Posted by: David Scott
acceptable use, acceptable use policy, CMS, content management, content management policy, content management system, HR, human resources, IT department
I was thinking of going into some explanation of Content Management Systems (CMS) for the small and medium (SMB) market. However, I think this audience understands taxonomies, metadata, key fields, reporting (on data), and so forth – for those who need a solid primer, review Ch. 17, Content: Leveraging Information; Limiting Liability; Managing Documents and Their Retention. (I.T. Wars).
Meantime, there’s a proliferation of unstructured data in all manner of organizations, and this contributes to an “unsecuring” of data:
You have to know what you have, you have to know who is accessing it, and you have to completely understand all associated vulnerabilities – in mounting true protection of assets.
Look to the State Department, the associated Wikileaks dump, and then consider the prior statement carefully. Also, as referenced here before, peruse The Privacy Rights Clearinghouse’s Chronology of Data Breaches. Determine your organization’s future, before the future determines it for you – with a breach.
Let’s consider your environment: You’ve secured it. Being that most breaches are due to human error and activity (sometimes deliberate intent to harm), you must have controlling and guiding policies firmly in place (along with their contribution to user education). Further, you must make timely updates to policy, based on changing conditions within the organization, and with-out: compliance to shifting regulatory burdens, board guidance, procurement of new lines of business, emerging liabilities – all manner of things.
As but one simple example of a CMS’s contribution to efficiency regarding policies, consider a recent lament I overheard: an HR department frequently updates a communications guide. Upon update, they phone or e-mail IT to advise them to update a portion of IT’s Acceptable Use Policy – which points to a section of HR’s Communications Policy, and even contains an extract. Someone has to do a cut-and-paste, and republish the policies. Conversely, any time IT updates any policy that feeds anyone else’s, the same thing goes on. It can be quite a complicated puzzle, this interlock and self-referencing of various organizational guidance and policy.
Here’s where a CMS can help: Just assign metadata/key fields, “pulls,” to sections of various policies. Instead of HR calling IT and advising to check Section 4.2c of the Communications Policy, for updated inclusion to the Acceptable Use Policy, you pull a trigger whereby the CMS system survey’s for any updated components that feed the AU Policy – and populates the policy with the update.
The CMS can have global triggers, as well as subordinate specific triggers, for all manner of interlocking updates and contributions, and automatic populating of updates to all associate-policies across the organization.
This is not to say that human oversight is no longer necessary: Systems make “mistakes” too. In addition to writing updated policy (and components) based on changing business and world conditions, an authority will always need to review and possibly edit policy after the CMS trigger-pull.
But if you’re doing this right, effort goes down, and all manner of staff is freed in addressing larger concerns based on requirements and needs – in this overall acceleration of business and change.
NP: Jacques Loussier – Allegro from Bach’s Concerto in F Minor (online, Jazz24.org)