A Definition of “Done” only on Scrum Team level can lead to catastrophe
Make the DoD a development organisation responsibility
This article is anonymised to protect people involved.
The team — no, the entire organisation — was in total panic. Last month the team deployed a new app that would disrupt the market. The first weeks did confirm this. The product was very well received. Even better than expected.
But then news broke out that the app had a security breach. The personal data showed credit card information, readily available for anyone. This was bad. Bad for the product, but also bad for the organisation. The financial damage — as a financial institution you can await a fine for these kinds of data breaches — was enormous. The reputational damage was perhaps even worse.
Crisis meeting
During a crisis meeting — with the complete team, the CTO, Head of Product, a security representative and heck, almost the entire company — the CTO asked:
“How can it be that we didn’t foresee this data breach?”
A brave member from the Development Team then said: “We didn’t know that we should take this into account.”