Customer/user Interface Requirements

Customer/user Interface Requirements

The questions below will help determine how users will connect to the system. Depending upon the data needs, this will help determine technical and security requirements.

• How will customers/users connect to the system? Will they use web browsers or software on their local computers?
• What connection media will customers/users use? radio, dial-up, LAN, VPN
• What functions will customers/users need to perform?
• Will different roles be available to customers/users so different groups will have different privileges?
• How will the roles be defined, who will set them, and will the system prevent escalation of privileges?
• What data will the customers/users need to enter into the system?
• What information will the customers/users need to see?
• How will the customer or user be identified? Do they need a login account? If there is an account for the customer/user:
• How will customer/user accounts be created? Do they create the account themselves or do administrators create the account?
• How will the customer/user accounts be removed? Are they removed after a period of inactivity? Are they removed by an administrator?
• How are passwords reset? Is a customer/user adequately identified when they request a password to be reset?
• Is there an account management plan defining how accounts are created, deleted, suspended, or how passwords are reset?
• When the customer/user logs in is the account information that is sent to the server adequately encrypted or hashed?
• How is customer/user account information stored? Is it encrypted adequately?
• What protocol is used to authenticate the customer/user? (Windows Domain, Novell)
• How are privileges controlled? Settings in database or other method?
• Should account activities (logins, logoff, execution of privileges) be logged or monitored?
• If user activities are logged, can accounts be deleted? Accounts may not be deleted but only suspended if user activities are logged.