7 Pattern 6: Build the thing right – speed with control
Public organisations and regulated industries have a large number of externally mandated governance, compliance and control restrictions. The rise of online cyber crime represents a threat to all industries. Organisations need to manage risk to maintain customer trust.
The antipattern would be a fixed mindset around risk where a product/service/change undergoes inspection by risk experts once it has been built. At one organisation it took 3 months to complete inspection before a sample program that could familiarise users with the process was internally deployed. In that case, the control plane of the system of work was not optimised for flow.
Improving BVSSH outcomes requires speed with control. This includes seeking early collaboration between delivery teams and risk experts and taking a context-sensitive approach to judging risks and specifying mitigations. Equipping the system of work with measuring instruments used by product/service teams can help to visualise identified risks and their mitigations.
Operating at speed requires the availability of strong brakes, and this can be achieved through standard automated checks at time of release.
Further information
To explore this pattern in more depth, watch the YouTube video from Jonathan Smart, Risk & control is dead, long live risk & control [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .