This presentation delivered on March 10, 2011 described how to develop a social media policy, the elements and policy statements to include in a comprehensive policy, and other considerations for managing social media.
2. About AIIM International - Members in 146 countries Independent - Unbiased and vendor neutral Implementation Focused - Processes, not just technology Industry Intermediary - users, suppliers, consultants, analysts, and the channel http://www.aiim.org
3. Jesse Wilkins, CRM Director, Systems of Engagement, AIIM Background in electronic records management, email management, ECM, and social technologies Director, ARMA International Board of Directors (2007-2010) Frequent industry speaker and author AIIM ERM and E2.0 Expert Blogger Instructor for AIIM Certificate Programs 3
4. It’s just a fad…. By the end of 2013, half of all companies will have been asked to produce material from social media websites for e-discovery. Source: “Social Media Governance: An Ounce of Prevention”, Gartner
5. Agenda Introduction Policy development framework Structural elements of a comprehensive social media policy Social media policy statements Strategies for managing social media
7. Why a policy? Ensures that employees know what is expected of them Provides guidelines for being more effective Reduces risk of someone posting inappropriate content Addresses legal and operational concerns
8. About the social media policy Social content is just another form of content Policy should provide a framework applicable to most or all social media tools – and to other content/communication-related technologies as well DON’T write e.g. a Facebook policy, a Twitter policy, etc.
9. Best Buy Social Media Policy Be smart. Be respectful. Be human. http://www.bby.com/2010/01/20/best-buy-social-media-guidelines/
11. Policy 2.0 – in 140 characters Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.”
13. The policy framework Approach to developing and implementing a policy Ensures that policy development is consistent with organizational goals Ensures that policy meets legal, regulatory, and operational requirements
14. 1. Get management support Policy development requires time and energy from users and stakeholders So does policy implementation Ongoing compliance will require auditing and communication
15. 2. Identify stakeholders Policy should address the entire enterprise Stakeholders should include: Business unit managers Legal External customers and partners
16. 3. Put a team together Internal social media experts Internal champions and evangelists Expert users from key areas of the organization Records/legal/compliance IT
17. 4. Identify the goals of the policy What changes are being introduced? Social business technologies Related processes What are the desired outcomes? What behavioral changes should result?
18. 5. Conduct the research Legal research Organizational research Public research Standards and guidelines Benchmarking Consult with similarorganizations Analyze the results
19. 6. Draft the policy Collaborative and iterative process There are a number of public examples of social media policies These are starting points and need to be customized for your requirements Keep it as simple as possible
20. 7. Review the policy Review by legal, HR, users Ensures it is valid Ensures it will work within existing organizational culture Change management
21. 8. Approve the policy Policy is reviewed by business managers, senior management Complete revisions as necessary Approve the policy
22. 9. Implement the policy Communication Training Auditing Enforcement!
23. 10. Once the policy is live Monitor for compliance with policy Solicit feedback about policy Provide refresher training as required Plan for periodic review and maintenance Changes to regulatory or operational requirements Changes to social technologies New social technologies
26. Purpose and scope This policy has three purposes: Establish definitions relevant to social business technologies Describe usage policies relating to social business technologies Describe security and technology policies relating to social business technologies Scope: This policy is applicable to the entire enterprise.
27. Responsibilities Responsibilities for policy development and maintenance Responsibilities for policy administration Responsibilities for compliance with policy
30. References List any references used to develop the policy Internal strategic documents Records program governance instruments Statutes and regulations Publications Examples and templates
34. Look & feel guidelines Account details Handle Picture – including corporate logo usage Bio Contact information Friends/buddies/contacts Groups/fans/likes
35. Content guidelines Whether posts will require approval Pictures and video By the organization By third parties, e.g. the public Links (i.e. “sharing”) Applications and widgets Likes, retweets, etc.
36. Whether the account is monitored for actionable content (screenshot) Public records
37. Personal access and usage Access to personal accounts using organizational resources (time, computers, network, etc.) Access to sites using personal devices (iPhone, tablet, etc.)
38. Inappropriate usage Offensive content Disparagement of the organization – or of competitors or others Slander or libel Sexual content Solicitations of commerce Threats Illegal activity Violation of copyright
39. Sensitive materials Personnel-related information Financial information Confidential information Health information If you wouldn’t post it to your website or send via email, don’t post to FB or send via Twitter.
42. Governmental considerations Links to primary site (“content of record”) Whether comments are allowed And monitored Public records act Public safety and monitoring issues
46. Is it a record? Is the information unique and not available anywhere else? Does it contain evidence of an agency’s policies, business, mission, etc.? Is the tool being used in relation to an agency’s work? Is there a business need for the information? Does it document a transaction or decision?
47. What is the record? Individual social network status updates or Tweets? Comments and responses to comments? The entire stream over a given period? Embedded URLs? Policy and consistency are key
50. Records management in brief Archive selected items locally Use search queries and monitoring Store selected items locally using search queries or RSS
51. Use the native backup to store locally Store locally using built-in tools
52. Use a third-party service to store locally Store locally using third-party service
57. For more information Jesse Wilkins, CRM, CDIA+ Director, Systems of Engagement AIIM International +1 (303) 574-0749 direct jwilkins@aiim.org http://www.twitter.com/jessewilkins http://www.linkedin.com/in/jessewilkins http://www.facebook.com/jessewilkins http://www.slideshare.net/jessewilkins
58. Additional Resources “How Federal Agencies Can Effectively Manage Records Created Using New Social Media Tools”, Patricia Franks, Ph.D., IBM Center for The Business of Government, 2010 Guideline for Outsourcing Records Storage to the Cloud, ARMA International, 2010 “Electronic Records Management: Blogs, Wikis, Facebook, Twitter, & Managing Public Records”, Washington State Archives, September 2009
59. Additional Resources “Managing Social Media Records”, U.S. Department of Energy, September 2010 http://cio.energy.gov/documents/Social_Media_Records_and_You_v2_JD.pdf “Guidance on Social Networking”, Arizona State Library, Archives, and Public Records, June 2010 http://www.lib.az.us/records/documents/pdf/Social_Networking.pdf
60. Additional Resources NARA Bulletin 2011-02, “Guidance on Managing Records in Web 2.0/Social Media Platforms”, October 2010 http://www.archives.gov/records-mgmt/bulletins/2011/2011-02.html “A Report on Federal Web 2.0 Use and Value”, National Archives and Records Administration, 2010 http://www.archives.gov/records-mgmt/resources/web2.0-use.pdf
61. Colorado State University Social Media Resources http://socialmedia.colostate.edu/ Division of Emergency Management Draft SM Policy http://www.coemergency.com/2010/02/dem-draft-social-media-guide.html UNC Social Media Best Practices http://www.unco.edu/websupport/social/index.html
62. City of Longmont Social Media Guidelines http://www.ci.longmont.co.us/news/social_media/documents/socialmediaguidelines.pdf Eric Schwartzman’s Social media policy template http://ericschwartzman.com/pr/schwartzman/social-media-policy-template.aspx PDF: http://ericschwartzman.com/pr/schwartzman/document/Social-Media-Policy.pdf
63. Additional resources Compliance Building Social Media Policies Database http://www.compliancebuilding.com/about/publications/social-media-policies/ 57 Social Media Policy Examples and Resources http://www.socialmediatoday.com/davefleet/151761/57-social-media-policy-examples-and-resources Web 2.0 Governance Policies and Best Practices http://govsocmed.pbworks.com/w/page/15060450/Web-2-0-Governance-Policies-and-Best-Practices
64. Social Media Governance policy database http://socialmediagovernance.com/policies.php “Analysis of Social Media Policies: Lessons and Best Practices”, Chris Boudreaux, December 2009 http://socialmediagovernance.com
Notas del editor
Here’s a very succinct Twitter policy from a blog by an HR-focused law firm, GruntledEmployees.com. “Our Twitter policy: Be professional, kind, discreet, authentic. Represent us well. Remember that you can’t control it once you hit “update.””Pretty good, right? Now, you could argue that this policy is missing a lot of the stuff I just mentioned. But I don’t know that I agree – authentic, professional, discreet, represent us well – that’s pretty close. And regardless of what you think might be missing, I’d argue that if your employees follow this policy, you won’t have many issues with them. And note that this policy is itself Tweetable. [twitter] Policy 2.0 – in 140 characters, courtesy of gruntledemployees.com. http://is.gd/8BpjT[/twitter]
Official vs. unofficial includes: Disclaimers (this is or is not official; disclaimer of responsibility if it isn’t)Whether approval is required to create an account (official only)
The first step many organizations take to manage Web 2.0 is to try to block them. This is unrealistic for a number of reasons.
The first step is to determine whether or not something is in fact a record. Just as we know that most email messages are not records, for most organizations their Facebook fan page updates will not be records either. In other words, we have to ask the same questions about these tools that we’d ask about any other type of information:Does it document a transaction or a decision? If it does, it’s probably a record. Is it captured in another form? This is the biggest reason why most social networking sites like Facebook and Twitter wouldn’t need to be captured as records – in most cases they are being used as another transmission mechanism for information stored elsewhere. Now, just because it isn’t a record doesn’t mean it couldn’t be discoverable or a public record and subject to FOIA-type laws. Again, same considerations here as for other types of information. [twitter]Determine whether something is a record or not according to its content and context.[/twitter]
The next step is to determine exactly what is the record and must therefore be retained. Again, this will likely vary not just by content, but also by the nature of the tool. An individual social network status update or Tweet could rise to the level of a record, though I suspect this will be uncommon; in the case of a protracted discussion on someone’s wall or via Twitter, it might be the entire stream of updates on a particular topic or over a given period. This is analogous to determining when an instant message is a record. Many of these tools don’t really have metadata in the traditional sense. Twitter, for example, has the following public metadata: SenderMentions (the @ or DM it is addressed to, and could be more than one)A unique Twitter IDAn in-response-to Twitter ID if it uses the Twitter Reply capabilityA ReTweet ID if it was ReTweetedDate and time sentThe client used to send the update, if knownAny hashtags could be considered metadataBut note what there isn’t: No subject line or topic, no mechanism for filing it, no keywords (except maybe the hashtag). Other systems may offer more or less metadata but it is difficult to access some of that, even if it is retained by the system or commercial provider. The key is to have a records policy that is broad enough to encompass all of these tools and that stresses the content and context of information rather than its format. And as we noted earlier, just because it exists does not make it a record per se.[twitter] The next step is to determine exactly what is the record and must therefore be retained. [/twitter]
Finally, there are enterprise versions of every Web 2.0 application. These enterprise versions are often available to be hosted inside the firewall, meaning that security is much more robust. Access can be secured to them much more effectively. They can be integrated into the organization’s identity infrastructure – whether Active Directory or something else – such that any change, post, comment, edit, update, etc. can all be tracked and, more importantly, tracked to a specific named user. No anonymous postings here. Of course, you have to pay for an enterprise version, but what you’re really paying for is a level of peace of mind. And you still get many of the same benefits – ease of use, familiarity with the type of tool, rapid and agile collaboration across geographical and time boundaries, etc. You’re just getting a more secure and robust version of it. [twitter]Consider implementing enterprise versions. FB is FB, but internal tools might be more appropriate.[/twitter]
At this point I’d be pleased to entertain your questions.