IBM Connections Auditing and Compliance Infrastructure
I attended a session with Rene Schimmer, Offering Manager, IBM on Connections auditing and compliance. As social business continues to grow and become the norm, auditing and compliance becomes more critical, especially in certain industries that are subject to government regulations.
Social Business and Compliance
There are quite a few key concerns with governance, risk management and compliance for social business. These include:
- Avoid conflicts of interest (between employes, customers, partners and/or investors)
- Establish safe practices and policies on how to use social media
- Protect reputation and image
- Protect confidential information
- Balance information retention and storage cost
There are quite a few regulations which have existed for some time in financial services, energy, healthcare and government which directly impact social solutions. A best practice is to develop safety conscious external practices and a managed social business network for internal communications.
To demonstrate the importance of this, 98% of companies cite defensible disposal of information is important to governance yet only 22% of companies can prove they have done this properly. A typical average cost to retrieve information per legal action can be around 3 million and 70% of the information is typically irrelevant. This problem only grows as social tools become pervasive.
Here are the typical information life-cycle steps for email or document retention.
- Analyze and dispose if not relevant (This is a risk if the wrong content is exposed)
- Archive (This can be expensive)
Connections is different because now you don’t just have email and documents, you have profiles, communities, forums, wikis, activities, blogs and more. This complicates the information life-cycle problem since there are many different types of content.
Compliance Related Capabilities in Connections 3.0.1
Connections has the following built in auditing and compliance capabilities.
- Event tracking
- Access control
- Simplified UI customization
IBM Connections Event SPI
Real-time events are generated for all create, update and delete operations.
- End-user actions
- End-user changes in preferences
- Administrative actions
- Automatic system events
- Content moderation
Moderation is the process of controlling end user content ensuring it is appropriate. This helps control the quality of communication making sure it is appropriate.
There are 2 types of content moderatoin:
- Automatically – E.g. a profanity filter grammatically looks at words and replaces them or blocks the content
- Manually – putting content in a queue and manually review it
- Triggered by flagging published content
- End user reports content
- Content reviewed for appropriateness
- Enabled in both the UI and the APIs
Vantage for IBM Connections
Vantage is a product by Actiance that helps organizations manage compliance across Connections.
- Content logging captures content posted even if deleted
- eDiscovery – Reviewer UI shows content in context of related items
- Real time integration captures events instantly
- Real-time content monitoring
- Keyword blacklist
- Granular policies to map compliance requirements
- Send alerts via email, e.g. when prohibited content is posted
- Content can be reproduced even with formatting
- Vantage also supports Sametime
After viewing a demo of Vantage, it looks like a strong product capable of meeting many of the compliance regulations and concerns an organization has.