A friend was telling me recently about a problem he was having in his office. It’s one that I’ve also come across in previous employments and I thought I’d take a moment to outline the importance of the subject: human-only knowledgebases.
There are oracles in every office. You know the type – the goto person for subject X, who’s been here for years, who can remember when this was all fields, and knows subtle technicalities of a certain system. It’s great that they’re here, that they have the knowledge: but it’s not great that only they have the knowledge. If they’re off for the day, it means a day of delay. If they’re off for the week, it means an anxious voicemail/email. If they leave, it means panic stations, red alert, how-on-earth-does-this-bloody-system-work.
Tales of the unexpected
Ten years ago I worked for a large, multi-national IT company who did the IT infrastructure for a UK GOV public body. The system that underpinned it all was a sprawling, hydra-esque green screen beast that made DOS look like Windows 10. It was built piece by piece and didn’t follow any design or interaction conventions, so in one screen, for example, you’d see inquiry spelt both ways. In one place it’d be F9 to escape, in another it’d be ESC and somewhere else it’d be Q. There was only one man who knew how this system worked and he should’ve retired years ago. They kept twisting his arm to stay for another 6 months whilst they planned to extract and codify his wealth of knowledge, but it never really happened. I left for Uni just as he was ignoring their repeated pleas to stay for another year and finally going to enjoy his retirement. I heard some months later from colleagues I’d kept in touch with that the system did what all systems do from time to time (i.e. go for a burton), but only this time there was no Human Knowledgebase to fix it. This caused massive nation-wide issues and hefty fines from the Government and industry regulators alike.
No (wo)man is an island
Things like this happen in offices up and down the country, albeit to smaller extents. A small company I once worked for was run exclusively on Excel spreadsheets and in the corner of each one was a checksum with the title: “IF THIS NUMBER DOES NOT EQUAL ZERO, CALL TRACY!!” Elsewhere, you’ve doubtless heard these types of questions after someone’s left a company: “Where’s the key for this?” “Where are the backups for that?” “Does anyone know how this works”? “Don’t turn that off!” There’s no real excuse for these situations to occur: no-one is an island and deliberately avoiding human-only knowledgebases by ensuring knowledge is documented and backed up should always be a high priority for companies of all sizes.
It’s good to talk. It’s better to use a wiki.
Now, if you’re somehow ignoring the risks and trouble that human-only knowledgebases can leave you in and are instead thinking “It’s not always practical”, then I say to you that you’re not thinking about it in the right way. All it takes is, for example, a well-structured internal wiki and some time. And probably not as much time as you might think: it’s more about crucial, pivotal pieces of information rather than volume. If you’re a small, dynamic office then it’ll be quite a simple exercise. If you’re a larger corporation then start small with the important stuff and grow the project as appropriate.
But how do you keep it secure? How to make sure only relevant parties have access? Well how about this: all companies worth their salt cover information security in a formal, structured way, typically ISO 27001. Larger companies and/or those who deal with credit card information will also be PCI DSS compliant. Both these systems cover information governance and information security and can help you ensure your company’s knowledge is secure and available only where appropriate.
Two birds, one stone
The old adage of “they might get hit by a bus tomorrow” isn’t very likely, but people do get taken ill unexpectedly, fired, leave, retire, or jack it all in and start a new life running a Post Office in the Outer Hebrides. I’ve seen it all in various companies I’ve worked for (I’m only 29, so god only knows what else is in store) and would strongly advise companies to take control of knowledge that resides only in the heads of staff members. And ISO 27001 certification and PCI DSS compliance, which you’re probably already doing, can help. I’ve seen first-hand how important it is. Don’t be another example of what not to do.