I believe very strongly, that every team has some ratio of “checklists vs risks” approach. My writing, lately, errs very strongly towards the analytical risk path. It’s my belief that this is where the best practice is formed that ultimately ends up on a checklist after it has survived as a hypothesis long enough.

As an example, there are not very many established standards for enterprise cold storage of cryptocurrency. Many organizations have built / are building it from scratch with a cognitive heavy approach. Mainly because requirements differ so drastically. In twenty years or so, there may be more established policy approaches that follow a runbook, or even so far as, a regulation, and it will likely satisfy a lot of common design patterns as a result.

I think this sort of lifecycle of “checklists vs risks” is related to your comment.

Written by

Writing about risk, security, and startups.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store