10. Quality Requirements
10.1 Quality Tree
10.2 Quality Scenarios
Correctness
| ID | Scenario | Measure | Priority |
|---|---|---|---|
| COR-1 | BestEx analysis for a loan produces the same ranked investor list as the desktop app when given identical rate sheets and loan data. | Exact match of top 5 execution options (price, investor, program). | Critical |
| COR-2 | Pooling engine produces pools that satisfy all agency constraints (min/max size, rate tolerance, product eligibility). | Zero agency-rejected pools due to constraint violations. | Critical |
| COR-3 | Risk position reconciliation produces the same net position as the desktop app. | Position values match within $0.01. | Critical |
| COR-4 | LLPA calculations apply the correct adjustments for all combinations of LTV, credit score, property type, occupancy, etc. | Output matches desktop app for all test scenarios (regression suite). | Critical |
Performance
| ID | Scenario | Target | Priority |
|---|---|---|---|
| PERF-1 | A user runs BestEx analysis on a single loan. | Result returned in < 3 seconds. | High |
| PERF-2 | A user runs BestEx analysis on a batch of 1,000 loans. | All results returned in < 30 seconds. | High |
| PERF-3 | A user opens the pipeline view with 5,000 loans. | Page renders in < 2 seconds with virtual scrolling. | High |
| PERF-4 | A user searches loans by multiple criteria. | Results returned in < 1 second. | Medium |
Availability
| ID | Scenario | Target | Priority |
|---|---|---|---|
| AVAIL-1 | SaaS platform uptime measured monthly. | 99.9% (< 43 minutes downtime/month). | High |
| AVAIL-2 | Planned maintenance windows. | < 4 hours/month, scheduled during off-peak hours. | Medium |
| AVAIL-3 | Database failover. | Automatic failover within 30 seconds. | High |
Security
| ID | Scenario | Target | Priority |
|---|---|---|---|
| SEC-1 | A user from Tenant A attempts to access Tenant B's data. | Request rejected. No data returned. Attempt logged. | Critical |
| SEC-2 | An unauthenticated request hits the API. | 401 returned. No business logic executed. | Critical |
| SEC-3 | SOC 2 Type II audit. | Pass all applicable controls. | Medium (long-term) |
| SEC-4 | Loan PII is accessed. | All access logged in audit trail. Data encrypted at rest and in transit. | High |
Usability
| ID | Scenario | Target | Priority |
|---|---|---|---|
| USE-1 | A new user (no desktop app experience) locks a loan, runs BestEx, and creates a trade. | Completed within 30 minutes of first login, guided by UI. | High |
| USE-2 | A migrating user (desktop app veteran) switches to power mode. | Dense grid view with keyboard shortcuts matches desktop app interaction speed. | Medium |
| USE-3 | A manager views pipeline summary dashboard. | Key metrics visible without scrolling. Drill-down to details in one click. | Medium |