What you need to be thing about when you start to design your SharePoint Governance

1. SharePoint Governance 101
August 2014

2. Agenda
• Who AM I
• Who Are You
• What is Governance
• Consequences
• Mode, Philosophy and Model
• What should be in your governance plan
• Governance Committee
• Carrots and Sticks
• Decisions, Decisions, Decisions
• Q&A
• Final Thoughts

3. Parental Advisory Warning
There May Be
F-Bombs

4. Who Am I?

5. Who Am I?
http://sharepointtherapist.com/ http://dlairman.wordpress.com/

6. Who Am I?
Panelist
Thursdays
11:30 am
Online
Vice-President
Fridays, 10am
Capital City Events
Center
http://www.sharepointshoptalk.com/ http://www.launchpadjobclub.org/
Director, Enterprise Development

7. Who Am I?
Advertising and marketing
Government
PII & PHI
(social security numbers, financial & medical info)
Multiple contractors (vendors)
Defense & HLS software
High security
Also – Real estate, manufacturing, high-tech, consumer goods
Construction

8. Who are You?
• IT?
• Business users?
• Management?
• Something else?
• Anyone here an accidental SharePoint
Administrator?

9. What is Governance?
My definition:
Responsible Stewardship of a
resource in order to ensure
effective utilization

10. What is Governance?
• Who is responsible
• What they are responsible for
• Best Practices – what you SHOULD be
doing
• Thou Shalt Nots – what you SHOULDN’T
be doing
• Change Management

11. You Probably Already Have Some
• Information Governance
• IT Governance
• Employee Handbook

12. You Probably Already Have Some
To comply with:
• GAAP
• SOX
• HIPPA
• Labor regulations
• Other Local, State and Federal Laws

13. What Makes SharePoint
Governance Special?

14. What Makes SharePoint
Governance Special?
Marketing hype
from Consultants

15. What Makes SharePoint
Governance Special?
• Collaboration platforms are pretty new
• Business hasn’t really figured it out yet
• SharePoint is complicated
• SharePoint is a POWERFUL tool
• “With Great Power comes Great
Responsibility”

16. What Makes SharePoint
Governance Special?
Nothing

17. Let’s talk about
consequences

18. Undesirable Outcomes
• Users cannot find what they are looking for/Site
Sprawl
• Managing the system takes too much IT resources
• Content seen by the wrong people and/or can’t be
seen by the right people
• System performs poorly
• Doesn’t help users get their jobs done or even
makes their jobs more difficult
• Users use non-approved systems to get around IT

19. Desirable Outcomes
• Content is findable
• Content securely available only to correct
people
• System is manageable
• System performs well
• serves the business’ needs (Alignment!)

20. Here’s the thing about governance:
It’s as unique as your
organization

21. Governance Modes
• Collaborative
• Top-Down
• Either way you need buy-in!
• Mode is different from governing
philosophy and Governance Model…

22. Governance Philosophy
Control vs. Adoption
More control
Less adoption
More chaos
Greater adoption

23. Variable Levels of Control

24. Governance Plan
• It’s Just Documentation
• Documentation isn’t Governance
• But you still need documentation!

25. Governance Planning Is…
(All you have to do is think of everything)

26. Actual Governance?
That’s HARD.
Because people.

27. What Should Be in Your Plan?
Your first decision:
What is your
SharePoint for?

28. What Should Be in Your Plan?
• What do we need SharePoint to
accomplish in order to meet our business
objectives?
– What are our business objectives?
– What SharePoint features enable
achievement of business objectives or
enhance efficiency toward reaching those
objectives?

29. What Should Be in Your Plan?
A Training Plan!

30. What Should Be in Your Plan?
WHY
Rationale for the design choices you have
made

31. What Should Be in Your Plan?
• Physical Architecture
• Logical Architecture
• Who is responsible for what
– Backup & Disaster Recovery
– Maintenance
– Administration

32. What Should Be in Your Plan?
• Administration
– System
– Farm
– Site Collections
– Sites
• Does Site/SC Administration include User
Management?

33. What Should Be in Your Plan?
Sprawl Management
– Who can authorize site creation
– Duplication Prevention
– Chain of custody
– Expiration
• Department sites/Team sites/Project sites
– Decision tree

34. Do You Really Need That Site?
• What is a site?
– A site is a collection of lists, libraries and pages with similar ownership, access rights,
and intent.
• When should a site be created?
– Consider creating a site when:
1. Content access controls are different
2. Content ownership is different from that of existing sites
3. Intent of the content is significantly different from existing sites
4. Content is of significant complexity and volume (for example, if a group needs its
own calendar, document library and lists with multiple content types and tags
specific to that group)
• When should you consider other options?
– If the content is minimal (only a few documents)
– If the ownership or purpose matches an existing site
• Other Considerations
– Sites should have clear ownership (both a sponsor and a content manager).

35. What Should Be in Your Plan?
Customization Management
– Who can authorize customization
– Who is responsible for requirements gathering
– Dev/Test/Production Plan
• If you don’t have dev/Test environment(s), you
actually don’t have a PRODUCTION environment!
– Testing and deployment of customizations

36. What Should Be in Your Plan?
• SLA – Service Level Agreement
– Performance Monitoring
– Disaster Recovery
– Issue Resolution
– Customization
• Change Management Plan
– For SharePoint
– For your governance plan

37. What Should Be in Your Plan?
• Content Management
– Duplication Prevention
– Content Ownership
– Content Expiration
– Retention Plan
– Content Auditing
– Content Approval
– Content types and Metadata

38. What Should Be in Your Plan?
• Presentation Management
– Branding
– Page layout and organization
• Governance Committee
– Composition
– Frequency
– Responsibilities

39. Governance Committee
• Business Users
• IT
• Management
• HR, Legal

40. Governance Committee
• Business Alignment!
• SLA Compliance
• Change Requests
– Governance Plan changes
– Major Changes
• How minor the decisions made at this level
determines frequency of meetings!

41. Carrots and Sticks
• HR Discipline procedures
• PIP
• Annual Review metrics (for bonuses and
pay raises)
• Gamification
– Recognition
– Prizes (requires a budget, but doesn’t have to
be big!)

42. Lots of decisions!
Governance Guiding Principle Implication Remember …
Policies are tied to the scope
and intention of the site.
Governance policies will be
more flexible for sites with more
limited access than they will for
sites that are shared with a
broad audience.
The different audiences for sites allow
you to adapt the governance model
according to business needs. While
some policies will be enforced across
the entire organization, others may be
determined by each site owner. This
means that there may be some
content that will not be as structured
or searchable compared to other
content that will be consistently
“managed.”
One size does not fit all.
Yes, we’ve got rules but
we’re smart enough to know
when it’s appropriate to
deviate from a standard in
order to achieve a business
objective more effectively.
Even though SharePoint 2013
Server may be a new vehicle for
collaboration, SharePoint
content is governed by all
general policies pertaining to
the use of IT resources,
including privacy, copyright,
records retention, confidentiality,
document security, and so on.
Content ownership, security,
management, and contribution
privileges are distributed across the
entire organization, including users
who may not have had content
contribution, security or records
management privileges in the past. All
content contributors need to be aware
of organization policies for business
appropriate use of IT resources.
Existing rules still apply –
would you want your
mother/boss/customer/client
to see this picture? Should
your
mother/boss/customer/client
be able to see this content?

43. Lots of decisions!
Governance Guiding Principle Implication Remember …
SECURITY PRINCIPLES
Overall firm security policies
about who can see what content
still apply and govern the portal.
Users need to think about where
content is published to ensure that
confidential content is only shared on
sites with limited access.
Publish to meet the “need to
know” standards for your
organization: no more, no
less!
Role-based security will govern
access control and permissions
on each area of the portal
(intranet and extranet).
Users may have different permissions
on different areas of the portal, which
has an implication for both
governance and training. While most
users may not have content
contribution privileges for tightly
governed intranet pages, all users
have “full control” privileges on their
My Site Web sites.
You may not have the same
permissions on every page
of the portal.

44. Lots of decisions!
Security –
• When possible, use Active Directory
groups.
– Pro – This provides a single location to add
and remove users.
– Con – Limited visibility to end users (“Is X a
member of this site?”)
– Con – Users cannot be added to AD Groups
by site owners

45. Lots of decisions!
Security –
• Add AD Groups and individuals to SharePoint Groups (do not
assign SharePoint permissions directly to either individuals or
to AD Groups).
– Pro – This gives a single location inside SharePoint to add and
remove users from SharePoint permissions
– Con – Requires some advance planning to make sure groups
(both AD and SharePoint) are designed properly
– Con – Site content must be placed in appropriate containers with
rights appropriately applied
– Con – Site administrators must understand the security design of
their sites and the memberships of the groups.

46. Lots of decisions!
Security –
• Avoid breaking inheritance within sites as much as is
practical. Design security groups to live inside the sites with
proper inheritance before breaking inheritance. Avoid
applying permissions to individual objects (documents, list
items, etc).
• Avoid using folders. While folders can make appropriate
security boundaries within a library, they can cause
unexpected results in workflows and permissions
assignments. Use metadata (like managed metadata, tagging
and site or list columns) to provide logical groupings of files,
and create views based on those groupings.

47. Lots of decisions!
Governance Guiding Principle Implication Remember …
CONTENT PRINCIPLES
All content is posted in just one
place. Users who need access
to content should create links to
the Document ID for the
document to access the content
from its “authoritative” location.
This means that the official version of
a document is posted once by the
content owner (which may be a
department, not necessarily an
individual). For the reader’s
convenience, users may create a link
to the official copy of a document from
anywhere in SharePoint Server, but
should not post a “convenience copy.”
Users should not post copies of
documents to their personal hard
drives or My Site Web sites if they
exist elsewhere in the solution.
One copy of a document.

48. Lots of decisions!
Governance Guiding Principle Implication Remember …
CONTENT PRINCIPLES
Edit in place – don’t delete
documents to create new
version.
Version control will be enabled in
document libraries where prior
versions need to be retained during
document creation or editing. If prior
versions need to be retained
permanently for legal purposes, “old”
versions of documents should be
stored in an archive location or library.
Documents will be edited in place
rather than deleted and added again
so that document links created by
other users will not break. Limits for
version retention should be created
and enforced.
Someone may be linking to
your documents. Update,
don’t delete!

49. Lots of decisions!
Governance Guiding Principle Implication Remember …
Content PRINCIPLES
Site Sponsors/Owners are
accountable, but everyone owns
the responsibility for content
management.
All content that is posted to a site and
shared by more than a small team will
be governed by a content
management process that ensures
content is accurate, relevant, and
current. Site Sponsors/Owners are
responsible and accountable for
content quality and currency and
archiving old content on a timely basis
but site users are responsible for
making Site Sponsors/Owners aware
of content that needs updating.
We’re all responsible for
content management.
Links instead of e-mail
attachments.
Users should send links to content
whenever possible rather than e-mail
attachments.
No more e-mail
attachments!

50. Q&A

51. Final Thoughts
• Governance Plan <> Governance
• Include a Training Plan in your
Governance plan!
• Buy-in is critical!
• Your goals: Content Findability & Security,
System Performance & Manageability, and
Business Alignment

52. Resources
• http://technet.microsoft.com/en-
us/library/ff848257(v=office.14).aspx
• http://www.rharbridge.com/?page_id=726
• http://kjellsj.blogspot.com/2010/05/sharepo
int-governance-part-i-eating.html
• http://sharepointtherapist.com/

53. Stay in touch!
Feel free to contact me or connect with me:
– @dlairman and @SPointTherapist
– jim@adcock.net
– http://www.linkedin.com/in/jimadcock
– http://SharePointTherapist.com
– http://dlairman.wordpress.com