1. Guidelines for SharePoint Governance 26.april 2009 Kjell-Sverre Jerijærvi Microsoft

2. SharePoint Governance Checklist Always use the checklist guide whitepaper Customers find the guidance very useful, strongly recommended Aspects covered includes Design-time and run-time governance Roles and ownership Information architecture, navigation and findability Branding Infrastructure and operations Testing and development Each checklist has a related tips & information section http://technet.microsoft.com/en-us/library/cc261826.aspx

3. Start With Simple Governance Architecture Governance Logical architecture model based on Information Architecture and capacity, sharing and isolation, configurable items, administration, and planning recommendations Farm design Site-collection structure Information asset structure …to create a workable design considering hard and soft limits Adapt governance according to targeted solution SharePoint as an Enterprise 2.0 platform Business applications hosted in SharePoint Push vs Pull: http://www.johnhagel.com/view20051015.shtml

4. Start With Simple Governance Required Operational Governance Availability Farm with redundancy Monitoring Backup and Recovery Policies must be defined and enforced Restore specific information assets Tested disaster recovery plan Make sure that complete solution can be restored within allowed time limit

5. Start With Simple Governance Minimum Governance Site Lifecycle Management (SLM) Policies (owners, free/paid, lifespan, inactivity, deletion, etc) Automation of SLM through site creation wizard and timer jobs Site delete capture Content Type (metadata) definitions Classification of all information assets, from sites to documents At least the “closed” content types (the immutable base metadata)

6. Start With Simple Governance Optional Governance User Lifecycle Management (ULM) Manage the lifecycle of accounts as people starts, transfers, quits Policies for permissions and ownership of information assets Automation of ULM though partner/open solutions Visibility into usage Visibility into permissions

7. Site Lifecycle Management Governing Sites from Creation to Deletion SLM policies must be defined and enforced Standard SLM only for site-collections Site use confirmation and deletion Custom Site Creation Wizard Use only if ootb SLM functionality is not sufficient Develop custom wizard to collection data related to SLM Store SLM data in site properties Develop timer job to enforce SLM policies Site Delete Capture Do not rely on database backup to restore deleted sites (backup media retention timespan might be shorter than SLM restore policy timespan) MSIT tool: http://www.codeplex.com/governance

8. User Lifecycle Management Governing Users from Creation to Deletion ULM policies must be defined and enforced Related to information security Information asset permissions must be managed when Account is removed/deleted User transfers to another department Information asset ownership must be managed when Account is removed/deleted User transfers to another department Recommended partner solutions: DeliverPoint ControlPoint

9. Content Type Governance Using Content Types for Content Classification Always create company specific base content types Use few required metadata fields Use sensible default values where possible Follow “Open/Closed” principle for content type hierarchy Support the Office 2007 Document Information Panel (DIP) Decide and enforce behavior Policies Workflows / Event receivers Information management policies Retention, Auditing, Labeling / barcodes

10. Document Template Governance Using Templates in Content Types Shared templates Manage and store templates in a central location Do not store templates directly in content types, always reference the central shared templates http://weblogs.asp.net/mnissen/archive/2008/10/18/sensible-document-template-file-management-with-sharepoint.aspx

11. List Definition Governance Use Lists Based on Content Types List content Use only a few content types Content types must be cohesive Prefer list views over folders List permissions Prefer using inherited permissions Avoid user item level permissions Content Management Versioning, Check-in/out, Workflows / Event receivers Information Rights Management Policies for usage and access restrictions Information management policies Retention, Auditing, Labeling / barcodes

12. Search Governance Findability and Information Security Ease of adding information assets to correct location Users should not have to enter a lot of required metadata Users should not have to browse/navigate a lot to store content Task context should deduce location, ref CRM document store Metadata tagging through content types for all findable assets Search scopes Faceted search http://www.codeplex.com/FacetedSearch Information isolation Separate SSP or even separate farms

13. Permissions Guidance Simple Permissions Policies is More Secure Use SP groups to manage user group memberships Build your SP groups from AD security groups Do not assign permissions to single users, always assign to groups Prefer inherited user groups (role definitions) Prefer inherited permissions (role assignments) Avoid assigning item level permissions Site-collections are preferred permission management boundaries The more diverse and fine-grained permissions assignments you have, the harder it is to know who has access to what – and the more likely it is that there will be information security breaches

14. Shared Metadata Governance (pre-2010) Metadata across Multiple Site-Collections Metadata Content types with site columns including lookups List definitions Management and distribution from master to applications Reference data Typically values for lookup type site columns Management and distribution from master to applications Always plan and test how to replicate shared metadata across your designed site-collection topology Metadata replication software Custom development Echo or DocAve Look for new functionality in Office 14

15. Metadata Usage (pre-2010) Open Solutions @ CodePlex Community Kit Social bookmarking Tag cloud Enhanced wiki edition Enhanced blog edition Enhanced discussion board edition http://www.codeplex.com/CKS Faceted search http://www.codeplex.com/FacetedSearch …and a lot more not related to metadata http://sharepoint.microsoft.com/blogs/mikeg/Lists/Posts/Post.aspx?ID=1066

16. Quota Governance SharePoint Administration, SQL Server Monitoring Plan for software boundaries http://technet.microsoft.com/en-us/library/cc262787.aspx MySite (site-collection) Storage size (default 100MB) Site-Collection Storage size Notification e-mail on size threshold Usage reports Document Upload size (default 50MB, max 2GB) Content Database Recommended max 200GB Recommended max 50.000 site-collections pr DB

17. Development Governance Design-Time Governance for Upgradability Site Design Use standard site-definitions with feature stapling Avoid custom site-definitions and site-templates Do not use SharePoint Designer, except for prototyping http://msdn.microsoft.com/en-us/magazine/cc507633.aspx Workflows Do not use SharePoint Designer, except for prototyping Branding Do not use SharePoint Designer, except for prototyping Document Information Panel (DIP) Prefer standard DIPs, avoid customization If customized using InfoPath, all clients must have InfoPath installed to use the customized DIPs

18. Patterns & Practices SharePoint Guidance Guidance & ReferenceImplementation Helps architects and developers design, build, test, deploy, and upgrade SharePoint intranet applications Demonstrates solutions to common architectural, development, and application lifecycle management challenges http://www.microsoft.com/downloads/details.aspx?FamilyId=C3722DBA-6EE7-4E0E-82B5-FDAF3C5EC927&displaylang=en http://spg.codeplex.com/