Cause of Error

7. Next Actions

Every CoE has Next Actions.

Every Next Action must have a single person responsible, even if others are peforming the action.

Every Next Action must have a due date and a single person responsible for it.

It is normal that the first issued draft of a CoE document, contains actions that have not yet been completed. There are many ways to use this process, but we recommend the first draft of a CoE is issued as near as possible to the original failure event, ideally within 48 hours; but the document is re-issued and published when further analysis comes to light, and again when all Next Actions have been completed.

Produce a single document with seven sections:

1. Summary

A simple description of what happened.

2. Customer Impact

Describe the issue from the point of view of our customers. What did they see?

3. Security Impact

Was any system, data or privacy breached?

4. Timeline

Who did what when, and when the problem was resolved.

5. Five Whys

Keeping asking Why until you have a root cause. Dissect or deconstruct at every stage.

6. Lessons Learned

What did we learn from this problem?

7. Next Actions

Given the things we learned, what will we do next about this?

Implementation Notes

How to implement this method in practice.

v0.1 22/01/22