Why was it so important to set a baseline?

Who decides negligence? You can watch this post on video instead of reading if you are a visual person 🌞

Hello! A quick wrap-up on the miniseries about setting a governance and controls baseline.

We talked about it being ok to set up some rules, about the idea of negligence, the idea of triage. The difference between negligence and triage, prioritization.

The last thing I wanted to mention is: who decides negligence? We talked about using good judgement, but who decides?

The answer is regulators. That is where government regulators come into play. In the United States for example, we could quickly look at 3 major regulatory agencies or bodies that have that type of oversight.

First up is the Department of Health and Human Services. They might look at HIPAA regulations and decide that an organization was negligence while they were investigating a breach that happened.

Another big one is the FTC or Federal Trade Commission. If something is affecting enough people, the FTC might get involved, and say you are not doing enough to take care of of customers, of the public.

Another one that we hear about all the time is the FDA, Food and Drug Administration. They are responsible for saying this particular substance is being used for medical purposes and so it has to meet certain quality standards, and if you are not following quality standards then you might be fined or prohibited from selling that kind of stuff.

Why does this matter? Think about a regulatory agency having to come in and look at the aftermath of a problem and trying to determine negligence. It’s not going to be as black and white or as simple as did you follow a rule, yes or no?

You can understand how that judgement works. Looking at a team after a data breach event for example. Did they have a baseline? Did they have any rules written down at all? Were they prioritizing?

Or were they just sort of switched off - doing whatever was written down but not really making judgements about urgency? Was there any management happening, any governance, any oversight? Did you have any idea how close or far you were from those rules that you had on your books?

Do good work.

It’s clear how the presence or absence of a baseline is a major factor in whether other people perceive you as doing a good job. Regardless of how hard you are actually trying to follow the individual rules. And so having that baseline is a crucial step.

Get credit for your work.

Want to get the latest analysis and open source tools we publish?

It's so easy for experts to put their head down and work without ever sharing lessons learned with the rest of the world. We publish all our best ideas, analysis, and latest open source tools and techniques by email every week.

    We won't send you spam. Unsubscribe at any time.

    Powered By ConvertKit