A “whatsapp” group discussion triggered this post and I was amazed to see that most people who are new to Scrum often find it difficult to distinguish between “Acceptance Criteria” and “Definition of Done”.

acceptance criteria vs DoD

Here’s my attempt to bring out the differences.

Short answer,

“Acceptance Criteria” is all about intended functionality; “DoD” may include many other things like quality aspects, security, performance or other non-functional requirements.

Let’s explore the long answer.

Acceptance Criteria: The most common way to describe any requirement in the Agile world is to write a User story. A user story specifies minimal but sufficient information so that the development team can start a discussion with PO (stakeholders, business owners). During the conversation the development team gets doubts clarified and gets confirmation from the PO as to when the PBI would be termed as complete and can be accepted.

These confirmations that create a shared understanding about the PO expectations and the intended functionality for any given PBI is known as the acceptance criteria.

Definition of Done: This is more of a checklist often created by the development team to ensure that the work is complete. Complete means, there is no more work remaining on the increment and it is potentially releasable. This is a testament that the increment has no more pending work associated with it and it runs without any errors.

Acceptance Criteria  Definition of Done
Functional behaviour of the PBI Includes non-functional requirements
Specific to the given PBI Applies to the entire “Increment” as well
“What” the feature is supposed to do? “How” to create the feature?
 This comes from User Stories, an XP practice. Scrum doesn’t have any specific say about it. This is defined in Scrum as an important aspect that helps in creating transparency.

  1. When entered valid username/password user should be allowed to login.
  2. When valid user logs in a welcome message should be displayed.
  3. Invalid login attempt should be prompted with error message.
  4. After 3 invalid login attempts the user account should be locked for 1 hour.

  1. Write effective unit tests covering at-least the happy paths.
  2. Production code should be pair programmed.
  3. Vulnerability for security breaches to be identified and fixed.
  4. Zero known bugs allowed in the build.
  5. Maintainability index of the code should be more than 20.
  6. In-sprint demo should be done with PO.