DOCUMENT Strategy Spring 2023

Page 14





Customer Preference vs. Customer

Experience: What’s the Difference?

Register Today!
4 spring.2023 10 Making Your Digital Vision a Reality
choices businesses face when prioritizing digital transformation and communications modernization
12 Digital Signatures: Why Aren’t They Everywhere?
you are in the 20% not currently using them, what are you waiting for?
14 4 Data Types You Can Use to Improve CX
you have a complete understanding of the customer data available to you, you can provide out-of-this-world customer experiences
Managed Security: MSSPs or MDRs
Mostly an organization’s size, budget and nature of required response
determine whether it opts for an MSSP or an MDR
20 Security Testing for Enterprise Content Management Organizations can identify and fix vulnerabilities before they can be exploited by attackers, reducing the risk of data breaches and other security incidents
22 Customer Preference vs. Customer Experience
and understanding the difference between the two
24 Let’s Declare ECM Dead Again The Unified Content Model is a new way to think about managing business content
26 ADA Compliance vs. True Accessibility Unintentional digital barriers prevent people with disabilities from accessing information and programs
TABLE OF CONTENTS 10 16 14 22 26 volume 30 issue 1 | Spring.23 | FEATURES DEPARTMENTS 08 What’s New 30 Think About It SPONSORED CONTENT 05 Turning Conversations into Business Transactions 28 Solution Providers to Stop & See at DSF ‘23

Turning Conversations into Business Transactions

Whether you are trying to handle a request, improve the contract process in sales or purchasing or you are onboarding a new client or employee, the activities are inherently collaborative. Creating, revising, reviewing, approving and signing contracts are tasks that often involve two or more people. Such process-driven collaboration is typically linked to fillable business forms and interactive business documents. Content is drafted, saved and organized with metadata and often requires multiple revision cycles before it is considered complete. The automated and ad-hoc tasks and activities that users need to perform to achieve a common goal are managed by Papyrus.

Organizations Call for Digital Transformation of Forms

1. Locating and manually filling out a paper or PDF form is time-consuming and error-prone for the requester

Use Cases: Self-Service | On-boarding | Request Handling | Claims | Contracts | Registrations

2. Incorrectly entered information causes inefficiencies in the process

3. Re-entering data into other systems costs time, resources and money, and new errors are likely to happen

4. Sending emails with PDF forms containing Person Identifiable Information and other sensitive data increases the risk of fraud and privacy violations as process status and insight gets lost

5. Emailing forms means duplicates and different versions that take up disk space, making it hard to find the current version and adding to the complexity of information governance

The Papyrus DocuFlow solution seamlessly migrates paper and PDF Forms into web forms and replaces emails with workflow and case management.

1. Provide self-service online for customers and employees

2. Migrate paper and PDF forms to HTML

3. Improve user experience and data quality

4. Increase process efficiency and process transparency

5. Sign electronically and digital notarize

6. Automate data exchange through services

7. Govern information and content

Migrating the PDF Interactive Form

Create an envelope template in the Papyrus Business Designer and upload the Interactive PDF Form for analysis and migration. The migration uses a wizard to turn the PDF into web forms for the requester and recipients to get assigned the task of editing, approving, signing, and viewing the form or getting a carbon copy of the optional resulting filled and signed PDF form.

Capturing the PDF or Paper Form

Form classification and extraction definitions are during the migration generated. Automatic handling of remaining incoming PDFs via email or upload is guaranteed.

For PDF Forms that are not interactive or paper-only, the Business Designer Capture is used to define the classification and extract definitions to automate those scanned Forms.

Workflow and Case Management

The Papyrus workflow engine replaces the emails being sent to route the form. Tasks are planned and assigned for persons, roles, or departments, and service tasks automate the execution of integration. Notifications alert participants in the process if steps become due.

Seamless integration with Papyrus Customer Communication simplifies creating and sending documents as a request for additional information or status. The whole process from request-to-closure is taken place in the comfort of Papyrus Adaptive Case Management, making collaboration simple and easing the management of additional content such as emails and other documents.

Utmost Life and Pension opted for a customer Self-Service Portal that connects the front-end with back-office teams, providing access to relevant information and top-notch customer service. The MyUtmost project implemented by the Papyrus team was “our crowning glory and a great success in 2022,” said the CEO of Utmost Life and Pension in his year-end speech.


The Year of the Customer

Here we are in 2023 — Year of the Rabbit in the Chinese Zodiac Calendar — and Year of the Customer for many businesses. In this year of the customer, focus must be on retaining existing customers while at the same time differentiating your organization in ways that attract new customers. I know this is typical of every year and the goal of every business, but it is in the ‘how you are doing this’ that makes the difference.

This is where customer communications and the way this is managed (CCM) can make a significant impact on your level of success. The way you communicate, the messages you send and the interactions you have with your customers and prospects are vital to the overall customer experience. This means that the right message must be sent to the right people at the right time.

In the digital world, CCM must extend beyond just messaging, it must be incorporated into various digital workflows to ensure that when conducting business transactions, the information is complete, and interactions are carried out smoothly. For example, a bank might develop a loan or mortgage campaign targeting a specific audience. Promotional/marketing materials and messages are created, sent and tracked for

results. Once a party is interested, follow-up messages and communications are initiated. As the process progresses to an actual sale, messaging and materials change to proposals, contracts and more. In these cases, information can automatically be generated and in some cases contracts released automatically. Even the use of digital signatures can come into play to finalize a contract. All completely digital.

In this issue, you will find some great articles that will provide insights from industry leaders that will help you begin your CCM journey or enhance the CCM environment you are implementing today. In the Year of the Customer, the focus must be on enhancing the overall customer experience and transitioning to more enhanced communications methods.

Take time to read through this issue, digest the information provided to you and consider the ways you can make CCM work to your advantage.


Chad Griepentrog publisher

Ken Waddell

managing editor

Erin Eagan [ ]

contributing editor

Amanda Armendariz contributors

Ernie Crawford, Scott Draeger, Andy Feest, John Harney, Patrick Kehoe, Bob Larrivee, Gilad David Maayan, Holly Muscolino advertising

Ken Waddell [ ] 608.235.2212

audience development manager Rachel Chapman [ ] creative director

Kelli Cooke

PO BOX 259098 Madison WI 53725-9098

p: 608-241-8777 f: 608-241-8666 email:

DOCUMENT Strategy Media (ISSN 1081-4078) is published on a daily basis via its online portal and produces special print editions by Madmen3, PO BOX 259098, Madison, WI 53725-9098. All material in this magazine is copyrighted ©2023 by Madmen3 All rights reserved. Nothing may be reproduced in whole or in part without written permission from the publisher. Any correspondence sent to DOCUMENT Strategy Media, Madmen3, or its staff becomes the property of Madmen3.

The articles in this magazine represent the views of the authors and not those of Madmen3 or DOCUMENT Strategy Media. Madmen3 and/or DOCUMENT Strategy Media expressly disclaim any liability for the products or services sold or otherwise endorsed by advertisers or authors included in this magazine.

BOB LARRIVEE is a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of e-books, industry reports, blogs, articles, and infographics. In addition, he has served as host and guest subject matter expert on a wide variety of webinars, podcasts, virtual events, and lectured at seminars and conferences around the globe.

SUBSCRIPTIONS: DOCUMENT Strategy Media is the essential publication for executives, directors, and managers involved in the core areas of Communications, Enterprise Content Management, and Information Management strategies. Free to qualified recipients; subscribe at

REPRINTS: For high-quality reprints, please contact our exclusive reprint provider, ReprintPros, 949-702-5390,

6 spring.2023


Paul Abdool is the Global Director of Partnerships at dotCMS, a web content management system platform. He uses his 20+ years of partnership development and communications industry experience, to help partners develop and optimize digital experiences for their customers.

Inducted into the AIIM Company of Fellows in 2019, Bob Larrivee is a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of eBooks, industry reports, blogs, articles, and infographics.

Will Morgan is an experienced industry analyst with expertise in the Customer Communications Services market. As Aspire’s Senior Research Analyst, he works alongside the wider team to provide advice, insight and vital intelligence to the company’s expanding customer base on both sides of the Atlantic. Before joining Aspire, Will worked with Keypoint Intelligence-InfoTrends’ Customer Communications and Business Development Advisory Services.

Pat McGrew helps companies perform better in the print hardware, software and printing services industries. Her experience spans all customer communication channelsand segments including transaction print, data-driven and static marketing, packaging and label print, textiles, and production commercial print using offset, inkjet, and toner. She is certified as a Master Electronic Document Professional by Xplor International, with lifetime status, and as a Color Management Professional by IDEAlliance.

What’s New

Catch up on all the news, opinions, and current events happening around the industry.

Madison Advisors Research Brief

They Say Content is King... Check Out What DSF ‘23 Charlotte Has Planned for You

DSF ’23 Charlotte has created 11 dedicated and focused Educational Learning Pods. You can follow a specific Pod or create your own learning experience by choosing from any of the sessions and workshops being offered. Check out the entire conference agenda to customize your conference program. From 5 keynote speakers to 55+ breakout sessions, 5 dedicated networking events to 45+ industry exhibitors, we’ve got it all covered. You won’t want to miss a single moment of this incredible event. Oh yeah, if you register for the Platinum 3-Day Package, we’ll cover one night of your stay at the Le Méridien Charlotte (a $220 value).

Survey Findings: Companies Recognize Power of Intelligent Automation But Need Help with Transformation

According to new research of more than 400 professionals conducted for Conduent Incorporated, workflow inefficiencies remain one of the biggest business challenges for enterprises. However, the research also shows that lack of internal capabilities and resources create barriers to implementing automation technologies. Other top findings include: 50% of respondents cite too many manual processes as an inefficiency in workflow; 40% of respondents point to convoluted processes or workflows, as key business challenges. To learn more, visit:

“Mastering Requests for Proposals Vendor Selection”

Even for the most seasoned decision maker, selecting a new print service provider (PSP) can be challenging without in-depth knowledge of the printing industry. Drawing on findings from over 100 PSP-focused Best Practices Assessments, Madison Advisors’ research brief, “Mastering RFP Vendor Selection,” presents tools that help enterprises identify partners capable of delivering consistent, on-brand communications in alignment with budget and volume needs. Download the complimentary brief to learn more about Madison Advisors’ three-tier ranking system, methods behind each PSP’s aggregate score and how best practices data can save your enterprises valuable time and energy the next time you’re in the market for a new PSP. To purchase/download the report:

BFMA Announces Lineup of Speakers for 2023 Annual Conference May 22-24

Business Forms Management Association (BFMA) has announced the full lineup of speakers for its 2023 annual conference, taking place May 22-24 at le Méridien hotel in Charlotte, North Carolina: Kelly Halseth, director of forms strategy and management at Alberta Health Services, will be leading two sessions; Ray Killam, BFMA board member and president and CEO of Essociates Group, Inc; Alan Pelz-Sharpe, author of the Amazon bestseller, “Practical Artificial Intelligence,” will lead “Automating Business Processes – Not Yet;”Eric Stevens, who is considered one of the architects behind electronic forms technology as it exists today, is leading two sessions; Margaret Tassin, BFMA board member and president of Forms Doc, LLC. To learn more about the event or to register, visit

8 spring.2023


Andy Feest

Andy Feest, Sr. Manager, Product Management for Opentext, is a 30 plus year professional experienced in Product and Program Management and leading global product, customer support and development teams. With 25 years of experience in the CCM space including consulting and development for enterprise and service providers in the United Kingdom and the United States.

Holly Muscolino

Holly Muscolino is the Group Vice President, Content Strategies and the Future of Work, responsible for research related to innovation and transformation in content solutions, including intelligent document processing, esignature, imaging and printing and other content workflow services at IDC. Ms. Muscolino’s core coverage also includes work transformation, technology & digital skills research, and the role of technology in driving the Future of Work.

Gilad David Maayan

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. He is also founder and CEO of Agile SEO. spring.2023 9


5 choices businesses face when prioritizing digital transformation and communications modernization

Ask a twentysomething if they pay all their bills online and they’ll respond: Is there another way to pay? For a typical 25-year-old, the digital world and real world are intertwined. Born between 1997 to 2012, the newest consumer group of Gen Z are true digital natives — weaned on the Internet, steeped in swipe-and-buy experiences and accustomed to one-day deliveries. When it comes to interacting with organizations, their expectations are

abundantly clear: personalized, swift and seamless customer experiences across every channel.

Most companies already have some digital channels in play, such as email or a portal, but as you’re considering expanding your organization’s digital footprint, the best place to start is by carefully analyzing your goals. Are you just trying to reduce the number of printed communications that go out the door? Are you wanting to give your customers more choices in how they receive communications? Are you trying

to modernize the customer experience? Rather than rushing ahead and implementing each new digital channel as a standalone silo, it’s important to take a more foundational approach and think about how you will meet the evolving needs of today’s customers. Here are 5 key questions to ask to help you make smarter choices when it comes to making your digital vision a reality:


One of the challenges organizations have in adding new digital channels is avoiding fragmentation in the customer experience across different channels. In the past, the typical approach to adding a new channel was to hire a focused team to manage it. This resulted in both strategic and operational silos, slowing down time to market and creating inconsistencies and disconnects throughout the customer experience.

It’s important to ask yourself whether you want to pursue an omnichannel strategy, meaning providing a seamless customer experience across channels, or provide purpose-built communications, where each channel’s communications are built and managed on their own. The choice hinges on your goals and budget, but a nuanced approach that keeps the customer experience in the forefront can save time and money in the long term.

 Omnichannel — In an omnichannel world, the customer experience is continuous across touchpoints, giving customers the flexibility to choose how they’ll interact. This requires an organization to choose a system that enables them to understand the latest interaction and orchestrate the next step in a journey by making the same communication available across all channels.

 Purpose-Built — In this scenario, an organization opts to stand up specialized channels aimed at a specific type of customer communication. With this option, the risk of the silos issue is very real and organizations need to pay special

10 spring.2023

attention to how they will create and manage a library of shared content to support all channels. This is the only way to build personalized communications for each channel and ensure consistency for your brand and customer experience.


With all the buzz around ChatGPT these days, a lot of organizations are having exploratory conversations around the potential of generative AI. With a range of use cases these technologies can support, organizations need to consider how they might incorporate AI into their digital plans. Harnessed correctly, opportunities exist to help streamline business processes, such as content creation and curation of existing content, to create digital renditions and summaries, rewrite content for plain language or readability, and adjust the tone and sentiment. AI can also improve the customer experience by accelerating responses to customers and selecting the right message or response based upon the particular engagement.

Although some organizations might not be ready to go live with some of these solutions today, we recommend you look to the near future and find content management solutions that incorporate these technologies. The potential benefit to both the efficiency of your operations and quality of your customer experience is significant. Organizations that don’t leverage the support that AI can provide will be left behind.


Offering customers the ability to choose their preferred communication channels can improve engagement and lead to reduced customer service costs. A robust preference management capability supports granular preferences on the types and channels

of communication, while making it seamless for you to control.

For instance, if a customer prefers communication via email, but the email bounces, you can provide the option for them to choose whether they want an SMS to notify them that the email has bounced versus a printed letter to be sent out. Some customers might only want to use a specific channel, like SMS, for urgent matters and otherwise prefer print or email for more routine communications.

your communications more accessible enhances customer loyalty and satisfaction and is especially useful with time-sensitive communications.

Providing accessible communications also ensures compliance with standards specified by the Americans with Disabilities Act, the Web Content Accessibility Guidelines and other global regulations and guidelines. Complying with regulations is especially relevant for organizations operating in the public sector, healthcare, financial services, insurance and education.



You need to choose digital services partners that have a proven track record for deliverability, so your content is not treated as spam. With the right standards and encryption, your communications will reach the desired endpoint instead of being rejected. It’s also critical that all communication processes are compliant with laws like the CAN-SPAM Act, GDPR, CASL or other global requirements.


The Centers for Disease Control and Prevention indicates that 26% of adults have some form of disability, such as sight, hearing or cognitive impairments. Your digital communications should be designed and tested with accessibility in mind, so all customers can engage with your services. Making

The new generation of consumers will necessitate innovation across customer communications and experiences. Organizations will remain at a competitive disadvantage if assuming this new cohort will ‘age into’ and ultimately embrace their current communications systems. Your digital transformation should be about more than just turning off print. It’s about adapting today’s technology to create better customer experiences and build loyalty.

You don’t need to transition every communication simultaneously, but you do need to make smart technology choices to avoid having to engage in a rip-and-replace scenario in just a few short years to further modernize experiences. Real transformation happens with a clear digital vision that’s focused on giving customers an experience that takes your brand to the next level.


Executive Vice President of Product Management for Messagepoint,

Inc. an AI-powered customer communications management solution that automates and simplifies the process of migrating, optimizing, authoring and managing complex customer communications for non-technical (business) users. Patrick has more than 25 years of experience delivering business solutions for document processing, customer communications and content management. spring.2023 11
It’s about adapting today’s technology to create better customer experiences and build loyalty.


If you are in the 20% not currently using them, what are you waiting for?

Digital signatures have been around for a few decades now and adoption, while steady, is still not as widespread as predicted. In a recent article written by Jesse Wilkins for AIIM titled “Digital Signatures 101 – Drivers, Barriers, and User Research,” Jesse points out that only 80% of his respondents are making use of digital signature technology. Given that the United States and other countries have recognized digital signatures as legal, you would think that businesses would move quickly to implement this technology to help streamline their operations. Yet, 20% have yet to transform this aspect of their business processes.


Given legality is less of an issue today than it was decades ago, many

people are still unaware that digital signatures are considered legal. When asked how this can be verified, I often point to the Electronic Signatures in Global and National Commerce Act of 2000, and the Uniform Electronic Transactions Act.

Additionally, I point to the fact that in our everyday lives, we are willing to sign a tablet using our finger for anything from retail purchases to confirmation of receiving a package. In one conversation, the person I was talking with indicated that it was OK in their personal life, but in their industry, the risk of fraud was too high and digital signatures was not a direction they were willing to take. What I see here is human reluctance which led me to discuss the technology, regulatory requirements for that industry and operational processes for that organization.

When we started to dive into the processes, we found many opportunities where digital signature would provide great benefit, and the current situation interrupted digital workflows by requiring one to print a document, sign it, then scan that document back into the system and process. (Why have a digital workflow if you are going to stay with analog activities?)

From a technology perspective, there are many ways to validate the signature, secure the transaction and maintain a record of the chain of custody during the process. There are ways to prevent documents from being altered post-signing or invalidate the authenticity should change occur. My point being that the digital signature provides a higher level of security than a physical signature. If you are using tablets to capture a signature, there are ways you can capture biometric

12 spring.2023

characteristics like pen pressure, acceleration and deceleration when signing, and of course the geometry of the signature.


The greatest challenge for using digital signatures in business operations is primarily the human element — lack of awareness regarding legality, lack of understanding the available technologies causing reluctance to use them, poor insight into existing business processes and the fear of non-compliance in adhering to regulatory requirements.

For many situations, there is no clear reason preventing the use of digital signatures as part of daily business operations. Even within the banking community, loans, mortgages and many other transactions are being conducted remotely, using digital signatures. These organizations, while heavily regulated, took the time to research technology capabilities, identify areas of

opportunity to implement digital signatures, refine their business processes, and align their efforts to meet regulatory requirements. This is not a oneday event, and it requires commitment to move the organization forward.

80% bracket of those using digital signature today, congratulations, keep up the good work, and try to find new areas to expand its use. If you are in the 20% not currently using it, what are you waiting for? At minimum, you could assess where and how it can be used and do some research to see where this could take you.

Digital signatures have and are being used by many organizations to lower operating costs, increase productivity, maintain secure information within digital workflows and improve the overall customer experience. If you are in the

BOB LARRIVEE is a recognized expert in the application of advanced technologies and process improvement to solve business problems and enhance business operations. In his career, Bob has led many projects and authored hundreds of e-books, industry reports, blogs, articles, and infographics. In addition, he has served as host and guest subject matter expert on a wide variety of webinars, podcasts, virtual events, and lectured at seminars and conferences around the globe.

At minimum, you could assess where and how it can be used and do some research to see where this could take you.


In terms of high-flying innovations, 2023 looks to be an amazing year for space technology, with more than 150 launches scheduled to blast off from China, French Guiana, India, Japan, Kazakhstan, New Zealand, Russia, United Kingdom and the United States. Space technology is fast becoming reusable, just like your data and technology is more reusable as your digital transformation initiatives progress. There are three noteworthy types of available customer data that can be creatively combined to launch customer experience (CX) improvements. Ready to start the countdown?

T minus 3. Third-party customer data: Third-party data is purchased from an outside source that specializes in selling data. While most people initially think of purchased prospect lists, third-party data is often purchased to enrich existing data with demographic, financial, behavioral, purchases, attitudes or other valuable targeting data. Governance for

third-party data will require more and more effort, as third-party data requires that you ensure your vendors are compliant with laws like GDPR and CCPA (California Consumer Privacy Act). As leading browsers remove support for third-party cookies, you may want to prioritize other data sources.

2. Second-party data consists of your partners’ customer data that is exchanged for mutual benefit due to overlapping audiences or aligned business interests. For example, a utility may have an agreement with a smart home retailer to share customer names (with a well-governed partner opt-in permission policy) for a campaign to promote energy efficiency to defer a power plant investment. Your customers may see this as the checkbox for “sharing data with partners” or some text deep in a clickthrough on common digital interactions. Second-party data is often used for audience sharing and can be a great source of prospect validation or data augmentation for existing customer records.

1. That brings us to first-party data, which is data collected by you about your customers’ interactions with your business, but not deliberately provided to you by your customers. Some examples of first-party data include purchase history, website visitation stats, CRM data, returns or exchanges information, customer lifetime value, synthetic NPS scores, read/unread email status, contact center data, location data, payment data, corrected address information, contact information and social media stats. This is data that you’ve collected about your customers from your side of the engagement. While not explicitly provided by the customer, it is a direct result of something you do for them or possibly a by-product of your normal operations.

0. Zero-party data: It’s time to get the most important type of data off the launch pad. Zero-party data is about to become the most important type of data in your organization as regulations create new rights for your customers and corresponding obligations for your

14 spring.2023
By Scott Draeger
When you have a complete understanding of the customer data available to you, you can provide out-of-this-world customer experiences

organization. Zero-party data is explicitly and knowingly provided to your organization by your customer. This includes their communication preferences, text provided with chatbot interactions, preferred pronouns, bank account information, verbatims from call recordings, favorite color, answers to online quizzes, star ratings, NPS survey responses, images uploaded or other self-reported personal information.

Just like in a rocket launch, the work doesn’t get any easier at the end of the countdown. There’s a lot of heat, light and noise. To use the data, you must know that it exists. Then, you have to find the data. Once it’s discovered, it must be accessible. If it’s accessible, then it must be governed to ensure compliance. Once it’s governed, it can be integrated and used to improve customer experience.

Your customer experience teams should be aware of the myriad data sources in your organization at a superficial level. Look beyond your CRM

system for useful customer data. Check your knowledge platforms, support systems, chatbot logs, survey platforms, warranty claims, marketing bounce back lists and social media reports. Most of these data sources live in silos and the silos often exist for good reasons of governance, technical capabilities, budget ownership, acquisitions or other business reasons.

At Quadient, we routinely look for interesting patterns across systems. Recently, we checked our customer certification program data from our knowledge management platform against data from the CRM system and customer support systems to identify customers who earned technical certifications from previous employers. This CX project improved long-term engagement with Inspire users who had attained certificates at multiple employers. Using all four types of data within strict governance policies, this project boosted the experience of current users by recognizing the achievements made

over the entire arc of their careers. Many of your customers, just like many of our CCM technology users, have years of experience that may span multiple employers, but to make this connection you must know your data, find your data, govern your data and create integrations that turn that data into meaningful experiences.

When you have a complete understanding of the customer data available to you, you can provide out-of-thisworld customer experiences.

Officer at Quadient. He joined the digital document industry in 1997, after graduating from UNLV. He started as a document designer using a collection of hardware and software technologies, before moving to the software side of the industry. His broad experience includes helping clients improve customer communications in over 20 countries. He earned his MBA in 2007 from the Lake Forest Graduate School of Management.

SCOTT DRAEGER, CCXP, M-EDP, is Customer Experience


Mostly an organization’s size, budget and nature of required response will determine whether it opts for an MSSP or an MDR

In 2020 a Russian cyber-espionage group hacked the supply chain of SolarWinds, a large software firm that sells Orion network management products to more than 30,000 customers worldwide, including IT giants like Microsoft and Intel, as well as major telecoms, Fortune 500 firms and, most alarmingly, government agencies with sensitive information like The Pentagon, National Security Agency, and even the Office of the President. The hackers introduced malware into updates to the Orion software to access SolarWinds’ customers’ networks, systems and data. The infected updates spread naturally to SolarWinds’ supply chain partners

and, because SolarWinds’ customers used it to manage their own customers’ networks, systems and data, the hackers breached those, too.

It was the most extensive cyberattack of this century, but it resulted from a miniscule act of carelessness — a SolarWinds intern used a weak password on his computer and created a vulnerability the hackers exploited.

If the company had used an MSP, the hack would never have happened.


Cyberattacks have been on the rise every year since the early 2000s, and in keeping with the major information technology developments of the age, the following types have gotten more common:

Network intrusion. The more Netenabled organizations became, the greater their threat surface grew. Like SolarWinds, they had thousands of egress points that presented potential vulnerabilities for hackers.

Phishing. As network traffic compounded, users were overwhelmed and less rigorous about opening strange emails and other communication. Hackers phish by sending genuine-looking communication to coerce recipients to open a file or follow a link that implants malware on their devices. The malware creates a vulnerability so hackers can perform identity theft by appropriating victims’ banking or other information they then use to steal funds from bank accounts or carry out other nefarious activity. Hackers now even use machine learning to create and distribute many more fake messages, so the likelihood that recipients will open them greatly increases.

Hackers target organizations’ clouds now that organizations are migrating

more content to the cloud. Clouds may lack security, say, like encryption or authentication if IT departments lift and shift content but not security to the cloud. Many organizations have multicloud or hybrid cloud environments with services from multiple providers. These environments are difficult to secure.

Hackers target remote workers in hybrid work environments who may be lax about securing their own devices or whom IT staff have been lax in securing.

Ransomware is rampant now. Hackers either steal and encrypt a company’s data then demand a ransom to have it returned, or they do the same with sensitive data and threaten to publish it if ransom isn’t paid.

Digital transformation exposes more data in digital form to create a greater threat surface. Organizations may not scale security sufficiently to guard against hackers exploiting new vulnerabilities.

Internet of Things projects proliferate smart devices and internet connections to them, which creates a larger, less manageable threat surface. Hackers use devices near victims such as their smartwatches to indirectly hack into data on computers and phones.

Hackers are leveraging advanced artificial intelligence for more sophisticated hacking using deepfakes and synthetic audio and video to dupe companies into revealing information.

Almost always, cyberattacks originate outside the organization. Security breaches from the inside are due mostly to vulnerabilities resulting from poor security practices and policies. An organization may economize on security training, so workers can’t spot, say, obvious phishing attempts or use weak passwords. spring.2023 17


When shopping for MSPs, organizations can generally differentiate between the two types per several requirements.

MSSPs are better for organizations that:

 Are cost-constrained

 Are SMBs

 Have a modest threat surface

 Have less complex infrastructure

 Don’t need 24x7 coverage

 Have in-house staff to respond to alerts

 Can tolerate longish response times

 Need alerts-only service

 Have an abundance of time to track and fix a multitude of alerts

 Don’t have partners and suppliers a breach would harm.

MDRs are better for organizations that:

 Are not cost-constrained

 Are larger enterprises

 Have an extensive threat surface

 Have complex infrastructure

 Need 24x7 coverage

 Need security experts to supplement in-house staff

 Need fast response times with no business disruption

 Need deep sophisticated service

 Want a customized solution

 Have partners and suppliers a breach would harm.

Most organizations still rely on a single username and password to access their systems and forego the better security of two-factor authentication. They may not invest in the best security tools, say, for network monitoring and management. They may not secure network devices like routers and office ones like printers that can be exploited to hack computers. IT staff may not prioritize software upgrades and security patches to fix vulnerabilities. They also may fail to perform regular data backups to multiple locations to ensure that a copy of data stolen from one location is still available elsewhere, so they aren’t vulnerable to ransomware attacks. In hybrid work environments, IT staff may fail to secure employees’ own devices or to provide them with tools like password managers. They may have adequate security policies but don’t enforce them.

automated monitoring and management of security devices, systems and networks. Services include managed firewalls, intrusion detection and virus protection generally for a contracted time of day — say, peak business hours. They react to attempted or actual breaches and automatically send alerts to the customer — but the customer must respond to them and address damage done.

In any case, new technologies and practices are creating more expansive and complex digital environments. The resulting threat surfaces are always changing, so they’re never impregnable.


There are two types of Managed Security Providers to which enterprises can outsource security for a fixed predictable monthly price and cut costs by retaining fewer security personnel. Both types detect and respond to security incidents. Managed Security Service Providers (MSSPs) provide

Managed Demand Response providers (MDRs) also use technology to do monitoring and management but supplement these methods with onsite or remote security staff who perform activities like proactive threat hunting. Humans monitor and respond to more of the customer’s infrastructure — from smart phones to hard drives, operating systems to networks, and clouds of various vendors — and do 24x7 security. They also provide professional services like customizing an organization’s security solution. They use more, and more advanced, forensic tools than MSSPs, so they can do deeper analysis of complex infrastructure. Analysis determines the type of incidents and posts them ranked by severity to a dashboard. Filtering winnows down alerts, say, by spotting false positive alerts and weeding out duplicates so staff don’t burn out from relentlessly investigating alerts. MDRs, not the client, respond to breaches, and almost instantaneously, so they preempt damage. The nature of the response is defined in the service contract and can range from a simpler one like defined actions on a limited set of assets to a complex one like doing whatever needs to happen anywhere to secure the enterprise. When budgeting for services from either provider, organizations’ are best served doing so based on risk –that is, mitigate the threats with the

Hackers, of course, study the behavior of MSPs and adapt their strategies and tech to circumvent new security measures.

greatest potential for damage, rather than those with a high likelihood of occurring. Customers can then pick an MSP with the unique expertise for securing that content. For instance, a customer storing most sensitive content in a multicloud environment would want a provider with security certifications from the major cloud providers.


Renting managed security from specialists is almost always cheaper, faster to deploy, and more likely to provide bulletproof security than building solutions. There is a severe shortage of highly qualified security experts in the IT industry, and the emergence of new computing models like cloud computing, work models like hybrid workplaces, and more advanced technologies like AI have only exacerbated the skills deficit.

MSPs meanwhile continue to innovate. For example, MSSPs can transform into what are called Master MSSPs. As well as serving their business customers, they rent practices and tech to customer MSPs so the latter eliminate the cost of building a service, grow quickly and further cut costs and improve performance with better economies of scale.

Hackers, of course, study the behavior of MSPs and adapt their strategies and tech to circumvent new security measures. Cybercriminal gangs have even emulated the managed security model to better combat MSPs – they’ve developed hacking solutions they sell to other hackers who supplement them with their own expertise to better hack their preferred target organizations.


A cyberattack can be catastrophic for an organization in terms of money and customers lost. Renting security for thousands a month can avert losses in the millions in a minute and prevent irreparable harm to an organization’s reputation that causes customers to leave. The value proposition for managed security could not be more compelling. Doing security any other way should be the exception, not the rule, for organizations operating in today’s threat-intensive cyberspace.

JOHN HARNEY is President of SaaSWatch, a SaaS consultancy and IT journalism service where for over 30 years he’s consulted and reported on SaaS business strategies, technology and use cases and intelligent information management across all markets. He’s particularly focused on technologies related to Cloud, SaaS, AI and Content Services. You can reach him at 240.877.5019 and



Organizations can identify and fix vulnerabilities before they can be exploited by attackers, reducing the risk of data breaches and other security incidents

Enterprise Content Management (ECM) is a set of strategies, technologies and tools that organizations use to manage, store and access electronic documents, images and other types of digital content. The goal of ECM is to support the creation, capture, storage, distribution and use of digital content in a way that is efficient, secure and compliant with relevant laws and regulations.

ECM systems typically include a range of features and capabilities, such as document management, workflow

management, version control, records management and collaboration tools. They may also integrate with other systems and applications, such as customer relationship management (CRM) and enterprise resource planning (ERP) systems.

ECM is used by organizations in a variety of industries, including healthcare, financial services, government, and manufacturing, to improve the efficiency and effectiveness of their business processes. It can help organizations better manage the vast amounts of digital information they generate and

handle on a daily basis, and ensure that important content is easily accessible and properly protected.


There are several security challenges that organizations must consider when implementing an Enterprise Content Management system:

Data breaches: ECM systems often store sensitive and confidential information, such as financial records, customer data and intellectual property. If this information is not properly protected, it could be accessed by

20 spring.2023

unauthorized individuals, leading to data breaches and potential legal and reputational consequences.

Insider threats: ECM systems may also be vulnerable to insider threats, such as employees who intentionally or unintentionally leak sensitive information or access content they are not authorized to view.

Unsecured data transfers: When transferring data between systems or devices, there is a risk that the data could be intercepted by third parties. This risk can be mitigated by using secure protocols and encryption when transferring data.

Lack of access controls: ECM systems must have robust access controls in place to ensure that only authorized individuals can access sensitive content. This includes measures such as user authentication, role-based access and permissions management.

Compliance risks: ECM systems may be subject to various laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union and the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Failing to comply with these regulations could result in fines and other penalties.

To address these security challenges, organizations should implement robust security measures and controls, including data encryption, access controls and regular security audits. They should also ensure that their ECM system is properly configured and regularly updated to protect against emerging threats.


Security testing is a type of software testing that searches for security vulnerabilities in applications. Security testing is mainly concerned with identifying weaknesses in applications that attackers can exploit. Security testing can be done manually or using software tools — this is known as automated security testing.

Security testing is a structured process of evaluating system security, identifying potential security

vulnerabilities, and recommending how to remediate them. Modern development teams are incorporating security testing into the software development lifecycle (SDLC) to uncover security issues early in the development process and prevent real-world attacks.

The main purpose of security testing is to identify threats to a system, measure potential vulnerabilities and prevent threats from causing a system to fail or be exploited.


SCA: Software Composition Analysis (SCA) is an application security methodology for managing open source components introduced into a software project. SCA tools can discover all relevant components, supporting libraries with their direct and indirect dependencies. They can also detect software licenses, deprecated dependencies, vulnerabilities and potential exploits.

The scanning process creates a bill of materials (BOM), providing a complete inventory of a project’s software assets, which can be important for compliance purposes.

Penetration Testing: Penetration testing is an advanced security testing method that combines dynamic scanning tools with manual exploit techniques to find vulnerabilities. A penetration tester, just like a real attacker, attempts to gain access, steal data or cause service disruption. This is a more advanced technique than SAST or DAST and can expose more risks to your application, when executed by an experienced team.

SAST: Static Application Security Testing (SAST) is a method of scanning source code. There are many SAST tools that can help you identify security risks in your code. However, SAST produces a lot of false positives, so it is necessary to carefully analyze and filter the results to identify real vulnerabilities.

DAST: Dynamic Application Security Testing (DAST) finds gaps through remote testing of deployed and running code. DAST tools attempt to find

vulnerabilities by sending malformed or malicious requests to an application. It analyzes actual application responses and looks for failures or gaps in security mechanisms. Using both DAST and SAST can significantly improve your ability to detect security issues in the build process.

IAST: Interactive Application Security Testing (IAST) analyzes code for security vulnerabilities while an application is running, either by automated testing, human testers or actively simulating application functionality. This technology reports vulnerabilities in real time, without adding any overhead to the CI/ CD pipeline.

IAST differs from SAST and DAST in that it operates within an application, usually deployed as an agent. These types of tests do not test the entire application or codebase, only specific functional areas.

In conclusion, security testing should be part of any Enterprise Content Management strategy. By evaluating the security of an ECM system, organizations can identify and fix vulnerabilities before they can be exploited by attackers, reducing the risk of data breaches and other security incidents.

There are several types of security testing tools and techniques that organizations can use to evaluate the security of their ECM systems, including vulnerability assessments, penetration testing, security audits and risk assessments. By regularly conducting security testing and implementing robust security measures, organizations can ensure that their ECM systems are secure and that sensitive data is properly protected.

GILAD DAVID MAAYAN is a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Check Point, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO, the leading marketing agency in the technology industry. LinkedIn: @giladdavidmaayan. spring.2023 21


As an avid movie goer, I regularly visit my local cinema for the latest release, blockbusters, or smaller independent films. Recently it occurred to me that my ticket purchase behavior had narrowed to a single provider directly due to the whole end-to-end experience. This helped clarify for me the importance of experiences in addition to preferences when it comes to customer loyalty, and what that means for customer communication processes. Let me explain what I mean.

These days, most event tickets are bought online (web or app-based), and this was the case with all my movie going purchases. For the longest time I used both a third-party provider and my theatre’s own website or app interchangeably. Both had preferences figured out as part of the booking process, with choice of movie, number of tickets by type, and then seat selection before choice of payment method and ticket delivery method. But it was this last step of ticket delivery preference that changed my behavior and led me to favor just one of the providers. It was down to experience.

Both services offered the tickets delivered to your mobile phone, so the device screen can be scanned by the theatre staff on entry. But for one site, the third party, I was provided a ‘send to phone’ link via a button. When clicked it requested you enter your phone number, twice for accuracy, which then sent a text to your phone. The text itself was just a hyperlink back to the providing website to display the 2D movie ticket barcode on your phone. Now the theatres own booking system had a link too, but this one was an integration into my phones wallet service directly. With one click I had my tickets on my phone, no text and certainly no extra clicking and steps. This doesn’t sound like too much of a difference, but the phone wallet app automatically enlarges the barcode while simultaneously adjusting the screen brightness to assist the scanning. When walking into the darker area of the theatre to have the ticket validated, the ability to pull out my phone and with the click of an app have the barcode ready

22 spring.2023
Recognizing and understanding the difference between the two

to go was a winner. It’s much more seamless than finding a text, clicking the link and perhaps enlarging the screen or adjusting brightness to allow the scanner better operability, all while a line of other customers wait behind me!

So that small difference feels like a much larger one. One where my experience is ultimately improved and consequently, I now far prefer direct booking with the theatre over the third-party site. My life is made simpler with one, and that feels better to me. The experience factor wins out.


So how does this relate to your customer communications and business?

Customer preference refers to the specific needs, wants and choices of your individual customers. It’s the set of factors that make your customer choose one product or service over another, such as price, quality, brand and features. Customer experience, on the other hand, refers to the overall perception and impression the customer has of your company and its products or services. It encompasses every interaction they have with your company, from the first time they learn about it to post-purchase follow-up, and includes elements such as convenience, responsiveness, reliability and emotional connection.

Customer preference and customer experience can sometimes be confused. They are certainly closely related and can and do impact each other. Your customer’s experience with the company may influence their preferences, and vice versa. For example, they may have a positive experience with your company and as a result, develop a preference for your products or services over competitors. Essentially customer preference is about what customers want, while customer experience is about how they perceive the company and its offerings. Both are important for your company to understand and prioritize to meet the needs of customers and build long-lasting relationships.

For decades now, your communication processes have been very

specifically customer-focused. Long gone are the days where the communication, be it a statement or general correspondence, was barely more than a standard mass replicated form. These days, we recognize a communication as one of the many direct touch points your company has with its individual customers, and the importance of making each opportunity feel like a personal connection.

preference, the data collected about a customer can reveal their specific needs, such as the products or services they are interested in, their preferred method of communication, and the type of content they prefer to receive. By using this data, you can tailor your communication to the individual customer and deliver a personalized experience that meets their needs and preferences. Yet in terms of customer experience, using customer data to personalize your many communications can help to create a more seamless and enjoyable experience. When a customer receives a communication tailored to their individual needs and preferences, they are more likely to feel understood and valued, which can help to build trust and loyalty.

This may be achieved by adding additional content in a statement that offers applicable upgrades or related products based on the customer’s history as an in-communication marketing-based personalization. More typically, the focus has been on giving your customer choices and allowing them to feel in control. For example, some customers may prefer to receive communication through email, while others may prefer text messages or phone calls. Another example of preference could be in their desired frequency or timing of the communication. Understanding preferences can help your company communicate more effectively with your customers and ensure they receive the information they need in a way that is convenient for them.


Using customer data to personalize a communication can be an example of both customer preference and customer experience. In terms of customer

Overall, using customer data to personalize communication can improve both customer preference and customer experience. It allows all companies to deliver a more tailored and relevant experience that meets the needs and preferences of individual customers. However, it is important to distinguish between the two, as companies need to understand both to effectively meet the needs and expectations of their customers. A company may focus on providing a great customer experience, but if it does not align with the customer’s preferences, the customer may not choose to do business with them. Similarly, a company that prioritizes providing products or services that meet customer preferences but offers a poor customer experience could result in a dissatisfied customer looking for alternatives.

Preference and experience: two sides of the same end goal coin when creating delighted, loyal customers.

ANDY FEEST, Sr. Manager, Product Management for Opentext, is a 30 plus year professional experienced in Product and Program Management and leading global product, customer support and development teams. With 27 years of experience in the CCM space including consulting and development for enterprise and service providers in the United Kingdom and the United States. spring.2023 23
Customer preference refers to the specific needs, wants and choices of your individual customers.


The Unified Content Model is a new way to think about managing business content

In 2017, Gartner declared ECM as “dead” and began referencing content services platforms (CSPs) instead. But ECM wasn’t really gone, it was simply renamed, as vendor after vendor began reengineering legacy on-premises ECM solutions for cloud and services architectures. These new approaches promised cost savings, faster time to value and modularity that enabled the creation of purpose-built solutions for specific use cases.

Fast forward to 2023. The transition to the cloud and services architectures has expanded and matured, accelerated by the unprecedented pandemic and shift to hybrid working models. Cloud, artificial intelligence (AI), and these new services-based architectures have made the legacy categories of capture, enterprise content management (ECM), content sharing and collaboration (CSC), digital asset management (DAM) and web content management (WCM) truly obsolete. It’s time to declare ECM truly dead — again. Organizations need a new

category of technology solutions for managing content.

The reality is that these older labels refer to a set of use cases which are all supported by a common library of content services. Therefore, IDC is proposing a new way to approach the content supply chain— a Unified Content Model that supports a common set of content-related services related to security, governance, archiving, measurement and analysis as well as the tasks to manage the supply chain stages shared by all content applications. The model also recognizes the need for sets of specialized services that may only apply to certain types of content or use cases. These services can be accessed and utilized via low-code/no-code tools to construct solutions for explicit jobs to be done that lead to specific business outcomes. In other words, the job to be done is separate from the supporting “plumbing” underneath. Solutions based on the Unified Content Model will orchestrate the content supply chain throughout the organization.


The Unified Content Model has the following components:

 Interface to One or More Data Repositories: Repositories include structured and unstructured data, including text, image, audio, video, QR code assets and atomic componentized content.

 Measure/Analyze: A library of services to measure the usage and effectiveness of content. There is a closed feedback loop between measurements and the experiences that present jobs to be done.

 Manage: A set of services that are common to all use cases, including version control, templates and permissions management.

 Domain–Specific Metadata Model: Common metadata that is shared across the content supply chain to facilitate interoperability, processing and personalization.

 Plan, Produce, Publish, Promote: Categories that correspond to the “verbs” that describe actions performed on content as it traverses the supply chain journey. (These are a set of services that may be chosen for a specific job to be done. These activities may be accomplished by a human, a machine or both.)

 Jobs to be Done: These are the content-centric activities that lead to specific business outcomes. Activities vary widely. Examples include everything from retaining and disposing of documents correctly to communicating financial results, to updating product information or streaming episodes at a virtual event.

 Delivery Channel: Content may be delivered via a broad range of channels or edge devices — frequently delivered via more than one — depending on producer and consumer preferences. Content must be responsive and displayed in a manner that is appropriate for the channel.

 Experience: This layer describes the final recipient of the content. Note that recipients can be humans or technology.

24 spring.2023

o Audience App Experience

– Consumption/usage by employees, partners citizens, patients, students, accountholders and other end users

o Industry App Experience –Consumption/usage by industry users or applications, for example healthcare systems and portals, banking or insurance policy systems

o Departmental App Experience

– Consumption/usage by the business user or business application, such as enterprise resource management (ERP) or human capital management (HCM)


Solutions architected according to the model will increase operational efficiency by eliminating content silos and duplicative applications and/or platforms. This will afford multiple benefits to organizations:

 Enforce a common brand and company “voice”

 Support a 360-degree view of the customer

 Provide efficiency in content creation, management and reuse across solutions and applications

 Scale in using best-in-class cloud-based services

 “Future proof” technology by making it easier to add or substitute services and delivery channels

 Improve the overall experience for both content producers and content consumers

 Reduce redundancy in content storage


In IDC research early in 2022, 46% of respondents indicated that improving operational efficiencies is the top business objective for content services investments. Of course, organizations can’t scrap existing workflows and related solutions overnight, but as modernization initiatives progress, organizations should adopt the Unified Content Model as a blueprint for that modernization. We are seeing implementations of the model appear in the marketplace as technology vendors leverage the opportunities afforded by cloud computing and

services-based architectures to redesign the content repository and open it up for interplay between systems and actions.

How do you get started? Begin by evaluating your current content-centric workflows, stakeholders and applications asking the following questions:

 What content is your organization creating and for what purpose? How much of that content is redundant (or worse, uncontrolled)?

 What content can be (or should be) reused and/or used for multiple purposes?

 Who is producing, reviewing, approving, delivering the content? In other words, who participates in the content supply chain? What actions must be performed on that content?

 How is that content updated, revised, retained, redistributed, disposed of?

 Who (or what) is consuming the content and when?

 What integrations are required with other enterprise systems?

 How are you measuring the use and effectiveness of your content? How do you know what is working and what is not?

Once you answer these questions, develop a plan to architect a solution that maximizes the storage, analysis, management and data descriptors of content based on the Unified Content Model with your developers, vendors and/or partners. And don’t neglect the human factor — develop a migration and change management strategy to minimize disruption.

ECM is dead! Long live the UCM!

HOLLY MUSCOLINO is the Group Vice President, Content Strategies and the Future of Work, responsible for research related to innovation and transformation in content solutions, including intelligent document processing, esignature, imaging and printing and other content workflow services at IDC. Ms. Muscolino’s core coverage also includes work transformation, technology & digital skills research, and the role of technology in driving the Future of Work. spring.2023 25


with certain disabilities from entering a building. These unintentional digital barriers prevent people with disabilities from accessing information and programs to which they have an equal right to access.

Quite often, compliance and accessibility are confused with usability. A document can be made compliant with accessibility standards and still be unusable by the end user. For example, if an instructional manual that has 5 pages of text is really 5 pages of scanned images with associated, limited, alternate text that read, “Page 1, index,” “Page 2, manual details,” “Page 3, more details,” etc., then the content of these pages is useless to a screen reader user, even though the document might pass an automated compliance tester. When making information compliant with accessibility standards, it is imperative that they are usable, too. This constitutes true accessibility.


Organizations fail when they try to make ADA compliance a list of checkboxes. True accessibility is about providing a usable experience to people with disabilities who have real needs. Accessibility is social responsibility with common sense that companies need to take seriously.

People with disabilities navigate websites and documents in a variety of ways. People who are blind or partially sighted use screen readers to navigate a digital document. People who are deaf or hard of hearing use captioning

or sign language for videos, online presentations and podcasts. People whose disabilities affect their ability to use a mouse and/or keyboard, use voice recognition software to control their computers and other devices with verbal commands.

Websites and documents created by architects, designers and content creators without disabilities unintentionally create unnecessary barriers that make it difficult or impossible for people with disabilities to navigate those websites and documents. This is not any different than physical barriers, such as steps, that prevent people

ADA Title III website compliance is difficult because the law doesn’t specify what is needed to make a website accessible. As Former Assistant Attorney General Stephen Boyd wrote to Congress, “Absent the adoption of specific technical requirements for websites through rulemaking, public accommodations have flexibility in how to comply with the ADA’s general requirements of nondiscrimination and effective communication. Accordingly, noncompliance with a voluntary technical standard for website accessibility does not necessarily indicate noncompliance with the ADA.”


In the US, the legal environment makes it advantageous for someone with disabilities to sue businesses under ADA Title III. If the verdict is in favor of the plaintiff, then the defendant must pay the plaintiff’s legal fees. The person suing has nothing to lose by filing a lawsuit. This simply means that organizations need to make public-facing information accessible to avoid expensive legal repercussions and damaging the company name.

26 spring.2023
Unintentional digital barriers prevent people with disabilities from accessing information and programs


The US government is flexible in how businesses comply with the ADA’s general requirements of nondiscrimination and effective communication, which applies to digital (website and document) accessibility. Therefore, organizations can choose how their programs, services and goods provided online are accessible to all people with disabilities.

The Department of Justice (DOJ) often refers to existing technical standards to provide helpful guidance for digital accessibility. These include the Web Content Accessibility Guidelines (WCAG) and the Section 508 Standards, which the federal government uses for its own websites. Currently, WCAG 2.1 is the best measure of website accessibility.

WCAG 2.1 guidelines have a threetiered grading system:

 Level A: Website is only accessible by some users

 Level AA: Website is accessible by almost all users

 Level AAA: Website is accessible by all users

WCAG 2.1 has four core principles for accessibility, which is where common sense is needed for usability and true accessibility—and not a checkbox compliance system.

1. Be perceivable — All users need to have the ability to perceive all information that appears on a website. That includes text, images, documents, videos, downloadable files, etc. For example, if a website user is blind or partially sighted, there needs to be an option to listen to the text. If they are deaf or hard of hearing, then closed captioning is required. Sign language is optional.

2. Be operable — All website users need to be able to navigate the website with ease and use any tools provided, e.g., search. That means there must be multiple methods to search the website, retrieve the results and ingest them.

3. Be understandable — Website and document users need to be able to understand the information they are accessing, whether that be

reading captions or listening via a screen reader.

4. Be robust — People with disabilities need to have the same digital experience as those without disabilities. Therefore, all content, no matter how it is delivered, needs to be universal. That means images need robust descriptions, read order must be correct and all content provided should have the same full user experience.


Once an organization realizes the importance of making a website and its contents both compliant and usable, there are things that need to be considered — and avoided — in order to make this happen. These are:

Poor color contrast: People with limited vision or color blindness cannot read text if there is not enough contrast between the text and background, such as yellow text on a light gray background.

Use of color alone to give information: People who are colorblind can’t distinguish certain colors from others. This makes it difficult for them to access information that is conveyed using only color cues. Also, screen readers do not tell the user the color of text on a screen. A person who depends on screen readers to ingest information will not know that color is meant to convey certain information.

Lack of text alternatives (“alt text”) for images: People who are blind or partially sighted will not be able to understand the content and purpose of images, such as photographs, illustrations and charts, when no text alternative is provided. Alternate text conveys the purpose of images, photographs, illustrations and charts.

No captions on videos: People with hearing disabilities will not be able to understand information communicated in a video if the video does not have captions.

Inaccessible online forms: People with disabilities will find it difficult to complete, understand and accurately submit forms without things like:

 Labels that screen readers can convey to their users (such as text that reads “credit card number” where that number should be entered)

 Clear instructions stating how to complete the form

 Error indicators, such as alerts telling the user to complete a missed or incorrect form field

Inaccessible PDF documents: People who are blind or partially sighted use screen readers to read text aloud. PDF documents that are created by scanning documents and, thus, creating an image, are not accessible and, therefore, need to be remediated to make them accessible and compliant.

Mouse-only navigation (lack of keyboard navigation): People with disabilities who cannot use a mouse or trackpad will not be able to access web content if they can’t navigate a website using a keyboard and keyboard shortcuts.

Compliance without usability: People with disabilities require websites and documents to be usable with screen readers and closed caption devices. If a PDF document passes every WCAG and PDF/UA standard, but cannot be navigated successfully due to incorrect reading order, incorrect alt text or incorrect heading structures, then the document is unusable.

Accessibility is a social responsibility: Accessibility is social responsibility with common sense. There isn’t a checkbox or one-size-fits-all approach for true accessibility. With some common sense, following well laid out principles and guidelines from WCAG and trusting feedback from users who have disabilities, it is possible to make a website and its contents accessible and usable. And more importantly, it is the right thing to do.

An electronic document industry pioneer, ERNIE CRAWFORD is the President/CEO and founder of Crawford Technologies. One of only a small number of people worldwide with a Master Electronic Document Professional (M-EDP) designation, Ernie has more than 30 years of senior marketing and management experience in the high-volume electronic printing market. spring.2023 27


Eclipse Corporation provides customer communications software to produce enterprise-class e-forms, documents and labels. If you are seeking a next-generation replacement for your current document generation solution, you owe it to yourself and your company to explore our product — DocOrigin. We will be in booth #410 at this year’s Document Strategy Forum (DSF ’23). You can expect Eclipse’s most senior employees in person to connect, answer any questions, and send you home with a souvenir and additional information.

Messagepoint is a SaaS-based, AI-powered content hub that gives non-technical users no-code control over customer communications. Messagepoint streamlines the end-to-end processes of migrating, authoring, optimizing and managing communications across all channels, enabling our customers to deliver better customer communications more efficiently. Unlike other solutions, Messagepoint’s unique modular approach to content management frees your content from document templates so it can be shared across composed communications and headlessly via APIs to support dynamic digital experiences. Keep your eyes open during DSF ’23 for exciting new solutions to further optimize efficiency and CX. To learn more, visit

28 spring.2023 SPONSORED CONTENT Join Team MHC at booth #100. Learn how EngageCX will transform customer relationships and enter to win a grand prize! | | 800.588.3676 x 1241
| www.EclipseCorp.US | Info@EclipseCorp.US | 678.408.1245 | | 800.492.4103
are many solution providers to stop and see at DSF ’23 that will help you with creating and managing your content, communications and strategies to improve your customer experience and enhance your customer engagement. Here are a select group of those exhibitors you need to make sure to stop by, talk with and find out more about their solutions.

Papyrus Software delivers innovative enterprise software to the world’s leading brands. Over 30 years of experience make us a global expert in implementing process optimization integrated with inbound and outbound communication channels in customer-centric environments. The scalable Papyrus Platform offers a holistic approach with solutions for the entire Customer-Engagement-Circle with integrated content services, AI-powered process and case management in a unified but modular platform. Business users get their work done faster by using the digital workplace and the awarded Business Designer to create and improve customer-centric communications and its processes achieving real-time omnichannel communications and information-intensive business value streams.

Quadient is the driving force behind the world’s most meaningful customer experiences. Their award-winning solutions enable organizations of all sizes to create, manage and distribute simple and complex customer communications from a centrally managed platform for a complete omnichannel customer experience that spans the entire customer journey. Visit the Quadient booth, #402 during DSF ‘23 to be first in line to see the latest release offering a vast array of new ways to transform your customer communications, bringing your most ambitious CX goals within reach. Don’t miss our session, “From Volume to Value: Defining the new CCM Paradigm” on March 23rd at 11am.

| |

Don’t walk, run to Racami booth #301 before they sell out! Ok, maybe not sell out, it’s software, but you don’t want to miss the new document review, collaboration, and proofing technology they built for what you do. Racami improves the performance of your customer communication process and advances your multi-channel initiatives. They are revolutionizing the way communications are produced and distributed.

Symphio is the document orchestration tool that streamlines collaboration, provides agility, and enables enterprises to get their documents out the door quickly. With Symphio, the first tool of its kind, teams can build template free and remain focused on what is important. Symphio empowers users to put the pieces together.

The XMPie platform is used by Enterprises worldwide to automate the production of personalized communications across print and digital, to drive revenue and deliver a first-class Customer Experience. At DSF’23, we’ll be demonstrating our Advanced Data-Driven Print and VDP, Web-to-Print eCommerce technology, and fully automated omnichannel campaign management platform. Visit our booth to discover how to transform your Enterprise communications with unlimited personalization and data-driven tactics; unlimited creative content inside Adobe InDesign; unlimited delivery to Print and Digital– whichever your customer decides; and unlimited scalability, so you can adapt to different audiences and absorb your organization’s growth. Add value to your enterprise today! | spring.2023 29 | | 817.416.2345
| | | 330.604.7885
| | 212.479.5166
| | | 678.730.7700

Think About It



In the European Union, the General Data Protection Regulation (GDPR) has already had a major impact on how businesses collect and use data. In 2023, other regions are likely to follow suit with similar regulations.

Email is the king of customer communications: 54% of businesses named it as a top revenue driver and 36% plan to boost email engagement over the next 12 months.

Our goal must be to optimize and integrate both information governance and clear information practices so no value is lost due to poor information quality or confusing information design.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.