Digital Governance

Is your business up-to-speed with digital governance? It might not sound like the most exciting of questions. But it is an important one.

Digital governance involves the processes and guidelines, overseen by an organisation’s Board, that define the ways that the opportunities and risks associated with digital technologies are managed.

It is a lot wider than “best practice” in e-commerce, content management and digital asset management. It’s about responding to, and managing the use of, digital technologies across the whole of an organisation: finance, HR, marketing, sales, IT and operations.

Digital governance is important as a separate and defined part of wider corporate governance principally because digital technology is increasingly becoming a vital part of the lives of consumers and because more and more business involves digital technology. These days, make a bad call about digital and the chances are you are causing real damage to your organisation.

But digital governance is also important because the way regulations apply to digital technology is not always well understood and this leaves organisations open to risks of compliance failures. (Never mind that the regulators themselves are sometimes not up to speed and can fail to make things clear!)

While digital governance is complex, most organisations can conveniently consider it within a number of different topic areas:

  • Business strategy
  • Cyber risks
  • Social media risks
  • Regulatory compliance
  • Talent acquisition and management
  • Investments and returns

Let’s briefly take these one by one.

Business strategy

How does digital technology affect business strategy? Senior executives need to ask themselves whether they understand consumer trends; for instance, are they keeping up with the way that many consumers are moving away from fixed internet access to smart mobile devices?

And there is a need to look wider than consumers. How are your competitors reacting to digital technology? Can you work with suppliers in a different way, cutting costs and timescales, through the use of digital? And how does digital technology affect the PESTLE (political, economic, social, technical, legal, environmental) landscape?

Finally, while no one can predict the future, it’s as well to be aware of potentially disruptive technologies on the horizon. Don’t spend too much time on this as it is easy to get wrong. For instance the jury is still very much out on whether wearables (at least as currently developed) will have popular applications wider than health and fitness. So spending a lot of time and effort in this space may be wasted (sometimes there is a lot to be said for “second mover advantage” as Google, Apple and Facebook have all discovered).

Cyber risk

It’s easy to give up on cyber risk and say “Well, if it happens, it happens. I leave that to the geeks in the IT department”. But Boards have a statutory obligation to oversee risk management and report on it and that includes cyber risk. It’s important because cyber risk can cause damage to operational efficiency, reputation and share price. So Boards really do need to get a handle on this and equip themselves with the knowledge to be able to quiz IT specialists.

For instance, good IT people will know that cyber risk is not just about defending networks. It involves defending information, wherever it is. And it’s often driven by phishing rather than brute hacking. Are you equipped to question your IT team about this?

In addition there is a need to monitor identity theft and fraud sites and this may not even be part of your IT team’s remit.

Social media risk

Part of cyber risk is social media risk. This is little understood but can have massive impact as New York Stock Exchange investors found when $130 billion was wiped off stock values as a result of a single tweet from a Twitter account that had been hacked.

Social media risk can cause reputational damage but the risks go wider and can affect business strategies, recruitment, compliance and legal risks such as libel and discrimination. In order to defend against these risks companies need to manage employee use of social media as well as listening to and managing public social media comments.


Digital technology can cause many compliance issues. For instance inappropriate social media use can result in fines for breaching advertising regulations or Fair Trading rules. And careless data protection can result in considerable fines (and reputational damage). Potentially there are also dangers around accessibility and disability discrimination: for instance if you offer a service online and are not taking reasonable steps to provide access to the disabled (such as the visually impaired) you are breaking the law.

In addition many industries have their own regulations that are impacted by digital technologies. For instance financial services and pharmaceutical companies have particular requirements about recording interactions with consumers that are increasingly difficult to meet in the light of social media technology.

Human resources

Digital can also affect how organisations attract and retain talent, an issue of major concern to many Boards. Issues to consider include:

  • How to use social media profiles during the recruitment process without risking accusations of discrimination
  • How to manage employee use of social media at work without de-motivating people and without being accused of invasion of privacy
  • How to ensure that employee’s use of social media does not leave an organisation open to vicarious liability
  • How to manage any damage to the “organisation-as-an-employer” brand that happens via social media
  • How to ensure that irresponsible or disaffected employees cannot damage the organisation’s brand by unmonitored access to social media accounts


Finally, Boards need to ensure that digital investments are appropriate, and deliver appropriate returns. Questions to ask here include:

  • Do web and mobile assets deliver value from a user perspective, ratger than simply from an organisational viewpoint?
  • Is any spending on digital advertising appropriate and are returns being reported accurately?
  • Do digital investments, for instance in websites and apps, assist or hinder a consistent and positive brand experience across all channels?
  • Is there an appropriate strategy for developing digital assets across the organisation so that redundant investment is avoided and ownership is managed?

Managing digital governance

Managing digital technology is now key to almost any organisation. A structured process is required. This should involve auditing technology touchpoints, listening to social media activity, controlling how employees use social media, preparing for difficult situations, and archiving any conversations with consumers in case of future legal requirements. In addition it is important to develop a culture that is prepared to learn from events rather than simply blaming people when unexpected things go wrong. More on this in a subsequent post.


The FCA and social media

OK, this isn’t the most exciting post. But it is important. The Financial Conduct Authority (FCA) has finally published its draft guidelines on the use of social media by financial services organisations.

There is some very sensible advice in the FCA guidelines. For instance they recommend identifying a tweet as a promotion by including the hashtag #ad.

However there are a number of illogicalities and omissions.

Take tweets. The FCA advise that promotional tweets for financial services need to contain a lengthy risk statement along the lines of, in the example they give, “Your capital is @risk & losses can exceed your deposits.” That’s 56 characters – getting on for half the characters available, and more than half once you have included a link to your products.

But why have a risk statement at all? Consumers don’t expect full information in a tweet. They expect to find more information behind any links. A more sensible rule would to be  to require the risk statement to appear on the landing page beneath the tweet. Alternatively perhaps a shorter statement leading to a risk statement along the lines of “Risks: [link]” should be allowed.

Perhaps they should think of a promotional tweet as being like the header of an email – something designed to persuade you to look for further information. Just as email headers don’t contain risk statements, why should tweets? Including one seems to offer no extra protection to consumers.

The FCA also mandates risk statements on banner ads. They give an example of an ad with three frames, the last of which contains a risk statement. But is this sensible advice? Consumers can’t be guaranteed to watch an animated banner until its completion. So what is the purpose of a risk statement in the final frame? Either the risk statement should be visible all the time – or it should be available on the landing page that links from the banner.

Another problem with the guidelines is the absence of any recognition that social media content can be either static or interactive. The FCA guidance states that social media content needs to be pre-authorised. While this is clearly possible for banners ads, blog posts and even promotional tweets, it is simply not practical for interactive content that takes place within an exchange of tweets for instance. Clearer guidance is needed here – US regulators such as Finra accept that “unscripted” interactions need a different kind of management.

Another weakness is the use of the word “significant” when describing content that needs archiving. This leaves a lot up to the financial services provider. What is “significant”? Surely sensible guidance would insist on all content available to consumers being archived, not a hard thing to achieve with a digital medium. 

My final major worry is that the FCA seem to think that awareness is not part of a promotional journey. Thus a tweet saying “To see our current mortgage offers, go to…” is not a promotion but a tweet saying “To see our great mortgage offers, go to…” is a promotion. Presumably the FCA are saying that “current” is not a word that promotes value? If it isn’t, then will the FCA provide a list of other words that are safe to use? It might be more logical to say that the inclusion of any adjective turns something from an invitation to look at information into a promotion. However, even without an adjective, an informational tweet that generates awareness is a promotion (remember AIDA?)

The FCA is asking for comments on these guidelines and will accept them until 6 November 2014. If you work in financial services marketing you will need to make your feelings known.


3 steps to planning for a social media crisis

You might as well accept it. You’ll be involved in a social media crisis one day. And without the right planning that can hurt.

Planning to meet a crisis takes time and effort. But the principles behind the planning are reasonably simple.

So here are Mosoco’s 3 (not-so) easy steps!

Step 1: Audit

As usual, the first step is a little strategic auditing: where am I now, where do I want to get to; and how am I going to get there.

First of all you need to agree your crisis management requirements:  the types of crisis you are likely to face, the scale of the possible downside (so you can understand how much to invest), the ideal way you want to handle those crisis (how much can you afford to care about individual customers), and the results you want to see.

Once you have identified the “ideal world”, you need to audit your existing processes:

  • Are they complete; do they cover all your business functions and processes or are they firmly placed within PR or Marketing? Do you have a system for directing problem content to appropriate people within the organisation?
  • How do you identify what content needs to be responded to and when negative content starts to become a crisis?
  • Are your processes effective? Are you sure: have they been tested? Are they up to date in terms of social media landscape and employee/agency contact details?
  • Do current staff with responsibility for crisis management have adequate understanding of social media and the crisis management processes and are they able to deliver them with available resources?
  • Are your current social media management tools adequate, especially your social listening and archiving tools? How are you currently moderating inbound and outbound comments, and what is your approach to interacting on social media accounts you don’t own (e.g. review sites)?

Once you have answered those questions you will need to undertake a “gap analysis” in order to identify what needs to be done to achieve your strategic goals for social media crisis management.

Step 2: Prepare

The team

Next, if you haven’t got one already, you will need to establish a multi-functional crisis management team. You might have people from social media triage, HR, sales, compliance, marketing and IT in this team. It shouldn’t be from a single department though as social media problems can affect all parts of an organisation.

You will also need a clear chain of command with a senior crisis manager who will confer with, and delegate to, other team members.

Another important team member is what I call the “triage nurse”. This is a person who is responsible for listening to social buzz, deciding what needs a response, and forwarding each post to the appropriate person to deal with it. They should ideally be “business function agnostic”, capable of recognising compliance issues, HR issues and security issues as well as marketing or PR issues.

You will need to ensure individual team members have appropriate training and skills as well as understanding that they have the freedom of movement to manage a crisis within agreed guidelines.

Scenario planning

In order to develop crisis management guidelines for people to work within, you will need to be aware of the most likely crisis scenarios you might face. Use your imagination as well as reading up as many case studies as you can to identify what these might involve. Typically, a crisis can be caused by things like:

  • Senior executives resigning
  • Inappropriate employee behaviour
  • Problems with products or customer service
  • Marketing failures such as non-compliance or astro-turfing
  • Security issues such as brand-jacking

Pre-prepared crisis content

You will also want to develop crisis management guidelines for how to respond to each different type of crisis including:

  • The process: where to respond, how to respond, how to maintain a “single voice”, when and how to escalate
  • The tone of voice you will use for different platforms (Facebook is likely to be different from LinkedIn for instance, while Pinterest will need a more visual approach)

One of the hardest tasks is to develop pre-prepared position statements for the early stages of each likely scenario, especially where the scenario hasn’t been faced before. Depending on the individual scenario, prepare content such as sincere apologies, an explanation of what has gone wrong, and statements that “the issue is in hand”. They won’t be exactly right when the issue hits of course, but they should save you time by acting as a sensible starting point.

Ensure an appropriate tone of voice is used by taking account of the cause of the crisis and the effect it will have on people. Are people in genuine danger? Are they merely being inconvenienced? Or are people simply laughing at you for some reason?


Once you have developed management guidelines you will need to ensure that the right technology is in place. This will include:

  • Appropriate social media management tools including listening, moderation, post management and archiving
  • A website that has the ability to host crisis statements in a way that is easy to access on mobile devices
  • Presence of your brands on all major platforms including YouTube, Twitter, Google+, and Facebook so crisis statements can be placed there
  • Appropriate security, including robust password protocols – just giving anyone access to the Twitter account is generally a bad idea!

Places and people

Another useful thing to do up-front is to identify influencers and important channels. Ensure the team has access to data about:

  • The most important social media channels and sites, in terms of their size and their relevance to organisation
  • The most important brand and industry influencers (e.g. bloggers, tweeters, specialist communities, activists journalists etc)

Step 3: Practice

Ensure the whole team has the opportunity to practise managing a social media crisis using a realistic scenario.

This does two things. First it tests the crisis process for each type of scenario to find out how effective it is. Is it up to date? Does it work in practice – for instance if an escalation process involves the CEO, is he available when needed?

Practising with a simulated crisis also exposes the team members to the reality of managing a social media crisis. They will see the speed a crisis can move at and experience the need to prioritise on different platforms. They will be exposed to the need to take individual decisions. They will discover the need to accept a certain level of personal abuse and not get upset by it.

The result

By planning for a social media crisis you should ensure that your organisation has the right tools and processes in place to manage a social media crisis. This involves a further six steps:

  • Listening to the social buzz and identifying an emerging crisis
  • Triaging posts (some dogs are best left lying) and directing content to appropriate team members
  • Maintaining transparency by acknowledging negative comments and even sharing them and asking for feedback
  • Responding to individuals and the audience at large with positive and helpful information
  • Resolving the problem, reporting this and asking for feedback, especially from customers who were affected
  • Reviewing the crisis and learning from it

More on those steps another day! But in the meantime, if you want help with planning your approach to social media crisis management don’t hesitate to get in touch with Mosoco’s social media risk team on


Social media risks: are you tooled up?

Angry customers dissing your brand; employees who give away trade secrets in their Facebook posts, chief execs whose Twitter accounts get hacked: The risks from social media are not always easy to manage. Even the well known risk of negative PR can be hard to manage if you don’t have the right social listening tools in place. The tools available to help manage social media risks go a long way beyond social listening, but let’s start with that.

Social listening tools

There are dozens of social listening tools available. Some of these are free. Some of them cost a modest amount, a few hundred dollars a year. And some can cost thousands. But they all do the same thing: identify what people are saying about your brand or company on social media platforms. So why pay, when there are so many free tools? Well, it depends on resources of course, and the importance of social media listening to your organisation. Some things to consider (beyond cost) when choosing a tool are:

  • Which platforms are monitored? There are a lot of tools that just focus on Twitter for instance
  • How much data can you get? Some tools will only give you results for a limited number of posts or a limited time frame
  • Is anything beyond a list of posts included? Some tools include analysis of sentiment (are the posts positive, negative or neutral) or potential reach; others enable you to filter the results by language, influence, demographics or region
  • Is the tool primarily a listening tool or does it double up as a content management tool?

Free multi-platform tools worth considering include Social Mention, Ice Rocket (especially good for blogs) and Google Alerts (you set up an email alerts so that  Google tells you whenever anyone uses your brand name, strapline or url).

Point of presence tools

Tools that can identify brand “points of presence” are similar to social listening tools although they perform a slightly different function. By a point of presence we mean a site on the internet that is, or purports to be, associated with your brand. Many social listening tools just listen for conversations and won’t be able to pick up sites that are using your brand assets such as your brand name, logo or strapline. If someone is using your brand assets this may be because they are a fan. But it may also be because they want to say unpleasant things about you, or to sell fake products. Having a tool that will identify when your brand name, logos and straplines are being used can be an important safeguard. Some tools can help you identify when your logo is being used while others will look for “strings” of text to find brands in URLs or social media profile pages. For a free way to identify places where your logo is being used, paste its image into Google images. To find your brand name in a URL, go to Google Advanced Search and select “in the URL”, within the “terms appearing” option. And to find mentions in particular social media platforms simply type in the platform name (e.g. into the “site or domain” option of Google Advanced Search. Free tools have their limitations and a much more powerful paid solution that is worth investigating is provided by Brandle.


If you are serious about posting to social media platforms the chances are that you already have a moderation tool. But if you don’t, then should you consider it? Moderation tools can help you prevent inappropriate posts by employees – for instance posts containing particular words can be flagged up for authorisation by a more senior person. This is a risk for companies that don’t have content marketing management tools in place, simply because without them it is easy for an enthusiastic employee to forget whether they are posting on their personal account or the company’s account. Moderation tools can also manage the risks that exist if your site accepts content from the general public, e.g. reviews or forums. It can be expensive to use a human to moderate all the posts that come in so automating the process to delete or quarantine any posts with unsuitable language can be a sensible investment. One company in this space is Discussit although if human moderation (which provides better risk management)  is also necessary, then a specialist firm like eModeration, which can moderate posts in many different languages, is also worth investigating.


One of the big risks from social media is the potential loss of productivity that can occur when employees spend too much time on Facebook and Twitter. As preventing their use totally is likely to be counter productive, one strategy can be to manage their use possibly by limiting the times when access is available to social media platforms although tools like Websense provide more sophisticated management such as letting people use LinkedIn but disallowing job searches or letting people post on Facebook but not chat.


Saving social media conversations in case of future legal actions is a sensible precaution if budgets allow (or if you work in a regulated industry where this is required). There are many archiving tools available and things to consider include:

  • Is the archive easily searchable and rapidly available?
  • Are actions (e.g. retweets) and metadata (e.g. tags) archived as well as original content?
  • Are “conversations” (forum threads, series of tweets etc) archived as conversations or individual posts?
  • Does all content get archived or can posts that are subsequently deleted become lost?

Archiving can be expensive and choosing the right tool isn’t easy. There is a comprehensive (probably over-comprehensive) list of options at USA’s National Archives; companies worth looking at include Smarsh, Hanzo Archive, and  Archive Social.


One of the big risks associated with social media is inadequate security: having the corporate Twitter account hacked can be embarrassing but could also result in real reputational damage. Protection requires secure passwords – and yet according to SplashData the most common password is “123456”. Any social media account using that (or “password”, the second most common password) is ignoring some massive risks. Some content management platforms such as Crowd Control HQ can force certain password protocols on users of corporate social media platforms, making them more secure while at the same time providing an easier way to manage complex passwords.

Testing and practising

You can take a lot of time and effort developing ways of reducing social media risk. And you can invest in the best tools to help you with this. But unless you test your systems then you can still be wrong footed. To that end various tools are available that enable you to practise managing a social media crisis. These use a combination of software, content templates and real people to simulate a PR crisis over a number of hours or days which you can then respond to. As well as giving your social media team experience of what it is like to handle a crisis, your processes (any template content, together with management and escalation processes) will be stress tested and any weaknesses should be uncovered. A number of PR companies have developed services here. Check out Polpeo for an excellent example.


We don’t have any formal connection with any of the tools and services mentioned in this post. They are all well thought of but there are many more out there, and the right tool for you will depend on your budget, your corporate and social media goals, and your particular circumstances. If you want some advice about what is right for you then call us on 07855 341 589 or email we would be happy to explore your options.

Archiving social media

Does it really matter what you said on Twitter last week?

Archiving may not be the most exciting subject in the world, but as organisations increasingly use social media to communicate with consumers there is an ever growing need to archive their social media conversations.

Why archive?

There are four excellent reasons for archiving social media content.


Litigation is an ever present problem for organisations. This can be staff bringing cases for unfair dismissal or discrimination. Or it can be consumers bringing cases relating to unfair contracts or products and services that don’t deliver as promised.


Archiving of marketing communications can be a compliance requirement for certain industries such as financial services; although there are some record-keeping requirements imposed on all companies.

Business operations

It can be important to archive records so that negotiations and transactions can be continued in the event of systems failure. In addition, an easily accessible record of social media can in some circumstances make it easier for employees to work efficiently (e.g. finding an important email or chat record easily).

Knowledge management

A good archive can be used to generate learning and case studies.

How much to archive?

Ideally you would archive everything in social media that relates to your organisation. But this may simply not be feasible. For instance, if people get customised views of social media it is obviously impossible to archive these. This is also true of websites that are delivered “on the fly” where one may be confined to recording for instance the different experience of a logged in and a logged out visitor.

Two questions need to be asked:

  • What is it reasonable to invest in archiving (given the size and nature of your organisation)
  • What is it important to keep (not all social media data is equally important)

There are no hard and fast rules here, except that more is likely to be safer than less. But bebar in ind that how uch you archive is likely to affect how much you pay.

How to build an archive

There are some fundamental requirements of social media archiving systems:


You need to capture both “static” content that is not changed on a regular basis (such as a Twitter profile) and “interactive” content which delivers a stream of data from the organisation and consumers or other stakeholders.

With interactive content, there is generally a good deal of important contextual information that goes beyond the simple text of a post and this need capturing. This can include:

  • Actions such as “Likes” and Shares
  • Views and subscriptions to content streams
  • Phototags and hashtags
  • Page URL
  • Links
  • The nature of the conversation, in particular whether it is a public exchange or a private (e.g. Direct Message) exchange

Another important consideration for archiving is whether deleted posts can be recorded. When data collection happens on an occasional basis, for instance every day, posts that are deleted may well be lost to the archive. One solution is to record data directly via the platforms API rather than from the web.


There are a number of storage requirements for any archiving system and these include:

  • Data and information security: archives should be secure so that only authorised people can access them
  • Resilience: the will always be a need to have one or more back ups of the archive so that data can be retrieved in the event of system failure
  • Access logs: A record of who has used an archive is an important management tool – as anyone who watches “whodunits” on TV knows
  • Integrity: It is important to prevent modification or deletion of content within the archive which means that data should be stored as “read only”

Searching and retrieving

In most circumstances social media records should be searchable at least by the following:

  • Platform (e.g. Twitter) and type (e.g. re-tweets, direct messages)
  • Author
  • Date and time
  • Content “strings” (i.e. keywords and key phrases)
  • Metadata (e.g. tags on Facebook pictures)

Once data has been found then it needs to be exportable easily and in a sortable format e.g. XML.

Choosing the right tool

There are dozens of archiving tools available. Some are free, other range from low prices that an SME will find attractive to “enterprise level” expense.

And the functionality offered offers widely too, with some tools very much simple back up tools while others are more truly information management tools.

As a result choosing the right tool isn’t simple. Ideally, your requirements will be agreed by a multi-functional team composing of IT, archiving, compliance, workflow, website and social media experts. But if you are uncertain that you have the right knowledge in house, then Mosoco will be very happy to help.