Your Security Accreditor is not (ever (never ever)) a User
This post is part of a series of Rules of thumb for writing Agile Stories
In the last post in this series, Rule 4 - Many Users of many types, I gave a very loose definition of what I call a user. That was:
A user is “someone who will use a product of our teams work to do something”.
Some people this doesn’t cover are: your Security Accreditor, your Chief Technology Officer, your Single Responsible Officer, the team themselves. These people can never ever be users. That’s a pretty bold statement but I think I can back it up.