Skip to content

icon picker
Compliance Standard Solution (MVP)


Project:
Compliance Solution Expansion (Standard MVP)
Product Score:
41
Contributors:
Adam Christophersen
Meghana Hermes
Andrew Newbury

TEAM
Lead Engineer:
@Michael Clark
Front-End Engineer:
@Anastasios Milios
Back-End Engineer:
@Martin Rosas
Lead Product Manager:
@Andrew Newbury
Product Analyst:
@Joe Nyhuis
Product Designer:
@Filip Iversen
Lead Product Marketer:
@Andrew Newbury
Customer Success Advocate:
@Stacey Switzer

TL;DR:
Expanding our current compliance products to be more capable for our growing customers.
Approval Workflows
Pending Tasks Screen

Stage:
Start:
8/15/2023
Launch:
11/30/2023

MARKETING
Launch Grade:
A
Marketing Launch:
[ ]

Jira Link:
Prototype Link:
[ ]
PRD Complete:
false
Created on:
3/12/2021
Created by:
Adam Christophersen
Date last modified:
3/29/2024 2:00:25 PM
Tentative Design Prototypes by
@Filip Iversen
will be completed by 6/30/22
Outstanding question regarding permissions “Compliance: View” vs “Compliance: Manage” with Meg.
I want to only have one compliance permission. I don’t believe there will be a scenario where compliance truly wants to only “View” and not take any action.

Problem Alignment

The Problem/Opportunity

Describe the problem (or opportunity) you’re trying to solve. Why is it important to our users and our business? What insights are you operating on? And if relevant, what problems are you not intending to solve?
We have heard from current customers and prospects that compliance beyond “pre-post” compliance is of paramount importance, and they typically are required to have another compliance solution in place specific to social media management outside of our existing Denim Social Publishing Solution’s compliance elements to manage it. This is particularly relevant for larger customers. We’d like to offer a stronger compliance solution that handles these items, in addition to the current offering.
Additional approval groups allowable on posts (sequential approval groups)Editing of existing posts (that they’re able to edit).
Centralized location for all compliance review tasks
Different types of keywords/phrases for moderation (restricted vs prohibited)
Removal of existing posts.
Only workaround is to go direct to each social network and manually edit or remove which is a labor intensive process when publishing to hundreds of accounts.
Build a stronger social media archive report (Standard)
inclusive of comments, DMs, and truly all activity on social media.
Centralized location for all compliance review tasks
Ability to prescribe which social network types (FB, IG, TW, LI) an institution can allow users to connect.
Need the ability to add more filtering of posts from the Publishing Posts Page
Auto Expiring of Content Library Posts - allows better content cleanup rather than having to manually delete old posts from the content library

Background

Supply any background information necessary for the problem/opportunity
“Compliance” is the 4th solution we offer (Advertising, Pages, Publishing, Compliance) and it is the underpinning of all other platforms. For today, it’s not scoped to be its own dedicated solution with a dedicated front-end (maybe one day it evolves into that, but not now). But, because of our strong reliance on Compliance, and because we think we can offer a better solution that more fully supports social media compliance, we should build it. We also know that our customers and prospects need other tools to manage their social media compliance in addition to our current compliance offering, and if we build this expansion to our compliance offering we have a stronger ability to win deals where we can replace existing competitive compliance solutions.

Opportunity

Describe the opportunity that lies ahead of us should we decide to build this product. What do we gain? What’s your first guess as to how we can achieve it?
If we build this, we gain a complete social media publishing compliance solution, and it enables us to be far more competitive at the mid-market and above levels as we’re now able to replace some existing spend the prospect has for social media compliance. This gains us significant parity with ProofPoint Social Patrol.

High-level Approach

Describe briefly the approach you’re taking to solve this problem. This should be enough for the reader to imagine possible solution directions and get a very rough sense of the scope of this project. (e.g., if “The Problem” was engagement in the design process from non-designers, “The Approach” might be a feed which surfaces work that's relevant to them.)
This new Compliance product should be a left-hand navigation product, where we split off the current compliance functions from their existing homes and place them into this new “Compliance” product while also building new compliance features that do not currently exist.
Here’s what it needs to be able to do:
Compliance Settings: Managing access to either view or edit compliance settings
Approval Groups update. Move from Admin to Compliance Product.
Creation of ‘sequential approval groups’ where customers can create approval workflows where content needs to be approved by group 1 THEN group 2, rather than how it currently exists, which is in parallel to one another. This sequential approval workflow needs to be created for post approval workflow and keyword approval workflow.
Creating multiple post approval workflows
Creating multiple keyword approval workflows
Ability for institutions to elect to require NO APPROVAL for content that does not contain keywords or phrases.
Approval Workflow is assignable to a user group
Centralized location for compliance review tasks within the Compliance menu

Goals & Success

What does success look like? What metrics are you intending to move? Explain why these metrics are important if not obvious.
$x / x% less closed lost sales opportunities because our compliance solution isn’t fully-baked.
Percentage of customers using more than 1 level of approval
Maybe not a heap thing - possibly in Django (check with Tasha, Filip, or Jorge)
Analysis of prohibited keywords in use?
Might just have to be a manual report run periodically
Will we be able to track how many posts ever get stopped from being shared (saving compliance review time)?
If there is a CSS banner that pops up we can probably track in Heap (talk with Filip)
Are customers using Boolean keyword combos?
not a Heap thing
Content Library Posts that contain an expiration date? vs total content library posts active?

Solution Alignment

Give an overview of what we’re building. Provide an organized list of features, with priorities if relevant. Discuss what you’re not building (or saving for a future release) if relevant.
Compliance Product Permissions User Stories
Story Name
Description
Importance
Design
Notes
In Jira?
dev notes
1
As an admin, I want the ability to assign compliance permissions to a role so that I can limit what each user is able to do in app
This story is creating the new permissions that compliance will be built on.
Users with the permission “COMPLIANCE: VIEW” should be able to only view features in this product without edit ability.
Users with the permission “COMPLIANCE: MANAGE” will be able to view/edit/delete settings in this product.

High
Institution Level: ADV permission in Institution level - django Advance Compliance:
2727
2
As an admin, I want to have the following compliance products under the compliance menu and control access based on permissions
On the left menu navigation User should be able to access Compliance product with the following components depending on the permissions set for the user.
Keyword Moderation
Needs to be removed from “Setup Menu: Manage” permission
New Permission: “Compliance: Manage” to make edits
Existing Permission: “Compliance View” to see but not edit
Approval Groups
Needs to be removed from “Setup Menu: Manage” permission
Needs to be removed from “Posts: Manage Approval Workflow” permission
New Permission: “Compliance: Manage” to make edits
Any existing users with “Setup Menu: Manage” AND “Posts: Manage Approval Workflow” permission will be given Compliance: Manage access.
Approval Groups will only be visible to those with Compliance: Manage access. It will not be visible to anyone else, even those with “Compliance: View” access.
Archive Report (already in compliance Menu)
New Permission: “Compliance: Manage” can run archive report
Existing Permission: “Compliance View” can run archive report (currently available today with Compliance: View)
High
Compliance Settings to view and set actions
2728
3
As an admin, I want to have the new Approval Workflows product under the compliance menu and control access based on permissions
Approval Workflows
New Permission: “Compliance: Manage” to make edits
Only visible to those with Compliance: Manage permission. Not visible to anyone else, even those with Compliance: View
High
2729
4
As an admin, I want to have the new Pending Approvals Task product under the compliance menu and control access based on permissions
Pending Approvals *(New)* Available to those only with Compliance: Manage
Allows user to see posts that are only assigned to the user logged in
High
2730
There are no rows in this table
Approval Workflows User Stories
Story Name
Description
Importance
Design
Notes
In Jira?
dev notes
1
2
As a compliance admin, I want to be able to elect no approval required for posts while still being able to apply keyword approval worfklow to posts.
Posts Approval WF: Ability for institutions to elect “NO APPROVAL required” for approval workflow that does not contain keywords or phrases. Each approval workflow will have the ability to elect “no approval required” and that workflow can be assigned to users based on their user group. ​This is not auto-approval. Posts that have no approval required should indicate that the post did not require approval in the post details because of the workflow that was assigned to the post.
High
2942
3
As a compliance admin, I want to be able to elect no keyword approval required for posts while still being able to apply post approval worfklow to posts.
The idea behind this is that some customers will want all posts to go through approval review regardless of whether or not keywords are present. This goes with the previous user story (2942). Combined together, they create a singular approval workflow where the user can define a process for posts with or without keywords.
High
2943
4
As a compliance admin with the edit ability, I want to be able to create post approval workflow that is sequential (1 then 2 and so on) by assigning approval groups to each stage of the approval workflow with a max of 5 levels
Under Posts Approval WF: Admin should be able to pick 1 THEN 2 (sequential) to assign the order of approval groups created by them. The user would select which approval group is applied to which level of the review. There could be several levels of sequential approval up to a max of 5.
High
2944
5
As a compliance admin, I want the ability to create more than one post approval workflow and add an approval group to each workflow so that different users can have different post approval workflows applied to their posts.
Admin should be able to create more than 1 post approval approval workflow and assign groups as many times as needed
High
@Filip Iversen
This will be like the list view in Approval Groups. It’s a significant change from the original wireframe
2945
6
As an admin, I should be able to assign a post approval workflow to a user group from the post approval workflow menu.
This allows different users to have different post approval workflows. Example: Some users may require approval while other users don’t.
High
2946
7
As a compliance admin, I should have to select a “default” post approval workflow so that all users will have an approval workflow assigned to them in the case the admin forgets to assign an approval workflow to a user group.
The default approval will be created as a backup in case the admin forgets to assign an approval workflow for an existing user group, or creates a new user group and forgets to go to assign an approval workflow.
High
2947
8
As a post creator, I do not want to select an approval workflow when creating a post since the approval workflow will already be assigned based on the user group of the individual
This update will remove the need to select a post approval workflow when creating a post. The approval workflow will be assigned based on the user group of the individual creating the post.
High
2948
9
As a compliance reviewer, I want to receive a review email notification based on the sequential approval order so that I receive an approval email only when the post needs reviewed by me.
Based on the approval workflow order the users in the approval groups should receive an email to approve. Example the 1st approval group should receive an email to approve when a post is created. The second approval group should receive an email after the 1st approval group has approved the Post. The email should contain all post details, and if the post was approved by someone else in a previous sequential order.
High

2949
10
As a post creator, I want to have my posts approved by the approval workflow that is assigned to me based on my user group.
Approval of posts in a sequential order entails for each post to be approved by the order assigned. Posts should not ever be auto approved just because the approver is in the approval group. All posts go through approval workflow and require the assigned reviewer to look at the post and either approve or decline. The only auto-approved posts should take place because the approval workflow was setup to have no approval required.
High


2950
11
As a post creator or admin, I want to view the status of the pending approvals so that I can determine where in the approval process the post is.
Ex: “Pending Approval” Status post should display approved by 1st approval group while waiting on other groups.
High
2951
12
As a post creator, I want to be notified via email when my post was either approved or declined so that I can take action if needed to get my post fixed so it can be posted.
Settings:
Creator needs to receive only one “your post has been approved “ email after all approval groups have approved the post and the post is considered fully approved.
Creator needs to receive only one “your post has been declined” email when one reviewer in any group declines the post with the comments the reviewer put in the review.
High
2952
13
As a post creator, or an end user who is editing a post that has already been approved, I want to be able to edit the time/date and social networks without needing to get another approval so that I can save time in getting approvals for the same content.
Currently if anyone that has access to posts but not in the approval group, edits time/date or social networks of an approved post, it requires an approval again. Posts with date/time change or adding and removing social networks, when the post has previously been approved should not require an approval. This will also help with pobo so a user can edit the date and time for a post an admin has scheduled on their behalf and it will not require a new approval. This said it was fixed on DEN-431 but tested on 10/31 and it still isn’t working.
High
Requested by Sara/ Sound Credit Union
2953
@Meghana Hermes
14
Migration Plan - As a compliance admin, I want all existing Approval Groups to be created as a sequential approval workflows utilizing one level so that it matches the current review process.
All customers current workflow will be created as a sequential approval workflow utilizing one level. The customer will need to go in and add multiple levels if wanted. The existing default approval group will be assigned as the default post approval workflow
High
2854
15
Migration Plan - As a compliance admin, I want any any user group that has an unassigned post approval workflow or unassigned keyword approval workflow to follow the default post approval and keyword workflow so that all users will have a post approval workflow.
any user group with an unassigned post approval workflow will follow the default post approval workflow and an unassigned keyword approval workflow will follow the default keyword approval workflow in the list of approval workflows. Admins will need to assign workflows to a user group in order to use different workflows based on role.
High
2955
16
17
Force Approval Button
18
As a super admin within the institution, I want a new user permission within the compliance menu called “Force Approval Option” visible, only if the institution checkbox has been enabled in Django.
Any user with the force approval permission enabled, will be able to force the final approval onto a post when they are reviewing it. For example, if a user has “Force approval” permission enabled and they are in the 1st level of the review process, their forced approval will bypass any and all levels of approval.
High
3275
19
As a super admin, I want the ability to force a final approval on posts that I have been assigned based on approval workflow assigned to the user group.
This functionality adds a “force approval” button to the review page (publishing posts, and new “pending tasks” screen only for those who have the “force approval” permission enabled and have been assigned to the review AND the review is pending with them based on the approval workflow assigned.
High
3276
20
As a Denim employee, I want to be able to enable / disable the force approval option for each institution.
Django feature within the institution settings. Currently BOK Financial is the only customer requesting this. If the Django permission is enabled, then the “force approval” permission becomes available inside the institution settings under user permissions. If the Django permission is disabled, the “force approval” permission is not even seen as an option. This is to keep this option hidden for all other customers. We don’t want to promote this functionality but only enabled it for specific use cases when asked for by customers.
High
3277
21
22
Approval Workflow as it relates to parent/child
23
As a parent admin, I want posts approved within the parent institution and added to a child collection to not need approval if a user from the child institution posts without editing.
In this scenario, the parent’s post goes through the approval workflow when added to the content library. That library is published to Collections and made available as a collection to the child institution. If a child selects a post from this collection and makes no changes, then the post should not need additional approval. This is the Cardinal example.
High
@Filip Iversen
Here are the user stories for sequential approval workflow as it relates to parent/child
3036
24
As a parent admin, I want posts approved within the parent institution and added to a child collection to need approval only if edited from the original content of the post.
This is implied from DEN-3036. In this scenario, if the child edits the post, the post will require approval and will need approval as defined by the parent. The child will not have the ability to create approval workflow and assign it to a post.
High
3037
25
As a parent admin, I want posts approved within the parent institution and added to a child collection to need approval only if the child admin has assigned an approval workflow to that user group.
In this scenario, once the parent has created a post and added it to a collection shared with the child, they want to be hands off. It is up to the child to decide whether they want to approve posts from the shared collection whether they are edited or not. (This is the LGA example)
High
3038
26
27
How to Review Pending Posts
28
As a compliance reviewer, I want to be able to see pending reviews that I need to complete so that I don’t spend time looking reviewing each pending review individually to see if it’s my time to review.
This could create unnecessary pain for a reviewer when we add sequential approvals. With sequential approval workflow, the 2nd level reviewer could sign in and look at pending reviews but not be able to take action because they could still be with the 1st level reviewer and vice versa.
High
3039
29
30
Archive Report Updates
31
As a platform admin, I want to see the record of all those who approved or denied a post within the Compliance Archive Report
This needs to support multiple approvers with timestamps of approval or denying of posts.
3255
There are no rows in this table
PROTOTYPE
Compliance Pending Approval Tasks Menu
Story Name
Description
Design
Importance
Notes
In Jira?
dev notes
1
Pending Approval Tasks Visible Only to User from Approval Group
If compliance reviewer checks review tasks, they should only see social posts and content library posts from approval groups they are a part of. The review task will indicate whether it is a social post or a content library post, or a social post that originated from a content library post. Current functionality: any compliance reviewer can see all pending posts but can’t review them unless they are in the approval group and doesn’t know what the approval group is until the post is opened.
How do we make it simple to see if the reviewer is reviewing a post they have to forward on for approval vs a post they can final approve?
High
2697
2
As a reviewer, I want the ability to prioritize posts that are scheduled to go out first so that I don’t approve posts after the scheduled date
A sorting option at the top of the column could make this simple. We want to make sure we don’t make the default view to sort by publishing date. If we did, users who schedule their posts weeks in advance would end up waiting weeks to get their post approved since it would be at the bottom of the review pile.
High
2698
3
Remove Review Capability from Publishing Posts and Content Library
Currently reviewer can see all pending posts in Publishing Posts but can only review those from the approval group they’re in assigned to the post. All review capability should be removed from Publishing Posts but any user who has the ability to see posts should continue see posts pending approval and when viewed see the status of the review as it relates to the sequential approval groups.

We should wait to do this to allow users to get familiar with the new way to review before removing this option.
High
Do we have a problem with existing permissions? Front End - talk to Martin S. Don’t forget email notification for review going to the correct link
2699
4
As a reviewer, I want the ability to see all posts that are scheduled to be posted within 24 hours to be prioritized in the pending approval tasks so that scheduled posts are less likely to not be published when scheduled due to compliance review backlog.
A publishing user can schedule their posts to be posted in the future or to post immediately but because the posts have to go through compliance review, it is possible they could miss the desired publishing time. This will allow the compliance reviewer to see the posts that are more urgent and review those first if they wish.
High
2700
5
As a reviewer, I want the ability for the filter bar to stay on the screen once I select to display it so that I can save time from having to click to view the filter bar each time I visit the pending approvals page.
The goal is to save the reviewer time from expanding the filter bar each time they visit the pending approvals page for those who are always using the filter.
High
2701
6
As a reviewer, I want the ability to filter on post type, created by, posted to (social account selector), tags
This is so the user can apply filters and only see things important to the user when reviewing posts. This will likely become more important as we work with more social sellers and the review backlog is larger for a customer.
High
2702
7
As a reviewer, I want the ability to search by text on the pending approval tasks so I can find a specific post that needs reviewed if requested
Medium
2703
8
As a reviewer, I want the ability to select a date range based on the date the post is scheduled to be published so that I can quickly see these posts based on the date range selected.
High
2706
9
As a reviewer, I want the ability to expand the post I am reviewing to view full screen and if I approve or decline I want to go back to the pending approval page so that I don’t have to spend more time navigating back after completing a review.
This should allow the reviewer to keep going back to the pending approvals page upon completing review. This has been a pain point for several users when reviewing in the publishing posts page today.
High
2707
10
As a user I want the ability to see declined posts on the Publishing Posts Page so that I can quickly decide on whether or not I want to make edits and resubmit
There is no “Declined” tab at the top of the Publishing Posts Page. We should add this so any user who is looking at their Publishing Posts page can see “declined” posts on their page.
Medium
2708
11
As a user I want to be notified of declined posts on the Publishing Posts page so that I am able to quickly make updates and review feedback from compliance reviewer.
If a “Declined” tab is added, the user will not know if there are any posts declined unless they click over to the tab to look. It would be helpful to indicate that there are new posts there that were declined.
Medium
2709
There are no rows in this table
PROTOTYPE

Affected Personas

Name
Link to Description
Affected?
How?
1
Admin Alice
2
Compliance Charlie
3
Producer Pat
Not yet created. This is the role of the loan officer or insurance agent. They have the ability to log in to the Social platform to build and publish posts on their own behalf, and optionally automatically route them through an approval group. Alternatively they have the ability to use content from within a content library without routing through an approval group.
4
There are no rows in this table

Key Flows

Show some mocks/embeds of the experience. Link to any other documentation as necessary. In general, it’s helpful to organize these around certain user journeys / use cases. Show enough of a clickthrough where people can walk away with a reasonable understanding of how the product works.
USER FLOWS
User will set up:
Compliance settings Actions
Users with the permission “Compliance: Review” should be able to only view this product
Users with the permission “Compliance: Manage” will be able to view/edit/delete settings in this product.
Users with the permission “ADV_COMPLIANCE” will be able to view/edit/delete the advance Compliance features (Not Applicable for Standard Compliance)
Standard compliance will essentially be what we already have built for compliance features (Approval workflows with sequential WF, keyword moderation, centralized review tasks, archiving) and will remain available in the publishing solution.

What will NOT be available is: profile lock).
Stand alone Compliance to monitor social networks profiles and posts fetched

Prototypes (old)

Open Issues & Key Decisions

Keep track of open issues / key decisions here. Sometimes, certain decisions are made that might feel controversial; document these here so people know that the discussions have happened and there’s strong awareness of the tradeoffs.
Should we build any compliance-related items for the Advertising and/or Pages solutions? This is limited to Publishing today.
Many of these product requirements are actually applicable for both Advertising AND Publishing... we need to think about the long-term impacts of us developing this within the confines of Publishing-only, when we know there’s a need for these same items on the Advertising solution.
Comments on Ads
Comments replies on ads/ audit trail
Before Sunrise Compliance Advance -?

What are we NOT doing?

A full compliance solution with its own dedicated solution like Publishing and Advertising is today.
Boolean Keyword Operators and Naming of Keyword Groups
Any user that can add or edit keywords “restricted” or “prohibited” can add Boolean operators within one keyword entry
Boolean Operators are simple words (AND, OR, NOT or AND NOT) used as conjunctions to combine or exclude keywords in a search, resulting in more focused and productive results. This should save time and effort by eliminating inappropriate hits that must be scanned before discarding.
Example: A search on stock market AND trading includes results contains: stock market trading; trading on the stock market; and trading on the late afternoon stock market. But stock market or trading alone would not trigger a review
Post Approval Workflow - Review Completion
Admin can define any users in the system to receive post review completion email notification. This will will contain the post details, hyperlink, approved or declined, notes left by any reviewer, and all reviewers who took action on the post.
Restricted Keyword Alerts for content posted natively to a social network

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.