Asin is a bright fresh recruit in the mid-sized organization that you lead as the CEO. She wanted to specialize in cyber security. Asin had joined with tremendous anticipation. She had picked your organization in preference to two other big names during the campus placement. Prior to deciding, she had actually visited your office and experienced the free and the people-first environment, interacted with your people etc.
Once on board, her first assignment was with a maintenance team servicing one of your long-standing customers. The customer is a highly-trusted financial services organization headquartered in the north-eastern US. Asin was a bit disillusioned to find the work appeared nowhere close to being engaging and interesting. The team lead convinced Asin to take it up and learn the process steps in commercial software development. The team was a long-standing one and the apps being supported were mature (but quite critical for the customer). The team’s effort was mostly to keep the lights on and make small improvements. Asin came up to speed quickly and soon started directly interacting with customer-side support staff and managers.
Asin frequently came up with ideas on how to improve things for remote support. She developed minor tools for automating things which she shared with the customer staff. All was going well. One day one of Asin’s tools caused a major disruption in deployment to production with potential data breaches. A furious customer VP has called you, pointed out the tool’s design flaw and asked for Asin’s immediate removal from the team. How would you and your organization address the situation at hand (corrective and preventive)?
Solution:
Preventive measures:
Asin being new to production environment and critical support, the team management should ensure increased supervision of her work and added some extra reviews and tests, before releasing her work products to the client to avoid such critical lapses. Even though Asin developed tools outside of the main application, towards automating some processes and remote support, they should have been subjected to the same rigor as the main deliverables. Particularly since they were being given to a customer and were impacting the live system.
Corrective measures:
1. The management should own up the fault as a systemic failure, arising out of compromised supervision and implement a more rigorous process for tools related to the customer, even if the tool were not part of the main software solution.
2. Asin should be protected from being made the scapegoat by including her in the new process being designed for release of tools. An objective retrospective, that identifies the specific mistakes which lead to the disruption, should be done.
3. If the customer insists on removal of Asian from the team, move her to any project in her area of choice, ‘cyber security’. It is important for the team to know, it is okay to falter, as long we learn and correct.