What is the difference between a functional requirement and a quality (non-functional) requirement?
A functional requirement says what the system does (a behaviour/result a function must provide); a quality requirement says how well it does it (performance, availability, security…) and is everything not covered by the functional ones.
This is the most fundamental split in requirements engineering:
| Functional requirement | Quality (non-functional) requirement | |
|---|---|---|
| Concerns | A result or behaviour a function must provide | A quality concern not covered by a functional requirement |
| Subtypes | function, behaviour, and data requirements | performance, availability, dependability, scalability, portability… |
| Example | "The user can log in" / "transfer money" | "Login responses return in under 2 s" / "log data is stored securely" |
The trick to telling them apart: a functional requirement can be demonstrated by doing something with the system (it either logs you in or it doesn't). A quality requirement qualifies how that function behaves — fast enough, reliably enough, securely enough.
Tip: Security is a quality (non-functional) requirement. "Store log data securely" doesn't add a new feature — it constrains how well an existing function behaves. That's why security is easy to forget: nobody asks for it as a feature, so the requirements engineer has to bring it into the game.