Back

Design and Plan Full Stack Applications

URN: TECDT510401
Business Sectors (Suites): IT(Solution Development)
Developed by: ODAG
Approved: 2025

Overview

This standard defines the competencies required to analyse user, business, and technical requirements and design secure, efficient, and scalable full stack applications. It covers the ability to evaluate architectural patterns, plan integration between application layers, and embed robust security, performance, and compliance considerations into system design. The emphasis is on producing clear, documented designs that can be implemented, assessed and assured within agreed organisational governance frameworks.

Effective design and planning ensures that applications are aligned with organisational goals, meet stakeholder needs, and can scale sustainably to support future requirements. It also provides a foundation for collaboration between multidisciplinary teams, enabling developers, architects, and business stakeholders to share a common understanding of the application architecture and its constraints.

This standard is intended for professionals responsible for designing and planning full stack solutions, including software developers, solution architects, and technical leads working across diverse business domains.

Performance criteria

You must be able to:

  1. Elicit, document and validate functional and non-functional requirements for full stack applications, including security, accessibility, performance, sustainability and AI-assisted components, in line with organisational procedures.
  2. Select and justify appropriate architectural patterns (including layered, MVC, microservices, serverless and event-driven) aligned to organisational context, scalability requirements and operational constraints.
  3. Design and document integration contracts (including APIs and event interfaces) between front-end, back-end, data stores, and third-party services, in line with organisational standards.
  4. Apply secure design principles, including least privilege, zero trust boundaries, and threat modelling, to implement security controls by design.
  5. Apply privacy and data-protection-by-design principles, distinguishing between security controls and lawful processing responsibilities, in line with data protection legislation.
  6. Define and document deployment topologies, including environments, network boundaries, secrets management, and runtime platforms, in line with organisational standards.
  7. Specify and document quality attributes (including performance, security, accessibility, scalability, and sustainability) with measurable acceptance criteria.
  8. Assess and document risks and trade-offs (including cost, sustainability, complexity, security and vendor lock-in), propose mitigations and escalate unresolved issues.
  9. Plan and document data flows, lineage, retention periods and lawful bases for processing, producing required data-protection artefacts in line with data protection requirements.
  10. Review designs with stakeholders and obtain formal sign-off prior to implementation.

Knowledge and Understanding

You need to know and understand:

  1. Requirements engineering techniques for eliciting, documenting and validating functional and non-functional requirements.
  2. Common architectural styles and patterns used in full stack applications, and the key trade-offs between them.
  3. Integration design principles, including interface contracts, versioning and error handling between system components.
  4. Secure design principles and threat modelling approaches used to identify and address security risks at the design stage.
  5. Privacy by design and data-protection principles relevant to software system design.
  6. Deployment environments and runtime platforms, including development, test and production considerations.
  7. Agile and iterative delivery approaches and how they influence requirements, design decisions and stakeholder engagement.
  8. Quality attributes, including performance, security, accessibility, scalability and sustainability, and how these are considered in design.
  9. Software design documentation practices, including the purpose of diagrams and design records.
  10. Risk and trade-off analysis techniques, including cost, complexity, security and vendor lock-in considerations.
  11. The use of AI-assisted tools in software design, and the importance of appropriate oversight.
  12. Data governance and compliance requirements, including data flows, retention and lawful processing.
  13. Processes for design review, stakeholder validation and formal sign-off of software designs.

Scope/range

Scope Performance

Scope Knowledge

Values

Behaviours

Skills

Glossary

  • Non-functional requirements – qualities such as performance, security, accessibility, sustainability and reliability.
  • Architectural pattern – a reusable approach to structuring software systems (e.g. layered, microservices).
  • API (Application Programming Interface) - A defined interface that enables communication between software components or systems, specifying how requests are made, how data is exchanged, and how errors and versions are handled.
  • Threat modelling – structured identification and assessment of potential security threats.
  • Zero trust – a security model assuming no implicit trust between system components.
  • AI-assisted components – tools or services that support development or decision-making, not autonomous system control.
  • Quality attributes – measurable system characteristics used to assess fitness for purpose.
  • Vendor lock-in – dependency on specific suppliers that restricts future change.

Links To Other NOS

External Links

Version Number

1

Indicative Review Date

2029

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECDT510401

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

2136

Keywords

Full Stack Software Development, Software Architecture, Software Design