Identify solutions and analyse requirements before acquisition or creation to ensure that they are in line with enterprise strategic requirements covering business processes, applications, information/data, infrastructure and services. Coordinate with affected stakeholders the review of feasible options including relative costs and benefits, risk analysis, and approval of requirements and proposed solutions.


Process Purpose Statement Create feasible optimal solutions that meet enterprise needs while minimizing risk.




  • Data integrity procedures
  • Data security and control guidelines
  • Data classification guidelines
  • Architecture principles
  • Information architecture model
  • Baseline domain descriptions and architecture definition
  • Solution development guidance
  • Supplier RFIs and RFPs
  • Acceptance criteria
  • Solution development guidance
  • Supplier catalog
  •  Decision results of supplier evaluations
  • RFI and RFP evaluations
  • Supplier RFIs and RFPs
  • Acceptance criteria
  • Quality management plan


  • Requirements definition repository
  • Confirmed acceptance criteria from stakeholders
  • Record of requirement change requests
  • Feasibility study report
  • High-level acquisition/development plan
  • Requirements risk register
  • Risk mitigation actions
  • Sponsor approvals of requirements and proposed solutions
  • Approved quality reviews



Task Instructions:

Define and Maintain Business Functional and Technical Requirements

    1. Define and implement a requirements definition and maintenance procedure and a requirements repository that is appropriate for the size, complexity, objectives, and risk of the initiative that the enterprise is considering undertaking.

    2. Express business requirements in terms of how the gap between current and desired business capabilities needs to be addressed and how a role will interact with and use the solution.

    3. Throughout the project, elicit, analyze and confirm that all stakeholder requirements, including relevant acceptance criteria, are considered, captured, prioritized and recorded in a way that is understandable to the stakeholders, business sponsors, and technical implementation personnel, recognizing that the requirements may change and will become more detailed as they are implemented.

    4. Specify and prioritize the information, functional and technical requirements based on the confirmed stakeholder requirements. Include information control requirements in the business processes, automated processes, and IT environments to address information risk and to comply with laws, regulations, and commercial contracts.

    5. Validate all requirements through approaches such as peer review, model validation, or operational prototyping.

    6. Confirm acceptance of key aspects of the requirements, including enterprise rules, information controls, business continuity, legal and regulatory compliance, auditability, ergonomics, operability and usability, safety, and supporting documentation.

    7. Track and control scope, requirements, and changes through the life cycle of the solution throughout the project as an understanding of the solution evolve.

    8. Consider requirements relating to enterprise policies and standards, enterprise architecture, strategic and tactical IT plans, in-house and outsourced business and IT processes, security requirements, regulatory requirements, people competencies, organizational structure, business case, and enabling technology.

Perform a Feasibility Study and Formulate Alternative Solutions

    1. Define and execute a feasibility study, pilot, or basic working solution that clearly and concisely describes the alternative solutions that will satisfy the business and functional requirements. Include an evaluation of their technological and economic feasibility.

    2. Identify required actions for solution acquisition or development based on the enterprise architecture, and take into account scope and/or time and/or budget limitations.

    3. Review the alternative solutions with all stakeholders and select the most appropriate one based on feasibility criteria, including risk and cost.

    4. Translate the preferred course of action into a high-level acquisition/development plan identifying resources to be used and stages requiring a go/no-go decision.

Manage Requirements Risk

    1. Involve the stakeholders to create a list of potential quality, functional, and technical requirements and risk related to information processing (due to, e.g., lack of user involvement, unrealistic expectations, developers adding unnecessary functionality).

    2. Analyze and prioritize the requirements risk according to probability and impact. If applicable, determine budget and schedule impacts.

    3. Identify ways to control, avoid or mitigate the requirements risk in order of priority.

Obtain Approval of Requirements and Solutions

    1. Ensure that the business sponsor or product owner makes the final decision with respect to the choice of solution, acquisition approach, and high-level design, according to the business case. Co-ordinate feedback from affected stakeholders and obtain sign-off from appropriate business and technical authorities (e.g., business process owner, enterprise architect, operations manager, security) for the proposed approach.

    2. Obtain quality reviews throughout, and at the end of each key project stage, iteration or release to assess the results against the original acceptance criteria. Have business sponsors and other stakeholders sign off on each successful quality review.