At Cognidox, we spend a deal of time talking about quality documents in the context of quality assurance, ISO 9001, and so on. Now, it’s time to talk about document quality.
Most of us are familiar with features in tools like Microsoft Word for spell checking and grammar correction. Such features have their place, but imagine you had a real Sub-Editor to assist as you write. Editors know not only about spelling and grammar, but can also advise on more complex matters. They are able to tell you when your writing style becomes hard-to-read, or you use terminology that is not consistent with the company style guide. Maybe you used an internal product name in an externally facing document? Or, you like to call a company product “Gizmo 4″ in your documents when the official name is “Gizmo-IV”. They know if key phrases have already been created that could be reused in your document. Those phrases may already have been carefully translated into other languages. They can tell you whether your documents help or hinder your SEO by examining how keyword placement in your documents affects search rankings.
Such issues are faced every day by the Technical Author community. We listened to them talking about software tools they were using or evaluating to help with these tasks. Acrolinx was a product they mentioned frequently. We certainly liked the idea that their tool was based on “geeky linguistic analytics capabilities”.
We made a quick call to Acrolinx and we were soon integrating CogniDox with one of their products – the Acrolinx Add-in for Microsoft Word.
The add-in tool is easy to learn. Once installed, you select it from the Review tab and tell it to Check your document. It parses the document and checks it against Acrolinx rules tailored for your document type and organisation. It returns a score for the document and you can continue to look at each issue, one at a time. It advises you what is wrong and suggests improvements. If you accept these changes and run a subsequent check, you find the document quality score has improved.
The question for us was how to integrate a tool such as Acrolinx into the document lifecycle?
Without going into details, Acrolinx provides metadata embedded in the document that can be re-used in CogniDox. In our example, we created a placeholder for Acrolinx validation. A CogniDox plugin reads the Acrolinx metadata – in this case score and status. A high number indicates there are a lot of issues. Each time you add a new version, the score is updated if you re-check the document. The plugin is able to spot if the new version was not checked.
The next consideration was: should we do this for every CogniDox document type? The answer is no. It makes sense to score the quality of some document types but not others. It is essential to check a marketing brochure or product datasheet, for example. It is less essential to check an Engineering Change Order. The plugin can therefore be configured to only look for Acrolinx data in specific document types.
If you would like to find out more about CogniDox integration with Acrolinx, send an email to firstname.lastname@example.org and we’ll answer any questions you may have.
Last week we published a white paper entitled “CogniDox and Information Security Management” to our customer support site. It was written in response to questions received from our customers. To answer their questions, it had to be specific about what CogniDox does for information security. But we also found it had to be educational in a broader sense. So, we decided to publish it on our website to make it available to a wider audience.
You can find it in the Library section (under Documents) on our website or you can open/save the PDF file directly from this link.
Most companies are still unsure about the risk to their business associated with cyber attacks. They may read that cyber-crime costs the UK economy an estimated £19bn to £27bn every year1. They see stories on one hand about lost or stolen USB drives or company laptops containing confidential data; and about sophisticated attacks by highly organised hacker gangs on the other. It can be hard to relate this wide spectrum of cyber-risk to the everyday operations of a high-tech business.
Some (wrongly) believe cyber-attacks are only a problem for large financial institutions, military, government, or mega-corporations. Verizon publishes an annual report called the Data Breach Investigations Report (DBIR)2. In the 2013 edition, it found 62% of data breaches happened to companies with fewer than 100 employees. It found that 20% of network intrusions involved manufacturing, transportation, and utility companies – the common motivation for these attacks is stealing intellectual property (IP).
One security firm which examines the so-called ‘Dark Web’ for evidence, found over 100 million stolen user IDs and passwords in one month of analysis3. A quick scan of our company website server logs reveals 6 suspect IP addresses probing and 32 rogue attempts to use SSH in just a one-week period. It takes just seconds for automatic tools to scan your website looking for known vulnerabilities and weakly protected data. 86% of all websites investigated during 2012 had at least one serious vulnerability4. Using these, an attacker could take control over a website, and have access to user accounts and sensitive data.
What can we do about it?
You could try to lock down data storage even further, but that can deprive authorised users of legitimate data availability. With the trend among employees to ‘bring your own device’ (BYOD) still on the rise, it also looks like a forlorn hope. If you make it hard to access information in the official repository; it increases the odds that it is ‘temporarily’ stored in Dropbox, or takes to the ‘SneakerNet‘ via a USB flash drive.
You could try to improve your security training and awareness. The Guardian newspaper recently reported a survey of media professionals in which 70% said that they had received no training against cyber attacks. But, some experts believe that training is a waste of time5.
You can try to spot intrusion attempts at the earliest opportunity through network intrusion detection software, so that ‘mean time to detection’ is minimised. The problem is that it only protects against attacks to your network. Other types of vulnerabilities are still a threat.
The answer is that it requires a number of concerted actions to improve security. It is a spectrum of risk, and different security controls apply to different parts.
The white paper argues that the ISO/IEC 27001 information security standard currently offers the best framework for cyber security. It reviews ways for hardening IT security on Linux-based systems, and shows how applications such as CogniDox can use (and depend on) this functionality. That still leaves a major gap in solving the problems of Information Security. The white paper therefore concludes by demonstrating how security-related features in CogniDox can address these problems.
If CogniDox had to have a mission statement, it would be “to promote Lean principles in the adoption of Document Management software solutions”. We’ll call that Lean DM, for short.
The readership of this blog includes a number of Quality Assurance experts, so forgive me if I go through the basics for everyone else about what is meant by Lean.
The classic book Lean Thinking (Womack and Jones, 1996) defined Lean as a way of thinking that allows companies to “specify value, line up value-creating actions in the best sequence, conduct these activities without interruption whenever someone requests them, and perform them more and more effectively.“
They propose five key principles of lean thinking, the first and foremost of which is customer value. Their definition of value is a “capability provided to customer at the right time at an appropriate price, as defined in each case by the customer.” Notice that value can only be defined by the ultimate end-customer. There are a lot of ‘interim customers’ such as marketing, operations and sales team; but the end-customer is key.
The other four principles are Value Stream, Flow, Pull and Perfection. ‘Value Stream’ is what many of us associate with the Lean model. It is the ongoing removal of waste from processes so that the product or service proceeds in the most effective and efficient way possible. ‘Flow’ means that a smooth, continuous process will always be more effective and efficient in adding value than a batch process (or any erratic process) can be. ‘Pull’ is the ‘just in time’ principle, but dictated by what your customers need rather than anything else. ‘Perfection’ may sound like a request to focus on the ideal, but has more to do with using continuous reviews so that flows can adapt to changing customer requirements.
When we apply this to Lean DM, it means that we want to adopt and follow practices that make the product lifecycle efficient and cost-effective by removing everything not essential to customer satisfaction. If we cut out documentation then we certainly don’t improve value, because the organisation has not retained knowledge in a format that can be shared with customers. When we do produce documentation, we want the flow of the process to be as streamlined as possible. Each non-unique email attachment has the potential to waste time and decrease productivity; sending a link instead for a controlled document part number has the opposite result. Lean DM can reduce waste; increase productivity, and use existing resources to their full potential.
There are some obvious opportunities for waste reduction where documents are concerned. Centralised, online documentation that saves on unnecessary printing may be an old-school notion, but it is still valid.
Customer satisfaction is the single-minded focus of Lean DM. It improves customer satisfaction through better knowledge transfer to customers, partners, and suppliers via extranet portals.
The Lean DM model helps to replace the ‘information silos’ of isolated departments with an efficient information-sharing process across teams, projects, and locations. It results in better design reuse; elimination of errors and rework caused by poor document control; and time savings through workflow automation.
Security and control are at the heart of Lean DM. When an authorised person needs information from a document, the correct version must be readily available to them. The document control requirements for quality certification such as ISO 9001 or ISO 27001; or regulatory expectations such as HIPAA or SOX, are met.
Lean DM also helps to answer a question often heard: what documents need to be controlled? The answer: all documents that have an impact on your products, services or company.
So, if you were to ask what CogniDox is about, the answer would be: Lean DM.
The AIIM organisation has just published the results from their annual Microsoft SharePoint survey. You need to register to download, but a PDF copy of the report is available from http://www.aiim.org/Research-and-Publications/Research/Industry-Watch/SharePoint-2013.
The sample size is respectable (N=620) and the respondents come from all company sizes across a wide range of industries. It was a self-selection process from the total set of people invited to take the survey, so it would be in the nature of these things if the majority of respondents were using SharePoint.
The report has a lot of interesting data, but the headline message has to be that a majority of SharePoint deployments (61%) are stalled, struggling, or failing. Only 6% rated their project as a great success.
That has to be correlated with another finding, namely that 49% of the sample reported that choosing SharePoint was an IT decision. In fact, 34% said that it was the head of IT who made the decision.
Of those using it, nearly two-thirds (63%) said that their SharePoint is not connected to any other system. It’s hard to see how a tool managing information can be of any relevance if it’s not connected to other systems used in the company workflows.
These data seem sadly familiar to a scenario we see quite often: senior management at a company become aware that there is an information management and data governance issue. Rather than treat it for the strategic decision that it is, they instead delegate it to the IT department to act. They go with what they believe will fit with their wider IT system administration tools; and with not a lot of thought about business requirements. Even if they roll-out the project in an efficient manner and don’t under-estimate the difficulty, it is highly likely that six months down the road there will be a tool in place with very low user adoption. Systems that don’t get used grow stale and can become a business liability if the data they hold is no longer trusted.
And then, yet another IT project is added to the ‘failed’ list.
Worse than that, a minimum of two years will elapse before the situation can be recovered and the company gets the system it needed in the first place. That’s assuming there’s an appetite to try again.
The alternative is that the project should be led from the business side. Of course it needs IT input and advice, but it should not be IT-driven.
It may seem the alternative argues for extensive analysis and consultancy with phrases such as “information architecture” and “information governance” in profusion; and a hefty project cost. There’s nothing wrong in doing this, but it isn’t necessary. It’s enough to build a simple category structure for your documents with an elementary security policy, decide on user roles and levels of user rights, and just get started. Procedures to serve the business policies and workflows that you want will soon emerge. That’s the “Plan, Do, Study, Act” method advocated by management thinkers such as Deming or the “Build-Measure-Learn” model from the Lean Startup methodology. It works.
Here are five business scenarios that might benefit from a software solution:
To every scenario above a common answer is: use a CRM system.
Many companies are heeding that advice. CRM software revenue (according to Gartner) was approximately $18 billion worldwide in 2012 and grew 12.5% compared to the previous year. The market leaders are Saleforce.com, Microsoft Dynamics, Oracle Siebel, SugarCRM, NetSuite and SAP. But directory-style lists of CRM systems contain many alternatives. There are 451 products listed at Capterra, for example. The list at FindTheBest contains 175 results. And Business Software lists 327 products.
The simple reason why there are so many CRM systems is because the CRM use-cases above are so divergent. There are many nuances that will make a CRM that’s perfect for one company useless for another.
Most agree that the “C” stands for customer, but it could also be company, contact, constituent, case or citizen given the variety of uses. The “R” isn’t too well defined either. Many now argue it’s not just a relationship, but the whole experience people have with your company and its products. That’s why they prefer the term “CXM”. Others call it “social CRM”.
One of the reasons for the widening scope is because traditional CRM hasn’t delivered value for its users. Historically, CRM systems have a very poor implementation success rate: failure is common.There are a few ways it can go wrong:
The problem I have with just extending the scope into CXM is that you can end up with something like an “enterprise suite” software system. Just because there’s a box in a block diagram for HR or Help-desk doesn’t mean it’s adequate for either. The answer isn’t to abandon your customer database totally in favour of some tool that does sentiment analysis on every mention of your company on Facebook or Twitter. Social media has added to the list of things you need to do, not replaced them.
Traditionally, advocating three or four (or more) software systems instead of one was seen as a bad idea. But that was before open standards and APIs that enable data integration. When I approach this now I look for the tools that are best at what they do, and then check that they are not closed to the point where it’s only data-in. It’s not a maxim, but it is often the case that open source tools support open data better than others.
So, we still use a ‘traditional’ CRM – in our case it’s SugarCRM community edition. But we connect it into CogniDox to manage the customer entitlement process (who can download what documents). We have a separate ticket tracking system (OTRS Help Desk) for our support site but we can also see at a glance how many open tickets a customer has from within CogniDox. Tickets serve a purpose but people also like to find answers in a self-service manner: for that there’s an excellent open source project called Q2A which provides a Stack Exchange style question-and-answer, user community website.
The licensing cost for those three tools is $0, $0 and $0. It’s true you require knowledge to install them properly, but that doesn’t negate the licensing cost benefit.
What about CXM? Maybe because we’re in B2B or maybe because we’re still a small company I have to say that monitoring social mentions isn’t all that difficult or time-consuming. Automated alerts and an occasional use of Social Mention serves our purpose very well. When the scale justifies it, I could envisage using Crimson Hexagon. It would probably be more useful for us to build a user feedback website, where our customers could share, discuss and vote on ideas. Whether the insanely-busy people we work with would find the time to do this is an open question, but it would be an experiment worth running.
We released CogniDox 8.7.0 over two weeks ago now.
In this post I’m going to highlight some of the other changes. There are too many to cover individually, so I’ll have to be selective in my coverage. As always with a CogniDox release we divide the change log into enhancements and bug fixes. There were 44 changes made as enhancements and 33 changes as bug fixes. That’s 77 reasons to upgrade to the latest version.
Many enhancements (~40%) were directly proposed by end users and tracked in our issue/ticket tracking system. This ratio of user suggestions to internal ideas is important because it shows users are engaged with us. One lesson we’ve learned from our open source projects is user-led development is better than vendor-led development in most scenarios. (The worst is vendor-vs-vendor development – that way lies unwanted features and bloatware.)
There’s no way to rank the new 8.7 features by priority, so here’s a selection:
Category Tree Explorer
A new homepage portlet called ‘Category Tree Explorer‘ is now available to users, by clicking on the Manage Portlets button and selecting it from the list of available portlets. This portlet provides an expandable view of the CogniDox category tree. Users may use this as an alternative to the standard Categories portlet as it allows the full category tree to be explored from the homepage.
Here’s an example screenshot of the portlet:
A new bulk action is available which allows the status of multiple documents to be changed in one go. Using the function, it is possible to obsolete / un-obsolete, freeze / un-freeze and publish / un-publish many documents at once. Users require the new ‘Change the status of multiple documents‘ role in order to use this function.
CogniDox provides a feature called ‘View Policies‘ which allows a company to publish a document internally to all or selected employees and to collect acknowledgement from the reciprients that they accept the document. It’s used to ensure that company policies comply with regulations required for example by SEC, SOX or HIPAA procedures. However, when a document with view policies was up-issued and approved, an email would go out to users asking them to accept the active view policies on the document. This wasn’t quite what one of our larger companies expected or wanted to happen when the HR department corrected a minor error in a view policy document and thousands of users were emailed. Sorry about that. So now it’s possible to configure a view policy on a document to have manual notifications. When a policy assignment on a document is manual, an administrator or view policy owner must specify which versions of the document generate a notification email.
CogniDox enables administrators to set internal user watermarks as an extra security measure. This imposes a background image (watermark) on the PDF version of the document e.g. “Downloaded by <name> (<login>) on <date>”. From 8.7.0 this format can be over-ridden on a site-wide basis with the new ‘PDF Watermark User Format’ system configuration option. The format for internal watermarks applied to documents with a security profile can now also be overridden on a per-security profile basis.
We’re fans of the Nagios (http://www.nagios.org/) network and application monitoring tool. It’s another example of an open source success story. Now, IT staff can use a CogniDox-specific Nagios plug-in to monitor various aspects of the CogniDox system. The plug-in verifies that critical CogniDox files and directories do exist; that PDF and trigger spool directories are not over-flowing; that document relationships are being created correctly; that the database is available, and that other monitoring plugins are installed and configured correctly.
CogniDox 8.7 added a new online editor for Document Holders.
So what does a document holder (DH) file type do?
It addresses a problem commonly found in electronics and software product development where you need to make available a coordinated set of files to users for download. The configuration is all-important – a version 2.1 software driver may not work with some other particular version of hardware.
It could be, for example, a company’s product called the “ABC1234 Evaluation Board” that another company (an OEM) uses as a target device to test their software. From the downloads page we might want to make available the Gerber Layout Files (in Zip format) as well as PDF files of the Schematic, Bill of Materials, Test Procedure and the User Manual. They may include driver software options for Linux, Windows x86 (32-bit) or Windows x64 (64-bit) driver packages. Perhaps they also add the source code for reference as a zip file.
Another example could be a company that makes a small-sized single-board computer – they don’t know in advance what operating system an end-user will install so, on their user downloads, page they may offer zip files for Debian, SuSE, and other Linux distributions.
A variation on that example might be a company that releases packages of Linux Drivers and Utilities, VMware Drivers and Utilities, Windows Drivers and Documentation. If there’s a change for example to one of the DLL files in a Windows OS variant, only that package needs to be changed.
The problem for the Product Manager in these types of project is that it’s difficult to keep track of all the moving parts. Imagine that there are ten separate pages on http://www.example-company.com/products/dowloads and each of them has a number of files. Just hand-crafting the HTML as each file changes will be a chore, let alone the potential for user error if someone forgets to make the change(s).
So, enter the document holder (DH) file type. During the development phase it acts as a handy checklist (“Why is XYZ still only at draft status one week before delivery?”) and when it comes to delivery/release, publishing the DH is equivalent to publishing all the parts and there’s far less chance of one element being forgotten or overlooked.
The problem with DH files before 8.7 was that they’re XML files and editing the XML source directly was off-putting for many. The online editor makes this a far easier task, by drag-and-drop of documents into sections and by combining sections from other DH files.
A few weeks back the topic of single-tenancy versus multi-tenancy in cloud architectures was mentioned. I made the point that single-tenancy has a major advantage over multi-tenancy – a perception by users that their data is more secure.
Arguing for single-tenancy is not the populist position. The approach is critiqued as “a SaaS-querade”. It’s often derided as another revival of the old ASP model, trotted out by traditional software vendors who are too risk-adverse to ‘do’ the cloud properly. They are content to sweat their on-premise legacy software asset one more way by adopting a “cloud strategy” that’s really nothing of the sort.
As I said then: Like most things in IT, opinions differ.
So I wanted to re-examine the arguments pro the multi-tenancy model; to see why it is considered the ‘true path’ for cloud computing.
One view is that vendors using single, per-customer instances miss the “economies of scale” opportunity and that’s extremely adverse for revenue growth and scalability.
That may be a true argument, but it isn’t an especially customer-centric one.
Another argument is that only multi-tenancy provides the degree of data analytics to make it worthwhile for monetization. Aggregating network effect data from multiple tenancies provides insights into user behaviour – single tenancy or on-premise does not.
Again that may be true, but it isn’t putting the customer or integrity of their data before the interests of the cloud vendor.
Some of the arguments allegedly in favour of multi-tenancy seem to be quite the reverse. One article recently argued that the way forward for multi-tenant systems was to provide more “elasticity” when it came to scheduling upgrades, i.e. allowing companies to stay on an older release for longer rather than mass-upgrading them to the latest one. Apart from the fact this is a non-standard (and not helpful) use of the term, surely making this type of “elasticity” a differentiating business benefit is a facet of the single- rather than the multi-tenant model?
The problem with the argument that single-tenancy advocates are all risk-adverse legacy software vendors is that it is illogical. It only takes one “born for the cloud” software vendor to opt for a single-tenancy model in order to debunk that argument.
One pro multi-tenancy blog writes: “It’s always about your customer… Cloud or no Cloud.” A good point, and well made, but where then is the application of that in using arguments that are all about the revenue of the cloud software vendor?
This debate is based on an unreliable foundation anyway. It’s all multi-tenant at the infrastructure level where services such as fault tolerance/failover, load balancing, etc. are concerned. People talk about the degree of multi-tenancy and for IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service) it probably means something different for each.
The keywords for IaaS for end-customers tend to be words like secure, scalable, and resilient. None of those I’d argue are the preserve of multi-tenant deployment, and maybe even the opposite is true. Any application that needs its own secure and exclusive virtual computing environment where system performance is not affected by a ‘noisy neighbour’ would seem to be better-served by the single-tenancy model.
But there’s no business model in it, say the pro multi camp. Surely that’s down to the old-school exercise of making your revenue exceed your costs? If you can give customers more of what they want with the single-tenant model, then not only is it a route to profitability, it may even be a differentiator.
AIIM is a non-profit association covering image and information management topics. These are notes from the AIIM Roadshow held in London on June 20th, 2013.
The first keynote was by John Mancini (@jmancini77) who reminded us that AIIM started in 1943 because of the challenges inherent in managing microfilm, and has evolved since with the dominant technologies of the day. He talked about the rise of ‘extreme volatility’ in industry: for example, out of the Fortune 100 company list of 1977, there were 79 companies still on the list in 1984. But if you took the Fortune 100 list of 2005, only 25 were still there in 2012.
He didn’t spell it out, but the accelerating rate of attrition means the list churn rate in 2020 could be 90%. It may not follow that every industry is equally affected, but if it did then few of the current technology top 10 will still be on the list. Wonder which one or two of Microsoft, Oracle, Apple, HP, Dell, IBM, Amazon, Google, or Intel will still be there?
A choice we (vendors and users) make about information management is whether we focus on the opportunities or on the risks/cost of non-compliance. One route takes you down the path of engagement and mining nuggets from the 2.5 quintillion bytes of data produced each day. The other takes you down the road of record-keeping, governance and fear-based decision making.
One of the current AIIM themes is that “Big Data” is not the same as “Big Content“. If I follow correctly, big data is about using vast amounts of statistical information to help with e.g. fraud detection, sentiment analysis or social monitoring. It’s what a supermarket is doing when it sends you coupons based on your purchasing over the previous two or three months. It’s the data from all those sensors in an Internet of Things. Big content, on the other hand, deals with the even more unstructured world of social, video, images, audio and text data. The enablers for big data have been the cloud, Hadoop and NoSQL, whereas the enablers for big content have been semantic web and search technologies. It strikes me that data visualisation technologies are probably a common enabler for both. Of course it’s still “data” in both cases.
The challenge to us making content management software is to go beyond document-centric content to find emergent value in huge volumes of unstructured information. That’s accepted, but I wouldn’t overlook the fact that today’s enterprise is still typically struggling to extract value from its document analytics. First things first. But there’s also a lot of exciting semantic web technology emerging, and our challenge is to harness the best of it (preferably open source) in an integrated manner.
On my way there I bumped into a friend who’s working on a contract in London. How to move content between SharePoint and Salesforce.com is his problem of the moment. It was partly for his benefit that I attended a round table discussion entitled “Exploring Microsoft SharePoint”. The audience were mainly SP users, many of them from the public sector, and there was a general sharing of wisdom. A show of hands indicated most were using SP2007; a few were still on SP2003 and those who’d made it to SP2010 were moving to SP2013. Most were using SP as a tool for building team, department or company-wide Intranets and as a way of replacing the network / shared drive. Success was mixed. Few did any information architecture (IA) work before implementation. Many said the project was led by Marketing (as in the communications team) with IT assistance, and delivered by external consultants. “Only customise as a last resort” was one pearl of wisdom, but the ‘better’ alternative of using third party plug-ins didn’t seem all that successful either. One person said user authentication (i.e. working with Active Directory) was like an extra 0.5 project on top of the main SP project. I picked up many useful tips on tools for e.g. content migration but too detailed to go into here. The overall sentiment was resignation to a bad experience – I’d be devastated if a CogniDox user group spoke about us like that.
The day finished with another keynote – this time by Alan Pelz-Sharpe (@AlanPelzSharpe) from the 451 research group. His topic was Big Data and in particular the notion of “Dark Data” which is the antithesis of big data. My take on what he means by that: if the IBM statistic is true that 90% of the world’s data has been created in the past 2 years, that doesn’t mean it is of value. There are servers full of useless and duplicated files (think about the storage of email attachments) and it is highly unlikely that this dark data will ever yield emergent value or insights. Don’t be seduced by the mere volume of data. It reminded me of a blog I once read that said big data is really mashup data – it’s the variety of the data sets that gives the insight. If that’s true, then open data becomes even more important because there’s a high probability you won’t own all of the smartest data sets in the room.
The recent NSA/Prism news story rippled through the day’s talks. Whether we are in the business of “information logistics” or “information governance”, there was much quiet satisfaction in the idea that metadata is a word now used on the newspaper front pages and The Guardian even has a handy guide for readers. In the un-glamorous world of information management, maybe that’s as good as it gets for us.