Internal versus External

Enable or Protect

In many discussions the view of customer  is often cited as a core driver. Organisations have long made a distinction between an external customer and an internal employee. While there is a strong push to only see one customer in recent times, this push comes from a UX (user experience perspective) and “mobile first” perspective.

In this post I’m looking at Information Management from a security perspective. I strongly believe there are differences for employees and customers. In this case customer includes the B2B (Business to Business) and B2C (Business to Customer) elements.

The Internal View

Enable and Protect

Most organisations have adopted a policy of openness and information sharing. Fileserver security is often implemented as open unless specific needs require folders or files to be secured. The latter is usually bound to confidential or sensitive information like commercial negotiations and agreements, NDA (non-disclosure) data, and personnel files. Other information is shared to achieve better re-use of data, enable master data management, foster staff engagement, and nurture cross functional teams.

The element of trust plays a significant role at what level data is shared.

The element of control plays a second level role which data is classified and who is the gatekeeper.

The balance between those two is for each organisation different and largely influenced by what is commonly called Culture and the Industry the organisation plays in.

A good description is “Enable and Protect if necessary”

The External View.

ProtectAndEnable

Customers want to have easy access to their information with the organisation. Repeat data entries is a turn off. If I can’t see what I’ve done previously is also a big no – no. At the same time my information should be protected from other customers or organisations but not necessarily from other employees of my business. For example a third party is working on a project with the organisation, then this information should be shared between the relevant team members of both businesses.

Consequently such external collaboration is often implemented in closed groups or spaces where membership is controlled. This model requires a much closer attention to detail and review of membership in particular when staff on either side move to a different business or part of the organisation.

Trust and Control play again an important role, although the weight towards control is much larger and often reversed to the Internal implementation.

The description here would be “Protect and Enable where appropriate”.

A Process Guide

Librarian, the Original Search EngineIn the world of Information Management we encounter a lot of different types of data. In order to get the most value an organisation (or individual) would need to know what is perceived as valuable. And also, how the value is realised.

For example, recently Tesla announced making their priced intellectual property available to the public. That is a change in the business thinking of perceived value from keeping the information secret to stay ahead of the pack to sharing the information to innovate faster and create momentum.

My process guide includes these questions:

  • WHAT to document?
    Not everything has value, identify it and exclude it from being treated as such. Simplify the management of non-value items.
  • WHERE to save or publish
    First, understand the difference between a simple “save” = making sure the document is recoverable and a different concept “publish” = making information available for consumption by others. Second, have rules or guidelines where such artefacts are physically located. This can range from your local hard-drive, file servers, dedicated cloud services, to document or record management systems. You decide but spell it out.
  • HOW to document
    This looks like a trivial idea, it is not. The level of detail may make a difference for regulatory information compared to a customer record. One must have certain details to ensure compliance, while the other may be okay with only some meta data relative to the current conversation.
  • HOW to version
    luckily many systems have version control build in – see document management systems in Wikipedia. However, there are still plenty applications that do not. Email is first on that list.
  • HOW to share
    You may ask, what’s the problem? We access the same file on the file server / cloud service / etc. And external people get a copy by email or memory stick. The distribution of uncontrolled copies is enemy no. 1 for Information Management. You will never know who still got the old copy with the incorrect pricing information in chapter 5.
  • HOW to manage access
    Having mastered a better sharing solution, you will find another stepping stones along the way. The best way to manage access. 2 different schools of thought exists – (1) everything is open and only special items are secured. (2) everything is closed and access is granted where needed. Option (1) is common in internal networks and (2) in extranets.
  • WHAT is the change process
    2 core change processes exist. (1) how becomes a saved artefact published? Are there stop gaps, control mechanism, approval workflows, or gatekeepers involved? (2) how is a published artefact updated? And in particular how are stakeholders notified?

I hope those few ideas are helping to get some discussion going!

—–

Note, the above image is taken from this blog advertising a role as Librarian in 2013. I recommend reading it 🙂

Why should I do Information Management?

Wanted! people that follow processes

Wanted! people that follow processes

In my previous post I highlighted the 4 corner stones of good Information Management.

  • people
  • processes
  • content and
  • technology

Today, I want to add more detail on the people section. You can have the most clever system and still nobody cares. That would be worst case scenario. How can we pave the way for being successful on this front?

User Experience

About 10 years ago I was the first time involved in Document Management. A small team having experts from the different business areas designed the requirements. A large 20 page document outlined all meta data we could think of, structured in categories and divided into mandatory and optional items. We presented this to a selected group of people with devastating result. It failed the 7 second filing test.

One guy said, “if it takes me longer than 7 seconds to file a document with all this extra data, I won’t do it. I’ll use my trusted filing system where I know exactly where my documents are. Others are most welcome to follow the same process.”

These few sentences highlighted common problems with projects, that were not designed with the user in mind but with a process or an ideal outcome. In this case, all documents would be perfectly tagged with relevant meta data and a process would take care of that.

Lessons learnt:

  • any system must be at least as good as the existing system
  • any trade offs must be clearly understood and accepted
  • and the system must be designed for excellent user experience

Is UX sufficient?

The answer is likely to find in this quote:

Any information system is only as good as it is being used.

Tell me, what else can you do that people use the system?

 

4 principles of Information Management

Variety - Volume - Velocity

Variety – Volume – Velocity

The world of big data arrived some time ago. And while the amount of information on the Net is continuously rising, it happens on our personal and corporate systems, too. One only needs to look at the emergence of products like “Sanebox“, which helps you manage your email inbox, cloud storage and share systems like Dropbox and Box, and the rapidly rising capacity that Amazon provides with S3.

Every one of us has so much information available that it becomes harder to keep track of what’s important and how to find it again 2 weeks later!

Good Information Management starts with recognising that is necessary to do something about it.

People

This leads us straight to the first principle. Employees need to do Information Management and not just acknowledging it is a good thing. Hence we must put things in place that ensure people act and act consistently.

Process

This is supported by well designed processes. For example, a supplier email comes in advising a new pricelist. Who receives the email? Is it documented where the new pricelist is stored? Are relevant people notified? Is the old pricelist replaced or marked as obsolete? What happens if the email recipient has left the company?

Content

Information Management is about content. Recognise the different types of information from Word documents, to emails and phone call, from drafts to published data, or from project management to customer requests. Create categories that are relevant to your business and link those to your processes.

Technology

Okay, I’m in IT so let’s not forget that the tools you use play a role, too. Where do people store information? On the local harddrives, a shared service, the cloud? Consistently in the same folders or directories? A lot of people use their email system for storage and retrieval. Most email systems have quite good search capabilities while finding a much needed document on a shared drive or even your local computer is often a challenge. Choose technology that does what you want and is aligned how your staff works.