I hear a lot of conversation about the barriers around social software, social media and similar tools. The most common ones i hear apart from “we can’t access the stuff” are “Risk”, “Information Security” and “FOI”.
All of these are critical views to take on board when looking into social software whether you are looking at an internal implementation of an external implementation.
However my belief is that instead of these views being considered as barriers to progress, in fact they should be seen as critical in supporting the adoption of social software platforms and projects.
Why and How?
Well let me explain my viewpoint and please feel free to comment, contribute or propose a different view.
First lets look at Risk – Most views or comments i hear around Risk are in fact not about the management of Risk but are always about the avoidance of risk. This approach is counter-productive. If you take a proactive approach and engage your risk managers effectively and ensure that you focus on “mitigation” and “management” of risk you will in my opinion end up concluding that the best option is to in fact provide corporately supported solutions or make recommendations on policy and guidance around the usage etc.
I’ll explain a little further – When identifying risks within a local government context you will more than likely pick out some along the lines of “impact on reputation”, “information in public spaces” and impact on FOI requests”. You should however also include the risks of not doing it which might include “likelihood of staff creating spaces for collaboration anyway”, “lack of information management processes”, “difficulty of finding information in private email pst files” and “impact on reputation if left un-managed and un-guided.
Taking the above approach, i would conclude that on balance the better management of Risk would be to:
1. open access and provide appropriate policy and guidance to all staff/members (building on existing policies such as code of conduct etc).
2. provide a platform or identify appropriate platforms for use by staff for collaboration and conversation.
3. reduce the use of email for internal communications and promote the use of social software solutions to enable better indexing and findability of information.
It would be safer in terms of information security to understand where and what systems your information is being held in and then ensure appropriate security is in place to mitigate the loss of information. From an FOI perspective information which is easy to find and easy to access is better and more productive.
The point to remember about Risk is that risks should only be classified once you have determined the mitigation steps and not before the mitigation is identified. The idea around mitigation is to reduce the risk.
Here is a link to a Martin Howitts blog post on “Are you Risk Adverse“, which is useful in terms of explanation of Risk
I was asked to summarise my views on camera at last Saturday UK Government Barcamp event at Google HQ in London by Nick Booth (aka podnosh).
NB: I make no apologies for the way i look in this video, i was very tired and my brain was on overload.
Great post Carl!
I often hear about the risks of implementing some new technology like social media, and even risks around implementing older web 1.0 stuff like e-mail. Intuitively these ultra-conservative points of view did not make sense to me, but I could not exactly pin-point why. Your arguments that risk can not be avoided through inaction, and risk management should focus on risk mitigation rather than the fallacy of risk-avoidance – now that makes sense!
Thanks Tim, I’m glad that it makes sense to someone else as well… :o)