Audit or Review of Project or Delivery
Regardless of our own controls, we sometimes find ourselves in situations where the customer or recipient wants to review the quality and procedures of what is being delivered. Security and quality in a solution require different measures than the functional aspects, which are typically easier to verify against customer requirements.
Not all deliveries are subject to audits or reviews from the customer's side. This typically applies to deliveries where Bouvet has taken the lead, and the customer receives a solution without being heavily involved in the project's operations. An audit is a tool the customer can use to ensure that Bouvet has done the job as agreed, giving the customer the opportunity to review our routines and work processes to ensure we have delivered as expected.
Such an audit will be agreed upon in the contract we are working against, but not all customers will take advantage of this opportunity. In many cases, an audit is most relevant when the project is delivered or at a point after delivery when it is in operation. The goal will then be to verify that the project's requirements are met and that it is managed and operated in a way that aligns with what the customer expects and demands.
What Is Required of Us?
This will vary from contract to contract, but overall, we should ensure that the project has the necessary documentation required and expected so that we can demonstrate that the security of the delivery is maintained. We should always deliver a minimum level of security, but if the customer has chosen not to heed recommendations or declined additional services, we must ensure that this is documented properly.