DB Kay & Associates - Strategic Consulting for Sustainable Knowledge Programs

KCS, Compliance, and Risk Management

by

 

Image licensed from iStockPhoto

(HT @Brett for the great question!)

I’m often approached by organizations that are attracted to the idea of KCS, but are concerned about how it will work in their environment because of the perceived risk.  We find this most often with organizations whose products and services are subject to regulation (especially in healthcare or financial services) or have health and safety risks.

How can KCS work with regulation and risk management?  There are really four approaches that can be brought to bear.

1.  Rely on the process. With both regulatory and risk management issues, the process is nearly as important as the outcomes.  In other words, your risk management lawyers and your regulators both want to see that you’re following a process that is prudent, clear, industry-standard, and to which compliance is assured.

At first glance, KCS seems a little unstructured and chaotic.  But, on closer inspection, it’s actually a very clearly defined, well-documented process with artifacts like the Article Quality Checklist, the Content Standard, certification, and other tangible ways of assuring quality and compliance.   I find when presented in this light, both risk management people and regulators love the process.  (ISO 900x auditors, too.)

2.  Document the requirements. If there are specific issues that are required to assure compliance or health and safety, write them down.  If there are gray areas, write them down and tell everyone whom they should ask for clarification if they come across one of these areas.

These safety and compliance requirements should be baked into the Content Standard, the Article Quality Index, the Coaching process, and the competency requirements for Certification.  For business-critical issues, establish accountability such that violating regulatory, security, or safety requirements can have immediate and serious implications (e.g., you will lose your license; you may lose your job.)

Sometimes people who are concerned about these issues will insist that they can’t define what is and isn’t OK to say.  Like Justice Potter, they protest that they’ll just “know it when they see it.”

Push back hard on this.  “I’ll know it when I see it” doesn’t help the organization learn, and “trust me, I’m an expert” doesn’t sound like a very rigorous or safe process.  Even if they can’t describe everything that would be a problem, they can at least document the topics that have risk areas for safety and compliance, and what those risk areas are.

3.  Leverage boilerplate and disclaimers.  It’s good practice to have standard, approved wording for a warning and disclaimer on particular topics.  The most famous example of this is the warning in Microsoft articles about the dangers of editing the Registry…and you’ll see that every time the topic comes up in a KB article.  So, any time physical access to (for example) a hazardous electrical system comes up, contributors should know to paste in (or link to) the right verbiage that warns against sticking fingers and screwdrivers into voltage sources.

4.  Review smart. Reviews are, of course, most organizations’ first answers to these questions, and reviews can have a place in a KCS implementation.  The core idea is to keep reviews as lightweight as possible, while still accomplishing the business objective.  So, you might implement one of the following:

  • Sanity check all to-be-published articles for compliance, health, and safety issues.  Of course, as we said in step 2 above, these issues should be documented, and if a review turns up an issue that is NOT documented, it’s time to raise an exception and update the documentation.
  • Smarter yet is to sanity-check published articles that meet certain criteria—say, that include mention of hazardous components or areas.  This is the equivalent of HP Nonstop’s practice to review all articles that require a system restart.
  • Or, you can allow an opt-in review so people concerned about risk or compliance can scan new or updated articles for topics of interest or concern.  Reviewed or not, articles will be published in a short period of time.

The things all these approaches have in common is that (a) they’re focused, so they don’t take long at all unless an interesting question arises, and (b) they’re continually improving, as new issues are documented in the content standard and communicated through coaches and other channels.

ps – I would be remiss in not mentioning three upcoming events:  Our April KCS Workshop in Menlo Park, CA; our pre-conference KCS workshop at TSW in Santa Clara; and May’s Third Tuesday, all about ROI and the business case.  Hope to see you there!