# Business Requirements*

# Glossary

A business requirement is an operational driver for decision making and input for risk management.

Business rules are lists of statements that tell you whether you may or may not do anything or that give you the criteria and conditions for making a decision.

Scoping is the process that refers to including only departments or business units impacted by any (cloud) engagement.

# Overview

Security activities actually hinder business efficiency (because generally the more secure something is, be it a device or a process, the less efficient it will be). This is why the business needs of the organization drive security decisions, and not the other way around.

  1. Gather business requirements
  2. Perform business impact analysis

# Involvement and Alignment

  • Involvement from business units and alignment of IT processes/services with those units.
  • The success of our services is based on the success of the business.
  • Are we delivering the value we're expected to?

# Quantifying Benefits and Opportunity Cost

  • Reduction in Capital Expenditure
  • Reduction in Personnel Costs
  • Reduction in Operational Costs
  • Transferring Some Regulatory Costs
  • Reduction in Costs for Data Archival/Backup Services

# Types of Requirements

# Functional Requirements

Those performance aspects of a device, process, or employee that are necessary for the business task to be accomplished. Example: A salesperson in the field must be able to connect to the organization's network remotely.

# Nonfunctional Requirements

Those aspects of a device, process, or employee that are not necessary for accomplishing a business task but are desired or expected. For example: The salesperson's remote connection must be secure.