Policing vs Guidelines

I regularly get asked one particular question when I talk about social software in the workplace: “How do you police it?”

The answer, which might surprise you, is that you don’t, You can’t. You physically can’t monitor, review and approve everything all your employees are doing. Instead, you need to use trust.

IBM recently published a refreshed version of its social computing guidelines, an update of the older blogging guidelines to include other social networking tools. On read these guidelines, you’ll probably notice that they’re not very prescriptive. They don’t need to be, since every employee signs a set of Business Conduct Guidelines every year. (IBMers, with their great love of acronyms, predictably know them better by their initials: the BCGs.) All the social computing guidelines need to do is explicate the BCGs and make sense of them in the context of social tools such as bloggs, Facebooks, Twitter, etc. Should I be anonymous online? How can I make it obvious that my blog reflects my opinions and ideas rather than those of IBM? These things are more are the sort of things the guidelines help make clear.

Not all companies have this type of annual review of conduct guidelines. I have friends whose behaviour would be – if they were ever to contravene it – compared to the wording of an initial contract of employment. Others suffer under an ever-changing set of policy documents which they never have to review and are always somehow out of sight, probably hidden on an intranet page somewhere. Still others probably don’t have a single place they can check to see what is acceptable and what is verboten, and they are at the mercy of every manager (and, for some reason, the IT Department) to tell them what they can and can’t do on an hourly basis. It’s Friday, let’s block access to Facebook. Email at work? You must be joking. Instant messaging is a waste of everybody’s time, let’s ban it.

I like the IBM approach. One consistent, annually revisited (though not necessarily annually revised) document which lays out the values and principles associated with being an IBMer. You want to read it? Sure. Here it is. (Its placement on the IBM external website, in the investors section, is probably no coincidence.)

Layered on top of that foundation are the social computing guidelines (and virtual worlds guidelines too. I wrote more about these on Terra Nova last year). Everything after that is common sense and personal responsibility.

If you’re an IBMer with a good amount of common sense who fully understands the BCGs and is also a native of the interweb you probably don’t even need to read the social computing guidelines. Your common sense will ensure you do the right things. You should read them anyway of course, because they’re interesting, but I think a good portion of their existence is to make sure IBMers feel comfortable and secure that IBM supports them in getting involved, and that IBM as a whole ‘gets it’ at least as much as IBMers do individually. Which, considering that they are written not by any one legal eagle or executive in corporate headquarters but collaboratively, by any employee with an interest in the area, should not be a surprise.


RSS feed for comments on this post.

  1. I think that you know where I work, and we’ve recently been attempting to create a forward-looking intranet with blogs, wikis, etc etc. Nice eh?

    Except our management are terrified of it. They seem to think that allowing the staff to say what they want to online is tantamount to handing them a gun and telling them where to shoot. We’re now in the situation where you can’t do anything anonymously (fair enough) creating a wiki, or a blog or anything of that type requires reams of paperwork to achieve.

    I wholeheartedly agree with what you say about trust in here, but the thing that I find strange is that it appears to be the fear of the technology that’s most pronounced. I mean, when we got telephones, were people scared that people would use it anonymously and say rude words? When email first arrived, did people have to apply in paperwork to our directer to have an address set up?

    Where I work, the fact is that both of those things are pretty probably…

    Comment by minifig — May 20, 2008 #

  2. I think there’s an opportunity here to do the same thing Conduct Guidelines as was done with creating open generic software licences years ago.

    It seams that for many of the sections on could replace IBM with [insert company name here], just like the CPL or GPL.

    Then a company could say “We subscribe to BCG V1.1” and everyone would know what that meant. I would assume we’d see a reasonably fast consolidation into 20-30 BCGs that are seen as generally good.

    Comment by John — May 20, 2008 #

  3. @minifig – There were similar fears in many quarters when desktop IM was introduced. I think your comparison with email is a good one (and in some places it probably way painful to begin with. Maybe in some it still is). Today, most people seem to be trusted with an email address that makes it possible for them to send confidential and/or private things externally. Blogs shouldn’t be difficult for management/IT departments to understand in that context.

    @John – Lots of companies did borrow IBM’s guidelines and pretty much insert their own name. Interesting idea to make it into something more like an open standard though.

    Comment by Roo — May 20, 2008 #

  4. Very useful Roo. We’re looking at this at work too so it’s good to see how big organisations are approaching it sensibly.

    Comment by Anne — May 20, 2008 #

  5. Thanks Roo … a very sensible way to approach the subject. I wish more followed these guidelines.

    Comment by Julie Hewett — May 20, 2008 #

Sorry, the comment form is closed at this time.

Powered by WordPress with GimpStyle Theme design by Horacio Bella.
The postings on this site are my own and don't necessarily represent my employer's positions, strategies or opinions.