Key components of digital governance in organizations

Posted on November 14, 2017 by - Governance & Workflow, Strategy

Employees at computers in an office with an open floor plan

Good digital governance creates the conditions for teams to do digital work in constructive ways, even when the organization’s digital ecosystems is large and complex. Photo by Jesús Corrius, CC BY 2.0, with color correction and cropping.

Digital technologies have reshaped how organizations of all sizes operate. But how can organizations govern their digital ecosystems in a safe, efficient, and effective manner?

This is a notoriously difficult question. Nowadays, doing digital well truly requires a team effort, yet many organizations struggle to collaborate on digital issues in constructive ways.

In most situations, good digital governance is not a monolithic set of “rules” or a collection of boxes and lines in an org chart. Instead, digital governance has several components. The components work together to enable employees—and the organization as a whole—to build and maintain a digital presence safely and well.

In this post, I’ll share a definition of digital governance and then describe the main components:

The explanations in this post reflect how I approach digital governance in my work. My understanding draws heavily upon Lisa Welchman’s invaluable book Managing Chaos: Digital Governance by Design. I’ll also link to other resources at the end of the post.

What is digital governance and why is it necessary?

I use Welchman’s definition of digital governance in my work:

“Digital governance is a discipline that focuses on establishing clear accountability for digital strategy, policy, and standards.”

Many organizations endlessly debate digital issues without first deciding who should make the final decision and who should provide input. As a result, the decision ends up getting made by the highest-paid person in the room, regardless of whether that person has the knowledge and perspective to make the best decision.

Because it is frustrating and ineffective to work this way, teams may simply retreat into their respective silos and avoid talking to each other. When that happens, teams are certain to duplicate each other’s efforts, overlook pieces of the puzzle, expose the organization to unnecessary risks, and miss opportunities to be more strategic and efficient.

So who should be accountable for digital governance? It may be appropriate for one person or team to lead the development of a digital governance framework. But at most organizations, no single team has the knowledge or perspective to dictate what the substance of the digital strategy, policies, and standards should be across the board.

For example, perhaps it would make sense at your organization for the IT team to be responsible for policies about digital security while the legal team should provide input. Meanwhile, perhaps the marketing team should be responsible for digital branding policies while the communications team and product teams provide input. And maybe the UX team should be responsible for policies about accessibility while the legal team, communications team, and product teams provide input.

That’s just a fictitious example, and it probably won’t be right for your organization. There is no one-size-fits-all solution. That’s why it’s so important to identify who should be responsible and who should provide input for various parts of your organization’s digital strategy, digital policies, and digital standards—before anyone starts drafting those documents.

Digital governance framework: For identifying who is responsible and who provides input

A digital governance framework specifies who has decision-making authority and who provides input for digital strategy, digital policies, and digital standards.

That’s it. It doesn’t attempt to define the substance of particular strategies, policies, or standards. That comes later, after the framework is in place.

At IREX, we formed a cross-divisional working group to draft a digital governance framework. Then we shared it with executives for approval. Here’s an early draft of the framework:

Example of a digital governance framework in a spreadsheet

An early draft of our digital governance framework.

In the framework, stakeholders appear across the top. The Xs in the white rows indicate which teams are responsible for various aspects of defining digital strategy, digital policies, and digital standards. The Xs in gray rows indicate which teams provide input.

Starting with this step shows teams that you are approaching digital governance issues in a thoughtful, systematic, and transparent way. It highlights that digital governance is complex and that no single team has the background to make all of the decisions.

It also reminds teams that if they want to be responsible for a particular type of policy or standard, they will also be responsible for gathering input, negotiating language that will work for the organization as a whole, and keeping the language up to date. When teams realize that this authority comes with obligations and accountability, they may be less likely to claim responsibility for areas that are outside of their expertise.

Digital strategy: For getting alignment between an organization’s strategy and its digital trajectory

A good digital strategy diagnoses the challenges that an organization faces, describes an overall approach for solving the challenges, and lists a coherent set of actions that the organization will take. (Those actions often need to be described in more detail in an accompanying plan, especially when you are working at the enterprise level.)

Ideally, a digital strategy helps an organization implement its overall strategy by saying, in effect, Here are the big-picture digital things that we will and won’t do in order to serve certain audiences and achieve certain objectives.

When an organization has good digital governance, employees know who is responsible for defining the organization’s digital strategy and who provides input. This doesn’t guarantee that the digital strategy will automatically succeed. However, it would be hard for it to succeed if no one knows who is responsible for defining the digital strategy in the first place! If there are disagreements about who should create the digital strategy and who should provide input, then those disagreements are a major issue that the organization needs to address before it invests in drafting a digital strategy.

Digital policies: For managing the risk of operating online

Digital policies are for managing the risk of operating online. When deciding whether a draft should become a policy, I ask whether forgoing the policy would expose the organization to significant risks or whether the policy is actually about improving quality or enforcing personal preferences.

If the draft is about improving quality but not about managing risk, then it’s likely either a standard or a guideline, not a policy. (More about digital standards and guidelines in the following sections.) If it’s about enforcing personal preferences, then it needs further thought. It’s probably not a good candidate to become policy, and it may not be important enough to become a digital standard or guideline.

At IREX, we identified ten initial subjects that needed digital policies:

  • Accessibility: What level of accessibility is necessary for our digital properties?
  • Branding: What must the organization do to protect its brand online?
  • Domain names: How should the organization purchase, register, and use domain names to reduce risk?
  • Language and localization: What parameters about language, translation, and localization does the organization need to follow to mitigate risk?
  • Hyperlinks and hyperlinking: When is it inappropriate to link to external content?
  • Intellectual property: How will the organization protect its intellectual property online without stifling innovation?
  • Privacy: What steps must employees take to protect the privacy of users, partners, participants, and other employees?
  • Property lifecycle: What is the approval process for creating and retiring websites, social media accounts, and other digital properties?
  • Security: What steps must employees take to keep digital properties and records secure?
  • Social media: What are the rules for using social media as an employee?

We started by focusing on five of these areas: domain names, privacy, property lifecycle, security, and social media. We drafted about a dozen policies—the ones that we decided were the most urgently needed—and published them in our digital handbook (in the “Digital Policies” section). We are now working with teams across the organization to implement this first batch of digital policies.

Example of a digital policy

An example of a digital policy.

Each policy has the following sections:

  • The policy in one sentence: We wanted people to understand what each policy is asking them to do even if employees only read this first sentence.
  • ID number: This is to help us keep track of policies and refer to specific policies quickly.
  • Description: The substance of the policy. It describes what employees need to do.
  • Scope: This section specifies which parts of our digital presence are governed by the policy. (For example, many of our current digital policies apply to external-facing websites and social media accounts, but they do not apply to our intranet.)
  • Rationale: A short explanation about why the policy is necessary.
  • Author: Which team was responsible for drafting the policy.
  • Last updated: The date when the policy was last revised.

Digital standards: For establishing minimum requirements for quality and effectiveness

Digital standards are for specifying minimum requirements for quality and effectiveness. While digital policies manage the risk of operating online, digital standards articulate the minimum criteria that digital components must meet in order to serve the organization in a professional and secure manner.

It may feel tempting to try to enshrine every best practice in writing as a digital standard. Don’t do that. If employees aren’t using good digital practices in their work, then they probably need some combination of training, coaching, and workload accommodation, not a stack of standards imposed from above.

Instead, only write digital standards for the very most important things that employees need to do in order to ensure a minimum level of digital quality and effectiveness. And then be prepared to spend weeks or months in working with employees to implement those standards.

At IREX, we identified four initial subjects that need digital standards:

  • Network and infrastructure: This includes standards about domains, hosting, security, server software, and server hardware.
  • Publishing and development: These standards are about information organization and access, tools, and development protocols.
  • Design: This covers standards about interactive elements, typography, color, templates, and images.
  • Editorial: These standards are about branding, language, and localization.
Example of a digital standard

An example of a digital standard.

We haven’t drafted standards yet, but each standard will have the following sections:

  • The standard in one sentence
  • ID number
  • Description of the standard
  • Directions for implementing the standard
  • Rationale
  • Author
  • Last updated date

Digital guidelines: For providing advice

Digital guidelines are for providing advice and tips. Guidelines often draw upon digital best practices and practical experiences from doing digital work in the organization’s industry. They are often somewhat aspirational. Whereas employees are expected to comply with digital policies and digital standards, an organization’s digital guidelines can be more like advice.

Example of digital guidelines

An example of digital guidelines.

I often find that digital guidelines are the most fun to write. Employees have digital challenges, and they ask for guidance. Digital guidelines are a way to help motivated employees achieve better results.

In our digital handbook, we’ve published guidelines for managing a social media account, using Facebook and Twitter, drafting routine content, and applying our guiding principles in digital projects. We are also drafting guidelines for conducting various types of user research, using Google Analytics, and creating videos.

Digital processes: For specifying workflows

Digital processes (also called workflows) specify the steps that need to be taken to complete a task. Documenting the steps is especially important when teams must regularly collaborate on routine tasks that benefit from consistent execution.

For example, in an editorial process, employees need to know who will be responsible for each step, from proposing a piece of content and creating the first draft to approving it, publishing it, monitoring it, and eventually archiving it. If there isn’t an agreed-upon process, the work is likely to become disorganized, hampering efficiency and effectiveness.

Example of a digital process as a swimlane diagram

An example of a digital process.

It may feel excessive to document processes for each content type, but this is one of the best ways to help teams save time and reduce misunderstandings for routine tasks. Once you’ve documented a process and gotten agreement on it, employees no longer need to rely on their memories or relitigate the decision for each piece of content. Instead, when questions come up about who writes, edits, and approves a certain type of content, teams can check the documentation for quick answers.

We’ve documented about 35 processes for content on They’re listed in our digital handbook under the heading “Creating & Managing Content on” Most of the processes involve only a few steps, but putting them in writing has without a doubt saved time and reduced confusion.

A handful of processes may be so important that they need to be specified in a digital policy. At IREX, for example, we have a digital policy that specifies the approval process for creating a new website or social media account. However, most processes do not need to be elevated to the level of organization-wide policy. That would be onerous, considering that a single website could require dozens of different processes in order to maintain the site.

When deciding on processes for individual properties (e.g., “What is the process for publishing a blog post on website x?”), the product manager may be best positioned to negotiate processes with stakeholders. In general, this tends to create processes that are appropriate not only for the product but also for the teams that contribute to the product. Processes for digital products may need to evolve more rapidly than organization-wide digital policies and standards, so I try to avoid embedding micolevel processes in policy documents. Instead, I try to save policy documents for the big stuff.

Digital team’s structure: For organizing employees into teams to support digital objectives

The digital team’s structure is tied to the org chart and employees’ job descriptions. It’s often hard for mere mortals to push through big changes in an org chart, so I’ve saved the structural questions for last in this post.

One way of thinking about a digital team’s structure is to imagine concentric circles. Here is an example, starting at the center and working toward the outside:

  • Core digital team: These are the employees that have the most responsibility for conceptualizing and executing the organization’s digital strategy.
  • Distributed digital team: These employees have some responsibility for implementing the digital strategy and may also provide input about the strategy.
  • Digital working groups and committees: These groups address particular aspects of the organization’s digital presence, often in a cross-divisional way.
  • Extended digital team: This category includes digital vendors and other external groups that work with your organization.

The members of these groups don’t necessarily need to sit together or report to the same person. Nowadays, almost every employee has some digital responsibilities, so in a sense, everyone is a member of the “digital team.” But establishing distinctions between the “core team” vs. “distributed team” vs. “working groups & committees” vs. “extended team” can help to set expectations about who should be responsible for which aspects of the work, regardless of where employees sit in the organization.

There are a few common structures that organizations use (deliberately or not) to organize their employees for digital work, and there are some variations on this idea. For example, some organizations have a centralized digital team, while other organizations have a distributed digital team or a hybrid team. These models can be useful for identifying the current state (e.g., “Where do the employees with the most digital skills and responsibilities currently sit?”) and for discussing structural changes (e.g., “What arrangement would help the organization create and implement a digital strategy the most effectively?”).

The personnel within these structures also need appropriate roles and skills in order to support the organization’s digital objectives. Organizations that do digital well often organize themselves into product teams. In this arrangement, each digital product manager ensures that a particular digital product (such as a website, social media account, or CRM) not only meets the organization’s objectives but also serves users’ needs. Digital product managers collaborate with team members and stakeholders to create and maintain their respective digital products. The digital product managers in turn report to a division chief who oversees the vision and execution for digital products at the organization.

If you don’t have the authority or influence to make these types of changes, don’t despair! Addressing the other key components of digital governance—for example, by drafting a digital governance framework or a set of digital policies—can start a conversation that leads to structural changes, as more people in leadership positions recognize digital challenges and opportunities.

More resources for improving digital governance

What do you think? Let me know @JoshLTong.

The opinions expressed on this blog are my own and do not express the views or opinions of my employer.

Josh TongJosh Tong is a content strategist in Washington, DC. He helps colleagues create powerful content through research, strategy, and implementation.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Leave a Reply

  • (will not be published)