Best practice is a myth
Compliance and innovation can co-exist.
As those in IT will know, there are a number of frameworks, processes and groups set up to pursue the somewhat elusive 'best practice'. I have to confess to having a particularly strong dislike for the term itself, especially in our field. ICT is far too young to have such a thing, as can be evidenced by the fact that frameworks such as ITIL are constantly reviewed and modified. Logic dictates that something cannot be best practice if it requires revision (unless the environment or other factors change, of course).
Think about it: how can something be the best possible practice if it can be improved? That's not to say there shouldn't be a pursuit of excellence of course; in fact 'good practice' is absolutely essential, vital even. However, ICT should really be far more concerned with both good practice and emerging practice than so-called best practice.Now that I have that little rant off my chest, let's look at it from a practical perspective.
It's relatively easy to define good practice in most situations, at least at a high level. Good practice in software development, for instance, would include such things as a good documentation regime, a good testing regime, and coding standards that mean multiple people over time can understand the same piece of code. Sure, this is a bit of an over-simplification and missing some essential components, but it serves well as an example.
And, more importantly, these things should be done in a way that doesn't destroy the 'art' part of the science we call ICT; a way that doesn't stifle the innovation that defines our sector and on which ICT is built. However, that concern is not in itself a reason not to have good practice. Let's take a step back to see what I mean.
As you're probably aware, NZCS recently released Information Technology Certified Professional (ITCP), the certification programme for New Zealand's senior IT professionals. It's rather like a Chartered Accountant, Master (or Certified) Builder, Chartered Engineer, or registered sparkie, but for IT.
One of the areas covered by ITCP is what we coined 'professional knowledge': knowledge of a non-technical nature but essential for those practising in IT, like risk mitigation, legal frameworks, compliance and governance, along with such things as professional responsibilities, and ethical and organisational considerations. Really, the underlying factors to good professional practice.
That all sounds fine and is pretty logical when you think about it, but something really interesting happened when we put it out for public consultation.
Whilst I should say that the vast majority of those commenting were very positive and all submissions were helpful, we received a handful of responses stating that compliance didn't have a place in IT, that it was disappointing there was a focus on legal and compliance issues, that the focus on risk mitigation was setting the sights in the wrong direction, and such like. It made us ask ourselves just how important standards, compliance and an awareness of other related issues which impact on the success of projects are.
Some seem to advocate getting rid of such things, as they could risk extinguishing the flame of innovation and creativity that makes ICT successful. However, back in the real world, the fact is IT professionals have obligations and responsibilities. Our profession is charged with making organisations run, facilitating government, underlying the health system, etc. The product of our profession creates the infrastructure of the world's financial systems, trading systems, and the fabric of society itself; it keeps planes in the air, traffic lights changing and information flowing.
Yes, best practice is a myth. However, at the end of the day, professionalism, standards, compliance and a knowledge of relevant legal considerations are essential in IT, just like every other profession. And that's simply good practice. For those concerned about a loss of innovation, just look at the flourishing architectural profession: innovative and creative on one hand, yet serious about standards on the other. Just like IT.