Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Managing risk and compliance on enterprise social networks


Published on

Presentation to Enterprise Collaboration Techfest (March 2016)

Published in: Social Media
  • Be the first to comment

  • Be the first to like this

Managing risk and compliance on enterprise social networks

  1. 1. SHARON O’DEA @sharonodea Independent consultant Please collaborate responsibly!
  2. 2. There’s a lack of clear guidance about enterprise collaboration from regulators, which leads to nervousness. Take a pragmatic approach to risk, ensuring that you effectively balance the need for control against the need to realise the project’s benefits. Main Message
  3. 3. Banking
  4. 4. $667,000,000
  5. 5. • Enterprise social collaboration • Based on Jive • Integrated with Sharepoint, MS Office, Lync/OCS • 100 targeted use cases • Replaced old Sharepoint 2007 intranet The project
  6. 6. What are the risks?
  7. 7. Information security Data privacy and control Governance Compliance and monitoring User behaviour and values What are the risks? Failure to realise project benefits
  8. 8. Risk strategy Managed risk High risk High risk Anarchy Repression High cost of failure High cost of implementation sweet spot
  9. 9. Overcoming stakeholder concerns
  10. 10. Pre-mortem
  11. 11.                                 
  12. 12. A comparison Image credit: Manny Wilson
  13. 13. Comparative risk Email Lync/OCS SharePoint Teamspace ESN Compliancerisk  Little proactive control over what is sent where and to whom  Multiple versions of content stored  Archives are often inaccessible (hard drive)  Informality and perceived lack of transparency leads to potential risk  Monitored to identify issues  Decisions or conversations can’t be revisited  Poor user experience reduces risk as not used extensively/proactively  Content is often out of date  Monitored to identify issues  Not mobile friendly  Single place where content is held centrally  The transparency and community awareness drives content quality  Supports the Bank’s monitoring processes  Mobile app for corporate devices
  14. 14. Meeting regulatory and compliance needs I n d e x Autonomy Search Records Management Module Activity: Posts, comments, likes, shares, etc... Activity records sent to Enterprise Vault records archive Records Archive queried according to Bank standards Data is stored on the Bank’s systems. Configured to meet data privacy requirements Records Retention and Monitoring enabled through Records Management module
  15. 15. Public • Anyone can view • Anyone can contribute Members only • Anyone can view • Only approved members can contribute Private • Only members can view • Members can contribute Secret • Only members can view and contribute • Doesn’t show up in search Data privacy and control
  16. 16. Accountability forces good behaviour
  17. 17. Reporting workflow User reports post Shows in moderation queue Restore Delete Contact individual Contact manager
  18. 18. “I am sorry to hear of this tragedy. My thoughts are with those affected at this time. I wish those who have been injured a fast recovery. May God bless the miserable child.” Example
  19. 19. Communicating on responsible use
  20. 20. Compliance theatre
  21. 21. Compliance comms What compliance want to tell people What people actually want to know
  22. 22. Real information for real people Our rules:  Be respectful - make sure you're not doing or saying anything that could be seen as offensive, threatening or inappropriate  Be professional - act as you want to be seen in any business environment and how you would in any of the Bank's other channels  Respect confidentiality - the same rules apply as other Bank channels in terms of data protection and confidential information. No private side information can be shared at present  Be open and transparent - make sure you're clear and accurate, and if you do make a mistake you take steps to correct it quickly  Make sure it's yours or get permission - don't post anything including images and videos that you don't have the rights or permissions to do so. Professional standards, the Code of Conduct and the Bank policies all still apply when using the Bridge, as they do with any other internal communication.
  23. 23. Collaborative behaviours Look after us Pause to think Stay focused Be smart Play niceBe valuableShare with care Be yourself Give credit Make it your own
  24. 24. User communications
  25. 25. Leadership You mean bancassurance? I’ve worked on a deal like this and can give you some advice. Here’s our team’s blog on it. Great blog, great work! This is a great example of how we’re working together across our segments and products for our clients. Client wants corporate credit extended and personal life insurance set up fast to cover business and personal debt. Any advice?
  26. 26. Which tool to use? Urgency Whole company1 Team Department Audience size Phone call OCS Email ESN private message ESN private group ESN members only group Big call ESN open group Homepage news story Email newsletter All-staff email More Less
  27. 27. • Manage concerns about risk by methodically mitigating risks one by one • Systems can’t stop people being idiots: real people need real, plain English communications • Use carrots as well as sticks – show people how this makes their lives better • Take your lawyers to the pub Key Points to Take Home
  28. 28. E: W: and L: T: @sharonodea