In this blog I want to start a new theme – projects that can change the way your company works.
All companies are unique to a degree, but there are many common issues that the majority are trying to solve. In the technology world we talk so much about features that it can be difficult to relate these back to the problems they are meant to address. I want to approach it from the other direction: what is the problem and how can software (CogniDox in particular) address that problem?
In the first of this series I’m going to consider a biggie: how do we make an efficient process for actually releasing a product? We read scholarly articles about innovation and the overall process / development methodologies that might help, but what about the mechanics of actually making a product release in the leanest manner possible?
If we succeed in this, we can say we have an efficient Product Release Engine.
Most high-tech companies have multiple products. Most products combine multiple project deliverables; from different hardware and software teams as well as technical writers and training. Most product releases are complex and require a specific configuration of elements to work reliably and properly.
You can have great teams using the best tools, but still suffer from information silos in your product development. The hardware team may have files created in AutoCAD or SolidWorks for CAD design. The software team may use Git or Perforce for the version control of software programs. The technical authors may use a DITA-compliant XML tool for the user guides. And so it continues across Training, Technical Support, and other groups.
There are two other common problems.
The first is the task of making a product release can be hard to pin on any one job role. It could be the Product Manager, but they may think their job is about managing user requirements, prioritising product features and building roadmaps. Project Managers may only be concerned about milestones and finishing on-time, rather than what happens after. It could be the Software team – after all they’ll likely have a software configuration tool in place and will be familiar with the language of branches, builds, and releases. But software is only one stream in the overall product, so this is necessary but not sufficient. The solution to this is to make this an explicit job title – the Release Manager. It doesn’t always have to be a full-time role or person, but it should be clear who is responsible. Their responsibility is to validate that all release components have been approved for release by the technical, product, and executive teams.
The second problem is that there is often a gap between the product deliverables and the entitlements of the customers receiving the product. Even if someone is responsible for the release, they lack the tools to help them manage a matrix of products and customers. Even if it’s managed using the ubiquitous spreadsheet, it still requires a manual step to decide before a customer receives anything.
So what can be done to link together the different teams that contribute to a product development and prevent ‘silos of information’ forming in the company?
CogniDox is a ‘silo-linker’ that solves this problem and gives the Release Manager a useful set of tools. Here’s how:
If you’d like to know more about the tools that CogniDox provides for Product Managers, feel free to contact us for more information or a demo http://www.cognidox.com/about-us/contact-us
It’s been a while since I’ve blogged so I thought it would be good to get ‘back in the saddle’ by getting back to the basics of what I believe to be important in file sharing, document management and document control.
Let’s start with the most obvious benefit of document management and document control.
In a busy company where lots of unstructured information abounds, the quality of data is vital. If data quality is poor due to lack of version control or duplication, time is lost as staff work out what information they can trust.
A model for this is a pyramid of information management maturity – the nearer the top of the pyramid, the more a company is capable in information governance, quality management and lifecycle management. We can show this as a simple graphic:
At the lowest level, a company with a need for collaboration support can solve its problem with a file sharing solution such as Dropbox or Google Drive. These are often cheap, but the emphasis is very much on storage. These collaborative tools offer very basic version control, by just rolling back or forward in a limited number of steps. More like ‘undo’ than proper version control.
Moving up a level, a company may achieve Document Management maturity status by using a repository-based tool such as SharePoint. It is often said that SharePoint is now synonymous with document management. However, this is defined as being able to share a document by saving it to a document management server. Document management is reduced to providing lists of documents stored on a server, admittedly with version control, but often not much more than that.
Having now seen a number of companies start and abandon SharePoint projects, it seems to come down to three critical variables:
Commenting on SharePoint is like taking a photo of a moving car because it has gone through so many changes even from SP2007 to SP2013. It’s gone beyond the simple collaboration tool that it was in SP2007, for example. It is still very much in flux. It will be fascinating to see how Microsoft packages its solutions over the next 3 years as it reconciles Office 365, Azure, OneDrive and SharePoint. My instinct tells me that SharePoint will be the one that gets assimilated under the OneDrive brand. It will be intriguing to see what that means for on-premise based SharePoint. The cost for on-premise SharePoint 2013 increased by 40%; the costs for OneDrive, Azure and hosted Office365 continue to fall.
There is a maturity level above this; and in line with standards such as ISO 9001 we should call this Document Control. The key extra capability is that there is a document lifecycle model and there will be support for workflows such as review and approval processes. There needs to be a document control procedure, with only one master version of each document. There needs to be an audit trail and a full activity history. This goes beyond event logs; it should be possible to easily view the activity history around a document when it was in a previous version.
It’s well known that ISO places no explicit requirements on the DMS software itself, so you can search for “is SharePoint 2010 ISO compliant” to your heart’s delight and you won’t get a definitive answer. What you might find however is that the case studies and SlideShare presentations on “how we did ISO with SharePoint” usually involve SP plus extra software from the 3rd party SP solution partner ecosystem.
Ease of use and installation is a major factor. If you can get a document control solution up and running quickly you can start to engage the business and encourage them to customise it. Therein lies the path to 100% adoption.
Search and information ‘findability’ is a major factor. Partly, this problem is inherited from the hierarchical nature of folders and subfolders common in a file share. Users have to navigate through a maze of folders to locate the document that is of interest. Documents should be unique, categories should be dynamic and virtual. The web page that a user sees should be constructed from documents that are tagged as relevant to that page. It should not be as I read in this RFI from a user of SharePoint; “Because of the hierarchical nature of this structure, duplicate documents often exist on the system as staff are unsure what exact folder to upload the document to.”
This leads to the second part of the findability problem: the quality of the integrated enterprise search engine. The user above also complains that: “Even though Fast Search has been installed, it does not easily locate the relevant documents as no ECM functionality such as metadata etc. has been applied to these documents.” The search engine should be able to index every text element in the repository (including metadata and text in image files as well as the text-heavy Word and PDF files) and present results according to its relevancy to the search string.
Information security is a major factor. Access control systems are still rooted in simple Read or Read-Write permission rights. Much more is needed. Once the user’s right to access a document is established, it then becomes necessary to determine what the user can do with the document. Can they approve it, for example? And then there is access at the document repository level. The DMS should be able to support collaboration with partially-trusted users (contractor, freelancers, JV partners, etc.), allowing them DMS features as needed but without disclosure of other categories such as HR and Finance that are outside the ‘need to know’ boundary. It’s essential that the search engine understands the information security controls that are in place and performs security trimming on any results before they are displayed to the search user.
It’s always the case that the right software solution depends on your requirements. If you are kicking around a few ideas for a startup, there is no reason why file sharing won’t meet your needs. It’s when you reach the heights of having to justify the wasted time of tens or hundreds of employees or having to meet QA / FDA regulatory compliance and other governance for supply chain management that you begin to understand the difference between that and document management / document control.
At Cognidox, we spend a deal of time talking about quality documents in the context of quality assurance, ISO 9001, and so on. Now, it’s time to talk about document quality.
Most of us are familiar with features in tools like Microsoft Word for spell checking and grammar correction. Such features have their place, but imagine you had a real Sub-Editor to assist as you write. Editors know not only about spelling and grammar, but can also advise on more complex matters. They are able to tell you when your writing style becomes hard-to-read, or you use terminology that is not consistent with the company style guide. Maybe you used an internal product name in an externally facing document? Or, you like to call a company product “Gizmo 4″ in your documents when the official name is “Gizmo-IV”. They know if key phrases have already been created that could be reused in your document. Those phrases may already have been carefully translated into other languages. They can tell you whether your documents help or hinder your SEO by examining how keyword placement in your documents affects search rankings.
Such issues are faced every day by the Technical Author community. We listened to them talking about software tools they were using or evaluating to help with these tasks. Acrolinx was a product they mentioned frequently. We certainly liked the idea that their tool was based on “geeky linguistic analytics capabilities”.
We made a quick call to Acrolinx and we were soon integrating CogniDox with one of their products – the Acrolinx Add-in for Microsoft Word.
The add-in tool is easy to learn. Once installed, you select it from the Review tab and tell it to Check your document. It parses the document and checks it against Acrolinx rules tailored for your document type and organisation. It returns a score for the document and you can continue to look at each issue, one at a time. It advises you what is wrong and suggests improvements. If you accept these changes and run a subsequent check, you find the document quality score has improved.
The question for us was how to integrate a tool such as Acrolinx into the document lifecycle?
Without going into details, Acrolinx provides metadata embedded in the document that can be re-used in CogniDox. In our example, we created a placeholder for Acrolinx validation. A CogniDox plugin reads the Acrolinx metadata – in this case score and status. A high number indicates there are a lot of issues. Each time you add a new version, the score is updated if you re-check the document. The plugin is able to spot if the new version was not checked.
The next consideration was: should we do this for every CogniDox document type? The answer is no. It makes sense to score the quality of some document types but not others. It is essential to check a marketing brochure or product datasheet, for example. It is less essential to check an Engineering Change Order. The plugin can therefore be configured to only look for Acrolinx data in specific document types.
If you would like to find out more about CogniDox integration with Acrolinx, send an email to firstname.lastname@example.org and we’ll answer any questions you may have.
Last week we published a white paper entitled “CogniDox and Information Security Management” to our customer support site. It was written in response to questions received from our customers. To answer their questions, it had to be specific about what CogniDox does for information security. But we also found it had to be educational in a broader sense. So, we decided to publish it on our website to make it available to a wider audience.
You can find it in the Library section (under Documents) on our website or you can open/save the PDF file directly from this link.
Most companies are still unsure about the risk to their business associated with cyber attacks. They may read that cyber-crime costs the UK economy an estimated £19bn to £27bn every year1. They see stories on one hand about lost or stolen USB drives or company laptops containing confidential data; and about sophisticated attacks by highly organised hacker gangs on the other. It can be hard to relate this wide spectrum of cyber-risk to the everyday operations of a high-tech business.
Some (wrongly) believe cyber-attacks are only a problem for large financial institutions, military, government, or mega-corporations. Verizon publishes an annual report called the Data Breach Investigations Report (DBIR)2. In the 2013 edition, it found 62% of data breaches happened to companies with fewer than 100 employees. It found that 20% of network intrusions involved manufacturing, transportation, and utility companies – the common motivation for these attacks is stealing intellectual property (IP).
One security firm which examines the so-called ‘Dark Web’ for evidence, found over 100 million stolen user IDs and passwords in one month of analysis3. A quick scan of our company website server logs reveals 6 suspect IP addresses probing and 32 rogue attempts to use SSH in just a one-week period. It takes just seconds for automatic tools to scan your website looking for known vulnerabilities and weakly protected data. 86% of all websites investigated during 2012 had at least one serious vulnerability4. Using these, an attacker could take control over a website, and have access to user accounts and sensitive data.
What can we do about it?
You could try to lock down data storage even further, but that can deprive authorised users of legitimate data availability. With the trend among employees to ‘bring your own device’ (BYOD) still on the rise, it also looks like a forlorn hope. If you make it hard to access information in the official repository; it increases the odds that it is ‘temporarily’ stored in Dropbox, or takes to the ‘SneakerNet‘ via a USB flash drive.
You could try to improve your security training and awareness. The Guardian newspaper recently reported a survey of media professionals in which 70% said that they had received no training against cyber attacks. But, some experts believe that training is a waste of time5.
You can try to spot intrusion attempts at the earliest opportunity through network intrusion detection software, so that ‘mean time to detection’ is minimised. The problem is that it only protects against attacks to your network. Other types of vulnerabilities are still a threat.
The answer is that it requires a number of concerted actions to improve security. It is a spectrum of risk, and different security controls apply to different parts.
The white paper argues that the ISO/IEC 27001 information security standard currently offers the best framework for cyber security. It reviews ways for hardening IT security on Linux-based systems, and shows how applications such as CogniDox can use (and depend on) this functionality. That still leaves a major gap in solving the problems of Information Security. The white paper therefore concludes by demonstrating how security-related features in CogniDox can address these problems.
If CogniDox had to have a mission statement, it would be “to promote Lean principles in the adoption of Document Management software solutions”. We’ll call that Lean DM, for short.
The readership of this blog includes a number of Quality Assurance experts, so forgive me if I go through the basics for everyone else about what is meant by Lean.
The classic book Lean Thinking (Womack and Jones, 1996) defined Lean as a way of thinking that allows companies to “specify value, line up value-creating actions in the best sequence, conduct these activities without interruption whenever someone requests them, and perform them more and more effectively.“
They propose five key principles of lean thinking, the first and foremost of which is customer value. Their definition of value is a “capability provided to customer at the right time at an appropriate price, as defined in each case by the customer.” Notice that value can only be defined by the ultimate end-customer. There are a lot of ‘interim customers’ such as marketing, operations and sales team; but the end-customer is key.
The other four principles are Value Stream, Flow, Pull and Perfection. ‘Value Stream’ is what many of us associate with the Lean model. It is the ongoing removal of waste from processes so that the product or service proceeds in the most effective and efficient way possible. ‘Flow’ means that a smooth, continuous process will always be more effective and efficient in adding value than a batch process (or any erratic process) can be. ‘Pull’ is the ‘just in time’ principle, but dictated by what your customers need rather than anything else. ‘Perfection’ may sound like a request to focus on the ideal, but has more to do with using continuous reviews so that flows can adapt to changing customer requirements.
When we apply this to Lean DM, it means that we want to adopt and follow practices that make the product lifecycle efficient and cost-effective by removing everything not essential to customer satisfaction. If we cut out documentation then we certainly don’t improve value, because the organisation has not retained knowledge in a format that can be shared with customers. When we do produce documentation, we want the flow of the process to be as streamlined as possible. Each non-unique email attachment has the potential to waste time and decrease productivity; sending a link instead for a controlled document part number has the opposite result. Lean DM can reduce waste; increase productivity, and use existing resources to their full potential.
There are some obvious opportunities for waste reduction where documents are concerned. Centralised, online documentation that saves on unnecessary printing may be an old-school notion, but it is still valid.
Customer satisfaction is the single-minded focus of Lean DM. It improves customer satisfaction through better knowledge transfer to customers, partners, and suppliers via extranet portals.
The Lean DM model helps to replace the ‘information silos’ of isolated departments with an efficient information-sharing process across teams, projects, and locations. It results in better design reuse; elimination of errors and rework caused by poor document control; and time savings through workflow automation.
Security and control are at the heart of Lean DM. When an authorised person needs information from a document, the correct version must be readily available to them. The document control requirements for quality certification such as ISO 9001 or ISO 27001; or regulatory expectations such as HIPAA or SOX, are met.
Lean DM also helps to answer a question often heard: what documents need to be controlled? The answer: all documents that have an impact on your products, services or company.
So, if you were to ask what CogniDox is about, the answer would be: Lean DM.
The AIIM organisation has just published the results from their annual Microsoft SharePoint survey. You need to register to download, but a PDF copy of the report is available from http://www.aiim.org/Research-and-Publications/Research/Industry-Watch/SharePoint-2013.
The sample size is respectable (N=620) and the respondents come from all company sizes across a wide range of industries. It was a self-selection process from the total set of people invited to take the survey, so it would be in the nature of these things if the majority of respondents were using SharePoint.
The report has a lot of interesting data, but the headline message has to be that a majority of SharePoint deployments (61%) are stalled, struggling, or failing. Only 6% rated their project as a great success.
That has to be correlated with another finding, namely that 49% of the sample reported that choosing SharePoint was an IT decision. In fact, 34% said that it was the head of IT who made the decision.
Of those using it, nearly two-thirds (63%) said that their SharePoint is not connected to any other system. It’s hard to see how a tool managing information can be of any relevance if it’s not connected to other systems used in the company workflows.
These data seem sadly familiar to a scenario we see quite often: senior management at a company become aware that there is an information management and data governance issue. Rather than treat it for the strategic decision that it is, they instead delegate it to the IT department to act. They go with what they believe will fit with their wider IT system administration tools; and with not a lot of thought about business requirements. Even if they roll-out the project in an efficient manner and don’t under-estimate the difficulty, it is highly likely that six months down the road there will be a tool in place with very low user adoption. Systems that don’t get used grow stale and can become a business liability if the data they hold is no longer trusted.
And then, yet another IT project is added to the ‘failed’ list.
Worse than that, a minimum of two years will elapse before the situation can be recovered and the company gets the system it needed in the first place. That’s assuming there’s an appetite to try again.
The alternative is that the project should be led from the business side. Of course it needs IT input and advice, but it should not be IT-driven.
It may seem the alternative argues for extensive analysis and consultancy with phrases such as “information architecture” and “information governance” in profusion; and a hefty project cost. There’s nothing wrong in doing this, but it isn’t necessary. It’s enough to build a simple category structure for your documents with an elementary security policy, decide on user roles and levels of user rights, and just get started. Procedures to serve the business policies and workflows that you want will soon emerge. That’s the “Plan, Do, Study, Act” method advocated by management thinkers such as Deming or the “Build-Measure-Learn” model from the Lean Startup methodology. It works.
Here are five business scenarios that might benefit from a software solution:
To every scenario above a common answer is: use a CRM system.
Many companies are heeding that advice. CRM software revenue (according to Gartner) was approximately $18 billion worldwide in 2012 and grew 12.5% compared to the previous year. The market leaders are Saleforce.com, Microsoft Dynamics, Oracle Siebel, SugarCRM, NetSuite and SAP. But directory-style lists of CRM systems contain many alternatives. There are 451 products listed at Capterra, for example. The list at FindTheBest contains 175 results. And Business Software lists 327 products.
The simple reason why there are so many CRM systems is because the CRM use-cases above are so divergent. There are many nuances that will make a CRM that’s perfect for one company useless for another.
Most agree that the “C” stands for customer, but it could also be company, contact, constituent, case or citizen given the variety of uses. The “R” isn’t too well defined either. Many now argue it’s not just a relationship, but the whole experience people have with your company and its products. That’s why they prefer the term “CXM”. Others call it “social CRM”.
One of the reasons for the widening scope is because traditional CRM hasn’t delivered value for its users. Historically, CRM systems have a very poor implementation success rate: failure is common.There are a few ways it can go wrong:
The problem I have with just extending the scope into CXM is that you can end up with something like an “enterprise suite” software system. Just because there’s a box in a block diagram for HR or Help-desk doesn’t mean it’s adequate for either. The answer isn’t to abandon your customer database totally in favour of some tool that does sentiment analysis on every mention of your company on Facebook or Twitter. Social media has added to the list of things you need to do, not replaced them.
Traditionally, advocating three or four (or more) software systems instead of one was seen as a bad idea. But that was before open standards and APIs that enable data integration. When I approach this now I look for the tools that are best at what they do, and then check that they are not closed to the point where it’s only data-in. It’s not a maxim, but it is often the case that open source tools support open data better than others.
So, we still use a ‘traditional’ CRM – in our case it’s SugarCRM community edition. But we connect it into CogniDox to manage the customer entitlement process (who can download what documents). We have a separate ticket tracking system (OTRS Help Desk) for our support site but we can also see at a glance how many open tickets a customer has from within CogniDox. Tickets serve a purpose but people also like to find answers in a self-service manner: for that there’s an excellent open source project called Q2A which provides a Stack Exchange style question-and-answer, user community website.
The licensing cost for those three tools is $0, $0 and $0. It’s true you require knowledge to install them properly, but that doesn’t negate the licensing cost benefit.
What about CXM? Maybe because we’re in B2B or maybe because we’re still a small company I have to say that monitoring social mentions isn’t all that difficult or time-consuming. Automated alerts and an occasional use of Social Mention serves our purpose very well. When the scale justifies it, I could envisage using Crimson Hexagon. It would probably be more useful for us to build a user feedback website, where our customers could share, discuss and vote on ideas. Whether the insanely-busy people we work with would find the time to do this is an open question, but it would be an experiment worth running.
We released CogniDox 8.7.0 over two weeks ago now.
In this post I’m going to highlight some of the other changes. There are too many to cover individually, so I’ll have to be selective in my coverage. As always with a CogniDox release we divide the change log into enhancements and bug fixes. There were 44 changes made as enhancements and 33 changes as bug fixes. That’s 77 reasons to upgrade to the latest version.
Many enhancements (~40%) were directly proposed by end users and tracked in our issue/ticket tracking system. This ratio of user suggestions to internal ideas is important because it shows users are engaged with us. One lesson we’ve learned from our open source projects is user-led development is better than vendor-led development in most scenarios. (The worst is vendor-vs-vendor development – that way lies unwanted features and bloatware.)
There’s no way to rank the new 8.7 features by priority, so here’s a selection:
Category Tree Explorer
A new homepage portlet called ‘Category Tree Explorer‘ is now available to users, by clicking on the Manage Portlets button and selecting it from the list of available portlets. This portlet provides an expandable view of the CogniDox category tree. Users may use this as an alternative to the standard Categories portlet as it allows the full category tree to be explored from the homepage.
Here’s an example screenshot of the portlet:
A new bulk action is available which allows the status of multiple documents to be changed in one go. Using the function, it is possible to obsolete / un-obsolete, freeze / un-freeze and publish / un-publish many documents at once. Users require the new ‘Change the status of multiple documents‘ role in order to use this function.
CogniDox provides a feature called ‘View Policies‘ which allows a company to publish a document internally to all or selected employees and to collect acknowledgement from the reciprients that they accept the document. It’s used to ensure that company policies comply with regulations required for example by SEC, SOX or HIPAA procedures. However, when a document with view policies was up-issued and approved, an email would go out to users asking them to accept the active view policies on the document. This wasn’t quite what one of our larger companies expected or wanted to happen when the HR department corrected a minor error in a view policy document and thousands of users were emailed. Sorry about that. So now it’s possible to configure a view policy on a document to have manual notifications. When a policy assignment on a document is manual, an administrator or view policy owner must specify which versions of the document generate a notification email.
CogniDox enables administrators to set internal user watermarks as an extra security measure. This imposes a background image (watermark) on the PDF version of the document e.g. “Downloaded by <name> (<login>) on <date>”. From 8.7.0 this format can be over-ridden on a site-wide basis with the new ‘PDF Watermark User Format’ system configuration option. The format for internal watermarks applied to documents with a security profile can now also be overridden on a per-security profile basis.
We’re fans of the Nagios (http://www.nagios.org/) network and application monitoring tool. It’s another example of an open source success story. Now, IT staff can use a CogniDox-specific Nagios plug-in to monitor various aspects of the CogniDox system. The plug-in verifies that critical CogniDox files and directories do exist; that PDF and trigger spool directories are not over-flowing; that document relationships are being created correctly; that the database is available, and that other monitoring plugins are installed and configured correctly.
CogniDox 8.7 added a new online editor for Document Holders.
So what does a document holder (DH) file type do?
It addresses a problem commonly found in electronics and software product development where you need to make available a coordinated set of files to users for download. The configuration is all-important – a version 2.1 software driver may not work with some other particular version of hardware.
It could be, for example, a company’s product called the “ABC1234 Evaluation Board” that another company (an OEM) uses as a target device to test their software. From the downloads page we might want to make available the Gerber Layout Files (in Zip format) as well as PDF files of the Schematic, Bill of Materials, Test Procedure and the User Manual. They may include driver software options for Linux, Windows x86 (32-bit) or Windows x64 (64-bit) driver packages. Perhaps they also add the source code for reference as a zip file.
Another example could be a company that makes a small-sized single-board computer – they don’t know in advance what operating system an end-user will install so, on their user downloads, page they may offer zip files for Debian, SuSE, and other Linux distributions.
A variation on that example might be a company that releases packages of Linux Drivers and Utilities, VMware Drivers and Utilities, Windows Drivers and Documentation. If there’s a change for example to one of the DLL files in a Windows OS variant, only that package needs to be changed.
The problem for the Product Manager in these types of project is that it’s difficult to keep track of all the moving parts. Imagine that there are ten separate pages on http://www.example-company.com/products/dowloads and each of them has a number of files. Just hand-crafting the HTML as each file changes will be a chore, let alone the potential for user error if someone forgets to make the change(s).
So, enter the document holder (DH) file type. During the development phase it acts as a handy checklist (“Why is XYZ still only at draft status one week before delivery?”) and when it comes to delivery/release, publishing the DH is equivalent to publishing all the parts and there’s far less chance of one element being forgotten or overlooked.
The problem with DH files before 8.7 was that they’re XML files and editing the XML source directly was off-putting for many. The online editor makes this a far easier task, by drag-and-drop of documents into sections and by combining sections from other DH files.