Blogs

We live in an interesting time. The culture around content creation is growing more open, more free. But compliance requirements are not.

Thanks to social media, blogs, wikis, discussion forums, instant messaging, microblogging and other emerging collaboration tools, people other than document and records specialists create more and more of our critical business content. But there aren’t strong guidelines in place for how to store that content or what content to store.

Should organizations be concerned?

That question guided last week’s AIIM webinar “Can Collaboration and Compliance Coexist?”  The principle speaker was Joe Shepley, Vice President of Doculabs. He set out to identify some guidelines for maintaining some level of compliance control without contradicting the concept and the promise of the collaborative workplace.

This webinar was particularly interesting to me. Next week I will be speaking to a group of accounting professionals on the topic of social media for business. Accountants and other groups working within financial services and similarly regulated industries will need to come to terms with the emergence of new collaboration technologies and collaboration practices.

Will they stick their heads in the sand and let people use the technology freely and just hope nothing bad happens? Or will they go to the other extreme and decide they don’t want to take any risk and so forbid the use of collaboration technologies altogether?

It would seem there must be a middle ground. And that was the point Joe Shepley made during his webinar. In this era of user-generated-content businesses are wondering what content and how much content to save for potential e-discovery requests. There’s no guarantee that anyone will ever ask for any of the content, but then again they might. So what do you have to keep and what can you get rid of?

First: Be Proactive

Shepley’s advice was to not wait for the regulators to tell you what should be kept. Instead look back at the emergence of email in the workplace. How did regulators finally choose to treat email? Use that as a guide so you can get out in front of the regulators and be protecting yourself proactively. Email compliance regulations aren’t the perfect model, but they’re a start. And since regulators are still trying to figure this stuff out themselves and it could take a while, better to be saving something now based on some kind of an industry accepted practice than to be saving nothing for however many months or years it takes the regulators to make their final decisions.

That said, what is the answer?  Can collaboration and compliance coexist?

Yes, they can IF you take a programmatic and strategic approach to compliance. It’s helpful to use email compliance requirements as a guide, but if that’s all you do it will be too piecemeal an approach to really protect you. Have a strategy. Don’t go forward without a strategy.

Shepley recommends developing a compliance program to govern the management of content. He even shared the main categories of Doculabs’ own Compliance Program. He emphasized that you don’t have to have these same categories in your compliance program, but you should have a program so everyone is aware of what your standards are, what to do in certain situations, what matters and what you’re trying to achieve. Doculabs’ compliance program is made up of these categories:

1. Overall program strategy
2. Governance and Operations
3. Information Organization
4. Process Design and Implementation
5. Architecture and technology
6. Communications and Training

Can I just take a moment here to point out that it really doesn’t matter what you’re talking about in life, the answer is always the same: don’t go forward without a strategy.

If you’re interested you can see the webinar here in the AIIM Archives. I do recommend it. I think Joe Shepley did a great job outlining some of the least understood elements of this new business environment we are dealing with.

Whether you work in a regulated industry or not, if your organization is engaging with new social collaboration tools in the completion of your work then compliance is something you should give some proactive thought to.

What are you doing now? How are you handling these kinds of e-discovery and compliance concerns?