Root Cause Analysis(RCA) is a step by step process used to understand an underlying root cause of an issue or incident or anything that should not have occurred in the first place.
| Root Cause Analysis Template |
Best Practices for Root Cause Analysis
- Always start documenting the root cause as soon at it has occurred or you are informed. If you leave it for too long then people might forget the details of what happened and how it happened.
- Pick your team carefully as the last thing you want is to manage conflicts.
- Start filling the RCA form ASAP even if some information is missing at least have the draft started.
- Conduct an initial meeting to understand first hand experience from impacted people.
- Make sure you have a mechanism in place to follow-up on action items.
- Do a dry run or share the report with key stakeholders so that you can get early feedback.
- Ensure you get the required approvals before closing the analysis.
- Give importance to all the perspectives - Technology, Marketing, Finance etc.
- If possible include a team member from different areas of the company.
- Always be sensitive about people involved as the reason to do the root cause analysis is to make sure similar issues do not happen again and not punish the people involved.
| Root Cause Analysis Impact |
About the Root Cause Analysis Template
The template is aimed at capturing all the key information related to am event or issue.
- Event - Clearly define a event name. Keep it short and nice.
- Date and Time - Specify when the event occurred. If multiple times then mention all the times.
- Impact Assessment - This section should document what actually happened in much detail. Also, mention the impact the issue had on business in detail. Don't worry about the exact times as you will be documenting that in the timeline section.
- Previous Occurrences - Mention if there were any previous occurrences of similar issues. You need to be accurate with this information because the senior management is sure to ask tough questions when they come to know this had happened in the past and the root cause has not been fixed.
- Timeline of events - This section will capture what actually happened with time details. Document only high level phases with time stamps.
- Analysis Approach - Document how you approached the analysis. Explain briefly what are the different steps you took to conduct analysis.
- Action Items - These are actions of tasks coming out of the root cause analysis. Each action should a have target date and individual names associated with it. Also ensure that reminders have been set for these action items.
- Residual Risks - Document the risks which will continue to exist after the incident. Also document if the risk will be mitigated by closing of any action item. Assigning a right risk rating is also important.
- Last but not the least ensure the report is signed off by appropriate authority.
| Residual Risks |
Example of Root Cause Analysis in IT
Event : Security Breach
Date & Time : 13-June-2017, Friday 1:00 PM
Manager : Swapnil Wale
Timeline
- 13-June-2017, 12:45 PM : During a routine system upgrade some of our security protocols were not followed which lead to our network being exposed.
- 13-June-2017, 1:00 PM : Possible hackers breached into out network and were able to get access to our customer database.
- 13-June-2017, 1:20 PM : Internal staff were alerted to a potential intruder. Upon getting the alert our internal network was shutdown to avoid further loss.
- 13-June-2017, 1:30 PM : Security Manager was informed about the incident. Security manager then alerted senior management and logged security breach incident.
Impact Assessment
During a routine system upgrade some of our security protocols were not followed which lead to our network being exposed.
Possible hackers breached into out network and were able to get access to our customer database. Customers have been informed about the security breach. IT team is in the process of identifying the affected customers.
Possible hackers breached into out network and were able to get access to our customer database. Customers have been informed about the security breach. IT team is in the process of identifying the affected customers.
- Customer Impact : High
- Brand Impact : High
- Contractual Impacts : Low
- Financial Impact : Medium
- Productivity Impact : Low
- Data Loss : Low
- Privacy Breach : High
Action Items
- Review our systems upgrade procedure to find gaps.
- Review internal processes to ensure IT Team needs to know communication plan when incidents occur.
- Implement system changes to enhance security protocol to make our security robust.
Residual Risks
- Until the polices and procedures are not updated there will be a risk of security breach happening again - Critical.
- As IT Team is still analyzing the impact the severity of the impact assessment could change. The severity could either go up or down depending on the outcome - Medium.
Download RCA Template in Excel, PPT and PDF Template
