As product managers, we are responsible for identifying and prioritizing the features for our products. Then we spend time with Development to create new capabilities and with Marketing, Sales, and customers extolling the benefits that these capabilities will provide.
One of our key assumptions is that each new capability is valuable to some (and hopefully, all) of our customers and potential customers.
However, in today’s litigious environment, shouldn’t product managers also be concerned with protecting their own company?
In an enterprise software application, a wide variety of users perform various functions, including many that could expose their company to risks. For example, new product designs are reviewed and approved in Product Lifecycle Management or PLM systems, raw materials are acquired in ERP systems, and confidential legal matters are managed and reviewed in document management systems.
Each of these systems have one thing in common — it is possible for an “authorized user” to perform an action that could put their company in a compromising situation. And if someone has stolen this user’s identity and a terrible situation results — do you think that they will attempt to hold the enterprise software vendor responsible?
Of course they will.
If today’s legal system allows the manufacturer to be held liable when someone falls off the top of one of their step ladders, it will be easy to hold the enterprise software company responsible when the strategy of a defense team in a high-profile legal matter is downloaded and released to the public by someone who guessed the lead counsel’s password.
And what about a situation where a new part in an automobile is approved by a well-meaning administrative assistant who misunderstood which part their boss said to approve. When this approved part is later discovered to be faulty and results in the deaths of a number of people, don’t you think that the company will complain that it was “too easy” for the assistant to pretend to be her boss and that the software should have done a better job of detecting and preventing this action? Unfortunately, the answer is probably “yes”.
Thus, I believe Product Management needs to expand the criteria that we use to evaluate potential product capabilities, as follows:
- Riskiness — Capabilities that the product absolutely must have to protect the viability of “our” company.
- Must Have — Capabilities that the product must have in order to be effective in the market place.
- Should Have — Capabilities that the product should have, but are not required.
- Nice to Have — Capabilities that we would like to have, but are not required.
This approach will result in more time being spent resolving “Risk” issues and less time on user-visible features that could generate revenue — which could also threaten the continued existence of the software company. Oh joy!! Yet another trade-off for Product Management to balance.
So, what do you think? Does this topic ever come up in your product planning? Or does your company depend on the fine print of your license agreements to protect itself?