Build a Better IT Governance Framework with Confluence

Building a proper IT governance framework is no longer just for teams following government mandates, it's become a fundamental good practice for all organizations. These frameworks offer several benefits for teams, especially large enterprises, but their drawback has always been the significant effort it takes to create and maintain them. That is, unless the framework is built on Confluence. Take the power of Confluence, combine it with the right document management app, and build a better framework.

What is an IT Governance Framework?

At its core, an IT governance framework defines the processes and policies which an organization can use to implement, manage and maintain its IT governance. Simply put, it's the "bible" for how a team will manage everything related to IT. These frameworks often form a core piece of a teams' overall Governance, Risk and Compliance (GRC) strategy.

There are several recognized frameworks such as ITIL and COBIT that can serve as the starting point for your own framework, but since each company and industry is different, you will ultimately need to create your own. For some teams, creating an IT governance framework is not optional, but actually mandated by government regulations. A business might need reporting to comply with the SEC's SOX's requirements, or it might need data security to adhere to the EU's GDPR regulations. A business will need to define its IT practices in a framework in order to meet their compliance obligations.

More and more, teams not under government oversight are still choosing to create these frameworks. Why? They are simply good business practice. A well-defined framework makes it simpler to maintain and manage your IT infrastructure. It also helps manage risks and control IT costs.

The Challenges of Building a Framework 

In practice, nearly every team could benefit from a documented IT governance framework. So, why don't more teams build them? They are very difficult to manage and maintain, and purpose-built software is very expensive. 

There are three main challenges when building and maintaining a framework:

  1. The Agile Problem
  2. Working together, but keeping control
  3. Shared information needs to be the right information

One of the first major hurdles to clear is how to marry an Agile business with concrete IT Governance. These days, even non-tech companies are adopting Agile principles to keep their business flexible and innovative. But, the flexibility inherent to Agile planning is very difficult to manage in traditional IT governance. How do you form policies and enact prescribed procedures when your industry is shifting and moving all the time? Governance attempts to predict what might happen. Agile aims to handle the unpredictable. Uniting these two practices is certainly possible, but presents a real challenge.

There is also the effort required to build the document itself. An average framework can fill hundreds of pages, and requires input from multiple team members. With a document this large, and with so many people contributing to it, maintaining quality control becomes nearly a full-time job. At the same time, improper management leads to a messy, disorganized framework, and, in compliance environments especially, this can have disastrous consequences. When you consider the additional problem of change management, you can see why document management is such an important element in any framework.

Even if the framework is managed properly, there is still one final challenge - how does the information get into the right hands, and how can you guarantee that information is validated and correct? It's far too risky to have everything contained in a single Word document sitting on a server, but a locked PDF means that it might not be read by all stakeholders. A good system balances access with distribution.

Purpose-built software mitigates some of these challenges, but at a high cost. The expense forces some teams to choose a makeshift system based out of Microsoft Office, a far riskier proposition. But, Confluence is showing teams that there is a better way. 

Overcoming IT Governance Challenges with Confluence and Comala Document Management

Confluence is already one of the most popular documentation systems in the world. Well-regarded among software developers, it's also used by a wide variety of companies including Visa, BMW, and JP Morgan Chase. It's ability to connect teams to their documents is second to none, and every day more organizations are learning how Confluence can help them to collaborate. Available for self-hosted, clustered data center, or Cloud environments, Confluence has everything a team needs to build a great IT governance framework. This includes features like access control, collaborative editing, simple navigation, and page history. But, the solution really comes together once teams add the Comala Document Management app.

At its most basic level, Comala Document Management is an app for adding review and approval processes to your Confluence documents. If all the app did was introduce approvals to Confluence it would be useful for teams building frameworks, but its document management functionality is what really drives value when building complex documents. Trusted by organization like NASA, Apple and General Electric, Comala Document Management gives you the ability to design highly customizable workflows that can standardize and automate the life-cycle of your documents.

We can identify five key areas where Confluence and Comala Document Management bring real value to building a framework:

  1. Access/control
  2. Storage/Architecture
  3. Reviews/approvals
  4. Obsoleting/archiving
  5. Reporting/Auditing

Access and Control

One of the major challenges in any kind of documentation is making sure that the right people have the right kind of access. This is particularly important in regulatory environments, where reading and signing off on documentation is an essential part of compliance. You will also want control over who can edit your documents, and which pages they can edit.

In frameworks that are built as a single, large document such as a PDF file or Microsoft Word document, this kind of access and control can be difficult. With these documents, file sharing must be done manually, generally by email, and a new version will have to be sent out any time there is a change.

With Confluence, access and control becomes both incredibly easy and incredibly powerful. Your documentation can always be accessed online from anywhere, password protected, and you can easily assign or revoke permissions for both viewing and editing for the entire framework, a single section, or page. Confluence also allows you to track edits and page versions, and only the most up-to-date version will be available to readers.

Comala Document Management gives you a further layer of control by providing 'draft' and 'published' states for pages. Readers can see the latest published version of the page, while editors can work on a draft version visible only to them. Once updates are completed, the latest version will be published with the push of a button. This ensures that everyone has access to the correct version of the page. Document Management includes a Read Confirmations feature that allows you to assign team members to read a page, and requires their confirmation once they have done so. This is a powerful tool for keeping your team on the same page and meeting your compliance needs.

Storage and Architecture

Your Framework will need to be stored in a secure location, where it cannot be deleted, tampered with or lost, but which still allows access to the appropriate stakeholders. A single file on a computer simply doesn't fit the bill. Confluence allows you to store your documentation safely and accessibly, while keeping control.

Frameworks that are built in single large documents can also quickly become massive and unwieldy. When an employee needs to access a single page, they may have to dig the file out of a folder, then scroll through hundreds of pages to find the section they need. These documents also present a challenge in balancing the amount of information provided with ease of use and readability.

Confluence allows you to structure your document in a more dynamic and interconnected way that is easy to navigate. Your Confluence instance will be organized with spaces, and each space will have multiple pages which can be arranged hierarchically. Top level pages can be organized with the essential information that an employee might need to quickly access like a procedure or policy. Child pages can provide additional context like definitions, examples and explanations. Forms and other files can be attached to pages and easily downloaded. And of course, Confluence has search functionality and read history which makes it easy for users to find what they're looking for.

Reviews and Approvals

As you build your documentation, you will inevitably go through a process of drafting, review, revision and final approval. This process may be simple or complex depending on your needs and the number of stakeholders involved. In a regulatory environment it is particularly important that this process is controlled and tracked, evidencing compliance. This is where many teams turn to Comala Document Management. Document Management allows you to create customizable workflows for your pages that will bring your documents through multiple stages until they reach final approval. You can choose reviewers, assign tasks like copy editing, and automatically control user restrictions at each stage.

Reviews and approvals also form an important part of modern compliance and governance. For example, SOX requires regular sign-offs of documents by C-suite executives. Comala Document Management can automate this process, sending notifications to selected individuals to review a page at specific times, and use electronic signatures to confirm their identity.

workflow.png

Figure 1 - An example of a page approval workflow with four states

Obsoleting and Archiving

The work of documentation doesn't end just because a page has been approved and distributed. You will need to continuously update your documents, which means knowing when a page has become obsolete, and ensuring that the old version is archived. Confluence and Comala Document Management can automate this process so you don't have to worry about remembering expiry dates or storing previous versions.

Comala Document Management allows you to set expiry dates as part of your workflows, and will send notifications by email to the appropriate reviewer. Confluence has the built-in ability to view previous versions of a page, and also allows you to archive entire Spaces, or archive pages by restricting access and moving them to a designated archive Space. Best of all, all this activity is automatically tracked and recorded within Confluence, which makes it perfect for compliance auditing. There are also scripting apps, such as Scriptrunner or PowerScripts that can automate your archiving tasks. 

 

Screenshot-2020-03-18-at-13.20.14.png

Figure 2 - An expiry date on a published page

 

Reporting and Auditing

One of the main requirements of any IT Framework is to help you meet compliance standards, and this means that your documentation needs to be ready for internal and external audits at all times. Both Confluence and Comala Document Management have automatic activity tracking and reporting, which means there is no need to manually track changes within the document itself, and records are detailed and accurate. Reports are also configurable to meet your auditing needs.

Conclusion

Modern businesses are faced with increased regulatory requirements. Satisfying regulations and compliance standards can mean more work, but also offers benefits like more efficient processes, improved risk management, and the opportunity to reduce costs. With the right tools, you can enjoy the benefits of a strong IT Governance Framework while mitigating the costs and challenges. Confluence combined with Comala Document Management provides a powerful, cost effective and flexible platform to build your documentation and meet your regulatory and compliance needs.

Written by Comalatech's Lua Boschman and Mike Rink

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events