When technical problems become accountability problems
-
At some point, most environments stop having purely technical issues.
They start having ownership issues.
On the surface, everything can look fine:
- Policies exist
- Controls are mapped
- Risks are logged
From an engineering perspective, nothing is obviously broken.
Systems run. Changes get deployed. Issues get fixed.
But there is a different question that tends to get overlooked:
When a decision creates exposure, who actually owns that outcome?
- Not who implements the change.
- Not who maintains the system.
Who is accountable if that decision is challenged later.
That is where things usually become unclear.
Decisions are being made every day across infrastructure, security, vendors, and delivery.
But ownership is often:
- implied
- spread across teams
- or assumed to sit somewhere higher up
It works until it is tested.
And it does get tested, usually by something external:
- an audit request
- a client asking deeper questions
- an incident that needs explaining
At that point, the discussion shifts.
It is no longer about how something works.
It becomes:
“Who approved this, and why was that decision considered acceptable at the time?”
That is the part many environments are less clear on than they expect.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login
