Day 42 — Sprint #5 Close
Today I wrap up another week of productive (though exhausting) work on Data Security.
Sprint #5 Retrospective:
This week I continued my data security work as we build toward HIPAA Compliance. Overall, the week was really productive and I checked off most of the remaining unknowns left on the administrative control side. I’m now left with a bunch of simple “known knowns”, though I expect the final 20% will be a grind to the finish.
Highlights of the Week
- Developed our incident response plan
- Developed a business continuity plan
- Signed our first BAA with Google
- Completed the Apple Privacy Check
- Granted options to the team
💡What I Learned
- The thought process and tactical approach to granting options. Most critically, the importance of working together with the team to develop a set of agreements that make sense for both sides.
- The importance of building in security from the very beginning. The work I’m doing now is not easy, but I can’t imagine what it would be like in another few years without thinking about it. Building it into our foundation from the beginning will make this so much more manageable as we move forward (not to mention make us a more secure organization).
👍 What Went Well
- Completed our options agreements! It was really fun working with the team to share in the potential success.
- Built our v1 business continuity and incident response plans. I started the week scared of building these out and I leave the week comfortable with our early deliverables.
👎 Opportunities to Improve
- Getting back to users. Both for the company and my own sanity, I need to get back to building product and talking to users. It’s been 2 weeks and I’m starting to go a little bit crazy.
- The process (?). I’m sure there’s a better approach to how I’m completing our administrative controls, though short of spending a bunch of money I’m not sure what it is.
- Being realistic with my time. It’s another sprint close and other week of saying “just one more week.”
⏭️ Next Steps
- 1 more week! ;)