Out of all of the presentations I have given with regards to Enterprise Social Networks (ESN) the one common question I get is around governance/controlling the usage of the tool. This question, while always expected, makes me cringe a little. I do not disagree with governance, it plays a major role in ensuring platforms can operate at the optimal level. It ensures there are no gaps in security, it ensures the users of the tool are using it appropriately. It comes into play in any industry but I am always asked the question by a highly regulated organization. These are things organizations need to be aware of, however it can also be disruptive to the rollout of an ESN. The more restrictive an organization's governance is the less likely users are to feel comfortable using the tool.
The purpose of this post is to help you understand the tools available for governance within Yammer. My recommendation is to consider using these options to help guide users to the correct usage but not to overburden them with too many restrictions and rules.
If you have the freemium version of Yammer the following options are not available to you. While the freemium version provides almost every feature available to the end user it does not include any of the management features.
The usage policy is the first line of defense when you want to ensure users are using the tool appropriately. While I personally believe that the majority of your users will use the network as a business tool there are going to be some that may stray from the line. Usage policies in Yammer can discuss general items such as no profanity, religious discussions, political arguments, union discussions, and so on. They can link to other corporate policies that employees must already abide by. I also recommend adding a snippet regarding best practices for using the network.
Users can be required to accept the policy during sign-up and after any changes are made to the policy. A link to the policy can also be made available in the right side bar so that users can quickly reference the information.
There was a question on our Yammer network a little while ago where an organization was concerned about its employees discussing unions and how best to track this and ensure that its employees were not participating in these types of discussions. My first response is to ensure that this restriction is in your usage policy. The next available feature to help tackle this is keyword monitoring.
The word union can be added to the keyword list and the admin(s) will get alerts notifying them if the word is used. The administrators can then delete the post and remind the user that they cannot discuss unions. This can work for a variety of situations profanity, credit cards, social security numbers, phone numbers, etc. In other words any single word, phrase, or regular expression can be monitored. Some companies use a three-strike rule and on the third strike block the user.
It is important to note that groups are typically created by the end user population. I recommend including a section in the usage policy helping to define what types of groups are appropriate on the network. Within the best practices of the usage policy there should be a mention of searching for a group first, prior to creation, as this will keep from having duplicate content areas.
Groups have the ability to be public and private. I get questions all the time from companies that have defined regulation requirements around the best way to implement social for their organization. Again I stress the importance of having something defined in the usage policy but the next step is to have private groups to ensure only authorized users have access to the content. While it is a best practice to have more public groups than private to help drive engagement and collaboration we realize that this is not always feasible in order to meet regulations.
Administrators of the network may also want to add "has created the" as a phrase to monitor. This phrase is always used when someone creates a group and it can help in multiple ways. You can use it to invite users to a Group Administrators group with tips, tricks, and best practices for group administrators. You can also use it to determine if the group is a valid, not duplicate group and take the appropriate action if necessary.
As an added security feature organizations can lock down their network to trusted ranges of IP addresses. If users on the network should only be able to access Yammer when they are at an office the IP ranges should be added here.
This will also block mobile device unless it is specified that mobile clients are allowed. This is where I like to note that it may be in the organization's best interest to allow mobile devices. I say this because of accessibility and the ease of contributing to a discussion while on the go, think of users that travel to do their job. A lot of the time I use my phone and/or tablet to catch up on discussions and provide my two cents.
If you have not implemented single sign on (SSO) capability, users will have separate passwords than that of organizational account. Password policies can be configured for minimum length, different complexity requirements from none to requiring upper and lower case letters, numbers, and special characters. Password reset windows from 1 to 12 months and the ability to force all users to update/change their passwords.
If the organization will be integrating Yammer into multiple applications, I recommend they utilize SSO to improve user adoption and to ensure the password policies enforced are those already in place for the organization.
The freemium version has some pitfalls for managing users. It relies on a manual process to remove users meaning an organization needs to roll some additional steps into their offboarding/termination procedures. With the enterprise version, Yammer can become more tightly coupled to an organization's existing infrastructure with the ability to add directory synchronization (DirSync) and single sign on (SSO).
DirSync will sync user accounts between the directory infrastructure and Yammer. This includes adding and removing accounts as well as syncing up certain user attributes. DirSync does not synchronize the passwords at the time this post was written. In order to accomplish password sync and make Yammer even more user friendly SSO must be integrated.
External networks can provide a significant advantage in collaborating with customers, partners, and vendors without having to worry about creating authentication methods for those external users. With the Yammer network an external network has no external user limitations. Those external users will not be able to access the internal Yammer network for your organization; they are completely separate instances. In order for external users to gain access to the network they must either be invited or request access which would then need to be approved by an administrator.
By default, external networks can be created by any user, however most organizations lock this down to an admin only function. With external networks password policies cannot be enforced.
True e-discovery is not available with Yammer. However Yammer comes with a data export API. This API gives an organization full access to all the information in their network. This information includes all messages, notes, files, topics, users, and groups. An example of utilizing this functionality to support e-discovery would be to develop a script that will automatically perform a data export to a records center solution.
3rd Party Apps
One of the strengths of Yammer is that it has a large 3rd party app directory with a lot of supplemental applications such as gamification, analytics, LMS, and other various integration points. While this is great, there are some organizations that will need to determine if using these items is in their best interest. In the configuration tab of the management tools an organization can opt out of 3rd party applications.
As you can see there are various features available in Yammer Enterprise to assist in creating a solution that can help meet compliance and legal needs as well as provide a safe environment for employees to collaborate, engage and innovate. Remember that over governance can have an adverse effect on adoption of an ESN so plan accordingly.