QTL limits

Question: If an auditor is asking what is the basis of the definition of QTL used for a given risk, what is your answer to this question? Example: For query latency we set the value to 9 days in our study, why it is not set to 5 or 15?


The strategies you can chose to answer this question could be:

  1. You may show the historical data (e.g., retrospective analysis) where query latency over 9 days led to dangerous consequences in a (similar) study(ies).
  2. You may document the various opinions of experts, asking “what limit is critical for a process query processing“, and document a “heatmap” of opinions with a focus around number 9.
  3. You may also use the strategy of “adaptive start”, i.e., you begin with best-guess “9 days” and react by adjustments of the thresholds (up and down), based on feedback of the system and SMEs.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.