managing risk and compliance on enterprise social networks
TRANSCRIPT
SHARON O’DEA @sharonodeaIndependent consultant
Please collaborate responsibly!
There’s a lack of clear guidance about enterprise collaboration from regulators, which leads to nervousness.
Take a pragmatic approach to risk, ensuring that you effectively balance the need for control against the need to realise the project’s benefits.
Main Message
Banking
$667,000,000
• Enterprise social collaboration• Based on Jive• Integrated with Sharepoint, MS Office, Lync/OCS• 100 targeted use cases• Replaced old Sharepoint 2007 intranet
The project
What are the risks?
Information security
Data privacy and control
Governance
Compliance and monitoring
User behaviour and values
What are the risks?
Failure to realise project benefits
Risk strategy
Managed riskHigh risk High risk
Anarchy RepressionHigh cost of failure High cost of implementation
sweet spot
Overcoming stakeholder concerns
Pre-mortem
A comparison
Image credit: Manny Wilson bit.ly/1nd0BHA
Comparative risk
EmailLync/OCS SharePoint
Teamspace ESN
Com
plia
nce
risk
Little proactive control over what is sent where and to whom Multiple versions of content stored Archives are often inaccessible (hard drive)
Informality and perceived lack of transparency leads to potential risk Monitored to identify issues Decisions or conversations can’t be revisited
Poor user experience reduces risk as not used extensively/proactively Content is often out of date Monitored to identify issues Not mobile friendly
Single place where content is held centrally The transparency and community awareness drives content quality Supports the Bank’s monitoring processes Mobile app for corporate devices
Meeting regulatory and compliance needs
Index
AutonomySearch
Records Management
Module
Activity: Posts, comments, likes, shares, etc...
Activity records sent to Enterprise Vault
records archive
Records Archive queried according to Bank standards
Data is stored on the Bank’s systems. Configured to meet data
privacy requirements
Records Retention and Monitoring enabled through Records Management
module
Public
• Anyone can view
• Anyone can contribute
Members only
• Anyone can view
• Only approved members can contribute
Private
• Only members can view
• Members can contribute
Secret
• Only members can view and contribute
• Doesn’t show up in search
Data privacy and control
Accountability forces good behaviour
Reporting workflowUser reports post
Shows in moderation queue
Restore Delete
Contact individual Contact manager
“I am sorry to hear of this tragedy. My thoughts are with those affected at this time. I wish those who have been injured a fast recovery. May God bless the miserable child.”
Example
Communicating on responsible use
Compliance theatre
Compliance comms
What compliance want to tell
people
What people actually want
to know
Real information for real people
Our rules: Be respectful - make sure you're not doing or saying anything that could be seen as offensive,
threatening or inappropriate
Be professional - act as you want to be seen in any business environment and how you would in any of the Bank's other channels
Respect confidentiality - the same rules apply as other Bank channels in terms of data protection and confidential information. No private side information can be shared at present
Be open and transparent - make sure you're clear and accurate, and if you do make a mistake you take steps to correct it quickly
Make sure it's yours or get permission - don't post anything including images and videos that you don't have the rights or permissions to do so.
Professional standards, the Code of Conduct and the Bank policies all still apply when using the Bridge, as they do with any other internal communication.
Collaborative behaviours
Look after us Pause to think Stay focused Be smart
Play niceBe valuableShare with care
Be yourself Give credit
Make it your own
User communications
Leadership
You mean bancassurance? I’ve worked on a deal like this and can give you some advice. Here’s our team’s blog on it.
Great blog, great work! This is a great example of how we’re working together across our segments and products for our clients.
Client wants corporate credit extended and personal life insurance set up fast to cover business and personal debt. Any advice?
Which tool to use?U
rgen
cy
Whole company1 Team Department
Audience size
Phone call
OCS
ESN private message
ESN private group ESN members only group
Big call
ESN open group
Homepage news story
Email newsletter
All-staff emailMore
Less
• Manage concerns about risk by methodically mitigating risks one by one
• Systems can’t stop people being idiots: real people need real, plain English communications
• Use carrots as well as sticks – show people how this makes their lives better
• Take your lawyers to the pub
Key Points to Take Home
E: [email protected]: sharonodea.co.uk and intranetizen.com
L: linkedin.com/in/sharonodea/
T: @sharonodea