Customer Service High Level Non-Functional Risk Analysis

When a large new business customer is onboarded into a company’s technology landscape there is a necessary level of change required to accommodate. In large organisations, multiple applications, integrations, networks and hardware are linked in order to provide a service. These critical fundamental aspects need to be operational in order for the service to function, so while customers may utilise certain flows within an application there are many moving parts behind the scenes. The definition of a service is often organisation-specific but is a good starting point to define the services is via Service Level Agreements (SLAs). For the purpose of this discussion, a “business service” exposes the functionality of business roles or collaborations to their environment. This functionality is accessed through one or more business interfaces.

While most organisations ensure that their functionality is well covered and tested extensively, what is often neglected are the non-functional aspects of the Business Service End-to-End to ensure that the organisation will be ready to deal with the increased volumes and not breach their SLAs.

While individual teams are responsible for all aspects of their applications, there should be program teams with important governance functions – bringing all the teams together. These program teams should ensure that all the services the new customer will consume are available, functional, and most important are designed to cope with the increased capacity and meet SLAs.

It is important to categorise the applications which will be involved in the Service flows. CPT recommends breaking into 3 categories and ensuring there are defined responsibilities for “Governance Teams” vs “Other Teams”. These can be part of existing BAU Services or new/updated Services required by the end customer:


The high level NFR analysis will determine risk to the Services and Applications that will be utilised by the customer and is calculated by categorising the overall likelihood and impact. This will ensure that teams have adequate time to perform the required activities so the volumes and SLA requirements will be met. Any Services and Applications that are rated High or Medium Risk must have a backlog item (mitigation actions) in place with the owners or provide Business and Technology acceptance that there is no risk via a formal sign-off.

The key steps are:

  • Agreed list of new Services and BAU Services that will be consumed by the customer
  • Agree the key applications that are critical to the Services
  • Map the Applications to each step in the Service Flow
  • Map NFRs to each step in the Service Flow
  • Obtain current production volumes and future predicted volumes. Overlay the Programs volumes for the new customer and calculate it as a percentage increase
  • Application Health Check for each of the agreed applications:
    • Criticality / DR Rating
    • Availability SLA
    • RPO/RTO
    • Last DR date
    • Last Unscheduled Outage
    • Scalability
    • Infrastructure
    • Business Impact rating
    • Dependent System
  • Performance Testing Capability of each of the agreed applications
    • Environment Capability (Prod scaled, stubbed, integrated)
    • Last performance test performed and results
    • Resource capability (experience, dedicated Performance Testers/Engineers etc.)

Deliverables and next steps are:

  • List of NFRs and SLAs
  • User Journeys with NFRs, SLAs and applications mapped to each step
  • A Risk Heat map at both the Service and Application Level
  • Present to the Technology Applications owners and Business Service owners. Obtain approval of High/Medium Risks and agree action owners.
  • High/Medium Risks raised in the risk portal and assigned. Backlog item raised for relevant teams.

The presentation to technology and business owners is a critical part of the process. This raises the visibility and brings Technology and the Business together in understanding the risks and ensuring joint decision making.

This represents a high level snapshot of the process and future articles will explore the details of each of the steps and lessons learned.

Related service: qa & testing services

Service Definition References




Want to get in touch?