Goals: When a system becomes unavailable as a result of a modification of the configuration of the system, the system must be recoverable to a pre-failure state using a pre-determined configuration, within a pre-established elapsed time, and with an acceptable level of data loss. The recovered system configuration must be identical to the pre-failed state.
Rationale: If the availability of the system is sufficiently critical, the system must be capable of being recovered from failed configuration changes within a reasonable time frame and with functionality identical to its pre-failure state.
Requirement: Failure of a system because of modification of the configuration of the system shall not cause user detectable loss of business functionality for an elapsed time more than Metric. After an elapsed time no longer than Metric, the user will be able to resume pre-failed state business functionality with data loss no more than Metric.
A1. The user detectable loss of functionality will be for an elapsed time of no more than four business hours.
A2. No data modifications will be lost.
A3. A formal process exists for determining the root cause of a failed configuration modification.
B1. The user detectable loss of business functionality will be an elapsed time of no more than one business day.
B2. No more than the most recent fifteen minutes of data modifications will be lost.
B3. A formal process exists for review and testing of configuration modifications.
This Level Intentionally Left Blank
D1. No more than one (1) business day of data modifications will be lost.
D2. The recovered IT system will meet pre-failure functional and non-functional requirements
Scale: Elapsed time, availability: Hours duration. Elapsed time, data loss: Minutes duration
Stakeholders: IT System Managers, Operations, System Users
Implications: If this requirement is not met, the organization will incur significant risk of loss of business functionality and data in the event of failed configuration modifications. Additionally, if this requirement is not met, the system is subject to extended application outages during system maintenance and upgrades.
Applicability: See Enterprise Requirements Framework
Tags: Recovery, Logical, Configuration
Status: Approved, Requirement
Incorporates traditional concept of change management (portions of), configuration management, test and back-out plans for planned configuration changes.
The intent of this NFR is to provide assurance that the system is designed and managed such that if any portion of the configuration of the system is modified for any reason, intentionally or not, the system can be recovered back to the state that it was in pre-modification. This is intended to discourage systems in which the configuration is ad-hoc, unstructured, or 'mouse driven', as compared to template or script driven configurations.
For more information, see NFR Summary