Built on trust

Trust is the foundation of any strong company. In this episode of The REWORK Podcast, 37signals co-founder and CTO David Heinemeier Hansson joins host Kimberly Rhodes to explore what it really means to build a high-trust organization. David shares how trust shapes the culture and success of a team, even when working remotely.

Watch the full video episode on YouTube

Key Takeaways

• 00:23 - Trust starts as the default at 37signals
• 05:19 - Empowering employees with reasonable spending freedom
• 11:46 - Why one person’s mistake shouldn’t lead to restrictive policies
• 15:15 - How to cultivate trust in remote workplaces
• 22:10 - Trust and accountability can and should coexist

Links & Resources

• Record a video question for the podcast
• Books by 37signals
• 30-day free trial of HEY
• HEY World
• The REWORK Podcast
• Shop the REWORK Merch Store
• The 37signals Dev Blog
• 37signals on YouTube
• 37signals on X

Sign up for a 30-day free trial at Basecamp.com

Transcript

Kimberly (00:00): Welcome to REWORK, a podcast by 37signals about the better way to work and run your business. I’m Kimberly Rhodes from the 37signals team, joined by 37signals co-founder and CTO, David Heinemeier Hansson. This week we’re talking about building a high trust organization. The reason this came up is because we constantly have customers asking us how they can prevent people from doing things in Basecamp. Like anyone can delete a task or archive a file. Our answer is always like, well, we just have a very trusting organization. I don’t think that is by chance, I think that’s been built over the years. So David, let’s talk about that a little bit. I mean, I don’t know if you’ve intentionally, you and Jason have built that kind of trust within the organization, but it’s what we always tell people. We just are very trusting.

David (00:43): I think the trust though is partly consequence of the kind of culture and the kind of hiring that we do. And I think we’ve ended up with over 20 years of having a lot of people through the company, some have worked for us for a short amount of time, some worked for a long amount of time, but the kind of catastrophic antidotes that I can pull on when we have extended too much trust and it went wrong, it’s a really short list. It’s not zero. There’s always the opportunity that you’re wrong about someone and they did not for whatever reason deserve the trust that you extended to them. But I think what’s key here is to divide the calamities that could possibly occur if someone you trust prove out not to be worthy of that trust. There are certain aspects of the business where the trust really is truly critical, and that’s around areas like data access.

Kimberly (01:46): Right

David (01:47): So when it comes to accessing customer data, especially on something like, HEY, where you’re dealing with personal emails, we actually have a multi-layered step process that communicates that, you know what, we may trust you, but this is so critical and this is so important that even our most trusted employees still have to go through quite a few steps. So for example, when someone is investigating a issue with HEY and emails aren’t being delivered or there’s something else wrong, they usually have to go in and look at the database. But right from the get go, we knew that if the staff we had had full access to the data and just through their normal course of business, their normal investigations, their normal help of customers were exposed directly to the emails and the subjects and the rest of it, that wasn’t going to be something we’d be comfortable telling customers.

(02:45): In fact, it goes further back than that. When we were building HEY, I was trying to get my wife to use it. I thought like, hey, you write a lot of emails, wouldn’t you like to see what we built? And the very first question she had was, wait, can your employees read my email? And my answer at the time wasn’t just spot on, really clear, it had to be built up because I was like, you know what? Technically sort of they could. So we built up this defense in multiple layers where the emails themselves, they’re encrypted. When we do normal service on the application and we’re on the console on the terminal exploring these things, the data is just encrypted. You have to basically unlock any type of encryption and when you do, you have to put in a reason. This is why I’m unlocking access to the encrypted data.

(03:36): This is why I’m looking at it. And not only is there a log of that made in the system, the log is then reviewed by other people. So this is sort of the double binding of not only are we taking notes here, there’s a bit of a camera, the detail camera recording all the sessions of exactly what happened, how the data was accessed, and then the reasoning why someone needed access to that data. And then on top of that, there’s another team or another individual reviewing that. That’s probably the most severe process we have because it’s about the most severe data access that we have.

Kimberly (04:13): Right

David (04:14): The rest of the business very, very different. Our default is that we will trust people to not delete things that shouldn’t be deleted. And therefore in Basecamp for example, there’s no confirmation step per se. There’s no access control where only some of the employees of 37signals have access to creating new things, to deleting things in existing projects. We rely on the fact that we hire trustworthy people, and by the way, when something is deleted, it goes into that trash can. It’s going to sit there for 30 days before it gets expunged, and that’s enough. Most of the time this just isn’t a problem. And not only is it not a problem when you set up your organization this way where your default is to trust the smart capable people that you hopefully hired and you did some of that vetting upfront, everything just glides so much easier.

(05:09): There’s nothing where you have to tap someone else to do something for you. There’s no escalation path. There’s very little asking of permission. That’s not just in the software. It’s also around things like expenses. I remember back in 2001 I think it was, I was working at this tech company in Copenhagen and I needed some books. I was reading up on some JavaScript stuff and at that time we were buying paper books and I wanted to get some O’Reilly books I think it was. And the process I had to go through just to get approval for spending, I don’t know, $50, a hundred dollars on a set of books just felt completely demeaning actually. You’re like, you’re paying me a very nice salary and I have to talk to multiple people to spend money on developing my skills that I can apply to the reason why you hired me?

(06:04) Why? What are you trying to save here? Are you trying to save just $50 or a hundred dollars while you spending thousands on me? How does that make any sense at all? And I really took that experience to heart. And do you know what? I don’t want that. If, and when, I started running my own company, there’s got to be a pretty high ceiling or floor of what requires someone to ask for permission. And it’s got to be so high up that, do you know what? For the vast majority of purchases, for the vast majority of time, it’s just not something we’re going to bother with because then everyone can just roam around on their own, get what they need to do the job that we hired them to do. And do you know what? Then we can look at some expense reports and whatever else next month or next quarter. We’ll follow up

(06:56): and if there’s something that’s grossly out of line, which you know what, a couple of times over those 20 years I’ve looked at some expense reports for a couple of things and went, do you know what? That deserves a follow-up conversation. That wasn’t money wisely spent. And so what? So what? That’s the key insight I think here is if you start with a presumption of trust when it’s not about critical customer data, but all this other stuff, the 95% of the rest of the business, it doesn’t fall under that, you can just go back and revisit things after the fact. How bad could it be? How much money, for example, let’s say you set a ceiling of $5,000 or $10,000 or whatever it is that employees can purchase, that’s they’re purchasing limit, and then you go back and revisit it after the fact if it turns out that something isn’t quite right or the general guidelines as we have them, which I think it’s still in the handbook, which is here’s a company credit card and the policy generally speaking is spend it wisely.

Kimberly (08:01): Yeah, that’s exactly what it says. And I think it says, if you need something to do your job, you should buy it. Use this credit card to buy this if this helps you do your job, which I remember when I first started and read that ‘cause I have worked for organizations where there’s this whole expense approval, I want to go to this conference and you have to write up a whatever. It is not like that here. It’s you have a card. If you feel like you need it, spend it. And I honestly think that freedom has made, I can’t speak for anyone else, but for me, I’m actually super cautious about what I spend. Recently, David, you’re like, get a new camera and I’m like, I didn’t really want to spend your money ‘cause I know that it is truly your money. And because there’s profit sharing, it’s all of our money at some level. Like as people are spending that is reducing our profits, which then gets distributed to employees. So I think we’re all super conscious about that.

David (08:53): I do think that helps to give everyone at the company a feeling of having a stake in it. And we didn’t always have that. And I will say, do you know what? It actually worked out pretty well even when we didn’t have that. But it works even better now. And what I find is exactly as you say, when we had that conversation about you getting the fancy camera, the Sony FX

Kimberly (09:16): 30

David (09:17): 30 that both Jason and I have been so happy using, that’s very emblematic of the problems that I generally find with this policy, that I have to push employees to actually spend money on things that’ll improve their daily work. And I’ve seen this with computers as well. We’ve had a number of times where folks have hung on to computers that were sort of past their due, where there was just something substantially faster available. This is something that’s come up now that we switched to Linux and Linux is so much faster at running our test suite and now we run local tests. I’ve had to literally push a couple of people, just get the Framework desktop, just get the specked out version. It’s not that much money. A $2,000 computer, do you know what? How much time does that have to save you in a month or two before it’s earned? It’s key.

Kimberly (10:15): Yeah

David (10:16): Not very much time at all. And then there’s just even beyond the mere cost benefit analysis, there’s also just the joy analysis. I have the best tools available to me and I really like working with them. I think that in and of itself is a wonderful reason to splurge sometime on some really nice equipment that just makes your job more enjoyable, and a fast computer that runs the test or whatever else that you’re doing, that’s really one of those key things. That’s a key material that we use to do our entire job, so I’m keen to push the employees that we have to spend money on that kind of stuff. Now, at the same time, I’m also incredibly eager to compress all the expenses that we don’t need, that we don’t feel contribute to that sense of satisfaction in the job. I mean, the most famous example that we’ve talked about on this podcast many times was exiting the cloud, that there was a bunch of expenses there that were in a completely different class, literally millions of dollars every year. It did not contribute to that sense that like, oh my god, work here is wonderful, and when you take those $2 million a year or whatever it was that we ended up saving on the cloud exit and you then apply our profit sharing plan to it, it’s actually meaningful money that sort of filters through that entire process into the pocket of individual employees here. So, I do think that’s a really nice kicker on top.

Kimberly (11:46): I’m laughing because at the last meetup I was sitting by a programmer and was doing some video editing, which video always just drains a computer and I’m getting the spinning beach ball. And he looked at my computer was like, Kimberly, you need a new computer. Just go buy a new computer. So I think there is that trust. I think people do look at it very seriously. I want to make sure I am not extending beyond what I should because they’ve given me so much trust.

David (12:15): And that’s definitely my general impression of the vast majority of people. But I just do want to caveat by saying occasionally you’re going to have different conceptions of what’s reasonable. As I said a handful of times, if even that over 20 years, there have been instances where you know what, that’s not reasonable. But the key is what’s the price of cleaning that up after the fact? And by cleaning it up, it’s usually just about making clear that we’re on the same page about what’s reasonable. It’s not even about the money that was already spent. Who cares, in most cases? It’s about making sure we have the right norms going forward for how money should be spent here. And if someone needs a reminder or two about how to calibrate that, it’s fine. We have those calibrations about all sorts of other stuff. What’s the quality before a feature goes out the door?

(13:09): How’s our production environment? All these things are things we talk about, but when it comes to money, I find that there are a lot of executives who are sort of overly concerned about making a mistake and then feeling like they can’t undo that. And that’s when bad preemptive fences are put up. This is one of the things we write about in REWORK, “Don’t scar on the first cut” about policies because that’s usually how it goes. A lot of these expense policies, the more draconian they are, the more likely that there is this one anecdote attached to why the policy is the way it was because this one time, Ben just went to town and just splurged on super expensive hotels and whatever room service, and now we need an expense policy with very clearly define things. And could it also just be that Ben needed a conversation? That you needed to have one conversation with Ben saying, do you know what, this isn’t reasonable. Look at this. Come on. Dude.

(14:13): And then that was the end of it. And then everyone else did not have to carry around that policy cut for the rest of days. One of the examples I often see in physical offices is that there’ll be this sign like your mom is not here, clean up after yourself, or don’t leave dishes in the dishwasher. Again, I know why that sign is there. It’s because the one person just was a bit of a slob. And policy is a way for executives and sometimes HR and other people who have responsibility for the behavior of others to like, do you know what? I don’t want to have that conversation. That feels a little uncomfortable to go directly to Ben and tell Ben that that’s not okay. So I’ll make a generic general assessment that feels less confrontational, but all that has a price. You’re making everyone else in the organization just carry the cognitive load of one of Ben’s fuck ups until the end of days. Not a good trade.

Kimberly (15:14): Yeah. Okay. So as a remote organization, I feel like there has to be trust in general. I think people going back to the office, they feel like, oh, if I see people working, then that’s going to somehow be better. Talk me through the level of trust when we’re remote. How do you know, we have people ask us this all the time, how do I know people are working? How do I know that they’re not wasting their time? I think that’s a trust thing as well.

David (15:38): It really is. And it was the number one question Jason and I was asked during the pandemic when a lot of organizations suddenly had to switch to remote and were very uncomfortable with what that entailed in terms of trust. And my answer was first to focus on who someone’s manager or leader. That person needs to be able to gauge the quality and the pace of the work. That is literally why they’re in that position, that they’re there to oversee a number of individuals and gauge the quality and the pace of the work. If the quality’s no good and we’re pushing out bad work, do you know what? That’s a conversation. If the quality is all right, but the pace is way too slow, that’s a conversation. Managers should always be in the loop on both of those things. Now, quality and pace, occasionally derivatives of time spent in chair, that’s true. For someone to put out good quality work at a good pace,

(16:39): those expectations usually line up with full-time employment in a lot of cases. So that means spending, I don’t know, about eight hours in front of the computer every day, a little more, a little less depending on the task at hand. But so many managers, it seemed, especially at that time had kind of stepped over the whole having to gauge the quality of the work and having to gauge the pace of the work and just went straight to the derivative. How much time is spent in the chair? And if I can’t see the person in the chair, well suddenly my main enforcement function and my main supervision function seem like it’s lost. And then there are a lot of managers who suddenly feel like they’re flying blind. Well, you’re only flying blind because you’re looking at the derivatives. Look at the actual stuff that’s being produced.

(17:28): Now I say all that and then I also say that we have protocols and practices at 37signals to keep that top of mind. Is the quality and the pace proportionate to where that person should be for their level? Now I expect very different quality and pace from a junior programmer than I do from a principal programmer, for example. But both of them have to answer our two questions that pertain to work. The Monday question, what are you going to work on this week? And the end of the day question, what did you work on today? And then finally, net sum of all the work done in the past six weeks gets summarized in the Heartbeat that the entire team puts out, right? So you have these barriers to make sure that everyone is at least radiating the information of what they’re working on such that you as a manager, most of the time, just can assume that things are going well because you hired good people.

(18:29): And then occasionally you can just have a nudge, have a look and see is the work product good enough? Is it coming out on pace? If it’s not, lemme just scroll back a little. Lemme look what Ben…

Kimberly (18:40): Poor Ben.

David (18:41): Now we’re picking on Ben. I’m picking up Ben because we don’t have a Ben at 37signals. So I’m just going to scroll back through Ben’s answers over the last six weeks or maybe sometimes even longer. What has Ben been up to? What has he been working on? Does it feel right? Maybe I’ll peer in and have a look at some of the pull requests or something else like that and then you can get a really good sense of whether folks are on it. And do you know what? These things aren’t so mystical. The people who put up great work at a good pace, they tend to spend the hours in front of the computer.

(19:12): And do you know what? If somehow the fantastical thing could happen that a principal programmer here could in 10 hours a week produce what appears to me 40 hours worth of progress? Do you know what? Good for them. I haven’t ever seen it. I’ve never seen someone be able to perform at the level that they’re at, principal or lead or senior or junior in like a dramatically lower amount of time than anyone else. Because if they can do that, they’re usually due for promotion, right? Like we’re giving you tasks, they’re too easy, or projects that doesn’t require enough of your capacities and you’re able to just sail through it. So it just really isn’t a problem. But I do think it can be a problem in organizations where there’s already a bit of an antagonistic relationship between the manager and the employees. And if the employees know that the manager doesn’t, doesn’t know anything, he’s a fucking bozo.

(20:10): In the Steve Jobs term of it, doesn’t know the work, doesn’t know the quality of it, doesn’t know where the pace should be and is treating us perhaps not so nicely. Maybe there’s not that much trust. Maybe there’s a lot of bullshit red tape. I can see the temptation that someone could go like, do you know what? Yeah, I am just going to work five hours a week or I am just going to work 10 hours a week. They can’t tell anyway. And if they can’t tell anyway, I think there’s just something really important lost in that connection between manager and worker that is a breeding ground for this kind of apathy or even antagonism that someone might screw on up. So I’m not discounting that this can’t happen, that you let someone work remotely and they just totally blow it off because you’re kind of already at war.

(21:00): But my advice would then be like, fix the war. Make peace, find some managers who know the work, who know the pace, find a way to reset relationships because just forcing folks to be under your direct supervision is a really poor substitute for doing the job that a manager is supposed to do. And by the way, it usually doesn’t even work. The delusion here is in part based on the notion that if someone is sitting at a desk in an office, you can rest assured that they’re being highly productive. Do you know what? I’ve sat in more than a few desks for more than a few days early on in my career and I totally blew ‘em off. I just wasn’t engaged in the work or whatever. So I know you can skirt the work at the office too. Maybe it’s a little harder. Maybe there are a few more constraints on it and maybe if the rest of the organization is dysfunctional in other ways, it can help. I’m not going to say that, but it should not be a reason to pick remote or not remote, just on the basis that I don’t trust my employees. Well, fix that problem.

Kimberly (22:10): I also appreciate because it’s such a high level of trust, it feels like as an employee that you’re being treated as an adult, when in other organizations you’re like, I feel like I’m having to be babysat for no reason when I’m a competent adult. Why can’t I just operate like an adult? So I feel like that it’s a very different vibe when there’s that level of trust.

David (22:28): And I think what happens in some organizations is that employees will live down to the low expectations you have on them

(22:37): Just as much as they’ll live up to your high expectations of them. In most cases, if you have low expectations and you’re treating people like you have low expectations of them, there’s going to be some of that. How can I game the system? Oh, they tell me I can’t spend money on the essentials. Well, how can I just spend a bunch of money and book it under bullshit category in the expense report, right? Then it can become a bit of a game of how can I evade these nonsense processes? And I think you really off in the deep end when that’s even a temptation that something like that can happen. It’s just simply so much more pleasant to work both as an employee and as a manager in an environment where the default is we trust each other, and we trust each other because we have our eye on a low trust battery here we have our radical candor.

(23:29): We tell people when they fuck up, we tell people if they’re not keeping up either and we pay attention. And when you do all those things together, occasionally you got to say, do you know what? This is not the right person in this role at this company. We’re going to part ways with them. And when it is someone who’s in exactly the right role and they’re doing a phenomenal job, we’re going to promote them as quickly as we can to the level that their talents demand. And do you know what? Start doing all that, you can end up with a lovely place to work.

Kimberly (24:01): Okay, last question before we wrap it up. I think part of this of building a trustworthy organization is having trustworthy people. How do you, and I think I know the answer, but how do you figure that out in the hiring phases? I mean, there’s no background check. How do we know if someone is worthy of this level of trust?

David (24:22): We don’t. There’s no certainties. There is always the possibility that you hire someone who is just really good at deceiving you. I try to remember, I don’t think we’ve had a single individual I would apply that label to.

Kimberly (24:40): Really?

David (24:41): That someone made it through our hiring process and they came in and they were told, actually that’s not true. I just think of one instance. The person did not get hired, but they got very, very close. So we had one opening where someone did apply, and I think it was like their CV. It was their CV. It had a bunch of things on them, places that they worked. And right before the confirmation hearing on the person, we’re just about to hire them. I think it was Andrea just checked. Just routine checks.

Kimberly (25:12): Yeah

David (25:13): And turns out the person was just a fraud.

Kimberly (25:15): Oh wow.

David (25:16): Had listed companies they never worked at in positions they’ve never worked at. And the reason it stands so much out to me is that’s literally the only time in 25 years where someone is malicious in that way. Now maybe the kind of candidates who otherwise would be that, like out of a thousand applicants, is it entirely possible that maybe, I don’t know, 10 of them or 50 of them, or even a hundred of them fall in that category, would willfully deceive us? That’s possible. But is it possible that they’re willing to do that? And then they’re also like really good at their job.

(25:51): Like totally blowing us away with amazing code. They aced the interviews that we do with someone in person. They just fool us all and they exhibit extraordinary skill. Do you know what? I don’t think that’s very likely. It’s not necessary. If you are really good at your job and you can show us amazing code or fantastic designs or any of the other tests that we apply to candidates, you don’t need to be a fraud. So I do think that has a sort of filtering function where at other companies where if you’re mainly hiring on, I don’t know, bingo matching their buzzy keywords on their CV and the entire process is driven by HR and there’s not any take home test or whatever, and you could bullshit your way through, I do think you’re probably more likely to end up with someone who is a fraud. But you do all this other work to ensure that you hire someone who’s really good at their job? No one has ever made it in or at least never made it in and then we discovered it, which to me is all the same. If someone got in all the way and they were somehow frauding us while also doing a spectacular job, I’m almost like, you deserve it. There was a case of this and in the media recently where this one guy in Silicon Valley I think had four or five jobs.

Kimberly (27:10): Oh yeah.

David (27:11): And none of these companies knew that that person would… First of all, I mean, that’s not nice. You should not lie to people. But also, do you know what? Lion’s share the blame here lay with the companies who just had this person on payroll for, I dunno how long, and never discovered that they didn’t put in the work or the work wasn’t at the quality of the pace that should have been.

Kimberly (27:33): Yeah. Well, on behalf of all employees, we appreciate the trust. With that, we’re going to wrap it up. REWORK is a production of 37signals. You can find show notes and transcripts on our website at 37signals.com/podcast. Full video episodes or on YouTube. And if you have a question for Jason or David about a better way to work and un your business, leave us a video message, you can do that at 37signals.com/podcastquestion.