Functional Requirements Analysis: The Trust Machine

These are an initial set of functional requirements for the Trust Machine. In keeping with Agile software development principles these will be modified and developed on a regular basis throughout all phases of the development as a result of meetings with stakeholders. These meetings should ideally occur on a weekly basis at the very least and will review the requirements as a priority objective at each meeting.

  • FR1 Account management
    • FR1.1 A web interface which can be used to register a client application. This interface can only be accessed with the login details of a Trust Machine representative who must be present during the registration
    • FR1.2 A web portal which client application managers can use to manage account details
      • FR1.2.1 The facility to view and edit client application staff user accounts
      • FR1.2.2 The facility to view reports about their users within the trust machine
      • FR1.2.3 The facility to view terms and conditions.
      • FR1.2.4 The facility to view payment information
      • FR1.2.5 The facility for client application users to authorise the trust machine to access their accounts at 3rd party social media providers.
        • FR1.2.5.1 The facility for a client application user to view/accept terms and conditions
  • FR2 Trust ratings
    • FR2.1 The facility to obtain a global trust rating for a specific user using a ReST API
    • FR2.2 The facility to obtain a personal trust rating for a user, from the point of view of another user using a ReST API
  • FR3  Data acess provision: The ability to respond to subject access requests from client applications and their users under the terms of the Data Protection Act

Acceptance Requirements

  • AR1.0 Security
    All data must be held in an encrypted form using enterprise level security protocols
  • AR2.0 Legal
    The Trust machine is a Data Contoller within the terms of the Data Protection Act and therefore must adhere and comply to its principles and requirements

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:

(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
1. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
2. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
3. Personal data shall be accurate and, where necessary, kept up to date.
4. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5. Personal data shall be processed in accordance with the rights of data subjects under this Act.
6. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
(taken from the Informational Commissioner’s website at:
7. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

(From the ICO: https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/)

Leave a Reply