Process Area 3.4 – Non-functional Testing – SG 1 – Perform a non-functional product risk assessment

A product risk assessment is performed to identify the critical areas for non-functional testing.


Non-functional features of a product are usually poorly specified and often not adequately considered from the perspectives of development and testing.

The quality model established in the first part of the standard ISO 9126-1 classifies software quality in a structured set of characteristics and sub-characteristics as follows:

  • Functionality
  • Reliability
  • Usability
  • Efficiency
  • Maintainability
  • Portability

Non- functional testing is looking to demonstrate that these features are considered and that evaluation of the risks to the success of the product is undertaken in accordance with the same process and procedures established as part of the test approach.

Specific Practices

SP 1.1 Identify non-functional product risks

SP 1.2 Analyse non-functional product risks

Risk assessments can take a number of forms. When trying to determine risks based on non-functional requirements such as performance, one of the typical assessment methods is to perform a brainstorming workshop.

The product from these minutes must be formally documented and be seen to be a key document which drives the management of non-functional testing.

Deployment notes

  • Are non-functional product risks identified in the standard test approach and analysed in a collaborative manner between all stakeholders?

Example Sub-practices and work products

Specific Practice1.1 Identify non-functional product risks

Non-functional product risks are identified and documented.

Typical work products –

  • Identified non-functional product risks


  • Identify and select stakeholders that need to contribute to the risk assessment
  • Identify non-functional product risks based on defined non-functional product risk categories using input from stakeholders and requirements documents
  • Document the context-of-use and potential effects of the non-functional risk
  • Identify the relevant stakeholders for each non-functional risk