TOPIC: Sensitive information. WHERE to go with it?

When you are identifying stakeholders you often receive a lot of sensitive information. "Mr B is drinking a lot, so don't plan any Change Request revision activity on Monday, start from Wednesday or you will not get the correct output ". "Ms A hates Mr C because of their common past incidents. So, she will definitely argue against Mr C's requirements and suggestions, so any meeting with both of them is going to be ridiculous, use only Delphi technique with them". And so on. PMBOK and our wisdom tell us to remove such kind of information from the Stakeholder Register or Stakeholder Management Plan. But you still need it to keep somewhere to keep track your decisions. You write "The Change Control Board meets to review Change Requests every Wensday at 03:00p.m. GMT". But you can not explain why you can't shift it to the Monday morning. And if you, as a PM, will be changed by another PM, how the new PM will manage? He or she was not provided with this important information. And PMBOK doesn't tell us anything about it. )

What do think about it? Is it correct, for example, to make a confidential addendum to the Stakeholder Register? The same thing is about any other documents.

Aleksey, The two factors I would consider when deciding whether or not to include a confidential addendum with stakeholder analysis are media sensibility and information security. The first factor assumes anything written down or spoken could released to the media and taken out of context. How would it look to your business and your reputation? Therefore, notes for your stakeholder analysis should be reasoned, logical, and factual; not based on rumor or innuendo. The second factor is information security. Ask yourself, is there is a place in the business or on the business' website that only selected people have access to with special permissions. I mean, just labeling a piece of paper confidential doesn't make it confidential unless your have information security and compartmentalization procedures. Those are the factors I'd think about when deciding to maintain a confidential addendum.

I would not write down the types of sensitive information that you mention. However, I would make it clear that your decisions were based on carefully evaluating the various options. If someone would like to reconsider these decisions (in the case of a new PM) he or she should contact you for more information. Even if you are not available to provide those reasons, the new PM is alerted to the fact that there are reasons for (in these examples) handling Change Requests on a Wednesday or using the Delphi technique, and will probably move cautiously before changing things.

Aleksey,

One argument that I would like to bring in is this: You don't need this for the PMP Exam.

It is perfectly all right to discuss this topic as part of "general" project management practices. Under that light my personal opinion is that you should definitely document sensitive information. But do it separately from your register and have some password protection in place.

But let's be clear that it is not very likely that you will see a PMP exam question that goes into this much detail in regards to sensitive information. On the exam I would expect it to be a relatively straightforward scenario - very likely in combination with ethical considerations.

Thanks to everybody answered. Cornelius, my question was provoked by one of the questions from the PMP Exam simulator. When a PM was advised to cut out the sensitive information from the Stakeholder Register. I answered that she shouldn't cut it out. Because of Code of Ethics. No lie! And it was the wrong answer. And then I decided to ask the people's opinion here. So, it is about exam, but for understanding the topic better. I might have skipped something in PMBOK, saying what to do in these cases.

OK, I see different opinions. I have taken into account the security issues. Thank you, all!