Root Cause Analysis

Root Cause Analysis (or RCA) is a vital tool for all businesses to use when evaluating incidents in the incident response process (or any major event for that matter). SMB’s need to understand not only their vulnerabilities or weaknesses, but what ultimately caused one to be realized as well. Root Cause Analysis can be easily done at a high level by investigating the following five questions:

1. Define the Problem
2. Collect Data
3. Identify possible causes
4. Select the Root Cause from the possible causes
5. Fix the Problems that lead to event happening

Should an SMB have a Root Cause Analysis Process?

Yes. It is a fairly straight forward process and should be used by SMB’s for any major incident you experience.  Make sure you ask the five why’s as well to get to the true source or Root of the issue.

Related Term: Incident Response

Sources: National Institute of Standards and Technology, NIST

Additional Reading: Mind Tools Article on Root Cause Analysis

For more information on performing an RCA, please watch this video: