PAS 124:2011 (Defining, Implementing and Managing Website Policies and Standards) has been updated, superseding PAS 124:2008 which has been withdrawn. It was issued by BSI in March.
Publicly Available Specifications (PAS) are industry-led initiatives, are not full British Standards and generally not free. They can be withdrawn and replaced at any time. However, the topic is relevant enough to make it worth mentioning here. This PAS was originally commissioned by Magus, but members of the steering group also included the Cabinet Office, LBi, Olswang LLP, SDL Tridion, Shell International B.V. and Unilever plc.
So what does this document concern itself with? PAS 124 describes how to define, implement and manage web site policies and standards, and provides suggested areas they should cover, and example governance policy and further sources of information.
The scope says whilst PAS 124 can be used for "all types of website including: static websites, dynamic websites, web portals, mobile websites, e-commerce websites and content published by organizations on external sites such as social media sites", it does not cover "web-based services and applications: software-as-a-service (SAAS)/cloud computing services, virtual learning environments and internet enabled widgets and applications (e.g. mobile applications)". That's quite odd, because dynamic web sites and e-commerce web sites are applications.
Some of the benefits in taking the approach suggested by PAS 124:2011 are "protection of brand and company reputation by ensuring a consistent high quality user experience", "minimization of online risk through compliance with legal requirements" and "securement of appropriate protection of intellectual property" and "increased user confidence through a consistent, high quality user experience". I agree with those.
And what areas does it consider should be included to "govern the content, function and appearance of websites" to acheive these benefits? These ten key areas are listed:
- Brand and template
- Domain name and URL structure
- Editorial and copywriting
- Search engine optimization (SEO)
- Social media
- Website governance policy
Now, PAS 124 does state "this list... is not exhaustive...". True. There is no mention of affiliates, advertisers, wider marketing (not just SEO), testing, analytics, optimisation, performance monitoring, supply chain management, intellectual property, disaster recovery, business continuity, and use of multiple channels.
But how are aspects like information privacy and security, and the protection of assets belonging to the company, other organisations and individuals governed? "Data protection and privacy" are mentioned briefly as an example legal issue that "might" need to be considered.
Also, the PAS explains it does not cover "the following types of technical standards: infrastructure standards (e.g. connectivity, performance and availability), security standards, code standards, or the use of semantic web technologies."
I am disappointed. Technology requires governance too. And security is not just about technical controls — the administrative and physical aspects are just as important for preventative, detective and corrective actions necessary to achieve the benefits listed in PAS 124. In Appendix C (Useful Sources of Information) under the heading "security" is states "This is an area where there are a lot of standards. Visit the BSI website to review the range of available standards", but I'm not sure that really does the area justice. No mention of untechnical aspects? Also, surely there are some technical aspects in the listed key issues of accessibility, templating, domain name and URL structure, legal and usability? I can think of quite a few.
There really is more to governing a web product today than what is listed here. PAS 124 seems to reflect the thoughts of a somewhat silo-style organisation which does not have a connected overall viewpoint. It feels like the old-fashioned web manager in the corner office; someone disassociated from the business and out-of-touch with supporting legal, marketing & information systems services. What it covers is good, but its vision is too constrained.
So, I think the PAS has set too narrow a focus for its scope — PAS 124 is more 2001 than 2011.
Posted on: 17 May 2011 at 08:04 hrs