What are two good ways for a Scrum Team to ensure security concerns are satisfied? (Choose two.)

What are two good ways for a Scrum Team to ensure security concerns are satisfied? (Choose two.)
A . Postpone the work until a specialist can perform a security audit and create a list of security-related Product Backlog items.
B . Add security concerns to the definition of “Done”.
C . Add a Sprint to specifically resolve all security concerns.
D . Delegate the work to the concerned department.
E . Have the Scrum Team create Product Backlog items for each concern.

View Answer

Answer: B,E

Explanation:

According to the Scrum Guide1, the definition of “Done” is a formal description of the state of the Increment when it meets the quality measures required for the product. The definition guides the Development Team in creating a “Done” Increment. The definition of “Done” is created by the development organization (or Development Team if none is available from the development organization). The definition of “Done” may vary significantly per Scrum Team, depending on the context. One aspect of Scrum Teams inspecting how they work toward their Product Goal is that they improve their definition of “Done” over time. Therefore, one good way for a Scrum Team to ensure security concerns are satisfied is to add security concerns to the definition of “Done”. Another good way is to have the Scrum Team create Product Backlog items for each concern, as they are responsible for managing and refining the Product Backlog.

Reference: Scrum Guide