I recently volunteered to review several website compliance tools after a colleague’s frustration in trying to differentiate them. When you start searching for these tools you soon find a very crowded market place. However, I was fortunate to be constrained to review just three of the leading vendors, Sitemorse, Magus ActiveStandards and Vamosa Check and Fix. I will summarise what I found by answering some simple questions.

What do website compliance tools do?

Website compliance tools are similar to search engines in that they crawl through the pages on a site or sites based on URLs you supply. As they crawl through sites they analyse pages, content, images, documents, digital assets and code by running a series of predefined tests. The results of these tests are provided as reports highlighting defects such as broken links or failure to comply with certain standards and guidelines such as W3C.

How do they do it?

All these applications operate on two basic principles. First of all they are delivered through Software as a Service (SaaS) platforms and second they work by crawling through a website from a given URL extracting pages, content and digital assets ready for testing.

The question you may ask is why do I need a web compliance tool and what can they do for me?

• Improve code quality and highlight any possible compliance issues during the development and testing phases.
• Provide audits of your web properties across your web estate
• Site optimisation to improve site integrity and areas such as SEO
• Brand governance by ensuring messaging, content and assets are consistent and meet company/corporate guidelines across your web estate.
• Content governance, constancy and quality can be achieved from tests that range from identifying spelling and grammatical errors to tests which monitor key words, phrases, places and corporate terms.
• Compliance to web standards and guidelines such as accessibility, usability and other W3C guidelines.
• Ensure that websites adhere to the relevant laws and regulations

What are the tools strengths and differentiators?

Magus has a very flexible interface built around a dashboard concept. The dashboard provides summary information across multiple sites as well as allowing users to drill down into individual sites and issues. Magus also provides strong workflow to support the assignment and management of issues raised in the test reports and again visibility of assigned issues and tasks are visible from the dashboard. There is a range of predefined tests but in instances where these tests do not fully satisfy the requirements new tests can be constructed by Magus developers. This is particularly useful for non standard tests to support brand and editorial guidelines. Magus also provides a feature called ‘aboutness’ which automatically identifies entities in content such names and companies. This enables a user to find where these entities are used and navigate the reports based on these entities.

The Sitemorse approach cares less about customisation and more about simplicity and rapid deployment. Sitemorse uses an extensive series of tests to create a set of standard reports for all its customers. The fact that all reports are standardised and use the same tests allows Sitemorse to summarise compliance report data to create sector based leader boards. These leader boards are also available for customers to rank there own sites, however, what is not understood is the algorithm used to for generating leader boards and its validity or relevance to particular sectors.

Vamosa originates from content migration with products aimed at analysing, cleansing and migrating content between content sources and management systems. The Check and Fix (C&F) product is a natural extension for Vamosa adding compliance to their solution suite. The mindset of configurability and flexibility required for content migration is firmly set into the C&F product design. C&F is more of a web based framework for displaying compliance reports that are produced from tests that originate from policies that the customer constructs. These policies can also be integrated with content management systems to provide a level of automated fixing. There are a number of preconfigured policies as you would expect for areas such as HTML, SEO and spellings, however, this level of flexibility comes at a price as time is needed to analyse, design and implement policies. As with all other web compliance systems C&F captures content and assets, however, Vamosa also retains different versions of this content allowing you to view content and assets through a timeline.

In a nutshell

Sitemorse is a quick and easy way to audit website compliance issues. Very useful if you need to monitor or test website compliance and have little time to invest for customising the reports or the tests do not require customisation.

Magus is ideally suited for those who need sophisticated governance for large web estates, require issues to be managed through organised workflow or have a need to closely manage brand compliance issues.

Vamosa Check and Fix is suited to providing compliance where complete flexibility is required for creating appropriate tests for complex environments. Also C&F is an obvious choice to support content migrations that are already using the rest of the Vamosa tool set.

Following the post “The implications of the EU Cookie Law” I thought I would clarify what impact there could be for online businesses and users who use cookies. But first we need to review first principles:

1. HTTP is stateless, a website does not know who you are from a simple browser request
2. A session can be maintained by a website where it can recognise a user for a period of time or during a series of transactions by using either encoded URLs or session based cookies that are stored in temporary memory.  In this scenario only an ID related to a session is stored with no user specific details.
3. By using a persistent cookie a user can be recognised across different sessions even if the browser has been closed.  These cookies hold personal details about the user stored in text files on the user’s’ machine.
4. There are two types of persistent cookies, first party cookies given directly from the site you are accessing and third party cookies given by third party services used by the site you are accessing.

So if we assume the EU Cookie law pertains to the consent of persistent cookies, how would this actually effect websites, marketing and user experience? Well let’s look at the broad areas of functionality persistent cookies support:

• “Remember me” and silent log–ins.  We have all become used to not having to remember every username and password as we flitter from Facebook, to hotmail, and twitter.  Compliance for these types of cookies should be relatively easy as consent is given for “Remember me” during log-in, all that is needed to meet the requirement for comprehensive information is a link at log-in to the privacy statement. 
• Site analytics – Cookies are used by site analysis systems(Google analytics, Ominiture, WebTrends, etc) to track a customer’s behaviour while browsing a website to provide behaviour profiles and insights into areas such as drop-outs during checkout, product conversion and campaign effectiveness.  The issue here is statistical data will be inconsistent and incomplete if large numbers of users opt out as they don’t see any value in accepting these cookies.  Site analytics can still track general traffic statistics but these often prove to be to generic or technical to be off real use to the business users.
• Personalised recommendations and content – Product recommendations are becoming more sophisticated going beyond simple logic based on previous transactions and popularity.  There are now dedicated technologies which can track an individual customer’s interactions with a website and recommend products based on their patterns of behaviour. Many of these technologies such as Coremetrics rely on cookies to identify a customer as they interact with a website and some services such as Aggregate Knowledge capture details from across the sites they are active on. Without persistent cookies these systems are incapable of providing personalized recommendations, however, there are services such as Certona and Baynote that can provide personalized content without the use of cookies.
• Multi-Variant-Testing (MVT), Targeting and segmentation – this is similar to personalised content but works on the concept of targeting different versions of content to customers or customer segments and then testing and analysing its effectiveness e.g.. Omniture Test & Target.  MVT is used for simple actions such as optimising home/landing pages to defining complex merchandising strategies and promotions.  These tools often rely on persistent cookies to track the effect of targeted content on users and allow further targeted content to be optimised.
• Targeted Marketing – Sites with display advertising (banner ads etc) will almost certainly drop third party cookies on a user’s machine from marketing networks ad servers.  These cookies are used by the marketing companies to track and target users during any time spent on sites which uses the same ad server. 

There are other methods that can be used for simple tracking, however, the reasons why cookies are the most commonly method for tracking is they enable:

• A specific banner or link that the web visitor clicked to be tracked
• Tracking of users browsing behaviour across multiple sites while the cookie is active
• The tracking of conversion for the period of time the cookie is active
• The tracking of repeated sales
• Ads to “re-target” products a user has viewed on pervious visits to eCommerce websites.
• Ads to be personalized based on a user behavior profile

The use of cookies by marketing companies is probably the most contentious.  Many of the cookies used are identified as malicious cookies by anit-virus and spyware sites for example the revsci cookie is often represented as a malicious cookie.  spywareremove.com 

say this cookie comes from porn and gambling sites.  However, this cookie is distributed by Revenue Science through websites such as guardian.co.uk, foxnews.com and timesonline.co.uk and is used for behavioral targeted of ads.  Revenue Science even quotes a Forrester report on their homepage stating that an Independent Study Finds that Online Shoppers are More Receptive to Behaviorally Targeted Ads than Contextual Ads.   Even if we are more receptive to targeted ads we may not necessarily want to consent to our behavior being tracked by cookies. 

The argument to whether users consent to having targeted Ads or any other service using cookies will depend upon the messaging and how the information for cookies is presented to users.

Despite the very quiet arrival of what is being called the EU Cookie law (see Amendment to Article 5(3) October 2009 Page 77), the debate about the impacts of this small Amendment are just beginning. The vagueness about the implementation of this law does not help and if taken literally the law could move the development of the internet back 10 years, dramatically effect digital marketing and fundamentally change the user experience of any website in Europe. The law is aimed at “controlling those instances where information stored on a user’s equipment” involves “unwarranted intrusion into the private sphere (such as spyware or viruses)”, which is great and everyone welcomes this.

The new Article 5(3) amendment states that information can be stored and accessed “on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information” and according to the amendment each member state including the UK is left to decide how this law should be implemented and enforced

Although the law does not suggest the elimination of cookies a lot depends upon the interpretation and implementation of the law by the EU member states. If taken literally and implemented badly it could mean annoying pop-ups constantly which constantly nag you. Try setting your privacy setting in IE to prompt you for every cookie and see how annoying this can be. This will inevitably lead to switching off cookies all together or accepting everything. A better but not perfect interpretation could mean displaying a privacy landing page before a user reaches any part of the site that requires cookies. This would still have implications for customer conversation in ecommerce and digital marketing activities.

The Internet Advertising Bureau (IAB) UK has a more optimistic view (Consumers given power over cookies) believing this provides a legal basis for cookie management tools in browsers and applications. Browsers today do have cookie management tools as well as anti-virus and security software; however, these are not user friendly or easy to understand for most non-technical users. The real problem is the information supplied by cookies. At present the information describing cookies in a browser based solution is extremely poor and to meet the requirements for comprehensive information much more needs to be done in providing additional useful information. At the moment to find any information about a cookie requires first finding its name from the browser or temporary internet files folder and then searching the web, assuming you know what you are looking for. A browser based solution is going to require more than adding functionality to a browser, it requires thought into

• What cookie information is required by a user to make an informed decision?
• Who is responsible for providing this information and how is it regulated?
• Where does this information come from and how is it stored and managed?
• What is its format/definition and how is it delivered to the browser or other application?

This seems to indicate a more far reaching solution requiring the definition and adoption of new standards for cookie files, formats and protocols, no small task and the impact of which is not be limited to the EU.

I wrote the The effect the EU cookie law has on websites, marketing and users  to provide a more detailed view on how cookies are used to support website functionality.