We are very flexible in supporting vendors’ methods for collaborating and coordinating a successful compliance test. Usually this is via email with massive CC lists or worse, everything is filtered through one person.
Lately, I am finding that vendor wikis are a very good collaboration tool. When we can contribute on their wiki, email is reduced and the “whisper game” of adding interpretation to a statement before passing it along is avoided and anyone can ask what the intention of a requirement is as opposed to trying to simply address the minimum necessary for the check off. It may be that there is a novel way of achieving the intent that is not what one would derive from a “specification.”
Additionally, having a voice on a user talk page allows us to post conversational requests for ideas that may evolve into DoD 5015.02-STD improvements.
It is “open gov” kind of in reverse. It humanizes us to be included in these kinds of discussions, not as an arbitrator, but as someone who cares how it all turns out.
Of course, we have non-disclosure agreements built into our contracting documents, so proprietary information is protected.
So, if you are involved with compliance evaluations in any way, wikis may be a very good tool for documenting and capturing the discussion. Now, if we could just figure out how to capture and manage them as records!
Far too short & simplistic answers to your final question:
1. Many wikis have a baselining capability where you could declare that *this* is the final version and it would be accessible in that version.
2. It assumes that the discussion needs to be captured as a record. Which of course it may, and in this particular context it might (you’d know much better than I your need for documentation of these discussions). I just always think about whether or not you also capture or somehow document phone calls in the same way. If you do, then of course you would for email, wiki, etc. But if you didn’t or don’t, there seems to be a discrepancy and I tend to treat collaboration-in-progress the same way I treat draft documents, phone calls, etc.
3. Many wikis will also allow you to publish some or all of the wiki to e.g. PDF, in essence capturing a snapshot in time. It’s not ideal but it would at least capture some sort of recording.
Thank you Jesse! This is good fodder for policy discussions.
Jana, my thoughts on your question — perhaps the discussion is not the record, but the summarization of the requirement’s intent is the record. To me, this seems like the source for the logical evolution of the standard. I could see this resulting in a better definition of the fundamental RM requirements, accompanied by the associated “tested to” detail requirements.
I think that if the standard were to move up a level (more conceptual), then it would facilitate better organization / explanation of the detail requirements.
To that end, perhaps a DOD 5015 wiki is in order, where the higher-level requirement specification can be accumulated and collaborated. As the individual vendor collaborations are resolved and the intents are clarified, their summary could be posted into the wiki for review and additional comment. Once these have aged sufficiently, they could become the new high-level RM requirement framework.