| 5.1 Service Evaluation
04. Electronic Communication | |
|---|
| 5.1.04. Electronic Communication: | | 1. Privacy and Electronic Communication Regulations is European (and UK) law and full compliance is mandated. Email and telephone messaging is now subject to regulations that change how business has been conducted in the past. | | 2. A dramatic change is needed to communicate private, confidential and sensitive business information because email and phone are no longer fit-for-purpose. Every email and phone message is recorded, copied and read by many agencies in many countries. Email services may process and consolidate data that is then resold to third parties. |
| Email Server Storage: | | 1. The majority of data breaches that have hit the worlds headlines are where email backup data has been stolen - email servers and backups may have no encryption and negligible security. A lot of people store all their business information in private folders in their email system - without any security. A person granted or gaining access to the email backup may take a copy that is worth a great deal on the open market or used as blackmail. | | 2. The Information Commissioners Office will fine any company that has a data breach of its email data, but that may pail into insignificance relative to the reputational damage that can be done to be company by the people holding a copy. The criminals may offer the email copies back to its owner for a significant number of bitcoins and may offer a copy to each competitor at the same time. Not only is the company involved, but all customers and suppliers who have any email communication. | | 3. The worst damage that has been seen done to a company is where the emails were slightly doctored and then released to the public to give a bad impression of the trading culture. What was real and what had been changed is hard to say, but the damage to reputation was devastating - no smoke without fire. |
| Communication: | | 1. The only safe and secure way to communicate with staff, customers and suppliers is to use encrypted communications and encrypted message storage. The use of telephone and email must be restricted to an envelope or reminder to access an application service to view shared information using encrypted storage and communication. No private or confidential information must be exchanged by phone or email for any reason - it is not safe. | | 2. The company that communicates with its customers and suppliers using an envelope link to secure messages will gain a reputation for professionally looking after the customer and suppliers data. The company that continues to use phone and email to communicate with customers and suppliers will gain a reputation for having no security training and not a safe company to do business with. | | 3. Subscription management is a legal obligation on all companies and it is very easy to see if an email has an unsubscribe or opt-out link. Legal firms are building a profile of those companies that are failing in their legal obligations and class actions for compensation by groups of people can be expected. Where a persons right to opt-in and opt-out of communications is not provided by a company, then that company will be fined until they comply or go out of business. |
| Procedure: | | 1. Select a contact person from the CRM. | | 2. Select the contact persons message list - click the "add new" button. | | 3. Enter the web page number and enter an optional record key - click the "send" button. |
| Evidence: | | 1. For each person in the CRM, a message (task, note or workflow) list can be selected. | | 2. Every message can be identified by date and time envelope sent together with when it was viewed (envelope link clicked). | | 3. Every envelope link has a finite life cycle of say 7 days before it expires and the envelope link will no longer work. The contact persons message list remains for 7 years, so if they can sign-in, the person can always review all their past messages - just like a private email folder. |
| Components: | | 1. The concept of "standard letters" is fundamental to any company. The only communication permitted with a customer or supplier must be by an Executive approved standard letter. Even a reply to a customer query, must be responded to with a standard letter that does not grant one customer trading preference over any other customer. Any ad-hoc message may offend the recipient where the definition of being offended is according to the recipient, not the sender. | | 2. Every standard letter is stored and used as a web page that is as easy to edit as Wikipedia. Because the standard web page is published using encrypted communications and stored using encrypted database, the web page is seen to be safe and secure. | | 3. Every person that can be contacted is stored in the CRM where data quality is of professional standards such as "Dear Mr Tom Jones" where the customer contact name is stored as "Mr Tom Jones". Every person in the CRM has the right to specify the method they choose to be contacted by, including the right to be forgotten and not contacted. | | 4. Every kind of support request is a web page with a unique page number and unique request number. To send a person a completed support request, enter the page number and the request key. An envelope is sent by email with a link that shows the support page showing the selected request data. |
| Support Request: | | 1. Many different types of support requests may exist, but all can be viewed as a form. | | 2. At the foot of the form, a "reply" button is provided to send an envelope to the author with a link to the page and request key. | | 3. Without any CRM selection, without any ad-hoc message and without any fuss, the envelope is sent to acknowledge the authors contribution with the applicable reply. |
| Attachments: | | 1. At the current time it is proposed to proceed without support for attachments that (like ad-hoc text) may offend. | | 2. Studies of "standard letters" shows that they can be used for all kinds of customer and supplier contacts, but work remains to be done for staff communications. | | 3. Perhaps an ad-hoc message option and attachment option may be provided, but rarely used. |
| Benefit Analysis: | | 1. By not having an email server full of critical business information, the possibility of having a data breach has been dramatically reduced. Any data breach could see the end of many application services and that is a risk on the survival of business. | | 2. By having an evidence trail of what messages have been communicated and when they were viewed will eliminate the opportunity for a person to suggest they did not receive a message. The benefit of this shared evidence trail will change how people view and use email. | | 3. All email envelopes have a life cycle of up to 7 days so their is no point in keeping them. Any email envelope can be disable in a moment by changing its expiry date to any historical date. | | 4. The likelyhood of sending private information to the wrong person is greatly reduced as the person is selected from the CRM before any message is selected. The "reply" button on an email is never used because such a reply would be without any evidence trail. | | 5. Every electronic message is a message from a named person to a named person - the idea of broadcasting a standard letter to many people is not acceptable. Electronic communication is intended to comply with the law and not to copy how obsolete email programs worked in the past. |
| Document Control: | | 2016 Sep 16 : Latest edition as (public) page 165104 Part of common ITIL application service. |
|
|