14 Replies Latest reply on Mar 9, 2011 7:35 AM by jimjonesWRS

    Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?

    DGarber

      Hi,

      Would appreciate any insights on process you took.  Thanks!

        • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
          Bart.Schutte

          A good question and one that I suspect will arise more in Europe than in the USA.  I don't have a clear and simple answer for you, but here are my thoughts.

           

          each department will perceive different risks :

          • Legal will focus on issues around personal data protection as well as requirements for eDiscovery (requirement to be able to reproduce all electronic exchanges).  I have worked with our legal for over a year on this and I can say the following :
            • There is no simple answer
            • the laws are often inconflict, especially across contries or regions
            • Every company needs to settle on a position that fits their risk profile, country, context etc.  For example, we are a global company based out of France.  We tend to give preference to protecting personal data over ediscovery.  We tend to be moderate in terms of risk acceptace.  But we have not officially opened our Jive site until Legal formal defines their position. And yet, there are plenty of other French-based companies that have already deployed and their legal people were never involved. 
          • HR will focus on how the transparency and flatness of social collaboration will challenge the organisations hierarchy, create stress for middle managers, etc.  They will also need to take a position on how participation in social collaboration can or cannot be used in performance evaluations and objectives. 
          • Audit will need to take a position on eDiscovery, together with legal.
          • etc.

           

          There are a whole host of other issues or risks that could be identified, most of which are not specific to social collaboration, but which are getting asked because of the wors social and the assocation with facebook.  Which leads to my next point :

           

          As the social evangelist, it is not your job to raise all of these risks, nor to find answers for them.  You can identify hundreds of risks and all you will be doing is building the case for not moving forward.  I have taken the approach of informing the other departments of what we (IT) are doing to support the business with social collaboration tools, make sure they understand what it is, give them access to Jive so they can experiment.  I then tell them to let me know if they identify any issues that need to be addressed.   And when they identify the issue, I tell them it is there responsability to develop a postion/recommendation on it and to implement it.  This usually reduced the number of risks they identify.

           

          Finally, I have asked many many other evangelists if they have ever seen any of these risks appear, and I have never had a real case been reported back to me.  Yes there have been disgruntled employees, but every time, it is other employees who correct them.  I have never heard of the CEO being abused, or pornography, of innapropriate behavior.  The transparency and lack of anonymity tend to keep people behaving correctly.

           

          I hope this helps.

          1 person found this helpful
            • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
              trishaliu

              Great insights Bart - thank you! I especially appreciate that you highlighted this:

               

              As the social evangelist, it is not your job to raise all of these risks, nor to find answers for them.  You can identify hundreds of risks and all you will be doing is building the case for not moving forward.

               

              I (sometimes unfortunately) have a skill at identifying concerns or 'what could go wrong'. Even though that activity may 'feel' helpful in the sense of being clear and prepared about risks, I have found what you said to be true - it can just fuel the fears of those who are not ready to embrace social in the enterprise. So, it has been an important practice for me to stay focused on what we are building, and be ready to address issues when raised by others.

               

              Trisha

              • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
                DGarber

                Thank you very much for your response.  The interesting thing is that it IS my job to raise the risks and find answers for them.  My boss said so!  I am going through a very interesting challenge with my own department to show them the capabilities and functionality of Jive and then open their eyes and minds to the potential impact of Jive and collaboration on our internal processes.

                Going forward I am responsible for broadening the scope to develop processes whereby colleagues in my own department collaborate across the enterprise and change the way they do their jobs. No small challenge!

                  • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
                    bjewell
                    The interesting thing is that it IS my job to raise the risks and find answers for them.  My boss said so! 

                    We created cross-functional working groups (each with a chairperson) for all aspects of the project, and one was focused on risk assessment. It contained representatives from many business units, including legal, regulatory affairs, IT, T&D, marketing, and more, just identifying and mitigating risks. Each of those chairpersons made up our leadership team, who participated in weekly meetings until shortly after go live. I still believe that governance model is a key reason we were able to implement so quickly.

                • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
                  Bart.Schutte

                  You may also find this post useful when the discussion of Intellectual Property comes up.

                  • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?

                    Doing an analysis prior to implementation or during the pilot is important. We did a analysis that looked a little like a SWOT analysis prior to implementation. We have listed some risks that must be (and are) being addressed. At our company it was my job to help define these challenges.  Let me share some of the challenges/risks that we have identified:

                     

                    • Newer Technology that requires a culture change and may be difficult at first to determine the most effective way to use the tool.
                    • Identifying how to adopt the tool into an individuals daily work.
                    • Aligning configuration and usage to business objectives.
                    • How to separate thought and knowledge with projects owned by various OEMs.
                    • Protecting sensative data.

                     

                    Understand we are only implementing an internal platform. We have solutions for each of these items now. So I wouldn't say they are risks anymore...more of challenges that need to be addresses. Also, remember there are risks of collaborating with other tools as well. Jive helps mitigate those risks. I believe Bart has another posting that addresses this.

                     

                    Does this help? I could elaborate a little more, if needed.

                    • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?

                      There is a risk to (or fear of) transparency. The risk(fear) is that everyone (in your community) can see how incompetent you are. If you ask a "dumb" question for instance. If you email the "dumb" question to one friend only that friend knows you asked a "dumb" question but if you post the "dumb" question in the community then everyone can see it. This risk (fear) of looking incompetent is a big barrier to moving from email to community. But this level of transparency is a big asset to the company. It brings good work to a level where everyone can see.

                      • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?

                        Hello D,

                         

                        Will your community be internally or externally facing? I'm in the middle of launching an externally facing community for a large financial institution and the risks are many and concerns are varied (as Bart pointed out earlier). The primary concern, however, is over reputational risk. We're going to allow anyone and everyone the opportunity to register and participate in the discussions - so the "pucker" factor from internal risk and compliance stakeholders has been incredibly high (not unsurprisingly).

                         

                        However, it has helped to document in detail our risk mitigation plans and policies. Thinks like our custom use of interceptors, custom installations of moderation functionality, detailed policies for Community management and moderation, how to address severe PR fires, etc.

                         

                        After weathering this storm, i'm convinced i would have an easier time installing this application for the White House.

                          • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
                            DGarber

                            Initially, we're only using Jive internally. Some of the risks we've identified are (1) alignment with current business processes/structure and protecting IP, (2) Perceive value and benefits (WIIFM), (3) defining metrics, (4) our culture, (5) tool and application overload, (6) lack of understanding of social learning, social media and collaboration, (7) fear factor, low confidence and low trust and (8) Jive platform becoming disorganized and dysfunctional due to unbridled chaos :-)

                              • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?
                                FrankGebhardt

                                Hi D, that matches our list!

                                 

                                We are mitigating by "Show and Tell" events, having established a "governance group", provided templates, do user and administrator training, and identified a number of possibilities to work on items 5) to 7).

                                 

                                cheers

                                • Re: Has anyone done a risk assessment for their company to help mitigate risks of deploying a collaboration platform?

                                  Hi D:

                                   

                                  I'm like Frank in that your list matches very closely with ours, too!

                                   

                                  We did something before we launched our community that may be helpful for you - it's something we call a pre-mortem.  We all are familiar with post-mortems: something fails, and we try to figure out why.  In the pre-mortem exercise, you put yourself 2 (or 5, or...) years into the future, and you assume that your project has failed.  The first part is to identify the (hypothetical) actions that did or did not happen that led to your community's failure.  Our first community was external but we're applying the same technique to our internal communities.  Our "what went wrong" list looked something like this:

                                  • No one knew the community existed and so they never came to register
                                  • Users came once but never came back
                                  • Users expressed reluctance to be active members because of IP/privacy concerns
                                  • We faced legal action because user "A" posted some sample code, user "B" used it, and had a bad result

                                   

                                  Your list is good - but it's ideas and concepts, not actions.  Getting it into actions will make the 2nd part of the exercise easier (trust me - we struggled with this a lot!)

                                   

                                  Now that you have your list, you come back to the present.  The question for each of the items becomes "what can we do now to make sure this doesn't happen 2 years from now?"  This led to things like a full marketing plan (to address point #1), follow up reminders to community members (for point #2), full review of our terms of service with our legal department and with key customers (for points 3 and 4).

                                   

                                  I won't say the pre-mortem fixed all our problems - there are still unanticipated issues that have cropped up.  However, it definitely informed our thinking and made for a much smoother launch.

                                   

                                  Jim