Just ignore the non-userland requirements...
"Once this team started deploying software weekly and studying how the user interacted with the software, they learned what was actually needed and changed the requirements appropriately. The team removed the need to "align" with others in their organisation. Sure, there were external systems to cope with, but removing the need to coordinate and take ongoing input from parts of the organisation that weren't close to the actual users speed up the schedule tremendously, delivering months ahead of time."
So, as the users know nothing about security and in the main it just gets in their way, that bit doesn't get implemented I guess? Along with any other "hard but not user visible" requirements.
Had a friend tell me about an application someone in his organization implemented to replace an older piece of infrastructure. It didn't work , and when asked why the development team said they had developed their side of the interface and taken it live, but the other side their team wasnt responsible for hadnt been implemented , so the data just went into a black hole... I guess they liked delivering fast as well...
Biting the hand that feeds IT
