.
Some requirements are said to have come from the customer, such
as statements of fact and assumptions that define the expectations
of the system in terms of mission or objectives, environment,
constraints, and measures of effectiveness. These requirements
are defined from a validated needs statement (Customer's Mission
Statement), from acquisition and program decision documentation,
and from mission analyses.
Sometimes the customer has definite requirements that are not
stated. For example, "Your last system was robust enough
to survive a long trip on a dirt road, so we expect your new system
to do the same."
If an existing system is similar to the proposed new system, then
existing data collection activities can be used to help discover
system requirements, because each piece of data that is collected
should be traceable to a specific system requirement. Often it
is difficult to make a measurement to verify a requirement. It
might be impossible to meet the stated accuracy. Trying to make
a measurement to verify a requirement might reveal more system
requirements.
There are many other sources of system requirements, such as:
human factors, the environment (e.g., temperature, humidity, shock,
vibration, etc.), the end user, the operator, potential victims,
management, company vision, future expansion, schedule, logistics,
politics, the US Congress, public opinion, business partners,
past failures, competitive intelligence, liability, religion,
culture, government agencies (e.g., DoE, DoD, OSHA, FAA, EPA),
industry standards (e.g., ANSI, SAE, IEEE, EIA), availability,
maintainability and compatibility.
For some purposes, the best expression of the requirements will be a narrative in which words are organized into sentences and paragraphs. Such documents are often called operation concepts or operational needs. But all descriptions in English will have ambiguities, both because of the language itself and the context in which the reader interprets the words. Therefore, for some purposes the best description of a system will be a list or string of shall and should statements. Such a list would be useful for acquisition or acceptance testing. However, it is still very difficult to write with perfect clarity so that all readers have the same understanding of what is written.
Other modalities that can be used instead of written descriptions include:
Wymorian Notation (Wymore, 1993)
Finite State Machines (Katz, 1994)
Algorithmic State Machine Notation (Katz, 1994)
Hardware
Object-Oriented Models (Booch, 1994; Rumbaugh et al., 1991; Jacobson et al., 1995)
Special purpose, requirements management, computer programs
The big advantage of these modalities over the English language
is that they can be rigorous and executable by computer. This
greatly helps to point out contradictions and omissions. It also
allows you to perform a sensitivity analysis of the set of requirements
to learn which requirements are the real cost drivers (Karnavas
et al., 1993).
A publicly assessable prototype can express the system requirements as they are currently understood. This technique is very popular in the software community where a computer can be placed in the building lobby. Of course many functions of the final system will not be implemented in the prototype; instead there will be a statement of what the functions are intended to do. A publicly assessable prototype is easy to update, and it helps everyone understand what the requirements are.
The purpose of building a prototype is to reduce project risk.
Therefore, the first functions that are prototyped should be (but
usually are not) the most risky functions (Rechtin, personal communication:
Chapman and Bahill, 1996).
During Concept Exploration, encourage consideration of bizarre
alternatives. Studying unusual alternatives leads to a better
and deeper understanding of the requirements by both the systems
engineer and the design engineer. Likewise, studying models and
computer simulations will help you understand the requirements.
Concept exploration is one of the most fruitful phases in requirements
discovery.
The Users Manual should be written by future users early in the
system design process (Shand, 1994). This helps get the system
requirements stated correctly and increases user "buy in."
Input and output trajectories are descriptions of input and output
values as functions of time.
A powerful technique for describing the behavior of a system and for discovering requirements is creating typical sequences of events that the proposed system will go through. Such descriptions of behavior as a function of time are called trajectories, behavioral scenarios, use cases, threads, operational scenarios, logistics, or interaction diagrams.
A behavioral scenario for an Automated Teller Machine (ATM) is
shown in Figure 4.2. Several other examples are given in Appendix
A The basis of these diagrams is to list the system's objects
(or components) along the top of the diagram. Then, with time
running from top to bottom, list the messages that are exchanged
between the objects. Alternatively, the arrows can be labeled
with data that are exchanged between the components or the functions
that are performed. These ATM examples were derived using object-oriented
modeling. This technique relies on collecting a large number of
behavioral scenarios. This collection then describes the desired
system behavior. Additional scenarios can be incrementally added
to the collection. Behavioral scenarios are easy for people to
describe and discuss, and it is easy to transform them into a
system design.
Incorrect PIN Scenario
1. The Customer inserts a bank card, the Card Input sends the card's information to the Card Transaction Handler, which detects that the card is valid (not invalid; if no message is returned, the card is assumed valid).
2. The Card Transaction Handler instructs the Graphical User Interface (GUI) to display a message requesting the customer's Personal Identification Number (PIN).
3. The GUI requests the PIN and the customer returns his or her PIN, which is then passed to the Card Transaction Handler.
4. The Card Transaction Handler checks if the PIN is correct. In this scenario it is not, and the GUI is instructed to inform the customer that the PIN is invalid.
5. The customer is then asked to input his or her PIN number again and step 4 is repeated.
6. If the customer has not supplied the correct PIN number in
three attempts (as is the case in this scenario), the Card Input
is instructed to keep the card and the session is terminated.
Figure 4.2. Behavioral scenario for an incorrect PIN.
Wymore (1993) shows the following six techniques for writing input-output relationships. These techniques have different degrees of precision, comprehensibility, and compactness.
(1) For each input value, produce an output value. For example, multiply the input by 3:
output(t+1) = 3 * input(t)
(2) For each input string, produce an output value. For example, compute the average of the last three inputs:
output(t+1) = (input(t-2) + input(t-1) + input(t))/3
(3) For each input string, produce an output string. For example, collect inputs and label them with their time of arrival:
For an input string of 1, 1, 2, 3, 5, 8, 13, 21, the output string shall be (1,1), (2,1), (3,2), (4,3), (5,5), (6,8), (7,13), (8,21). All strings are finite in length.
(4) For each input trajectory, produce an output trajectory. For example, collect inputs and label them with their time of arrival.
For an input trajectory of 1, 1, 2, 3, 5, 8, 13, 21, . . . the output trajectory would be (1,1), (2,1), (3,2), (4,3), (5,5), (6,8), (7,13), (8,21) . . . A trajectory may be infinite in length.
(5) For each state and input, produce a next state and next output. For example, design a Boolean system where the output is asserted whenever the input bit stream has an odd number of 1s. This Odd Parity Detector can be described as:
Z1 = (SZ1, IZ1, OZ1, NZ1, RZ1), where
SZ1 = {Even, Odd}, /* The 2 states are named Even and Odd. */
IZ1 = {0, 1}, /* A 0 or a 1 can be received on this input port. */
OZ1 = {0, 1}, /* The output will be 0 or 1. */
NZ1 = {((Even, 0), Even), /* If the present state is Even and the input is 0, then the next state will be Even. */ ((Even, 1), Odd), ((Odd, 0), Odd), ((Odd, 1), Even)},
RZ1 = {(Even, 0), (Odd, 1)} /* If the state is Even the output is 0, if the state is Odd the output is 1. */
(6) Most of this chapter has focused on using qualitative descriptions,
which includes words, sentences, paragraphs, blueprints, pictures,
and schematics.
The following tools are used to help discover and write requirements. See Appendix B for a comparison of these tools.
Affinity diagrams
Force-field analysis
Ishikawa fishbone (cause-and-effect) diagrams
Pugh charts
Quality Function Deployment (QFD)
Wymorian T3SD
RDD-100
CORE
Slate
Grady (1995) discusses many more tools that Systems Engineers
can use to gain insight into the system and to derive appropriate
requirements.
Requirements discovery is one subprocess of the Systems Design Process shown in Figure 4.3. Systems Engineering is a fractal process. It is applied at levels of greater and greater detail: It is applied to the system, then to the subsystems, then to the components, etc. It is applied to the system being designed and also to the enterprise in which the system will operate. This concept is shown in a poster that is available at
http://www.sie.arizona.edu/sysengr and at
http://dpopenet.sandia.gov/syseng/syseng.html
Figure 4.3. The system design process.
The first step in developing requirements is to identify the customer.
The term customer includes anyone who has a right to impose
requirements on the system. This includes end users, operators,
bill payers, owners, regulatory agencies, victims, sponsors, etc.
All facets of the customer must be kept in mind during system
design. For example, in evaluating the cost of a system, the total
life cycle cost and the cost to society should be considered.
Frequently, the end user does not fund the cost of development.
This often leads to products that are expensive to own, operate,
and maintain over the entire life of the product, because the
organization funding development saves a few dollars in the development
process. It is imperative that the Systems Engineer understands
this conflict and exposes it. The sponsor and user can then help
trade off the development costs against the cost to use and maintain.
Total life cycle costs are significantly larger than initial costs.
For example, in one of their advertisements, Compaq proclaimed,
"80% of the lifetime cost of your company's desktops comes
after you purchase them." In terms of the personal computer,
if total life cycle costs were $10,000, purchase cost would have
been $2,000 and maintenance and operation $8,000.
The system design must begin with a complete understanding of the customer's needs. The information necessary to begin a design usually comes from preliminary studies and specific customer requests. Frequently the customer is not aware of the details of what is needed. Systems Engineers must enter the customer's environment, discover the details, and explain them. Flexible designs and rapid prototyping facilitate identification of details that might have been overlooked. Talking to the customer's customer and the supplier's supplier can also be useful. This activity is frequently referred to as mission analysis.
It is the Systems Engineer's responsibility to ensure that all
information concerning the customer's needs is collected. The
Systems Engineer must also ensure that the definitions and terms
used have the same meaning for everyone involved. Several direct
interviews with the customer are necessary to ensure that all
of the customer's needs are stated and that they are clear and
understandable. The customer might not understand the needs; he
may be responding to someone else's requirements. Often, a customer
will misstate his needs; for example, a person might walk into
a hardware store and say he needs a half-inch drill bit. But what
he actually needs is a half-inch hole in a metal plate,
and a chassis-punch might be more suitable.
What is the problem we are trying to solve? Answering this question is one of the Systems Engineer's most important and often overlooked tasks. An elegant solution to the wrong problem is less than worthless.
Early in the process, the customer frequently fails to recognize the scope or magnitude of the problem that is to be solved. The problem should not be described in terms of a perceived solution. It is imperative that the Systems Engineer help the customer develop a problem statement that is completely independent of solutions and specific technologies. Solutions and technologies are, of course, important; however, there is a proper place for them later in the Systems Engineering process. It is the Systems Engineer's responsibility to work with the customer, asking the questions necessary to develop a complete "picture" of the problem and its scope. The Air Force customer did not know that they wanted a stealth airplane until after the engineers showed that they could do it.
Figure 4.4, based on Grady (1995), shows the requirements discovery
process. This whole diagram is the "Discover Requirements"
box of the System Design Process shown in Figure 4.3.
Figure 4.4. The requirements discovery
process.
The Systems Engineer must interact with the customer to write the system requirements. The Systems Engineer must involve the customer in the process of defining, clarifying, and prioritizing the requirements. It is prudent to involve users, bill payers, regulators, manufacturers, maintainers, and other key players in the process.
Next, Systems Engineering must discover the functions that the system must perform in order to satisfy its purpose. The system functions form the basis for dividing the system into subsystems. QFD is useful for identifying system functions (Bahill & Chapman, 1993; Bicknell & Bicknell, 1994).
Although this makes it sound as if requirements are transformed
into functions in a serial manner, that is not the case. It is
actually a parallel and iterative process. First we look at system
requirements, then at system functions. Then we re-examine the
requirements and then re-examine the functions. Then we re-assess
the requirements and again the functions, etc.
The Systems Engineer must continually consult with the customer to ensure that the requirements are correct and complete. The customer should be satisfied that if these requirements are met, then the system will do what it really needs to do. All parties must agree to a way of measuring system performance to ensure that the system does what the customer wants it to do. The Systems Engineer and the customer should identify which requirements can be used as trade-off requirements.
Sometimes the customer is not available for consultation. In such unfortunate situations, a surrogate customer will have to be used.
At these reviews it is important to ask why each requirement is
needed. This can help eliminate unneeded requirements. It can
also help reveal the requirements behind the stated requirements.
It may be easier to satisfy the requirements behind the requirements,
than the stated requirements themselves.
Figures of merit are the criteria on which the different designs
will be "judged." Each figure of merit must have a fully
described unit of measurement. Units of power could be horsepower,
for example, and units of cost could be dollars (or inverse dollars
if it is desirable to consistently have "more is better"
situations). Suppose a figure of merit were acceleration, then
the unit of measurement could be seconds taken to accelerate from
0 to 60 mph. The units of measurement can be anything, as long
as they measure the appropriate criteria, are fully described,
and are used consistently for all designs. The value of a figure
of merit describes how effectively a preference requirement has
been met. For example, the car went from 0 to 60 in 6.5 seconds.
These values are the ones put into the scoring functions, as shown
in Figure 4.1, to give the requirements scores, which are in turn
used to perform trade-off studies. Such measurements are made
throughout the development of the system.
Validating requirements means ensuring that the requirements are
consistent and that a real-world solution can be built and proven
to satisfy the requirements. Each requirement should be technically
feasible, and fit within budget, schedule, and other constraints.
Requirements are often validated by reference to an existing system
that meets most of the requirements. The requirements that are
not satisfied by the existing system are validated by argument,
modeling, or simulation.
A critical element of the requirements development process is describing the tests, analysis or data that will be used to prove compliance of the final system with its requirements. Each test must explicitly link to a specific requirement; this will help expose untestable requirements. Describing the system tests informs the producers how the system will be tested, so that they know how they will be "graded." This process frequently uncovers overlooked requirements.
At this time it may be useful to examine the following definitions.
Validating a System: Building the right system; making sure that the system does what it is supposed to do. It determines the correctness of an end product, compliance of the system with the customer's needs, and completeness of the system.
Validating Requirements: Ensuring that the set of requirements is consistent, that a real-world solution can be built that satisfies the requirements, and that it can be proven that such a system satisfies its requirements. If Systems Engineering discovers that the customer has requested a perpetual-motion machine, the project should be stopped.
Verifying a System: Building the system right; ensuring that the system complies with its requirements. Verifying a system determines the conformance of the system to its design requirements. It also guarantees the consistency of the product at the end of each phase, with itself and with the previous prototypes. In other words, it guarantees the honest and smooth transition from model to prototype to preproduction unit to production unit.
Verifying Requirements: Examination, analysis, test, or demonstration that proves whether a requirement has been satisfied. This process is iterative. The requirements should be verified with respect to the model, the prototype, the preproduction unit, and the production unit.
Verification and Validation: MIL-STD-1521B (and most Systems
Engineers) and DoD-STD-2167A (and most software engineers) use
the words verification and validation in almost the exact opposite
fashion. For Systems Engineers, to validate requirements is to
prove that it is possible to satisfy them. System verification,
on the other hand, is a process of proving that a system meets
its requirements (Grady, 1994). To add further confusion, ISO-9000
tells you to verify that a design meets the requirements and validate
that the product meets requirements. NASA has a different spin.
It says that verification consists of proving that a system (or
a subsystem) complies with its requirements, whereas validation
consists of proving that the total system accomplishes its purpose
(Shishko and Chamberlain, 1995). Thus, it is necessary to agree on the definitions
of verification and validation as these terms pertain to your
system.
Technical performance measures (TPMs), or metrics, are used to track the progress of the design and manufacturing process. TPMs are measurements that are made during the design and manufacturing process to evaluate the likelihood of satisfying the system requirements. Not all requirements have TPMs, just the most important ones. In the beginning of the design and manufacturing process, the prototypes will not meet the TPM goals. Therefore the TPM values are only required to be within a tolerance band. It is hoped that as the design and manufacturing process progresses, the TPM values of the prototypes and preproduction units will come closer and closer to the goals.
As an example, let us consider the design and manufacture of solar ovens (Funk & Larson, 1994). In many societies, particularly in Africa, many women spend as much as 50% of their time acquiring wood for their cooking fires. To ameliorate this sink of human resources, people have been designing and building solar ovens. Let us now examine the solar oven design and manufacturing process that we followed in a Freshman Engineering class at the University of Arizona.
First we defined a TPM for our design and manufacturing process. When a loaf of bread is finished baking, its internal temperature should be 95°C (203°F). To reach this internal temperature, commercial bakeries bake the loaf at 230°C (446°F). As initial values for our oven temperature TPM, we chose a lower limit of 100°C, a goal of 230°C, and an upper limit of 270°C. The tolerance band shrinks with time as shown in Figure 4.5.
In the beginning of the design and manufacturing process, our day-by-day measurements of this metric increased because of finding better insulators, finding better glazing materials (e.g., glass and mylar), sealing the box better, aiming at the sun better, etc.
At the time labeled "Design Change-1," there was a jump in performance caused by adding a second layer of glazing to the window in the top of the oven. This was followed by another period of gradual improvement as we learned to stabilize the two pieces of glazing material.
At the time labeled "Design Change-2," there was another jump in performance caused by a design change that incorporated reflectors to reflect more sunlight onto the window in the oven top. This was followed by another period of gradual improvement as we found better shapes and positions for the reflectors.
But, in this case, it seemed that we might not attain our goal. Therefore we reevaluated the process and the requirements. Bread baking is a complex biochemical process that has been studied extensively: Millions of loaves have been baked each day for the last four thousand years. These experiments have revealed the following consequences of insufficient oven temperature:
(1) Enzymes are not deactivated soon enough, and excessive gas expansion causes coarse grain and harsh texture.
(2) The crust is too thick, because of drying caused by the longer duration of baking.
(3) The bread becomes dry, because prolonged baking causes evaporation of moisture and volatile substances.
(4) Low temperatures cannot produce carmelization, and crust color lacks an appealing bloom.
After consulting some bakers, our managers decided that 190°C (374°F) would be sufficient to avoid the above problems. Therefore, the requirements were changed at the indicated spot and our TPM was then able to meet our goal. Of course this change in requirements forced a review of all other requirements and a change in many other facets of the design. For example, the duration weight tables had to be recomputed.
If sugar, eggs, butter and milk were added to the dough, we could get away with temperatures as low as 175°C (347°F). But we decided to design our ovens to match the needs of our customers, rather than try to change our customers to match our ovens.
Figure 4.5. A technical performance measure.
Identifying and mitigating project risk is the responsibility of management at all levels in the company. Each item that poses a threat to the cost, schedule or performance of the project must be identified and tracked. The following information should be recorded for each identified risk: name, description, type, origin, probability, severity, impact, identification number, identification date, work breakdown structure element number, risk mitigation plan, responsible team, needed resolution date, closure criteria, principal engineer, current status, date, signature of team leader. Forms useful in identifying and mitigating risk are given in chapter 17 of Kerzner (1995), section 4.10 of Grady (1995), and Chapter 3 of this handbook. For the solar oven project we identified the following risks:
(1) Insufficient internal oven temperature was a performance risk. Its origin was Design and Manufacturing. It had high probability and high severity. We mitigated it by making it a technical performance measure, as shown in Figure 4.5.
(2) High cost of the oven was a cost risk. Its origin was the Design process. Its probability was low, and its severity was medium. We mitigated it by computing the cost for every design.
(3) Failure to have an oven ready for testing posed a schedule risk. Its origin was Design and Manufacturing. Its probability was low, but its severity was very high. We mitigated this risk by requiring final designs seven days before the scheduled test date and a preproduction unit three days in advance.
Models (or computer simulations) are often used to reduce risk.
Low risk portions of the system should be modeled at a high level
of abstraction, whereas high risk portions should be modeled with
fine resolution.
The system requirements must be reviewed with the customer many times. At a minimum requirements should be reviewed at the end of the modeling phase, after testing the prototypes, before commencement of production, and after testing production units.
The main objectives of these reviews are to find missing requirements, eliminate unneeded requirements, ensure that the requirements have been met, and verify that the system satisfies customer needs. At these reviews, trade-offs will usually have to be made between performance, schedule and cost. Additional objectives include assessing the maturity of the development effort, recommending whether to proceed to the next phase of the project, and committing additional resources. These reviews should be formal. The results and conclusions of the reviews should be documented. The Systems Engineer is responsible for initiating and conducting these reviews.
The following definitions based on Sage (1992) and Shishko and Chanberlain (1995) might be useful. They are arranged in chronological order. Although these definitions are written with a singular noun, they are often implemented with a collection of reviews. Each system, subsystem, subsubsystem, etc. will be reviewed and the totality of these constitutes the indicated review.
Mission Concept Review: The Mission Concept Review and the Mission Definition Review are the first formal reviews. They examine the mission objectives and the functional and performance requirements. If the organization does not have a Vision or Mission statement, then you should write one.
System Requirements Review (SRR): Demonstrates that the product development team understands the mission and the system requirements. It confirms that the system requirements are sufficient to meet mission objectives. It ensures that the performance and cost figures of merit are realistic, and that the verification plan is adequate. At the end of the system requirements review the requirements are placed into a formal configuration management system with appropriate approvals required for changes. Changing requirements after this review will impact schedule and cost.
System Definition Review: Examines the proposed system architecture, the proposed system design, and the flow down of functions to the major subsystems. It also ensures that the verification plan is complete.
Preliminary Design Review (PDR): Demonstrates that the preliminary design meets all the system requirements with acceptable risk. System development and verification tools are identified, and the Work Breakdown Structure is examined. Full-scale engineering design begins after this review.
Critical Design Review (CDR): Verifies that the design meets the requirements. The CDR examines the system design in full detail, ensures that technical problems and design anomalies have been resolved, checks the technical performance measures, and ensures that the design maturity justifies the decision to commence manufacturing. Few requirements should be changed after this review.
Production Readiness Review (PRR): For some systems there is a long phase when prototypes are built and tested. At the end of this phase, and before production begins, there is a production readiness review.
System Test: At the end of manufacturing and integration, the system is tested to verify that it satisfies its requirements. Technical performance measures are compared to their goals. The results of these tests are presented at the System Acceptance and Operational Readiness Reviews.
Figure 4.6 shows the timing of these major reviews.
Figure 4.6. Timing of the major reviews.
There are many characteristics of a good requirement. First and
foremost, a good requirement defines what a system is to do and
to what extent, but does not specify how the system is to do it.
A statement of a requirement should not be a preconceived solution
to the problem that is to be solved. To avoid this trap, ask why
the requirement is needed, then derive the real requirements.
For example, it would be a mistake to require a relational database
for the requirements. The following requirements state what is
needed, not how to accomplish it: provide the ability to store,
provide the ability to sort, provide the ability to add attributes.
It should be noted that because QFD is often used iteratively
to define requirements, the hows in one QFD chart become
the whats in the next, possibly making the above statements
confusing.
A requirement should be "atomic," not compound. That
is, it should have a single purpose (one idea per requirement).
Furthermore, each requirement should be allocated to a single
physical entity. It is acceptable to assign two or more requirements
to one physical component. However, it would be a mistake to assign
one requirement to two physical components.
A requirement should have a unique label, a unique name, and unique
contents. Avoid repeating requirements.
A requirement must be documented (writing, pictures, images, databases,
etc.) and the documentation must be accessible. In situations
where confidentiality is important, each requirement should clearly
indicate classification status. Only individuals with the appropriate
clearance and the need to know should have access to classified
requirements.
A good requirement will identify its owner and custodian, which
could be the same person. The requirement's owner must approve
of any change in the requirement.
After a requirement has been revised, reviewed, and rewritten,
it must be approved by its owner. Furthermore, each top-level
requirement must be approved by the customer.
A good requirement is traceable; it should be possible to trace
each requirement back to its source. A requirement should also
identify related requirements (i.e., parents, children, siblings)
and requirements that would be impacted by changes to it.
All requirements should be necessary. Systems Engineers should
ask, "Is this requirement really necessary? Will the system
necessarily be better because of this requirement?" Avoid
over-specifying the system, writing pages and pages that no one
will probably ever read. There are two common types of over-specification:
gold plating and specifying unnecessary things. For example, requiring
that the outside of a CPU box be gold-plated is not a good requirement
because something far less expensive would probably be just as
effective. Also, requiring that the inside of the CPU box be painted
pink is probably an unnecessary request. Over-specification (of
both types) is how $700 toilet seat covers and $25,000 coffee
pots are created (Hooks, 1994). The documentation should include
a complete statement of the rationale behind each requirement.
The documentation must be as clear, concise, and complete as possible.
Avoid the use of synonyms (e.g., The software requires 8 Mbytes
of RAM but 12 Mbytes of memory are recommended) and homonyms (e.g.,
Summaries of disk X-rays should be stored on disk.
It must be noted that all systems will undoubtedly have many "common
sense" requirements that will not be written. This is acceptable
as long as the requirements really are common sense. An exhaustive
list of requirements would take years upon years and use reams
of paper, and even then you would probably never finish.
Quantitative values must be given in requirements. A requirement states a necessary attribute of a system to be designed. The designer cannot design the system if a magnitude is not given for each attribute. Without quantification, system failure could occur because (1) the system exceeded the minimum necessary cost due to over design, or (2) failed to account for a needed capability. Quantitative values for attributes are also necessary in order to test the product to verify that it satisfies its requirements (Grady, 1993).
Each requirement must be verifiable by examination, analysis, test, or documentation and therefore must have a well-defined figure of merit. Qualitative words like low and high shall be (at least roughly) defined. What is low cost to a big corporation and what is low cost to a small company may be very different. Only requirements that are clear and concise will be easily testable. Requirements with ambiguous qualifiers will probably have to be refined before testing will be possible. Furthermore, the value given should be fully described as, for example, an expected value, a median, a minimum, a maximum, etc. A requirement such as "reliability shall be at least 0.999" is a good requirement because it is testable, quantified, and the value is fully described as a minimum. Also the requirement "the car's gas mileage should be about 30 miles per gallon" is a good requirement as it establishes a performance measure and an expected value.
Note that often the customer will state a requirement that is not quantified. For example: "The system should be aesthetically pleasing." It is then the engineer's task to define a requirement that is quantified, i.e., "The test for aesthetics will involve polling two hundred potential users; at least 70% should find the system aesthetically pleasing."
It is also important to make the requirements easily testable.
NASA once issued a request for proposals for a radio antenna that
could withstand earthquakes and high winds. They said The antenna
shall not deflect by more than 0.5 degrees in spite of 0.5 G forces,
100 knot steady winds or gusts of up to 150 knots. They expected
bids around $15 million. But all of their bids were around $30
million. NASA asked the contractors why the bids were so high.
The contractors said testing the system was going to be very expensive.
NASA revised the requirements to When 'hit with a hammer,' the
antenna shall have a resonant frequency less than 0.75 Hz. Then
they got bids between $12 and $15 million. (Eb Rechtin, personal
communication).
Some requirements only apply when the system is in certain states or modes. If the requirement is only to be met sometimes, the requirement statement should reflect when. There may be two requirements that are not intended to be satisfied simultaneously, but they could be at great expense.
For example: The vehicle shall
(1) be able to tow a 2,000-pound cargo trailer at highway speed (65 mph),
(2) accelerate from 0 to 60 mph in less than 9.5 seconds.
It would be expensive to build a car that satisfied both requirements simultaneously.
However, as with everything, you can take this principle too far, as illustrated by the following, which is probably a true story. We first saw it in Gause and Weinberg (1990).
Recently the highway department tested a new safety proposal. They asked motorists to turn on their headlights as they drove through a tunnel. However, shortly after exiting the tunnel the motorists encountered a scenic-view overlook. Many of them pulled off the road to look at the reflections of wildflowers in pristine mountain streams and snow-covered mountain peaks 50 miles away. When the motorists returned to their cars, they found that their car batteries were dead, because they had left their headlights on. So the highway department decided to erect signs to get the drivers to turn off their head-lights.
First they tried "Turn your lights off." But someone said that not everyone would heed the request to turn their headlights on. And it would be impossible for these drivers to turn their headlights off.
So they tried "If your headlights are on, then turn them off." But someone objected that would be inappropriate if it were night time.
So they tried "If it is daytime and your headlights are on, then turn them off." But someone objected that would be inappropriate if it were overcast and visibility was greatly reduced.
So they tried "If your headlights are on and they are not required for visibility, then turn them off." But someone objected that many new cars are built so that their headlights are on whenever the motor is running.
So they tried "If your headlights are on, and they are not required for visibility, and you can turn them off, then turn them off." But someone objected....
So they decided to stop trying to identify applicable states.
They would just alert the drivers and let them make the appropriate
actions. Their final sign said, "Are your lights on?"
All assumptions should be stated. Unstated bad assumptions are
one cause of bad requirements.
A mandatory requirement should be expressed using the word shall
(e.g., The system shall conform to all state laws.). A preference
requirement can be expressed using should or may
(e.g., The total cost for the car's accessories should be about
10% of the total cost of the car.). The term will can be
used to express a declaration of purpose on the part of a contracting
agency, to express simple future tense and for statement of fact
(e.g., The resistors will be supplied by an outside manufacturer.)
(Grady, 1993).
The words optimize, maximize, and minimize should not be used in stating requirements, because we could never prove that we had achieved them. Consider the following criteria: (1) we should minimize human suffering, and (2) we should maximize the quality and quantity of human life. A starving child should be fed, even if the child continues to live in misery. However, the criterion of minimal suffering could lead to the conclusion that the child should die.
Requirements should not use the word simultaneous because
it means different things to different people. It might mean within
a few fempto seconds to a physicist, on the same clock cycle to
a computer engineer, or to an anthropologist studying the extinction
of the dinosaurs, within the same millennium.
The amount of detail in the requirements depends upon the intended
supplier. For in-house work or work to be done by a supplier with
well-established systems engineering procedures, the requirements
can be written at a high level. However, for outside contractors
with unknown systems engineering capabilities, the requirements
might be broken down to a very fine level of detail.
The name of the approver and the date of approval should be included
in each requirement.
Although it is seldom done, it would be nice if each requirement
stated why it was written and what it was supposed to ensure.
Newspaper journalists quote out of context, and headlines do not
reflect the content of their stories. It is important to write
each requirement so that it cannot spark undue public criticism
of your project.
The terms requirements and constraints are sometimes
used interchangeably. However, a design constraint can be defined
as a boundary condition within which the designer must remain
while satisfying the performance requirements (Grady, 1993). With
this definition, almost all of the requirements mentioned in this
document (except for performance and system test) could alternatively
be called constraints.
The term goal is often used for a requirement that cannot be tested.
Grady (personal communication) calls them requirements and desirements.
For example, a requirement may be that "The hole shall be
5 mm in diameter, plus or minus 0.5 mm." According to Taguchi,
a goal would say, "The hole shall be 5 mm in diameter and
the standard deviation should be as small as feasible." Some
people use "goal" as a specific value for a preference
requirement.
Some engineers characterize requirements as external and internal.
External requirements are driven by customer need. Internal requirements
are driven by company practices and resources. For example, a
company might use certain processes or technologies.
Some engineers also characterize requirements as outcomes, environments,
and constraints. Outcomes are related to the customer's statement
of the problem. Environmental requirements change as the system
design progresses. Finally, constraints, such as laws that have
to be obeyed or standards that have to be followed, are often
left unstated for the sake of brevity.
A requirements definition set, which we usually call the requirements, describes the functions the systems should provide, the constraints under which it must operate, and the rationale for the requirements. It should be written in plain language. It is intended to describe the proposed system to both the customer and the designers. It should be broad so that many alternative designs fit into its feasibility space.
The requirements specification, which we usually call the specification, provides a precise description of the system that is to be built. It should have a formal format and might be written in a specialized language. It is intended to serve as the basis of a contract between Purchasing and Manufacturing. It should narrow the feasibility space to a few points that describe the system to be manufactured.
The set of requirements determines the boundaries of the solution space. The specifications define a few solutions within that space. The requirements say what, the specifications say how.
These definitions came out of the software engineering literature (Sommerville, 1989). The systems engineering literature is seldom as clear. Often the best we get is "A specification is a big document that contains a lot of requirements." (Jim Martin and Ivy Hooks, personal communications, 1995.) Because of the variable usage in the literature, if someone uses the term specification, you should ask them what they mean by the term.
Why do so many people write the requirements after the system
has been built? Perhaps they (1) write the requirements up front,
(2) develop the requirements into specifications, and (3) build
the system, continually updating the specifications but not the
requirements. Consequently when they deliver the system and the
customer asks for the requirements, they must go back and write
them.
In olden days, there was a progression from performance requirements
to functional requirements to design requirements. For example,
a teen age boy might express the operational need this way: "Hey,
Dad, We need speakers in the car that will make your insides rumble
during drum solos." The father would translate this into
the performance requirement: "For bass frequencies, we need
110 dB of sound output." Then the Systems Engineer would
convert this into the functional requirement: "Amplify the
radio's output to produce 115 Watts in the frequency range 20
to 500 Hz." Finally, after a trip to the audio shop, the
design engineer would transform this into the design requirement:
"Use Zapco Z100S1VX power amplifiers with JL Audio 12W1-8
speakers." But this implies a sequential process, and now
days the requirements process is concurrent and iterative.
Requirements should be organized into categories, subcategories,
etc. Requirements that are correlated should be grouped together.
Suppose a young couple wants to buy a new car. The man says his
most important requirement is Horse Power and the woman says her
most important requirement is Gas Mileage. Although these are
conflicting requirements, with a negative correlation, there is
no problem. Their decision of what car to buy will probably be
based on a tradeoff between these two requirements. Now, however,
assume there is another couple where the woman says her only requirement
is Safety (as measured by safety claims in advertisements), but
the man says his most important requirements are Lots of Horse
Power, Lots of Torque, Low Time to Accelerate 0 to 60 mph, Low
Time to Accelerate 0 to 100 mph, Low Time for the Standing Quarter
Mile, Large Engine Size (in liters), and Many Cylinders. Assume
the man agrees that the woman's requirement is more important
than his. So they give Safety the maximum importance value of
10 and they only give his requirements importance values of 3
and 4. What kind of a car do you think they will buy? The man's
requirements should have been grouped into one subcategory, and
this subcategory should have been traded-off with the woman's
requirement. In summary, similar, but independent, requirements
ought to be grouped together into subcategories. Quality function
deployment can help you to group requirements (Bahill and Chapman,
1993).
Earlier we discussed several ways to express requirements, such as narratives, shall and should statements, and computer models. Here is another example, one that uses formal logic notation. LaPlue, Garcia, and Rhodes (1995) state that a requirement should contain (1) the description of a system output, (2) the name of the system that accepts this output, (3) conditions under which the requirement must be met, (4) external inputs associated with the requirement, and (5) all conditions that determine if the system output is correct. The authors have organized this into a standard template:
The system shall produce <output>
for use by <users>,
if <conditions>,
using <inputs>,
where <conditions>.
They offer the following example.
| |
| 3.0 Transaction Requirements
3.1 For the ATM User 3.1.1 Produce Receipt | |
| 3.1.2 Produce Cash
The ATM shall produce cash for use by the ATM user if the ATM user requested a withdrawal and if the Central Bank verified the account and PIN and if the Central Bank validated the withdrawal amount and if the ATM cash on hand exceeds the cash requested using the Withdrawal Validation Message from the Central Bank and the Account Verification Message from the Central Bank and the withdrawal request from the user where the amount of cash produced equals the amount requested
and where the cash is dispensed within 10 seconds of the receipt | 3.1.3.2 Eject unreadable cards
The ATM shall eject the bank card for use by the ATM user if the ATM user has inserted a bank card and if the bank card does not contain a valid code using the bank card
where the code reading and validation is as specified in Bank Card Specifications, section 4.1.2
3.1.4 Produce Error Messages 3.2 For the Central Bank |
| 3.1.3 Eject Card
3.1.3.1 Eject bank card at end of session The ATM shall eject the bank card for use by the ATM user if the ATM user has inserted a bank card and if the ATM user has requested termination of session using the Bank Card and the Terminate Request where the Bank Card is ejected within 1 second of the receipt of the Terminate Request | 3.2.1 Verify Account Message
The ATM shall produce the Verify Account Message for use by the Central Bank if the ATM user has entered a PIN and if the bank card contains a readable code using the bank card and user-entered PIN where the content and format is as specified in the Central Bank Interface Specification, section 4.2.21
and where the message is issued within 1 second of the final digit of the PIN |
This example shows many of the features of good requirements that
were mentioned in this chapter. The numbering scheme manifests
the tree structure of this set of requirements: parent, child
and sibling relationships are clear. References are made to the
specifications. In each requirement the customer is identified:
e.g., the ATM user, the central bank. Many behavioral scenarios
were used to elicit these requirements. Performance figures of
merit are given, they are specified as maximum values, units are
given, and they are testable: e.g., cash must be dispensed within
10 seconds. The requirements state what, not how: e.g., The ATM
shall produce cash. The requirements identify applicable states
with the conjunctive if clauses. The word choice is correct. It
is unfortunate that there is no allowance for the rationale.
We thank Patty Guyer for technical editing, Ron Andreé
for technical illustrations and Bo Bentz for helping us write
an earlier version.
Bahill, A.T. & Chapman, W.L. (1993). A tutorial on quality function deployment. Engineering Management J, 5(3):24-35.
Bharathan, K., Poe, G.L. & Bahill, A.T. (1995). Object-Oriented Systems Engineering. Systems Engineering in the Global Market Place, proceedings of the Fifth Annual Symposium of the National Council on Systems Engineering, July 22-26, St. Louis.
Bicknell, K.D. & Bicknell, B.A. (1994). The Road Map to Repeatable Success: Using QFD to Implement Changes. Boca Raton: CRC Press.
Booch, G. (1994). Object-Oriented Analysis and Design. Benjamin Cummings.
Chapman, W.L., Bahill, A.T. & Wymore, W. (1992). Engineering Modeling and Design. Boca Raton: CRC Press.
Chapman, W.L. & Bahill, A.T. (1996). Design Modeling and Production, in The Engineering Handbook, (Ed.) R.C. Dorf, pp. 1732-1737. Boca Raton: CRC Press.
Funk, P.A. & Larson, D.L. (1994). Design features influencing thermal performance of solar box cookers, presented at the International Winter Meeting, paper No. 94-6546, American Society of Agricultural Engineers.
Gause, D.C. & Weinberg, G.M. (1990). Are Your Lights On? How to Figure Out What the Problem Really Is. New York: Dorset House Publishing.
Grady, J.O. (1993). System Requirements Analysis., New York: McGraw Hill Inc..
Grady, J.O. (1994). System Integration. Boca Raton: CRC Press.
Grady, J.O. (1995). System Engineering Planning and Enterprise Identity. Boca Raton: CRC Press.
Hooks, I. (1994). Writing Good Requirements, Proceedings NCOSE, pp. 197-203.
IEEE (1994). IEEE P1220 Standard for Systems Engineering. IEEE Standards Dept., NY.
IEEE (1993). IEEE P1233 Guide For Developing System Requirements Specifications. IEEE Standards Dept., NY.
Jacobson, I., Ericsson, M. & Jacobson, A. (1995). The Object Advantage: Business Process Reengineering with Object Technology. New York: Addison-Wesley.
Karnavas, W.J., Sanchez, P. & Bahill, A.T. (1993). Sensitivity analyses of continuous and discrete systems in the time and frequency domains. IEEE Transactions on Systems, Man and Cybernetics, SMC-23: 488-501.
Katz, R. (1994). Contemporary Logic Design. Benjamin Cummings.
Kerzner, H. (1995). Project Management: a Systems Approach to Planning, Scheduling, and Controlling. New York: Van Nostrand Reinhold.
LaPlue, L., Garcia, R.A., & Rhodes, R. (1995). A rigorous method for formal requirements definition, Systems Engineering in the Global Market Place, Proceeding of the Fifth Annual Symposium of the National Council on Systems Engineering, July 22-26, St. Louis, pp. 401-406.
Latzko, W.J. & Saunders, D.M. (1995). Four Days with Dr. Deming. Reading, Mass: Addison-Wesley.
Lawton, R. (1993). Creating a Customer-Centered Culture. Milwaukee: ASQC.
Martin, J. (1995). Requirements methodology: Shattering myths about requirements and the management thereof, Systems Engineering in the Global Market Place, Proceeding of the Fifth Annual Symposium of the National Council on Systems Engineering, July 22-26, St. Louis, pp. 473-480.
Martin, J. (1996). Systems Engineering Guideline., Boca Raton: CRC Press.
MIL-STD-499B (1993). Draft Military Standard for Systems Engineering, AFSC/EN. (Note: This standard was not signed by the Department of Defense. They said that government should not be in the business of writing standards and that they will adopt standards written by professional societies.)
MIL-STD-1521B, Technical Reviews and Audits for Systems.
NCOSE (1995). Systems Engineering in the Global Market Place, Proceedings of the Fifth Annual Symposium of the National Council on Systems Engineering, July 22-26, St. Louis.
Rechtin, E. & Maier, M. (1996). Systems Architecting. Boca Raton: CRC Press.
Rumbaugh, J., Blaha, M., Premerlani, W., Eddy, F. & Lorenson, W. (1991). Object Oriented Modeling and Design. New York: Prentice Hall.
Sage, A.P. (1992). Systems Engineering. New York: John Wiley.
Shand, R.M. (1994). User Manuals as Project Management Tools, IEEE Transactions on Professional Communications, 37, 75-80 and 123-142.
Shishko, R. and Chamberlain, R.G. (1995). NASA Systems Engineering Handbook, SP-6105.
Sommerville, I. (1989). Software Engineering. Reading, Mass: Addison-Wesley.
Szidarovszky, F., Gershon, M. & Duckstein, L. (1986). Techniques for Multiobjective Decision Making in Systems Management. Amsterdam: Elsevier Science Publishers.
Wymore, W. (1993). Model-Based Systems Engineering. Boca
Raton: CRC Press.
The following six diagrams depict behavioral scenarios for an automated teller machine (ATM). The scenarios were adapted from The Object Advantage by Jacobson, Ericsson, and Jacobson (1995). The scenarios were derived using object-oriented modeling.
An ATM is a machine that performs basic banking transactions without
the need for a human teller. In each of the following scenarios
a bank customer attempts to perform a withdrawal transaction.
Each diagram describes a different possible scenario for the customer-ATM
interaction. In these diagrams time runs from top to bottom.
Scenario 1: Invalid Card
The Customer inserts a bank card, the Card Input sends the card's
information to the Card Transaction Handler, which detects that
the card is invalid. The Card Transaction Handler instructs the
Graphical User Interface (GUI) to display a message to the customer
stating that the card is invalid. The Card Transaction Handler
then instructs the Card Input to eject the card. The customer
then removes the card from the ATM, and the transaction is terminated.
Scenario 2: Incorrect PIN
Note: The text set in italics is identical to text in the previous scenario. It is not necessary to reread the italicized text if the scenarios are being read in order.
1. The Customer inserts a bank card, the Card Input sends the card's information to the Card Transaction Handler, which detects that the card is valid (not invalid, if no message is returned, the card is assumed valid).
2. The Card Transaction Handler instructs the Graphical User Interface (GUI) to display a message requesting the customer's Personal Identification Number (PIN).
3. The GUI requests the PIN and the customer returns his or her PIN, which is then passed to the Card Transaction Handler.
4. The Card Transaction Handler checks if the PIN is correct. In this scenario it is not, and the GUI is instructed to inform the customer that the PIN is invalid.
5. The customer is then asked to input his or her PIN number again and step 4 is repeated.
6. If the customer has not supplied the correct PIN number in three attempts (as is the case in this scenario), the Card Input is instructed to keep the card and the session is terminated.
Scenario 2: Incorrect PIN
Scenario 3: No Cash in ATM
Note: The text set in italics is identical to text in the previous scenario. It is not necessary to reread the italicized text if the scenarios are being read in order.
1. The Customer inserts a bank card, the Card Input sends the card's information to the Card Transaction Handler, which detects that the card is valid (not invalid, if no message is returned, the card is assumed valid).
2. The Card Transaction Handler instructs the Graphical User Interface (GUI) to display a message requesting the customer's Personal Identification Number (PIN).
3. The GUI requests the PIN and the customer returns his/her PIN, which is then passed to the Card Transaction Handler.
4. The Card Transaction Handler checks if the PIN is correct. In this case it is and the GUI is instructed to display the customer's options.
5. The customer requests a withdrawal transaction. This information is returned to the Card Transaction Handler, which in turn calls upon the Withdrawal Handler.
6. The Withdrawal Handler checks whether there is cash in the machine by querying the Cash Handler. The Cash Handler returns that the ATM does not have any cash in it.
7. The transaction is terminated and the card is ejected.
Scenario 3: No Cash in ATM
Scenario 4: Not Enough Cash in ATM
Note: The text set in italics is identical to text in the previous scenario. It is not necessary to reread the italicized text if the scenarios are being read in order.
1. The Customer inserts a bank card, the Card Input sends the card's information to the Card Transaction Handler, which detects that the card is valid (not invalid, if no message is returned, the card is assumed valid).
2. The Card Transaction Handler instructs the Graphical User Interface (GUI) to display a message requesting the customer's Personal Identification Number (PIN).
3. The GUI requests the PIN and the customer returns his/her PIN, which is then passed to the Card Transaction Handler.
4. The Card Transaction Handler checks if the PIN is correct. In this case it is and the GUI is instructed to display the customer's options.
5. The customer requests a withdrawal transaction. This information is returned to the Card Transaction Handler, which in turn calls upon the Withdrawal Handler.
6. The Withdrawal Handler checks whether there is cash in the machine by querying the Cash Handler. There is cash in the machine in this scenario (not No Cash, if no message is returned, it is assumed that there is money in the machine).
7. The Withdrawal Handler instructs the GUI to display the withdrawal information. The GUI requests the amount of withdrawal. The customer enters the withdrawal amount.
8. If the amount is not a multiple of twenty (as is the case), the customer is asked again to enter the amount of withdrawal. This will be repeated until the amount is a multiple of twenty (in this case the customer inputs a valid amount the second time) or the customer terminates the transaction.
9. After a valid amount is entered, the Withdrawal Handler passes that amount to the Cash Handler. The Cash Handler returns that there is not enough cash in the ATM, the GUI informs the customer, the transaction is terminated, and the card ejected.
Scenario 4: Not Enough Cash in ATM
Scenario 5: Bank Denies Withdrawal
Note: The text set in italics is identical to text in the previous scenario. It is not necessary to reread the italicized text if the scenarios are being read in order.
1. The Customer inserts a bank card, the Card Input sends the card's information to the Card Transaction Handler, which detects that the card is valid (not invalid, if no message is returned, the card is assumed valid).
2. The Card Transaction Handler instructs the Graphical User Interface (GUI) to display a message requesting the customer's Personal Identification Number (PIN).
3. The GUI requests the PIN and the customer returns his/her PIN, which is then passed to the Card Transaction Handler.
4. The Card Transaction Handler checks if the PIN is correct. In this case it is and the GUI is instructed to display the customer's options.
5. The customer requests a withdrawal transaction. This information is returned to the Card Transaction Handler, which in turn calls upon the Withdrawal Handler.
6. The Withdrawal Handler checks whether there is cash in the machine by querying the Cash Handler. There is cash in the machine in this scenario (not NoCash, if no message is returned, it is assumed that there is money in the machine).
7. The Withdrawal Handler instructs the GUI to display the withdrawal information. The GUI requests the amount of withdrawal. The customer enters the withdrawal amount.
8. If the amount is not a multiple of twenty, the customer is asked again to enter the amount of withdrawal. This will be repeated until the amount is a multiple of twenty (in this case, however, the customer input a valid amount the first time) or the customer terminates the transaction.
9. After a valid amount is entered, the Withdrawal Handler passes that amount to the Cash Handler then calls on the Financial Systems Interface for approval of the transaction.
10. The bank denies the withdrawal. The GUI is instructed to inform the customer that the transaction was denied. The transaction is then terminated and the card is ejected.
Scenario 5: Bank Denies Withdrawal
Scenario 6: Successful Withdrawal Transaction
Note: The text set in italics is identical to text in the previous scenario. It is not necessary to reread the italicized text if the scenarios are being read in order.
1. The Customer inserts a bank card, the Card Input sends the card's information to the Card Transaction Handler, which detects that the card is valid (not invalid, if no message is returned, the card is assumed valid).
2. The Card Transaction Handler instructs the Graphical User Interface (GUI) to display a message requesting the customer's Personal Identification Number (PIN).
3. The GUI requests the PIN and the customer returns his/her PIN, which is then passed to the Card Transaction Handler.
4. The Card Transaction Handler checks if the PIN is correct. In this case it is and the GUI is instructed to display the customer's options.
5. The customer requests a withdrawal transaction. This information is returned to the Card Transaction Handler, which in turn calls upon the Withdrawal Handler.
6. The Withdrawal Handler checks whether there is cash in the machine by querying the Cash Handler. There is cash in the machine in this scenario (not NoCash, if no message is returned, it is assumed that there is money in the machine).
7. The Withdrawal Handler instructs the GUI to display the withdrawal information. The GUI requests the amount of withdrawal. The customer enters the withdrawal amount.
8. If the amount is not a multiple of twenty, the customer is asked again to enter the amount of withdrawal. This will be repeated until the amount is a multiple of twenty (in this case, however, the customer input a valid amount the first time) or the customer terminates the transaction.
9. After a valid amount is entered, the Withdrawal Handler passes that amount to the Cash Handler, then calls on the Financial Systems Interface for approval of the transaction.
10. The bank approves the withdrawal. The Withdrawal Handler instructs the Cash Dispenser to dispense of the cash. The Cash Handler isupdated and the Receipt Printer is instructed to print a receipt.
11. The transaction is complete and the card is ejected.
Scenario 6: Successful Withdrawal Transaction
Introduction
This appendix compares several of the tools used by Systems Engineers to analyze or design complex systems. This appendix provides a brief synopsis of each of the tools, a comparison of their utility in a variety of real-world scenarios that a Systems Engineer will likely encounter, and an evaluation of each tool against a common set of criteria. None of the tools is a Systems Engineering panacea; each of the tools likely addresses only a small part of the problem domain. However, knowledgeable application of one or more of the tools examined in this appendix to a Systems Engineering effort will provide the Systems Engineer with information that is critical to developing solutions that meet requirements.
Tools Examined in This Appendix
The following tools will be examined:
Affinity diagrams
Force-field analysis
Ishikawa fishbone (cause-and-effect) diagrams
Pareto diagrams
Pugh charts
Quality Function Deployment (QFD)
Wymorian T3SD
RDD-100
CORE
Slate
Before attempting a comparison or use-case analysis, it is useful to provide a brief description of each of the tools.
Affinity diagrams implement organized brainstorming. A group of people write ideas on small pieces of paper. These ideas are then grouped by natural relationships, and names are derived for these relationships. Using this method, everybody has a chance to give input. Since the ideas are "anonymous," people tend to be more willing to express them , resulting in more complete discussions.
Force field analysis diagrams present the major forces that influence a problem or situation under study. In a given domain of interest, forces may be loosely divided into two groups: driving forces, which promote some type of change or departure from the status quo, and opposing forces, which may resist change or promote change in another direction. The force field diagram presents these forces in opposing columns. Such a presentation provides unique insight into the probability of achieving some desired change. If the driving forces appear overwhelming, the impetus for strategic change may be present. If, however, opposing forces appear more formidable, the change in question is unlikely.
Ishikawa fishbone diagrams are examples of cause-and-effect diagramming. Cause-and-effect diagramming presents a clearly organized, graphical representation of the possible factors contributing to a given problem. Then, the possible contributing factors to each identified possible problem factor are recursively enumerated until the diagram provides a clear representation of the root causes of any problem within the system. In an Ishikawa fishbone diagram, the cause-and-effect relationship is presented concisely and completely, allowing the user to quickly identify and discard unlikely causes in favor of more likely alternatives.
Pareto diagrams help to identify which problems are dominant. It is a frequency distribution (or histogram) of data arranged by category. The problems are listed on the x-axis and their corresponding frequency on the y-axis. It operates on the idea that 80% of the problems are caused by 20% of the factors. The most significant problems, which should be worked on first, are easily seen as the tallest columns.
Pugh charts provide a qualitative concept comparison. A matrix is formed with the alternatives on the columns and the factors used to judge the alternatives on the rows. A base alternative is then chosen. All other alternatives will be compared to the base alternative. The elements of the matrix are filled with plus signs (+), minus signs (-) and S's. A plus sign is used if a given alternative is judged to be better than the base alternative for a given factor. A minus sign is used if it is worse. An S is used if it is the same as the base. The number of plus signs, minus signs, and S's are totaled for each column. An alternative is chosen based on the totals.
Quality Function Deployment (QFD) is a matrix based system for the evaluation of customer commentary and requirements providing a systematic means of analyzing customer requirements and deploying them into product, service, and business operations. QFD uses a matrix structure to map the customer "wants" to the "hows," progressively passing through a series of matrices known as Houses of Quality. The relationship between the wants and hows are weighted, and on each successive level the process is further refined.
QFD provides a means of tracking the process of concept refinement from inception to realization. The traditional use has been to improve product acceptability as an element of a larger quality improvement structure. Qualitative and quantitative measures are used for both the mapping of the wants to the hows as well as the weights applied. In addition, the process can be used to identify correlations within a set of either wants or hows, providing a means of establishing sets and subsets of the system requirements.
Wymorian T3SD design is a tool based in the theory of discrete systems and the Tricotyledon theory of system design. The process incorporates a seven-document set to record the various steps in the design or analysis process. These documents include the following: a lay description of the problem, a mathematical formulation of the feasibility of system requirements, an evaluation of the system alternatives, a functional decomposition, and a physical synthesis of the systems designs.
The process involves qualitative and quantitative measures for establishing the design or designs that best meet system requirements. The application of mathematically based evaluations regarding characteristics and attributes of the candidate systems provides a means of analytical comparisons using a combination of the degrees of fulfillment of each requirement.
RDD-100, Slate, and CORE are large software packages that were designed to help engineers design complex systems and satisfy US Government Systems Engineering requirements. RDD-100 has a dynamic modeling facility while Slate and CORE do not. Otherwise, there is little difference.
Failure Analysis: Analysis performed to determine why a system does not meet requirements or in any way fails to operate as planned.
The Ishikawa fishbone diagram is an ideal tool for failure analysis. The diagram displays factors that influence a particular region of the system. By tracing through the diagram from the failed or nonconforming system component, the diagram presents probable and improbable suspect factors.
The Pareto diagram is also a good tool. The groupings of reported errors indicate the sources of the most common errors. Systems Engineering may use this information to identify likely causes of each type of error. The Pareto diagram is particularly useful in warning of a process that is deteriorating or that has gone out of control.
Because large systems can be simulated on RDD-100, it is a good tool for failure analysis.
Concept Development: Identify potential system concepts that satisfy system requirements.
Affinity diagrams encourage concept brainstorming. They generate concepts, but have no mechanism for rejecting concepts that do not satisfy requirements. However, brainstorming is an effective tool for encouraging innovative design.
As a tool for establishing requirements and evaluating criteria, Wymorian methodology can provide the means for defining and selecting alternative designs from a variety of options. Through an iterative process, requirements are obtained from the client, which, in turn, are used to establish the design requirements upon which the alternatives can be measured through an analytical process. Alternative designs can be evaluated at various stages in the design and prototyping phases of development, allowing those most promising to move forward. Further, the Wymorian process examines life cycle and retirement issues often overlooked in many design processes.
QFD, as a tool to evaluate issues, is well adaptable for use in product design, primarily in establishing design requirements and in identifying quality or characteristic information. QFD may provide the best means of interpreting client or public input at the requirements development phase of the design process.
Best Concept: Identify the best concept alternative from a list of candidate concepts.
Pugh charts generate a qualitative comparison with a null (usually existing) concept and any number of proposed concepts. No formal method for choosing the "best" concept exists; however, Pugh charts provide information that may be valuable in an initial rough concept comparison.
Wymorian T3SD provides a quantitative procedure for identifying, validating, and testing a system component. It is an excellent tool for best concept selection, but is considerably more complex than Pugh chart methods. However, for large, complex systems, the benefits of improved requirements tractability and the integrated select-build-test features of T3SD usually outweigh the initial simplicity of Pugh charts.
Requirements Analysis: Generate a complete and concise statement of the system requirements.
Requirements analysis, particularly requirements validation, is an area in which QFD has typically been applied in industry. Through the identification of the various goals and objectives of the clients as expressed in the Houses of Quality, QFD provides a means of interrupting and translating the input to a set of requirements. These requirements ultimately translate into performance measures or may map into various manufacturing processes. In either case, the requirements are readily traceable from their origins.
Affinity diagrams help gather input from a wide range of customers.
The Wymorian methodology, through the Systems Requirements Validation (Document 4) and Concept Exploration (Document 5), also provides a means of analyzing requirements. In many ways, these capabilities are unique for the systems under consideration. This is particularly true when numerical values can be assigned to the performance of various systems for each of the requirements. Additionally, the scoring functions allow for the measurement and assessment of system sensitivity to parameter changes. The ability to validate requirements and to address sensitivity by analytical measures provides a powerful requirements analysis tool.
Market Forces: Analyze the potential demand for a system that satisfies a given set of requirements.
A force field diagram generates a clear picture of the forces opposing and encouraging a particular system.
QFD market analysis may help to determine what characteristics are essential to a successful product.
Service Systems: A system designed to provide some form of non-tangible utility to its customers.
Wymorian theory, as a result of its general nature, can be applied to various types of service systems, but its application to those systems may be too difficult and provide similar information to less complex and readily usable operations research techniques. As the system grows in complexity, however, these models may be more accurate.
As with any system that affects, and therefore would benefit from
the ability to use client input, the application of QFD can be
highly beneficial in developing performance criteria and potential
sources of difficulty in service type systems. To a great extent,
QFD use can be carried through the requirements development phase
of virtually any system, but its usefulness tends to wane as the
process moves into a design phase. QFD can take a leadership role
after a system is in place by providing a means of accepting client
input about an operation after it commences on the performance,
so that further improvements can be accommodated in the operation.
Comparison of Tools
| Affinity | ||||||
| Force field | ||||||
| Ishikawa | ||||||
| Pareto | ||||||
| Pugh | ||||||
| QFD | ||||||
| Wymore | ||||||
| RDD-100 | ||||||
| Slate | ||||||
| CORE |
Would you like to go to Bahill's Systems Engineering Page?