Forrester's latest research suggests that many organisations are allowing access to social media without communicating a clear policy that guides employees toward effective and safe use of social media. In a recent global survey of social media users conducted by Forrester, 43 per cent of respondents reported that their organisation did not have a social media policy, and another 11 per cent were not sure if a policy existed. At the same time, only 26 per cent reported their organisations did not sanction social media access while at work. The conclusion: employees are accessing social media with or without a policy, putting their organisations at risk through for example intellectual property (IP) leaks and/or security breaches, legal vulnerability, brand erosion, or reduced competitiveness.

According to Forrester, a well-communicated social media policy should provide a set of guidelines to help your organisation release the power of social media both internally and externally while protecting the organisation's IP and managing risk associated with employees engaging in online social communities.

As a senior executive in the organisation, the CIO has a responsibility to work collaboratively with other senior executives to drive the development and communication of the organisation's social media policy (see Figure 1). This C-level committee should oversee a policy that mitigates risks while maximising the ability of the organisation's employees and customers to benefit from the participation of employees in social communities. A cross-functional social media policy working group should develop the policy specifics with the help of an IT social business architect appointed by the CIO. The role of the CIO is to:

Provide a cross-functional view of the potential social media use cases. Research shows that social media use is widespread throughout the organisation and not limited to professional use in marketing and customer service. The CIO provides a holistic view of where social media can affect the business, both internally and externally, across all business operations.

Evaluate the benefits and risks of social media usage. Understanding the range of potential use cases will help identify key areas of risk and opportunity associated with social media. The CIO, in conjunction with the chief information security officer, must help peers in the C-suite weigh the pros and cons of any given policy choice with respect to security and risk.

Identify appropriate technology resources and services. The CIO and the IT team play a pivotal role in helping to decide how technology may be harnessed to support an open social media policy or used to enforce a more restrictive social media policy. Depending on the technologies in use, IT's role may extend to supporting or governing the selection of vendor partners to support the social media strategy.

Support the effort to inventory how employees are currently using social tools. Before drafting the social media policy, it is important to clearly understand how employees are presently using social media and social communities and to determine how employee usage is expected to change as a result of implementing the new social media policy. Although this effort is most likely to be driven by human resources (HR), CIOs can support it by tapping existing application usage reporting and/or user survey processes.

Use the lessons of past experience to drive a successful policy rollout. While a new social media policy rollout will likely be led by the HR team, CIOs should support the rollout and adoption; tapping into IT's project management skills and adapting IT's change management process as needed. Be an evangelist in the C-suite. Many organisations have failed to enact a social media policy because the C-suite lacks an evangelist with the understanding of how critical a strong policy is for an organisation's health. Even in organisations with a social media policy, IT and the CIO are often seen as roadblocks to social media usage. CIOs are well-positioned to partner with the chief marketing officer to advocate for the implementation of a social media policy that empowers the workforce for the benefit of the customer and thus redefines the image of IT as an enabler of Social Computing.

Figure 1: Establish Collaborative Social Media Policy Groups

Establish collaborative social media policy groups

About the author:

Nigel Fenwick is vice president and principal analyst at Forrester Research serving CIOs, focusing on the role of CIO as a business leader influencing business strategy and performance. You can hear more on the topic of social media during Nigel's presentation "The CIO's Guide To Social Computing" in the CIO Track at Forrester's IT Forum EMEA 2010 (June 9 – 11, 2010) or on Nigel's blog.