"We made a mistake."
It can seem the most elusive phrase in the world.
But as soon as it's uttered, work on a resolution can start.
It's a positive acknowledgement of accountability.
Now, what can we learn?
We Made a Mistake
To err is human...
I've previously written about how trust is earned - by keeping promises you make over time.
But people will make mistakes.
Your team will click on a phishing link.
Configuration errors will be made.
Mistakes will happen.
So the question becomes:
How can you minimise the number of mistakes - and systematically learn from them when they occur?
Standard Operating Procedures
At Fresh Security, we use standard operating procedures for almost everything.
We use procedures, so our customers receive a consistent experience regardless of who they work with. That's important to us - and our customers.
One way to think of a standard operating procedure is a checklist - and in part, we were influenced by The Checklist Manifesto. They provide a safety net. An efficient and effective way to think about situations ahead of time. To know what works in the heat of the moment.
If this sounds like a cybersecurity policy and process library, or an incident response process, it's the same idea.
Crucially, anyone on the team can edit a procedure to make improvements. And we have a scheduled alert to trigger an annual review for procedures that aren't used often. It helps us learn consistently.
If you would like to see an example of one of our standard operating procedures, please reply to this email.