Review of requirements related to the product - 7.2.2

[ambrosedierdre]

Many thanks for your helpful reply

 

[NHopkins]

I'm not 100% sure this applies or will help but...here we go.

We got an OFI on 7.2 for this same thing (not satisfying review requirements). After a lot of discussion and back and forth I finally got the auditor to admit that he (customer auditor) wanted someone other than the person who drew up the proposal/bid to review it. I know that's a requirement in design review but didn't really consider it for bids.

Being a customer requirement we started having a different person review and it's turned out value add for us, second set of eyes and all that.

 

[JaneB]

... someone other than the person who drew up the proposal/bid to review it. I know that's a requirement in design review but didn't really consider it for bids.

Being a customer requirement we started having a different person review and it's turned out value add for us, second set of eyes and all that.

Nope., it isn't a requirement in design either. If you read through the relevant clause, you won't find any requirement for someone 'other than' the designer/s to review. It may well be good practice in many cases and often is. As Michelle says, incredibly important in software design. But in other cases, it isn't - in some it would be overkill. Remember, it is not a specific requirement.

Now, it's good that in your case the change turned out 'value add' but also its important not to let what an auditor 'wants' to drive your system. It's about what the requirements are, not what any auditor wants. Your system, not theirs. Sure, they are there to test the system, and it's reasonable to discuss why you don't have independent reviews done ( if you don't ) and be able to point to evidence of why it isn't problematic ( including absence of evidence such as problems graced back to inadequate reviewing).

It's up to you, as an organisation to decide what works for you.

I'm with Randy on the vat of sour cream option.

 

[kgott]

Re: Review of requirements related to the product

Easy answer....Tell the auditor to show you where the requirement comes from, and also remind him that it's not what he wants that needs to be satisfied, it's doing what is required....His wishes don't count squat

I'm interested in this because we have are faced with the same issue. So am I right in thinking that 7.2.1 and 7.2.2 doesn't apply because the method the OP's buisness uses incorporates the requirements 7.2.1 and 2, or is it because the forms are completed by those who would normally be required to perform the actions required by 7.2.1&2?

thanks

 

[JaneB]

Re: Review of requirements related to the product

So am I right in thinking that 7.2.1 and 7.2.2 doesn't apply because the method the OP's buisness uses incorporates the requirements 7.2.1 and 2, or is it because the forms are completed by those who would normally be required to perform the actions required by 7.2.1&2?

Erm... say what?

Perhaps it's the cold I hab in by head but I'm not sure what the actual question is.