Friday, April 24, 2015

ARMA TR 21-2012 : Using social media in organizations

Another day, another standard. Let's see what this one says.

This document is an extension of ARMA's GARP.

It gives us a good definition of governance. It is about: "providing leadership, setting goals and strategies, obtaining and allocating resources, protecting resources and/or assets, monitoring results and trends."

This contrasts to "management": "implementing programs, achieving goals, using allocated resources, directing operations, reporting results."

So social media governance involves chartering a group or board to:

  • develop a strategy for using social media to achieve the org's goals
  • identify required resources for integration
  • identifying social media tools and service terms that are appropriate
  • identifying training needs
  • developoing policies, including official vs. personal use, monitoring, and enforcement and correction
  • identifying mechanisms for capturing records

There are some laws that are applicable to social media. NARA guidance, for example, is consistent to other types of information. Provisions of the National Labor Relations Act (NLRA) may be breached by common social media policies. Other provisions inlude FOIA, Privacy Act, HIPAA, COPPA, DMCA, SOX, US Safe Web Act, GINA, HITECH, FINRA, etc.

Basically, don't breach personal information or use social to bypass existing controls.

Case law is interesting: don't remove (or tell your clients to remove) incriminating information such as photos. That said, a simple printout doesn't necessarily establish authorship.

We cover some stuff about typical social constraints (service levels, technology, etc.) and then we get into risk management. Legal discovery risks include problems with admissibility, preservation (access, hold, etc.), and privacy.

We are to minimize risk by reviewing and expanding policy, developing a compliance strategy, deploy a monitoring process, assigning responsibility, developing a crisis decision tree workflow, updating the retention schedule, taking an inventory, and monitoring.

We also have to assess "behavioral norms" via: training on use and risks, providing updated tools, migrating content, putting records controls in place, and monitoring privacy laws.

The standard then provides some guidance on how to develop the appropriate policies. Elements of the policy should include: purpose/objectives; scope statement; mandate statement; definitions; roles and responsibilities; references; version control; review statement; behavioral expectations; expectation of privacy; confidentiality guidance; social media site; permissible information; records management; account management; legal statement; intellectual property; ownership; enforcement; signature.

Section nine introduces challenges with records management. Common activities may include:

  • mechanisms for capturing records
  • creating a repository
  • protecting secure records
  • ensuring non-reputability
  • access controls
  • retention
  • record destruction
  • applying holds
  • maintaining access logs

It also provides guidance on necessary metadata, which is kind of nice. Specifically:

  • Author or creator
  • Individual performing the posting
  • Organization/unit
  • Topic
  • Identification of external/internal publisher
  • Access restrictions
  • Date of creation
  • Time of creation
  • Date and time of modification
  • Individual performing the modification

Hmmm... but how would you apply retention on that metadata? Particularly a functional classification scheme? It gives us more guidance, specifically Dublin Core, and ISO 23081. And I didn't know that ISO 23081 had a part 3. Oh well, another one for the list!

We then have to develop a data map, which is consistent with other ARMA stuff.

Section 10 is on change management. Apparently there is an Association for Change Management Professionals (ACMP). It has conferences, standards, and certification. So it gives us some common failure vectors:

  • failure to identify appropriate software solutions
  • lack of training and education
  • failure to create policies
  • lack of resources
  • lack of exec management support
  • failure to develop a strategy
  • excessive reliance on interns and/or volunteers

Section 11 moves on to training. Topics should include:

  • definition of social media
  • organizational goals and objectives
  • benefits and risks
  • explanation of policies and expectations, including consequences
  • tips on behavioral practices
  • contact for those responsible in the org

The we're into auditing. It has some good advice but I have yet to talk to an organization with sufficient risk management capabilities to actually justify (and fund) an audit program.

The Appendix is a policy development workflow that is awesome!

Training 2015/04/24 #016

Test! No, not quite

Well, today was supposed to be a test but it didn't happen because my training partner/uke had a family situation. I was then in a position to uke for someone else but they couldn't make it either. Oh well, the time wasn't wasted. Fortunately, I was able to review stuff with a much higher belt and review a few things.

Some lessons:

  • O goshi -- I really need to get my hips way further across and not give up that sleeve grip. I think I was doing better at keeping my feat together so that's something.
  • Mount escapes -- There's an old Rickson video that shows some tweaks for escaping the mount. One is to basically turn your head away from the direction of the upa. This way, you're not rolling directly to the side but into the space between your head and shoulder.
  • Staple guard pass -- I really am rusty at this one. Stu had some tips. Don't have your wrists perpendicular to their body because they can just bring your arms forward. Keep them parallel (i.e., hammer fist to the hip bones). Get posture. Put your knee in the tailbone to break their guard. Really angle out that back foot. Keep your elbows in front of their legs so you don't get triangled. Move the knee that was in their tailbone up so your basically in combat stance with your shin against their hoo ha. Now, pick a side and staple your knee forward basically along the line that connects their hip to their pelvis. Either side works.
  • Round-house kick. I basically need to over aim to correct. Try to kick immediately to his far side (i.e., 380-degrees) and you will probably actually hit him. Keep the toes pointed down.
  • The old Klondike head lock escape. I screwed it up. You have to step to the other side; you need to get across their body for the escape. 
Rolling with Stu was entertaining. I could not, however, make use of my guard. Basically, he was in full guard and was giving me a paper cutter. I couldn't shake him and my gas just slowly seeped away. I tried to swim for the back, etc. but nothing really worked. Was he postured up? Could there have been some sort of sweep? What if I just broke his posture? I'm not sure how I could have made that position better.

UPDATE -- Stu had his right arm across my throat. I have a few different tools to work with. I want to move him back and break his posture and I want to set up the arm/head triangle from guard. What to do: reach over his back with you right arm. Try to grab his belt. Now, with your left arm, try to push his elbow out so that it saws across your throat. This could work since you are applying a normal force to the end of a lever so you have leverage. You can also open your guard and push his hips down and back.

Labels: ,

Thursday, April 23, 2015

Training 2015/04/17 #015


The last review before the test. I think everything looks pretty good.

We reviewed pretty much everything and there were a few stumbling points:

  • Side control pass around the head. I really need to switch hands and block the hip. This is probably good advice everywhere. In side control, keep control of that close hip and stay chest to chest. Switching hands from a traditional cross-face provides a few submission opportunities. As you lose the hip-to-hip contact you need to use your hand to block that near side head and really squeegee the arm as you're coming through the position.
  • UPDATE -- the other option is to wait with the arm on the far side until you feel them push into your hip. Then, switch to kesa gatame to isolate that elbow, then move into the d'arce.
  • On the ikkajo style take-downs I have to get my elbow above my opponents to get sufficient leverage.
  • We also worked on the shimmy escape from half guard. So you're stuck in someone's half guard. Get the far side underhook and squish them flat. Raise your butt in the air and put your forehead on the ground for stability. Shimmy your opponents leg down until just your foot is trapped. Staple down. Use your other foot to pry open their legs.
And that is probably all. I could do some more virtual training but I'll leave everything before it gets scrambled. I should, however, review the older curricula to make sure that I can still remember those techniques!

Labels: ,

Tuesday, April 21, 2015

Delve, Collaborative Knowledge, etc.

Microsoft Delve -- it's a very interesting tool. It uses social network analysis to detemrine who is working on what and it will suggest relevant content. "Relevance", of course, is a fairly loaded word in this case because it can be difficult for machines to understand what, exactly, is relevant to a human. Microsoft's recent efforts introduce profiles that enable people to list interests, team members, and to create a blog. These additions are really just a way of establishing an appropriate vector space for individuals. What is clearly lacking in these efforts, however, is attention to consistency in the naming of activities, steps, or processes.

And what are other vendors doing?

Cisco now offers Cisco Collaborative Knowledge. What is it? So we have a lot of fancy key words and marketing copy. We have Mobile Knowledge, which seems to be a way of synchronizing and managing content across devices. Expert Discovery seems to offer internal collaboration via WebEx and Jabber... but it's unclear if there is actual expert identification or how it works. There is Knowledge Center, a place to storage and tag content assets. Social Communities gives us forums, blogs, recommendations, etc. The Learning management System provides standard course material. Okay, the LMS is important. Real-Time Collaboration tools include WebEx and Jabber... I thought they were already listed. Visual Knowledge Mapping and Analytics... which seems a bit ambiguous. Is it similar to Delve? Is that the intention?

Oracle has released Oracle Learning Cloud, part of the Oracle Human Capital Management Cloud. It apparently "focuses on curated and referral-based learning". They can share and collaborate on best practices... there's something about social recommendations and discovery... and a recommendation engine. You get some transcoding on content delivery. It also has traditional LMS features.

I strongly suspect that these types of solutions are going to be largely empty: few documents, no users. But why? Charlene Li recently wrote an HBR piece called "Why no one uses the corporate social network".  She cites Altimeter research and provides some numbers.

She blames management for the lack of popularity: "The problem was simple and obvious – because the top executives didn't see collaboration and engagement as a good use of their time, employees quickly learned that they shouldn't either."