Donut Skip the Outreach!

A photo of an attendee at UCSF's IT Security Pop-Up Donut event

By Tanya Jansen, Traci Farrell, and Vanessa Palacios. Do you approach change by hitting your users over the head with the same communications strategy? Or do you hit the nail on the head with targeted communication and outreach efforts?

Let’s face it: change is painful and inconvenient, especially when you’re competing with the distractions of a busy community. We have developed a formula to achieve what we thought was impossible. And you can too! In this article, learn how:

1 mission
3 communicators
14 field techs
5 UCSF campuses
7 events
3,250 rubber ducks
1,800 donuts
351,000 calories
2,632 website visits

+        immeasurable goodwill

=       39,527 security software installations
         with only 1.9% resulting in Service Desk tickets

The Change Project

In spring 2018, UCSF IT Security began rolling out a set of initiatives to improve data, network, and system protection. We knew from experience that internal change is often an overlooked and underestimated pitfall when implementing enterprise technology. We were tasked with taking a new approach – creating and executing a comprehensive change campaign unlike any others UCSF IT had done in the past.

 Our Audience

UCSF provides graduate-level education in health and sciences with four professional schools including medicine, dentistry, pharmacy, and nursing representing

  • 3,300 students
  • 1,500 clinical residents or fellows
  • 1,000 postdocs
  • 24,000 employees
  • and from 94 countries!

Prior Outreach Efforts

Like most technical teams, we have lots of IT systems and generate lots of IT Service Desk emails. Unsurprisingly, this results in reader fatigue and many folks set up “straight-to-trash” rules for email. As you can imagine, this makes it challenging when changes require user action or have consequences, such as two-factor authentication, network access control (NAC), and password changes.

UCSF IT Service Desk Announcement email

Why We Prioritized Outreach

Recognizing that change is hard and inconvenient, we developed a high-touch approach of meeting users where they are. Our method was to help users adopt tools that require their action or have consequences, build goodwill and increase acceptance, and empower users to create a sense of ownership over change.

We went out to the community, put a face to IT, gained their trust, and ultimately their acceptance of the changes.

How We Planned Our Campaigns

Before we embarked on our outreach journey, we identified existing communications channels, brainstormed copy, taglines, tone, and message, created print and digital materials, and scheduled and planned events. Then we organized a friends-and-family pilot to gather feedback.

We combined our very visible approach with a mix of traditional communications including:

  • Print: handouts, bookmarks, display posters, shuttle posters
  • Digital: digital signs, IT website with background and FAQs, UCSF events calendar
  • Email: campus newsletters, targeted emails to users and unique communities, enterprise-wide leadership emails
  • In-person: leveraged existing meetings, identified ambassadors, staffed events with field techs to help users take action on the spot, offered giveaways and raffles

To advertise our events, we used existing channels and our own social channels to encourage attendance.

 Examples of UCSF IT Security Donut event advertisements


Below are samples of the campaigns and accompanying taglines we created.

Campaign: Plug Your Security Holes

Tagline: “It’s OK to have a hole in your donut, but not in your security!”

This was a general campaign pushing:

  • BigFix installation (automatic NAC installation!)
  • Password tool enrollment
  • Keeper password vault

 Campaign: Get Your Ducks in a Row!

Tagline: “Walk, waddle, or wiggle on in to our IT Security Pop Up! Grab a donut or a rubber duck (while supplies last) and learn about required IT Security initiatives.”

With this campaign, we shifted the emphasis to having the audience recognize themselves and thereby identify with it. To that end, we ordered customized rubber ducks to reflect our population: nurses, doctors, and surgeons. We added UCSF branding along with a customized URL to the duck so that people would have it on hand long after the fliers went into the circular bin. (We still see ducks all over campus, even in the cafés!)

Our events reinforced existing messaging and, because we included support teams, we gave users the opportunity to take the required actions at the events. Even though these changes were painful we made it fun while emphasizing the importance. Users actively brought people from their offices and took fliers back with them for break rooms and other common areas.


By having users identify with the campaign, we were able to get them to post the location of their ducks on Slack. This low-cost PR was a tangible, visible reminder that created buy-in.

Examples of UCSF IT Security "Get Your Ducks In A Row" campaign

Metrics Matter

Measuring results is important and so we tracked the relationship between outreach activities (CIO emails or events at specific campuses) and when people installed the required security software. It was obvious that outreach drove action! Also, between January 1, 2019, and April 10, 2019, there were 39,962 security software downloads, with only 1.9 % resulting in Service Desk tickets.

Knowing that highly visible campaigns come with a high level of scrutiny from both stakeholders and project teams, we got out in front of the perception problem. Remember that custom URL we branded on the ducks? We used it in every email, flier, digital sign – you name it. We were able to track website visits, trends, and measure the effectiveness of our campaigns. Most importantly, we were able to clearly show leaders and team members the value of outreach.

Your Mission

Don’t wait until something goes wrong to communicate with your users. Get to know your audience and gain allies by building trust. You can follow our formula or develop one of your own. Whatever you do, donut skip the outreach!

Tanya Jansen is IT communications lead, UC San Francisco.Tanya Jansen is IT communications lead, UC San Francisco.





 Traci Farrell is communications lead, School of Medicine Technology Services, UC San Francisco.Traci Farrell is communications lead, School of Medicine Technology Services, UC San Francisco.




Vanessa Palacios is in IT outreach and analytics, UC San Francisco.Vanessa Palacios is in IT outreach and analytics, UC San Francisco.

Leave a Comment

Your email address will not be published.