The nature of financial, healthcare, insurance and defense industries implies the non-negotiable need for high levels of regulation. In these stringent environments with strict controls on policies and procedures, leveraging social media platforms to increase collaboration among employees is challenging. To succeed, there is a need to establish well-defined processes, policies and codes of conduct to help employees use these social networking tools. The other dimension which adds to complexity is hosting environments – on-premise or hosted. It is equally important to ensure that all of the policies and procedures adhere to industry specific acts like FINRA, HIPAA, HITECH, AIA (export control, IPR and copyright etc., policies), etc.
Here are five key areas that organizations functioning in highly regulated environments should consider while setting up a social media platform:
- Governance Set-up: To ensure a smooth and successful adoption of social programs, a proper governance model should be defined at the beginning. Governance means taking ownership and building a process to continually ensure that the people, process, technology and information are always aligned with the business objectives. Building such a model allows companies to leverage all of their personnel and information assets. Clearly defined guidelines adhering to FINRA, HIPAA etc., will help employees, partners and customers understand and follow the rules of engagement. The companies should also help keep executive stakeholders informed so they can decide on course corrections if operating challenges arise.
- Defined Social Media Strategy: Any organization that embarks on their social journey must have an understanding of the social media strategy, policy developments, current governance programs and how large scale customer experience management and employee engagement programs are implemented. This background will help them understand the challenges that may arise when building internal collaboration programs. The approach to governance begins with an organization first defining the strategic benefits it intends to derive from its collaboration efforts and what impact those efforts will have on the organization. It is important that it is built upon on the organization’s strengths. Moreover, social media risks should be managed with a custom governance approach that helps to do the following:
- Enhance demonstrable controls of collaboration programs, satisfying both audit and compliance program demands
- Anticipate emerging regulatory compliance issues that may dictate collaboration activities on a global basis
- Gain stronger consensus among internal organizational areas impacted by collaboration with regard to strategic direction and risk management
- Governance Levels: A successful, implementable governance model should always follow a multi-pronged approach that focuses on managing processes, policies and people at the strategic, tactical and operational levels.
- Strategic: Strategic tasks include providing direction to the overall program, aligning with business objectives, periodic health checks, conflict resolution and issue escalation. At the strategic level, the executive team should consist of business heads, the executive sponsor, legal counsel and a regulatory compliance representative. This committee should meet periodically to review performance against target goals.
- Tactical: Tactical tasks include planning and defining policies and rules based on data sensitivity. The team is responsible for creating and managing processes for collaboration and communication within the organization. At the tactical level, the team should consist of collaboration strategist, line managers, HR, IT and legal representatives. This team participates in review meetings at defined intervals to gauge the program performance and compliance metrics.
- Operational: Operational tasks include day to day tracking, risk and issue management. At the operational level, the team should consist of department leads and tech support to monitor employee engagement and compliance with the governing policies. This team should participate in weekly review meetings to assess/address the risks and other issues.
- Roles & Responsibilities: A social adoption council with the below roles and responsibilities must be created to manage and administer an enterprise social platform:
Role Responsibilities Executive champion Accountable for the success of the collaboration initiative, budget, resource allocation and promotion among the business Community strategist Responsible for developing the communication and collaboration strategies gathering input and feedback from end-users, developing scenarios and measuring and reporting progress on achieving objectives Community managers Responsible for coordinating and gathering resources, monitoring conversations and ensuring community compliance to the organizational guidelines Social technologist Designs infrastructure to support the governing policies and regulatory commitments, and develops security strategy, data retention & archival policies.
Provides ongoing support for maintaining the application
Legal/compliance lead Monitors all of the compliance requirements related to specific industries, as well as assists the community and technical teams in developing suitable policies
- Risks Identification and Mitigation: Organizations must determine that an internal social collaboration platform does not create any new issues that are not already accounted for in existing electronic document, privacy, eDiscovery, etc. The transparency of these platforms requires consideration of how the information on the platform will be used and shared. A thorough analysis of risks versus rewards must be made. If there is a significant opportunity in sharing lower risk information with a high business benefit, it should be shared without compromising compliance regulations.
This post was originally published on ITBusinessEdge on March 30, 2013, and is re-posted here by permission