Social media teams at ASU are often comprised of both staff and student employees, and both of these positions should have different levels of responsibility — especially when it concerns public-facing content.
These guidelines take into consideration questions that have been posed by the ASU community in the past, and provide a road map for how you could staff your social media team. They also provide information about how to staff for situations where there’s a social media crisis, or a quickly escalating situation, so that you can be staffed properly and ready for success.
Staff roles
Staff roles and permissions fall under two categories:
- Administrator (admin): Staff members that have an administrator role have the most authority and access. An admin can also do anything any other role can do.
- On Facebook and LinkedIn, an administrator can manage and assign all other page roles and settings, so for security purposes, it’s vital that businesses strictly limit who has this role.
- On Twitter and Instagram, these are the staff members that control the passwords and two-factor authentication for the accounts.
- Content creator: Staff with this access level can create content for the page, but they cannot change any settings associated with the accounts (for example, they can publish content without needing to go through a review and approval process).
Student employee roles and permissions
- Content creator: Student employees who have this access level can create content for the social media accounts, but unlike the staff content creator role, they should not post directly to the different social platforms, and must go through a review and approval process with their supervisor.
- Content creator — live coverage: Due to the nature of live coverage, and at the discretion of their supervisor, students may be provided access to ASU accounts for special event coverage.
- Passwords: Unless a student worker has been tasked with doing live coverage at an event, it shouldn’t be necessary for student employees to need access to passwords for direct platform access. By using a social publishing tool (such as Hootsuite), account password access can be restricted to the staff members responsible for the accounts. If it’s absolutely necessary that a student has access to the passwords, keep clear logs of who has access to what accounts so that security issues can be avoided or minimized (for example, changing the password when a student worker leaves a position).
GDPR privacy guidelines
There has been some confusion around this section of ASU’s GDPR privacy guidelines: Only ASU employees may post or otherwise provide content on ASU social media platforms. Students are not authorized to post, disclose or provide content on ASU-owned social media platforms. Using student content on ASU-controlled social media platforms may raise copyright, free speech and privacy concerns.” These do not apply to student workers. Student workers are classified as ASU employees, and as such, they can post to our accounts.
Things to keep in mind:
- Students MUST be knowledgeable about ASU brand guidelines and be ready to use them correctly.
- Students MUST have reviewed the design best practices training deck so that they are aware of what’s allowed and what’s not.
- Supervisors MUST limit student live coverage to temporary formats (like stories).
- Any content created for other platforms (like Twitter, Facebook or Instagram’s feed) should be reviewed and approved by a student’s supervisor first (ideally, the student will share the content that they capture, and the supervisor will post to the social platform).
- Students MUST create storyboards for Instagram and Facebook stories before the event to outline what type of content they want to capture, and how they will present it (this will not match 100% the final product, but it provides a good outline for students on what should be covered).
- Supervisors MUST sign-off on these storyboards before the event date.
Platform-specific roles
- Editors: Staff that have an editor role can create content for Facebook pages and manage day-to-day activities. The editor has all of the access of an admin, except for assigning page roles and managing settings.
- Moderator: A moderator can answer questions and respond to comments, but cannot create content for the page. A moderator can also remove and ban people from the page, create ads and view Page Insights.
- Advertiser: The advertiser role is set up for anyone who creates ads for the page. This role also has permission to view Page Insights.
- Analyst: An analyst has the least amount of control and access of all the page roles and can only view Facebook Page Insights. An employee who works with content strategy and planning might be given the analyst role.
- Finance analyst: They see financial details like transactions, invoices, account spend and payment methods.
- Finance editor: They can edit business credit card information and financial details like transactions, invoices, account spend and payment methods.
- Page admins:
- Super admin: gives you access to every page admin permission available, including adding and removing all admins on the page, editing page information and deactivating the page.
- Content admin: gives you permission to create and manage page content, including updates (as well as boosting updates), events, stories and jobs.
- Analyst: gives you permission to monitor the page’s performance through analytics to help drive goals. Analysts only have access to the analytics tab of a page.
- Paid media admins:
- Sponsored content poster: gives you permission to create sponsored content ads on behalf of an organization through your LinkedIn ads account. This role doesn’t grant access to boosting organic updates directly on a page.
- Lead gen forms manager: gives you permission to download leads received from the page that are tied to lead gen forms that are created in ads accounts through campaign manager.
- Pipeline builder: gives you permission to create and edit pipeline builder landing pages that are associated with your page.
Legacy and transition planning
For the security of your social media accounts, it is important to have a plan in place for the eventuality of a team member transitioning to a new role. Having this in place allows for a smoother transition when a team member leaves, as well as secures the access needed to continue managing the account with limited impact to operations.
Password management
As a good rule of thumb, all social media accounts should have more than one person with admin access to them, or with access to the passwords. Additionally, it is recommended that when possible, accounts be set up using an ASU departmental account so that the accounts are not tied to a specific person. This also allows for ET to access the recovery emails in case it is needed.
Using the same password, physical Post-it notes, or an Excel spreadsheet or Google Sheet document is not recommended, as doing so leaves you open to easy infiltration. We recommend using a password manager to make it easier and more secure to keep track of all your passwords for all your different accounts.
Passwords should be changed as soon as possible after someone leaves their position (or turns in their ASU equipment). This keeps your accounts secure, as well as minimizes the risk of an employee going rogue and not wanting to give back access to the accounts once they leave ASU.
Once passwords are changed, we recommend that you add a note to the password manager of when the password was last changed and who changed it, in case there are any questions in the future.
In addition to using a password manager, it is recommended that you create an inventory of who has access to what accounts — this should make it easier to remove someone from an account without having to worry that you missed a tool or an account. This inventory should not include any passwords or sensitive data. In the case that a new hire is not in place, or when a supervisor who is not familiar with social media takes over the accounts, it is also recommended to include a list of "offboarding" instructions for supervisors on how they can remove a team member from the social channels without locking themselves out of the accounts.
Creating a transition document
In order to minimize impact on operations, it is recommended that a transition document be created. This transition document should include the following:
Additional information
- Onboarding checklist:
- Designate team member(s) who will take over social media responsibilities while replacement is hired.
- Update list with type of access to grant/granted (e.g., password, permission level, etc.).
- Add new email address where appropriate.
- Not needed if using a departmental email address.
- Add new credential and access for new team member.
- Invite and grant access to corporate tools required for the role.
- Offboarding checklist:
- Make a list of all social media properties team member has access to.
- Get follow-up contact information in case any questions arise.
- Identify and assign replacement for each role or function to ensure social account management continuity.
- Update list with type of access to revoke (example: change password, revoke permission, remove from app).
- Note accounts that need email addresses changed*.
- Not needed if you’re using a departmental email address.
- Note accounts that need credential and access changed or revoked.
- Make a list of all corporate tools that need access revoked (example: Hootsuite, Salesforce, etc).
- Confirm if property access to each tool is removed.
- Collect any recommendations, work in progress, audit workflows and reports.
- Projects and task outline should include:
- Recommendations for recurring work: This document should include any information for recurring tasks (especially ones that do not fall under a specific project, like organic social posts).
- Examples:
- Daily work
- Weekly work
- Monthly work
- Semester work
- Examples:
- Recommendations for special projects: This document should include any information for special projects (such as paid social campaigns, analytics reports, etc.), and it should include if it’s a recurring or seasonal project, its current status (if already in progress) as well as information on any upcoming projects.
- Information that should be included in both recurring and special projects outlines:
- Current status
- Pathway where to find all the related documents/assets
- Any recommendations as to how to move the project forward
- Is there a specific team member that could pick this project up?
- Do they have a recommendation not captured in the project?
- Any insights that they would like to share?
- List of tools or templates that they use in order to complete their work. This list should include the locations, links, or both, to access these — brandguide.asu.edu is a good resource to include.
- Recommendations for recurring work: This document should include any information for recurring tasks (especially ones that do not fall under a specific project, like organic social posts).