As Twitter, Facebook, and other social media get more popular with companies and employees, it’s critical for companies to develop policies controlling their use. Firm and well-understood corporate policies encourage people already exploring social media, rein in those teetering on the edge without a net, and ensures your company is protected by rules that support overall business goals.
Despite the benefits, companies aren’t moving quickly to establish social media policies. A June 2010 report from Forrester Research, the “CIO’s Guide to Creating a Social Media Policy,” found that 43% of respondents’ organizations did not have a social media policy, and 11% were unsure if a policy existed.
The data indicates that many employees access social media without a policy to guide their efforts. At the same time Forrester found that when a policy is in place, employees do read it.
According to Forrester’s research, a quarter of organizations, 26%, do not sanction social media access while at work.
CIOs worry about the potential security risks of social networking, according to a May 2010 report by IT recruitment company Robert Half Technology. Still, only 38% of CIOs reported tightening up IT policies in response to social networking. Twenty-three percent of that 38% implemented stricter policies for personal use of social media, while 5% tightened up controls when it came to business use.
Planning Before the Plan
Before creating a policy, think about whether your company can sustain social media activities. If your company is not committed for the long haul then all the work related to creating, implementing, and enforcing policies is pointless.
Outline the social media goals for your company. Are they used to communicate with customers? Get feedback? Mine for new leads? Upsell products? Crafting a successful policy without a clear idea of the end goals is unlikely.
Identify which stakeholders need to be involved in setting social media policies. CIOs should take the reins in outlining the security risks, IT architecture, and potential productivity drain, but other departments such as human resources, compliance, legal, public relations, and marketing also need to be in on discussions. Remember that each of these departments likely believes social media to be its domain. Be prepared to support the sometimes-competing needs of each entity with a cohesive plan that gets everyone onboard.
Crafting the Plan
There is no one-size-fits-all plan when it comes to social media policies. Rules or guidelines related to social media can be incorporated into existing media-related policies, treating social media like any other form of media.
For some companies social media may seem like Wild West. In those cases you may want to have a set of strict regulations and policies to protect against unforeseen problems. However, if your company is more open keeping policies loose and free-flowing is the best way to go.
Because social media technology is still in its infancy, policies need to be broad and should not focus on a specific technology that might be out of favor (or fashion) in six months or a year.
The policy should be positive. Rather than telling employees what they can’t do, focus on what they can do. That leaves them feeling empowered rather than hindered or restricted by the new rules.
And while you want to empower employees, social media does represent a critical risk to corporate security. Employees must understand that the company — in the person of a department head or direct boss or the IT department — will monitor of social media and social networking websites. Employees need to exercise good judgment; respect copyrights and fair use; and protect confidential and proprietary company information. All of the information regarding enforcement should be clearly laid out. However, consequences resulting from misuse or policy violations are probably best handled by department managers or direct supervisors.
Keep it simple and accessible. If the guidelines are overwhelming, no one is going to read them, which means no one will follow them. Make sure that the policy is announced to employees and published in a place (like the intranet and company handbook) where it can be easily accessed.
Finally, look at this as a work in progress. Understand that these policies will evolve over time. Set a time — maybe 4 to 6 months — after putting the policy in place when you evaluate what is working and what might need tweaking. Gather feedback from stakeholders and employees to implement changes.
Related Information From Dell.com: Intelligent Infrastructure: The IT You Already Own — But Smarter