The rapid and voracious adoption of smartphones and tablets has universally changed employee expectations and has driven the "bring your own device" (BYOD) workplace phenomena. As Forrester Research notes, "The work-anywhere future is a world in which work is something you do, not a place you go." Another analyst firm, Gartner, predicts that by 2015, 60% of employees will interact with corporate content using mobile devices.
What does this mean for companies that operate in regulated industries? Are mobile workforces and compliance teams becoming clashing forces? Without a doubt, mobility poses challenges for compliance-centric businesses. Once addressed, however, the challenges are outweighed by the opportunities. Mobile-friendly governance processes can dramatically simplify workflows while supporting and streamlining compliance activities.
Since many compliance requirements relate to the management of critical and confidential information and associated workflows, a mobile workforce changes compliance-related content management. The business must now be able to protect content that is accessible from smart devices. Information governance policies and practices within a “mobile-first” workplace must be expanded to include mobile device management (MDM) and mobile information management (MIM). And businesses need to ensure that smartphones and tablets are being used appropriately when employees participate in compliance-related workflows.
The corporate boundaries have also shifted in the mobile world. Without adequate controls in place, any content accessible from a mobile device can be taken into the cloud, beyond the virtual walls of the company intranet. Highly regulated companies have traditionally been hesitant to deploy cloud solutions, but smartphones, tablets and laptops are literally bringing the cloud to their doorsteps.
Enterprise content management (ECM) solutions have been evolving in pace with the world of smart mobile devices. Mobile-friendly ECM platforms are being adopted by many regulated companies. An up-front evaluation of the existing compliance practices and employee behaviors can identify potential areas of risk and, therefore, help identify the best starting points. Some topics and questions that should be covered during the mobile ECM evaluation phase include:
- User identity: Are users required to re-authenticate for every approval step in compliance-related workflows, or is it possible for approvals to be entered with a fake identity?
- Timestamps: Can timestamps be falsified? Do users enter the dates/times of critical tasks, or does the content management system automatically enter this information?
- Productivity: What are the most time-consuming steps in the current compliance-related workflow processes?
- Change management: Are employees automatically informed of the change processes, and are learning requirement tasks sent accordingly? Can you ensure that SOPs have been read by the appropriate individuals?
- Data integrity: Can content get lost in the current approval process?
- Content controls: Is content access restricted to the appropriate employees?
- Version control: Are all stakeholders working from the most current and accurate document versions?
- Infrastructure versatility: Can some content be stored and managed in the cloud? Can sensitive content be restricted such that it only resides behind the company firewall?
- Complexity: Are employees resisting the ECM system and looking for ways to work around it because it's too complex and difficult to use?
By identifying the risk areas early on, regulated businesses can start a gradual migration to a mobile-friendly ECM solution.
MIKA JAVANAINEN is senior director of product management at M-Files Corporation where he manages the M-Files portfolio, roadmaps and pricing. Prior to his executive roles, Mr. Javanainen worked as a systems specialist, integrating document management systems with ERP and CRM applications.