In a recent Forrester article and blog post, Jeremiah Owyang talks about the 5 ways companies are participating in Social Web. Although he's mostly speaking to the inside-out communication aspect of this phenomenon, the model is still applicable.
1. No clue: It's a complete free for all, it puts the organization at tremendous risk of Intellectual Property leakage and regulatory non-compliance, often without the firm knowing until it's too late.
2. The Corporate Representative: This is analogous to the 'tower' model where a silo of representatives, often senior leadership, are responsible for all Social corporate communications. This is safe, but doesn't truly embrace true sharing or collaboration. The analogy here is the 'Message from the President' newsletter.
3. Common Employees Blessed for Social: This model lets a few more trained people within the organization behind the velvet rope to act as Social Media ambassadors. This, and 4 below, follow the 'hub and spoke' model. The challenge here is that you're creating two classes of workers and it is still more of a push model rather than true collaboration and sharing.
4. Everyone is Encouraged: Again the 'hub and spoke' model, with a cross-disciplinary team in the middle acting as a conduit between various business stakeholders. From a brand communication perspective: "This is ultimately going to be the future, but having a free for all isn't an excuse for having a strategy, guidelines and resources to support the brand and employees". For a regulated entity, it may take a long time to get this far, both externally and internally.
5. Shut it down: The pendulum swung to the other extreme of the free for all, this is analogous to organizations that block Internet access to Webmail and other 'non' work sites. This happens more often you might think, particularly in regulated verticals like Finance and big Pharma. (I once built a clinical trial portal for a large pharmaceutical manufacturer. It failed because the clinicians using the site couldn't use it to 'talk' with each other. Legal, Medical and Regulatory got a hold of it and were so concerned about Adverse Event reporting they shut down all community elements, including hard coding email addresses so they weren't clickable!). This doesn't work because employees will use their mobile devices or just surf from home.
So, which one makes the most sense? It depends. Maybe a checklist:
1. Involve your Regulatory, Legal and Privacy people early.
2. Do a POST analysis on your organization or team. It will vary from Marketing to Operations to Sales, so it's important to do more granular analysis.
3. Don't forget about your company's Intranet and email client. Your organization's Intranet can (and should) be the primary information sharing and collaboration space if it's easy to use and addresses the needs of workers.
4. Get Identity Management working - fast. My experience with regulated entities is that some employees have access to things that others don't. This is typically managed by multiple passwords or the user having to 'ask for permission' (via telephone or email) to gain access. With single sign-in and Role Based Access Control Lists, access to information is based on your role within the organisation. This leads to a better end user experience and improved information control. This can then be extended to the personalization and customization of the Intranet and in-house Social Networking applications.
5. Start small and practical. A blog or wiki? For one department? Yammer.com for your sales department? Perhaps start a 'Social Media Sandbox' with a pilot group or team?
I'm certain there are others. Any thoughts from the 'community' would be most welcome.