Every system IT deploys must be given a clean bill of health by your Compliance department. They’re the folks who make sure you don’t run afoul of the federal, state, county, and city statutes and regulations that establish boundaries and set requirements for organizations doing business within their jurisdictions.

If your company is multinational, multiply by the number of nations within which you do business.

And don’t complain … not because I want to convince you that regulation as public policy is a good thing.

Don’t complain because what good will it do you? As a leader, complaining will do you no good at all. Quite the opposite – it will cause harm by demoralizing the employees who have to make compliance happen.

So figure out the good idea that’s at the core of most compliance requirements, make sure everyone understands that underlying good idea, never mind the cumbersome implementation requirements, and move on.

Move on to what?

To Facebook, and its emerging status as an independent government, as intriguingly explained in “Facebook has declared sovereignty” (Molly Roberts, The Washington Post, 1/31/2019).

Is Facebook-as-nation real, or is it metaphor? That’s a surprisingly hard call.

If Rocket J. Squirrel lives in a private residence at 246 Freon Drive, Frostbite Falls, MN 56537, his home ownership and property rights and privileges are defined and protected by various U.S. governmental entities.

But Mr. Squirrel also has a virtual life. He goes online and it’s Facebook that provides the real estate in which he resides … his home page … and just as surely provides the foundations on which the social media society in which he lives has been built.

There’s more: Facebook must defend itself from intruders with malicious intent — it needs a department of defense — and also must help its citizens protect themselves from smaller-scale intruders: It needs a police force. Calling the two InfoSec doesn’t change their functions, only their names.

That isn’t the end of it: Many on-line businesses let you make use of your Facebook credentials instead of establishing a separate login ID and password. Facebook issues passports or, if you prefer, these other sites award visas to people who possess Facebook passports.

Facebook-as-nation leads to all sorts of questions, like, when its citizens are living their virtual, as opposed to their physical lives, does Facebook have a role to play when the governing entity for its citizen’s physical location wants to independently impose rules restricting their on-line behavior?

Some countries, for example, recognize sedition as a felony, unlike the U.S., which long ago declared such laws unconstitutional. So …

A Dutch national posts content that insults King Willem-Alexander Claus George Ferdinand, which can be and is read by various and sundry citizens of the Netherlands.

This is, in Holland, a crime (who knew?). The Dutch government, reasonably enough, would probably like (not Like) Facebook to enforce its laws when functioning in the Netherlands — to take down offending posts and reveal the criminals’ identities to the proper authorities.

But … the criminal responsible for posting this content might not, as it turns out, post it while in the Netherlands. J-walking might be a misdemeanor in New York City but that doesn’t mean I’ve violated New York City law when I J-walk in Minneapolis.

It was, the miscreant might argue, posted in Facebookland, not the Netherlands.

And … it gets even more complicated from there.

All things considered, a declaration of national sovereignty on Facebook’s part might actually simplify things. Its offices become embassies, and all of the complexities of enforcing local laws in Facebookland are dealt with by negotiated treaties.

Interesting or not, this might not appear to be relevant to you in your role in corporate life.

Except for this: Your business undoubtedly has its own social media presence — on Facebook, and Twitter, and Instagram, and all the rest. That means your business is a citizen of Facebook, subject to its laws and regulations just as it’s subject to the laws and regulations of every governing entity within which it does business.

I suspect that right now, responsibility for complying with this new regulatory landscape isn’t clearly defined.

Which leads to this week’s suggestions for Things You Can Do Right Now to Protect Yourself from Harm:

1: For any project you’re involved in that might be affected by social media laws and regulations — especially but not limited to Facebook — make sure someone is responsible for defining these constraints.

2: Make sure that person isn’t you.

3: Suggest to whoever is responsible that the Compliance Department might be a good place to start.

4: Duck.

Blame Lord Kelvin, who once said, “When you can measure what you are speaking about, and express it in numbers, you know something about it; but when you cannot measure it, when you cannot express it in numbers, your knowledge is of a meagre and unsatisfactory kind.”

It’s a philosophy that works well in physics and engineering — fields where what matters can, for the most part, be unambiguously observed, counted, or otherwise be quantified.

The further you get from physics and engineering, the more you might wish Lord Kelvin had added, “Of course, just because you can attach a number to something, that doesn’t mean you understand anything about it.”

So if you accidentally touch a bare copper wire, it’s fair to consider how loud you yell “Ouch!” to be an inferior metric to how many volts and amperes you were exposed to.

But on the other side of the metrics divide, imagine you’re researching headaches and want to rank them in order of decreasing agony.

You think cluster headaches are the worst (they get my vote), followed by migraines, sinus, tension, and faking it to get sympathy. But really, how can you tell?

There’s the well-known pain scale. It does a pretty good job of assigning a number by assessing how debilitating the pain is.

But debilitation is an index, not a direct measure. It passes most of the seven Cs, but not entirely. In particular its calibration is imperfect at best — some people seem to tolerate the same pain better than others, although there’s really no way of knowing whether they actually tolerate pain better or whether the same stimulus doesn’t result in as painful an experience as someone else might feel.

Which insights we need to pivot into something that has to do with helping you run your part of the enterprise better.

Consider it done.

Start with the difference between leadership and management. If people report to you, you lead (or should). If you’re responsible for producing results, you manage. With infrequent exceptions, leaders are also managers and vice versa.

Metrics are natural tools for managing. What they do for managers is help them assess whether the results they’re responsible for producing are what they’re supposed to be. The results in question are about the process (or practice) characteristics that matter:

Fixed cost — the cost of turning the lights on before any work gets done.

> Incremental cost — the cost of processing one more item.

> Cycle time — how much time elapses processing one item from start to finish.

> Throughput — how much work the function churns out in a unit of time … its capacity, in other words.

> Quality — adherence to specifications and the absence of defects in work products.

> Excellence — flexibility, the ability to tailor to individual needs, and to deliver high-value product characteristics.

When it comes to managing whatever process or practice it is you manage, pick the three most important of these six dimensions of potential optimization, establish metrics and measurement systems to report them, and use the results to (1) make sure things are running like they’re supposed to; (2) let you know if you’re improving the situation or not; and (3) let employees know if they’re improving the situation or not.

You only get to pick three because except when a process is a mess — at which point you can probably improve all six optimization dimensions — improvements result in trade-offs. For example, if you want to improve quality, one popular tactic is simplifying process outputs and disallowing tailoring and customization. More quality means less excellence and vice versa.

If it turns out you aren’t getting what you’re supposed to get, that means your process has bottlenecks. You’ll want to establish some temporary metrics to keep track of the bottlenecks until you’ve fixed them.

I say temporary because once you’ve cleared out one bottleneck you’ll move on to clearing out the next one. Letting metrics accumulate can be more confusing than illuminating. Also, as pointed out last week, metrics are expensive. Letting them accumulate means increasingly complex reporting systems that are costly to maintain and keep current.

Given the value metrics provide for effective management, lots of organizations try to use them as a leadership tool as well. The result is the dreaded employee satisfaction survey.

In Leading IT I established eight tasks of leadership: Setting direction, delegation, decision-making, staffing, motivation, team dynamics, establishing culture, and communicating. A system of leadership metrics should assess how well these are accomplished by a company’s collective leadership.

Which gets us to this week’s KJR Challenge: Define metrics for these that can survive the seven Cs.