Monday, 12 December 2016

Is the Decision Hyperlinked?

I regularly hear the following statements: "The manager knows about it", "I told you about this in the meeting", "Everyone is aware of this", and so on. However, if a decision is not in a hyperlinkable location, then the decision doesn't exist. It is vital that you capture decisions, because without a very clear track of them, you cannot learn from experience.

Capturing decisions is most important for the longer term. When you deal with your second and third situations, you start building the credibility to say, "We did this in the past, it didn't work then, and here are the consequences. Here is the real cost of that particular decision, so let's not repeat this mistake".

It is essential to do postmortems and understand the real cost of decisions. If a comment is made along the lines of, "Oh, we don't have time to do this now because we have a deadline", after a huge amount of manpower and time has been spent fixing the problem, you need to be able to say, "Was that decision the correct one? Let's now learn from that, and really quantify what we are talking about".

Completing this exercise will give you the knowledge to say the next time, "We need a week, or two weeks, or a month to do this". Or you could say, "Last time we didn't do this and we lost six months". So, it is key not only to capture the decisions, but also to ensure you do a very good postmortem analysis of what happens after risks are accepted.

When there are negative consequences because of a bad decision, such as security issues or problems of technical debt, it is important that the consequences are hyperlinked back to the original issue for future reference.

In a way, the original issues are the foundations of the business case for why a problem occurred, and why you don't want to repeat the problem in the future.

(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)

Post a Comment