Since employees demand to have access to their personal social media profiles, companies must analyse and address the risks involved. Clear Social media policies must be prepared and established which is applicable to entire organization which is further vetted by the auditors to assess compliance with the policies. Regular trainings should be organized to educate the employees regarding the best and safe practices to use social media.
Business purpose of using social media has to be cleared among the stakeholders which becomes a guiding principle for all social media activities and that helps in evaluating if current policies are enough in both alignment and scope with focus on marketing, information security, and external communications.
Company must evaluate how social media is applicable to the policies by asking questions like:
- What are the policies the department has?
- Are the policies effective and efficient?
- Who monitors the policies and how are they monitored?
- How frequently does the policy get updated?
- What are the potential risks which are not addressed by the policies.
Above questions can help in crafting a social media policy which assists in planning the audit and risk assessment procedures and what are the steps needs to be taken and implemented.