Smart Policy Creation and Enforcement
Smart policy creation and enforcement
Enablement is about education, even when the users seem ahead. The role of IT is that of advisor and mentor, showing what applications are best at solving the requirements and how to best use them.
But it's also about raising the awareness of the associated risks. For that, IT professionals need to become super users themselves by adopting Enterprise 2.0 wholeheartedly and without prejudice. Only then can they successfully educate users on all the risks-even those pertaining to social and reputational implications.
For governance to be effective, IT needs to take a major role in the definition of smart policies. But it is critical not to be the sole owner of these policies, as their effectiveness and relevance are inversely proportional to the amount of classic IT thinking. Adoption of Enterprise 2.0 was achieved with lots of non-IT executive sponsorship and support, which means that IT needs to avoid obvious mistakes. Examples of users making mistakes using social media are easy-but ultimately a losing argument because they are inevitable, just as building relationships is less than perfect.
Nor is it appropriate to pursue compliance arguments because no legislation exists per se that governs the use of Enterprise 2.0 applications. Smart policies come down to regulating the use of the right tool for the job in the right way. For example, in a heavily regulated environment such as stock trading, the use of instant messaging (IM) is subject to retention and auditability rules. IT needs to educate the traders on the implications of each of the tools, participate in the definition of the use policy and subsequently implement, monitor and enforce its use. In this example, that policy could prevent the traders from using Facebook chat but enable MSN Messenger.