The Evolving Framework of Digital Governance: An Essential Guide

As organizations’ online presences get wider and more varied, maintaining oversight of how information is communicated becomes more and more complex. When considering what information should be shared and how it should be presented, organizations have to review their entire digital output — not just their website, but their subsites, social media accounts, apps, intranet portals, e-commerce platforms and email marketing tools. This is where digital governance comes into play.

Defining digital governance

Digital governance can be broadly understood as a framework of guidelines, accountability, and decision-making authority for an organization’s entire digital ecosystem. When devising digital governance frameworks for our clients, we focus on three key elements: a governance policy document (or documents), a committee (or committees) for devising the policy, and a mechanism for making and communicating changes to the policies.

When you think about the sheer size and scope of your organization’s output, devising a framework that can effectively cover your entire digital presence might feel like an arduous task. In this guide, we'll take you through how Palantir goes about establishing digital governance frameworks for our clients. We’ll help you nail the fundamentals of digital governance, taking you through the process step-by-step, from a high-level overview to the finer details. Our guide covers:

• Choosing the right governance framework
• Establishing ownership and accountability
• Accessible and effective content architecture
• Effective content management
• Digital tools for governance
• Navigating compliance and security
• Building governance competency
• Maintaining relevance for governance frameworks

If you’re looking for granular insights on how to ensure seamless, secure, and compliant governance within your organization, we’d love to help you begin your digital transformation. 

Implementing effective governance

The first phase in implementing effective digital governance is to gain an overview of which properties need to be included in the plan. From there, you can begin to consider questions of ownership, management, and policy.

Choosing the right framework

To decide on the overall framework of a digital governance plan, we like to start with the “10,000ft view” — to zoom out as far as we can from the details, and get the broadest possible picture of what’s in your digital ecosystem. A good first step is to make an inventory of the different digital platforms that exist within your organization. This may include:

• Public websites
• Private websites
• Intranets and portals
• Web-based applications
• E-commerce
• Social networks
• Digital media
• Broadcast email
• Digital governance

This list will provide you with a set of top-level categories to consider when you begin building your digital governance plan. We include digital governance on this list because — yes — governance needs governance. Digital governance plans are living things that need to be maintained over time, just like the other items on this list.

Customizing governance to fit organizational needs

Of course, the exact governance needs of your organization will be unique. Only you and the other relevant stakeholders will know exactly how the advice below should be tailored to your needs. The best approach for identifying what needs to be customized involves consulting a breadth of different stakeholders in the decision-making processes — for example, employees who work directly on different platforms in your digital ecosystem. We also recommend being as thorough as you can about what properties need to be governed, and how.

The foundations of digital governance

The backbone of a digital governance plan is establishing ownership and accountability. A group of stakeholders should be formed into a committee to make relevant decisions about policy and delegate ownership. From there, you can drill down into defining the roles and permissions of all relevant contributors within your organization.

Ownership and accountability 

Someone should “own” every facet of your digital presence, and be ultimately accountable for adherence to all related policies and procedures. These owners should be clearly designated, and their responsibilities should be documented. They take on “top-level” responsibility — meaning they might oversee or delegate maintaining their domain, but are the ones ultimately accountable for making sure the work gets done.

Wherever possible, there should be one person accountable for the maintenance of each area — even in cases that involve a high level of collaboration, such as a blog populated with content by several subject matter experts. In such cases, it might be pertinent to split the accountability into several subject-based sub-domains, so that ownership still remains an individual responsibility. The fundamental concept here is to place responsibility for all content and every part of a digital property with the people who are in the best position to manage it and ensure its quality, accuracy, and value.

Roles and responsibilities

Most organizations today have a lot of people working on and editing their web properties. Without a clearly defined framework of roles and permissions, this can lead to a lot of overlap and confusion. Having a clear framework that defines access and responsibilities can provide clarity at an organizational level.

Some typical roles you might want to consider when establishing your own framework include:

• Contributor: A user who can create and edit content on the website, but cannot delete any content or edit content created by other users.
• Editor: A user who has permission to edit content created by other users, as well as create and edit their own.
• Publisher: Someone who has permission to approve and publish the work of creators and editors, as well as editing permissions.
• Administrator: Has the same permissions as a publisher, and the additional power to administer accounts and permissions of other users on the website.
• Webmaster: A user with full permissions over managing and administering the website, and the relevant users.

Organizing for accessibility and efficiency

An accessible and efficient website architecture will have a clearly defined navigation pathway, a URL structure that’s adhered to across the site, and clear processes for making changes in both of these areas. If you’re looking for tailored expertise to help optimize your specific web architecture, we can help. 

Website and content hierarchy

The first step is to make sure you have a solid information architecture in place. For this, we frequently use Optimal Workshop’s excellent tools for understanding how people understand and categorize information on your website (OptimalSort), and for testing the navigation tree of your website (TreeJack).

Once the initial architecture is set, it’s time to define who is responsible for editing and maintaining it. Key questions to consider include:

• Who determines the overall organizational hierarchy of the main website?
• Who determines each navigation structure: i.e., top-level menu options, subsequent levels of navigation, utility menus, and topic-based menus?
• Who determines the organization of sub-sites within the larger website?
• Are there limits to the size, quantity, or depth of navigation?
• Who has the ability to make changes to the website’s overall structure?
• Is there a review or approval process that needs to be followed?

Friendly URL structures 

URL paths should follow a consistent naming convention throughout all of your websites. Not only does this make for a clearer user experience, but it’s also good for SEO, as it provides specific context for each page within your architecture.

We generally recommend following naming convention:

DOMAIN / SECTION / SUB-SECTION / PAGE / SUB-PAGE

• Domain is the top-level URL of your domain.
• Section is the directory (for example, “About”).
• Sub-section is the second-level directory (for example, “Meet the Team”).
• Page refers to a specific webpage within your architecture (for example, a specific team member’s webpage).

An example of a URL following this convention would be:

http://domain.com/about/team/team-member

If you opt for your own convention, our main piece of advice is: set a simple convention and stick to it at all costs.

Ensuring content quality and relevance

Once you have a robust framework in place for managing your site’s architecture, it’s time to look at content management. Only you know the specific types of content your organization uses (e.g., landing pages, blogs, newsletters, videos, social media captions), and which content creation guidelines would be most appropriate for you — but there are some generalized content types and best practices that can help you on your way. If you’re looking for expertise on how to establish guidelines for your specific content, get in touch.

Content lifecycle management 

A comprehensive content lifecycle framework will include guidelines for creating content, but also for its maintenance, editing, and archiving, where necessary. The specific guidelines will depend on the type of content you are managing. Questions to consider when managing text-based content (news articles, event listings, blog posts, landing pages) include:

• Who has permissions/responsibility for creating this content?
• Are there any review or approval processes before new content is published?
• Are they any specific guidelines for the formatting of content (e.g., subheadings, date and time)?
• What is the procedure for editing and updating content?
• What is the procedure for deciding whether or not content will be archived or deleted?

Questions to consider when managing assets (image, audio, video, embedded objects and scripts) include:

• Are there any restrictions to the format this content can take (e.g., size, file type)?
• Are there any rules about how assets are stored on the server?
• Are there any guidelines for using assets from outside sources?
• If you don’t own the assets, do you have sufficient permissions to use them on the site?
• Are there editors or gatekeepers who monitor the publishing of embedded objects and scripts?

Intended use and purpose 

As part of your governance plan, it might be helpful to explicitly define intended use — i.e., what your site should and shouldn’t be used for. For example, the intended use statement for a public-facing website might include that it is used to communicate information about your organization, and that it should not be used for the sharing of personal content. When writing your intended use statement, it’s a good idea to gather input from a broad range of representative stakeholders to make sure it reflects how the whole organization is using your web properties.

Although an intended use statement may feel obvious, it can be very powerful. Not everyone in your organization might have the same level of understanding about the purpose of the site, and having a clear consensus-based framework will also make bringing new employees up to speed easier.

Leveraging tools for better governance

When you begin to think about individual assets and pieces of content on all of your digital platforms, the scope of digital governance can begin to feel overwhelming. Luckily, choosing the right tools can be invaluable for automating and streamlining key governance tasks.

Security and compliance considerations

For many companies, accessibility is not just a matter of creating great user experiences — it’s a legal requirement. Public businesses and state and local governments in the U.S., for example, need to comply with ADA regulations on web accessibility. It’s therefore worth considering your organization’s regional accessibility requirements when deciding which tools to use.

Additionally, you’ll need to consider relevant security compliance requirements. If your digital platforms need to adhere to local regulations, such as COPPA or HIPAA (for medical institutions) in the U.S. or GDPR in Europe, you’ll want to make sure any governance software you use is compatible with those laws.

Choosing the right platform

A good compliance strategy starts with selecting the right content management system (CMS). At Palantir, we build in Drupal: an open source CMS that is built and maintained with compliance in mind. In terms of accessibility, Drupal is committed to making sure that every feature of their platform is compliant with WCAG 2.0 as standard. They also provide extensive documentation and guidance to help with accessibility compliance across digital properties. For security, Drupal has modules specifically designed for compliance with GDPR and COPPA, as well as a generalized encryption module.

Of course, your CMS is only one part of the compliance puzzle — you also need to consider secure web hosting, data storage, and governance of any custom modules built on top of your CMS. When it comes to consistently maintaining accessibility and security compliance across complex digital platforms, we can help.

Navigating the compliance and security landscape

When thinking about compliance in your digital governance plan, it’s important to consider both internal and external compliance.

• External compliance refers to any laws or regulations that affect your digital ecosystem — such as laws relating to data privacy, accessibility, and non-disclosure.
• Internal compliance refers to regulations set by your organization. This might include company-wide privacy policies, security policies, or accessibility policies.

As well as understanding which policies need to be followed, it’s important to consider:

• Who is responsible for making sure all relevant compliance protocols are followed?
• What tools or processes will be available for maintaining and approving compliance?
• What is the feedback/reporting process, and how will suggestions be implemented?

Accessibility compliance and regulations

Even if your local jurisdiction is not subject to specific accessibility laws, it’s best practice to have an accessibility policy in place so that your website is suitable for disabled users. The Web Content Accessibility Guidelines (WCAG) are used as a basis for accessibility laws in 40 countries and are a great place to start thinking about accessible content governance. Relevant considerations for digital governance policy include: making content accessible to screen readers, captioning videos, including alt text for images, and ensuring high color contrast in design.

Privacy and data protection

The level of privacy and data protection compliance that needs to be considered in your digital governance framework will very much depend on your organization. While there are some general laws that will need to be taken into account (such as GDPR in Europe), certain organizations — including governments, medical institutions, financial bodies, and the public sector — require higher levels of information security compliance.

In the best-case scenario, your organization will already have a readily accessible information security policy, laying out the procedures and responsibilities that overlap with digital governance. If no such framework exists, it’s worth sitting down with the relevant stakeholders and identifying where digital governance and data security overlap, and devising appropriate measures. For instance: if you use third-party embeds and scripts on your website, what are the policies around using assets with tracking? If your websites include forms for capturing user data, who’s responsible for ensuring they’re only gathering information you can legally ask for, and that their storage is compliant with the relevant privacy regulations?

Building digital governance competencies

Once you have the fundamentals of digital governance in place, the next important step is to inform, educate, and include everyone within your organization. Key to this is sharing a digital governance policy document, which should be readily accessible to everyone in your organization. From there, engagement with governance can be raised by targeted training and information sharing, where needed.

Developing a training program

It may require training to ensure everyone within your organization fully grasps the concepts of digital governance and feels confident working to your policies. Any training should focus on educating employees about the importance of digital governance, and also provide practical guidance on how to implement and adhere to governance frameworks in their daily activities.

Taking the time to make sure everyone is up to speed should lead to greater levels of compliance, and avoid confusion further down the road.

There will also be times where employees need to receive additional training — for instance, if they take on more responsibility in the organization and gain further digital permissions. It’s good practice to plan who is responsible for overseeing the training and what needs to be covered in advance.

Fostering a culture of governance

For digital governance to become a living, integral part of your organization, it must be taken seriously within your company culture. Leadership has a role to play here — if they are seen to be championing governance and taking compliance with policy seriously, it will have a positive impact on your organization at large.

Participation is also important at this stage. If people want to get more involved with digital governance — for example, by becoming part of the digital governance committee — how might they go about doing that? Is there a framework in place for gathering feedback, listening to concerns, and implementing suggestions? The more involved people feel in shaping governance, the more likely they are to uphold compliance policy.

Keeping governance relevant

Governance is not a one-time commitment — it should be a living, breathing part of your organization, and something that is subject to change as your organization grows and changes. The technology and circumstances of your business will evolve, and it’s important to have mechanisms in place to support adaptation. Governance policies can often feel exciting and present in users’ minds when they’re first introduced, but attention can dwindle with time — Palantir can help maintain sustainable governance practices that foster high levels of compliance throughout organizations.

Regular reviews and updates

It’s good practice to have your digital governance committee meet regularly to review issues and discuss important changes. When deciding how best to accommodate reviews and amendments, it’s important to consider:

• Who can raise issues with the committee? Must they be raised by a stakeholder within the committee, or can users from the wider organization propose changes?
• How are proposed changes decided (e.g.: Will they be debated? Do a certain percentage of committee members need to vote in favor?)
• Who is responsible for writing amendments in the policy document?
• Who is responsible for communicating the changes within the wider organization?

This last question is one that’s often overlooked — and not considering it can be costly. Silently updating the document does not count as communication — the wider organization needs to be explicitly informed about policy amendments to ensure inclusion and compliance.

In terms of review processes, it might also be a good idea to include a policy clause about emergency changes: who can make them, and in which circumstances. Harvard’s “Emergency Action” clause is a good and succinct example of this.

Keeping up with digital trends

As well as discussing specific issues that arise within the current policy framework, it will be important to revisit the initial audit of digital platforms from time to time. You may begin using new, emerging platforms (e.g., new social networks, live video, and real-time messaging), or using existing platforms in new ways (e.g., as social media platforms release new features). For digital governance policy to remain relevant, it has to adapt as your digital strategies and communications adapt, and grow as your organization grows.

Conclusion: Navigating the complexities of digital governance

For organizations looking to ensure uniformity and compliance across all of their digital platforms, a digital governance framework is vital. A great framework will not only lay out guidelines for how to create, edit, maintain, and deprecate content and platform architectures, but also who is responsible for overseeing and implementing these guidelines, how they should be communicated to users, and how they can be amended in the future.

Setting a digital governance framework from scratch can be a daunting task — but taking a broad overview and then incrementally adding levels of details and complexity can make the task much more manageable.

At Palantir, we’ve accrued significant expertise and best practices in devising governance policies that are robust, user-friendly, and highly effective. If you’d like to discuss governance strategies tailored to your organization’s needs, get in touch.