Social business policies

I was speaking at the National Business Travelers Association (NBTA) conference last week on the future of tech and social media and I was asked a question that sent my thinking down a very clear path. The question actually is a version of something I get asked fairly often but somehow this time it made me realize that the topic of social web use policies needs some more discussion. The question itself was from a somewhat frustrated HR manager and was phrased something like, “We know that we have employees participating in social media, social networking, etc., but what we don’t know is what they’re saying about us. We don’t have a way to monitor them all and find out, so what should we do?”

The simple answer is, of course, establish a policy for social media use. Why is it we don’t take social media / social web use serious enough to think that it needs a policy to provide some guidance? I think most employees want to do the “right” thing but given a lack of guidance or a framework they will substitute their own judgement (which I like to think will be appropriate but…).

I wrote not long ago about two fairly high-profile approaches to social media policy, the UK MoD and its . …

I wrote not long ago about two fairly high-profile approaches to social media policy, the UK MoD and its open but detailed policy for social media use and the very restrictive and opposite approach from the US Marines banning all social networking use by members. These two cases are great examples of the two most opposing approaches we see today. More companies though fall in the middle or “never land” of social use policy. In a lot of cases I see the lack of policy is akin to sticking their heads in the sand and ignoring what’s happening. In the other extreme we also see companies simply trying to block access to social sites on the company network.

Ignoring or blocking is in effect the same thing, you cannot block access via mobile device (the next gen web is mobile). From what we’ve seen most social business initiatives start as grass roots movements, moving into an organization from the bottom (which is “normal” for web 2.0-type activities anyway). Once these grass roots initiatives get large enough to get management attention then (and only then) do most companies start thinking about strategy and policy (which may, BTW, not be a bad thing. The shift to a social business approach is mostly cultural and the grass roots nature tends to aid adoption). This is not universally true of course, some companies are proactively setting strategy and policy, but they seem to be the exception not the rule.

So let’s assume that you buy into the idea that you, as a business, need a social strategy and social media policy. What should be included in both? Let’s look at strategy first. I personally believe that business strategy, while not necessarily complex, must be written and available to all employees. It could be a part of your social media policy, stand alone or a part of the overall business strategy (which I think is actually the most effective approach).

The social strategy needs to look at all of the areas of social business use, both internal and external and address each department’s strategy (depending on your plans to make use of social software tools in each area). Potential external facing areas of impact include: sales, marketing, product marketing, product management, product development, and customer service. Internally social strategy should touch HR, executive / management, finance, operations and all employees. The content of the strategy is highly dependent on each business and their plans to embrace the transformation to a social business. I won’t spend much more time with strategy in this post, I really want to dig into the policy and some potential content.

A social media policy should address several key issues. The overall goal is to define acceptable employee use (both what is acceptable and what is not), establish standards around company brand and brand references, provide guidance on the companies intent to use social media as a business tool (and the boundaries around that intent), and define a course of action to deal with improper use (as defined in the policy). From an employee use standpoint you need to address:

How employees can use social media and when. (Can they write about the company? Can they use SM during work hours? Is there an official company account on each network? How do the individual accounts relate to company accounts?)
How employees should refer to company brand. (I strongly encourage transparency, allowing employees to be identified as employees of XXX company. This is especially important if/when talking about a competitor.)
Clearly talk about misrepresentations of self and company and the damage it can cause.
Deal with confidential information and its potential exposure (both company and personal).
Address the potential for online confrontation and establish what is and is not acceptable. (Explain tact and appropriate response as well as escalation.)
Creating spam is not acceptable!
Use diplomacy if you are writing or commenting on competition. Also remember to be company transparent.
Explain things like online respect and consideration of others. Common sense is the simplest guideline (although not everyone has the same understanding of “common”)
Be clear what things are not acceptable to write about, comment on, etc. This should include ongoing legal investigations, SEC investigations, company confidential information, crisis issues, etc.
Clearly define topics that need to be referred to other departments like legal and PR.

This is not an exhaustive list but it is at least a start. What else should be included in a SM policy?