Another horror story. This from TechCrunch, “All Data Lost Without Backup, Company Deadpooled” (also discussed on Slashdot). Briefly, a blogging company named JournalSpace was put out of business when their web site database was erased. The company speculates it was the victim of a malicious act from a disgruntled ex-employee. But the real culprit was poor management and the victims were its thousands of customers who lost years worth of creative work.
Responsibility and accountability have to be built into every startup’s company culture and business policies. What can you do? Read on for some advice.
If a company fails because of poor planning or execution, the victims are not just the founders, the investors, or employees but the customers who expected to receive an online service they were willing to pay for and trust. Increasingly we are going to see wannabe online services culled from the ranks of successful companies by the founders’ willingness to be accountable to their customers.
Business continuity, disaster planning, system security and data integrity are a CTO’s responsibility. Creating a plan to back up a database server may not be as much fun as developing a customer acquisition plan or rolling out new functionality on a web site but someone has to do it. And whether he does it himself, or delegates it to a system administrator, the CTO must take personal responsibility for making sure customer data is secure and recoverable.
What if you are a CEO? Do you just delegate responsibility to your “guy handling the IT” (as the founder of JournalSpace says he did)? First of all, if you’ve got an online business of any size whatsoever, and you have a “guy handling the IT” instead of a C-level technology executive, you are headed for FAIL (sorry, just had to make that point!). Your responsibility as CEO is oversight of your CTO’s job responsibilities. You need to ask, “What’s our disaster plan? What can go wrong? Are systems in place? Have we tested the recovery protocol so we know it works?” And don’t take a nod of the head and sincere assurances as sufficient. Ask to see a recent log report (even if you have to ask how to interpret it).
The chain of command stops with you, if you are the CEO. Governance means taking responsibility, putting systems of accountability into place, and also bringing in expertise to assess risk, identify deficiencies, and advise on best practices. The founder of JournalSpace trusted his “IT guy” to do the right thing. Apparently, his IT guy betrayed the trust, either by negligence or malfeasance (though, of course, no one knows the real story of what happened at JournalSpace). If you’re a CEO, or a company founder, can you say you’ve done everything you can to make sure your customers’ trust is not sabotaged by neglect or a criminal act? What do you need to do to meet your obligation of responsibility?
Obviously, in hindsight, we can say that founder of JournalSpace should have hired an outside firm to do a security audit. Maybe it was something he thought of doing and put off as a low priority or “too expensive.” But he didn’t have to pay for an independent security audit to take responsibility for his customers and his company. Without any budget at all, he could have asked for some peer advice. All he needed to do was bring up the topic with an acquaintance at a conference or pick up the phone and call someone else in the business and ask, “What do you guys do for backup? What kind of questions should I be asking my IT guy about disaster recovery?” It would have cost him nothing and might have saved his company.
How about you? Whether you are a CEO or CTO, is there something you need to do right now, while you are thinking about it, to make sure your startup can survive disaster or systems compromise?
One thing you can do is download my Job Description for a Web Chief Technology Officer and use it as a checklist to make sure you haven’t neglected key areas of responsibility. It’s a template and it might not fit your organization perfectly but use it as a tool for review. If you’re a CEO, you can use it as a checklist when you meet with your “technology guy” to make sure no aspect of the job has been overlooked. If you’re a CTO, consider it “best practice” research. Take a look and see if it helps you (and let me know if I can make improvements for others who use it, too).
Don’t leave disaster preparedness to chance. I don’t mind if you call me just to chat for a few minutes about what a startup should do to safeguard its customers’ trust. This is what I do as a consulting CTO. The call is free. The company you save may be your own.