The system is defined as the set of servers (web, application, database), software, data and other items that specifically support this project and provide the business function defined. This may include servers that also support other projects. If servers used by this system support other projects, it should be documented what projects or business functions those servers support.
What is the functionality provided by the system?
Who uses the system?
What do the users expect the system to do?
Where are the users that use the system?
When do the users use the system?
Is there an order of processes the users perform on the system? What are they?
What value does the system give the business?
Provide all expected use cases. Use cases are every scenario type where a user or business person will use the system for a specific purpose.
How will the system contribute to the business? (Ex: labor cost savings, increase in sales, advertising, public relations)
How critical to the business is the function provided by the system?
What is the maximum business justifiable cost to create this system? What is the maximum investment cost that is worth spending to realize the expected business benefits? (part of feasibility study)
What is the expected and maximum maintenance costs that is worth spending to get the expected business benefits?
When does the system need to be operational? What are the consequences if the date is not met?
How long can the system be down before significant damage to the business occurs?
How much data can be lost without significantly impacting the business? (none, a minute, an hour, a day, week) Answer determines data backup schedule and equipment redundancy requirements.
What is the uptime required such as 24 hours per day, 7 days per week?
What support is required? (normal business hours or 24/7)
What is the required system uptime? Such as 100%, 98% (down 7 days per year), 95% (down 18 days per year).
How many users of the system are expected?
What is the peak concurrent numbers of users expected to use the system?
Do servers inside the system adequately protect data when stored in memory or in permanent storage?
Is data sent between servers adequately protected according to the data security needs?