Six_sided_risk_red_dice_400_clrMost organizations – even those that are highly engaged with social media and other digital technologies – are not addressing Digital Era risks as comprehensively or deeply as they could or should. This post helps organizational leaders close gaps in their risk management strategies by offering checklist guidance focused on both outcomes and processes. Additional recommendations are welcome.


Last week I participated in The Conference Board’s Social Media Strategies for HR (SM4HR) Seminars, and one of my roles was to facilitate a working group session entitled “Social Media Policy and Beyond.” During the small group discussions and large-group report outs, I was pleased to hear how many organizations are engaging in best practices such as:

  • Recognizing that policies and guidelines have to be customized to match the culture and operating characteristics of the organization
  • Involving representatives from multiple functional areas to develop those policies and guidelines
  • Providing interactive training for employees to ensure they understand their rights and responsibilities
  • Reviewing policies and guidelines at least annually to ensure they’re current

At the same time, however, it was also evident that most of the organizations were not addressing Digital Era risks as comprehensively or deeply as they could or should. To help others avoid or close similar lapses and gaps, I thought it would be worthwhile to update and reshare the checklist guidance I included in Social Media Polices: Necessary but not Sufficient.

What else would you add to the list? As always I welcome your comments and questions.


Every organization needs to think about and be prepared to manage the risks associated with operating in the Digital Era. It doesn’t matter whether social media is part of the organization’s strategic agenda, or if the organization itself has any deliberate digital presence. It also doesn’t matter how large the organization is, whether it’s for-profit, BtoB or BtoC, or which industry or sector it operates in. To put it simply:

If you employ people, you should have a social media policy.

Digital Era risks exist regardless of an organization’s focus on technology, and/or the personal feelings of that organization’s leaders about social media and other 2.0 tools. Managing those risks is part of the cost of doing business, and managing them well can be a competitive differentiator, in both the economic marketplace and the war for talent. Generally speaking, however, there is no simple solution or “one size fits all” approach, and a “fix-it-and-forget-it” strategy is one few organizations can afford.

Creating a social media policy of some sort is necessary for all organizations, but it's hardly sufficient to manage all the Digital Era risks organizations face. Drafting and implementing a social media policy should be considered part of a larger effort to ensure that an organization’s employment policies reflect Digital Era realities, and that both employees and managers understand not just the “new” rules, but also how “old” rules apply in the new era (see Social Media: From Novelty to Utility for best practice guidance for managing social media). Organizations must also reexamine and update their operational policies, as well as their legal agreements and contracts. And if they have active digital communities, both externally and internally, they need to have proper engagement guidelines in place, as well as updated crisis management plans.

Enhancing an organization’s ability to manage Digital Era risks requires leaders to think about both outcomes (the “what”) and processes (the “how”).



There are several things every organization should do to ensure they’re managing Digital Era risks with a holistic, systemic, and integrative approach. Here’s a high-level checklist of the main activities:

  • Determine your overall strategic approach to leveraging social media for both internal and external purposes. Although the strategy is likely to change, it’s a key starting point that lays a foundation for understanding the necessary changes to existing policies, guidelines, and agreements.
  • Develop a social media policy for all employees.
  • Review/revise alloperational and employment policies to reflect Digital Era technologies (both hardware and software) and realities.
  • Craft social media guidelines for employees who interact with outsiders and/or represent the organization via social media channels.
  • Create and/or update your user agreements and guidelines for the intranet and other internal systems – especially those that include 2.0 features and functions.
  • Update employment agreements (e.g., non-compete agreements) and other legal documents (e.g., non-disclosure agreements) to reflect Digital Era technologies and realities.
  • Address “ownership questions” related to social media accounts, content, and digital networks, particularly with key agents (e.g., officers, development professionals, marketing and sales folks).
  • Determine a fair and consistent (and realistic) approach to monitoring, enforcement, and discipline.
  • Create posting guidelines and moderation rules for outsiders who may engage with your organization via one of its social media channels (see this blog post for more on managing comments in online communities).
  • Incorporate social media and digital technologies into your general crisis management plans and develop a specific crisis management plan for your digital properties.



Ideally, organizations should be proactive in managing Digital Era risks, rather than waiting for a threat or crisis to force them to reactively develop and implement a hasty solution. Thoughtfulness and thoroughness are important, but time is also of the essence. Therefore, it’s important to proceed with “mindful flexibility,” which requires being both strategic and goal focused, as well as adaptable –and to emphasize procedural efficiency as well as effectiveness.

There are a number of web-based resources that provide detailed guidance on developing and implementing social media policies and guidelines. Here are some of my recommendations:

Create a policy team

  • Involve multiple stakeholders from relevant functional areas:
    • Externally-oriented groups: marketing, sales, public relations, customer service
    • Internally-oriented groups: human resources, knowledge management, IT, organizational development, learning & development
    • Both: in-house counsel
  • Employ outside experts who can provide sophisticated guidance from various perspectives:
    • Social media and other digital technologies
    • Federal and state laws and issues (and perhaps global too)
    • Business development
    • Human capital management

Develop a project plan and guidelines

  • Set clear deadlines so you don’t get bogged down by bureaucracy and semantic arguments.
  • Coordinate the policy/guidelines initiative with other social media development and implementation initiatives (see Part 7 of the Social Media Primer for more).
  • Identify overarching principles, goals and objectives that will provide a framework for your revision efforts and reflect:
    • Industry and nature of the business
    • Strategic priorities (both in general and in relation to social media)
    • Guiding values (including ethics)
    • Cultural context and workforce characteristics
    • A balance between legal and business perspectives
    • A balance between employer and employee perspectives

Review, refine, and create policies, guidelines, legal agreements, etc.

  • Identify the best approach to specifically addressing the use of social media.
    • Options include developing something new (i.e., a single, multi-faceted policy, or multiple policies) or updating existing polic(ies) – or some combination of the two.
    • It’s okay to leverage benchmarked resources to create both policies and guidelines, but ensure they’re properly vetted and customized as needed.
  • Try to build as much durability into the policies/guidelines/agreements as possible:
    • Balance broad, general wording with specificity
    • Recognize that the digital engagement of both individuals and the organization are going to increase over time
    • Allow for flexibility as new case law and regulations develop
    • Prepare for technologies, platforms, and devices that could be used in the future

Provide training and ongoing communication

  • Prepare and provide training for
    • Community managers and other “official” social media users (including crisis management)
    • Non-managerial employees
    • Managerial employees
  • Communicate the final policy/ies, guidelines, and agreements and establish a method for providing regular reminders using a multimedia, tiered approach.
  • Where necessary, have all employees sign updated agreements.
  • Include training focused on digital risk management in new employee orientation and supervisors’ training.

Lather, rinse, repeat

  • Plan for regular reviews/revisions to policies, guidelines, and agreements to reflect new technologies, legal/regulatory changes, and case law.
  • Offer updated training for employees and supervisors at least once annually.