June 17, 2015
What does governance mean in SharePoint? How do you get to good governance? Do you really need governance? What happens if you don’t have governance, or do it poorly?
Bring your questions and Jim will bring his experience building SharePoint governance in multiple organizations. We’ll discuss governance basics and help get you going in the right direction.
(Unlike the "Group Therapy" session, this is a straight-up presentation, though the Q&A at the end can be used by the audience to ask their specific questions)
2. WWW.SPBIZCONF.COM
Agenda
• Who AM I
• Who Are You
• What is Governance
• Consequences
• Mode, Philosophy and Model
• What should be in your governance plan
• Governance Committee
• Carrots and Sticks
• Decisions, Decisions, Decisions
• Final Thoughts
5. WWW.SPBIZCONF.COM
Want to be in danger of F-Bombs?
Join me at SharePoint Engage
October 20-21, 2015 in Raleigh-Durham
http://sharepointinstitute.com/sharepoint-engage/
12. WWW.SPBIZCONF.COM
What is Governance?
• Who is responsible
• What they are responsible for
• Best Practices – what you SHOULD be
doing
• Thou Shalt Nots – what you SHOULDN’T be
doing
• Change Management
18. WWW.SPBIZCONF.COM
What Makes SharePoint
Governance Special?
• Collaboration platforms are pretty new
• Business hasn’t really figured it out yet
• SharePoint is complicated
• SharePoint is a POWERFUL tool
• “With Great Power comes Great
Responsibility”
21. WWW.SPBIZCONF.COM
Undesirable Outcomes
• Users cannot find what they are looking for/Site Sprawl
• Managing the system takes too much IT resources
• Content seen by the wrong people and/or can’t be seen
by the right people
• System performs poorly
• Doesn’t help users get their jobs done or even makes
their jobs more difficult
• Users use non-approved systems to get around IT
22. WWW.SPBIZCONF.COM
Desirable Outcomes
• Content is findable
• Content securely available only to correct
people
• System is manageable
• System performs well
• Serves the business’ needs (Alignment!)
31. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
• What do we need SharePoint to accomplish
in order to meet our business objectives?
– What are our business objectives?
– What SharePoint features enable achievement
of business objectives or enhance efficiency
toward reaching those objectives?
34. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
• Physical Architecture
• Logical Architecture
• Who is responsible for what
– Backup & Disaster Recovery
– Maintenance
– Administration
35. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
• Administration
– System
– Farm
– Site Collections
– Sites
• Does Site/SC Administration include User
Management?
36. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
Sprawl Management
– Who can authorize site creation
– Duplication Prevention
– Chain of custody
– Expiration
• Department sites/Team sites/Project sites
– Decision tree
37. WWW.SPBIZCONF.COM
Do You Really Need That Site?
• What is a site?
– A site is a collection of lists, libraries and pages with similar ownership, access rights, and intent.
• When should a site be created?
– Consider creating a site when:
1. Content access controls are different
2. Content ownership is different from that of existing sites
3. Intent of the content is significantly different from existing sites
4. Content is of significant complexity and volume (for example, if a group needs its own calendar,
document library and lists with multiple content types and tags specific to that group)
• When should you consider other options?
– If the content is minimal (only a few documents)
– If the ownership or purpose matches an existing site
• Other Considerations
– Sites should have clear ownership (both a sponsor and a content manager).
38. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
Customization Management
– Who can authorize customization
– Who is responsible for requirements gathering
– Dev/Test/Production Plan
• If you don’t have dev/Test environment(s), you
actually don’t have a PRODUCTION environment!
– Testing and deployment of customizations
39. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
• SLA – Service Level Agreement
– Performance Monitoring
– Disaster Recovery
– Issue Resolution
– Customization
• Change Management Plan
– For SharePoint
– For your governance plan
40. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
• Content Management
– Duplication Prevention
– Content Ownership
– Content Expiration
– Retention Plan
– Content Auditing
– Content Approval
– Content types and Metadata
41. WWW.SPBIZCONF.COM
What Should Be in Your Plan?
• Presentation Management
– Branding
– Page layout and organization
• Governance Committee
– Composition
– Frequency
– Responsibilities
43. WWW.SPBIZCONF.COM
Governance Committee
• Business Alignment!
• SLA Compliance
• Change Requests
– Governance Plan changes
– Major Changes
• How minor the decisions made at this level
determines frequency of meetings!
44. WWW.SPBIZCONF.COM
Carrots and Sticks
• HR Discipline procedures
• PIP
• Annual Review metrics (for bonuses and pay
raises)
• Gamification
– Recognition
– Prizes (requires a budget, but doesn’t have to
be big!)
45. WWW.SPBIZCONF.COM
Lots of decisions!
Governance Guiding Principle Implication Remember …
Policies are tied to the scope and intention
of the site. Governance policies will be more
flexible for sites with more limited access
than they will for sites that are shared with a
broad audience.
The different audiences for sites allow you to adapt
the governance model according to business needs.
While some policies will be enforced across the
entire organization, others may be determined by
each site owner. This means that there may be some
content that will not be as structured or searchable
compared to other content that will be consistently
“managed.”
One size does not fit all. Yes, we’ve got
rules but we’re smart enough to know
when it’s appropriate to deviate from a
standard in order to achieve a business
objective more effectively.
Even though SharePoint 2013 Server may be
a new vehicle for collaboration, SharePoint
content is governed by all general policies
pertaining to the use of IT resources,
including privacy, copyright, records
retention, confidentiality, document
security, and so on.
Content ownership, security, management, and
contribution privileges are distributed across the
entire organization, including users who may not
have had content contribution, security or records
management privileges in the past. All content
contributors need to be aware of organization
policies for business appropriate use of IT resources.
Existing rules still apply – would you
want your
mother/boss/customer/client to see
this picture? Should your
mother/boss/customer/client be able
to see this content?
46. WWW.SPBIZCONF.COM
Lots of decisions!
Governance Guiding Principle Implication Remember …
SECURITY PRINCIPLES
Overall firm security policies about who can
see what content still apply and govern the
portal.
Users need to think about where content is
published to ensure that confidential content is only
shared on sites with limited access.
Publish to meet the “need to know”
standards for your organization: no
more, no less!
Role-based security will govern access
control and permissions on each area of the
portal (intranet and extranet).
Users may have different permissions on different
areas of the portal, which has an implication for both
governance and training. While most users may not
have content contribution privileges for tightly
governed intranet pages, all users have “full control”
privileges on their My Site Web sites.
You may not have the same permissions
on every page of the portal.
47. WWW.SPBIZCONF.COM
Lots of decisions!
Security –
• When possible, use Active Directory groups.
– Pro – This provides a single location to add and
remove users.
– Con – Limited visibility to end users (“Is X a
member of this site?”)
– Con – Users cannot be added to AD Groups by site
owners
48. WWW.SPBIZCONF.COM
Lots of decisions!
Security –
• Add AD Groups and individuals to SharePoint Groups (do not assign
SharePoint permissions directly to either individuals or to AD Groups).
– Pro – This gives a single location inside SharePoint to add and remove
users from SharePoint permissions
– Con – Requires some advance planning to make sure groups (both AD
and SharePoint) are designed properly
– Con – Site content must be placed in appropriate containers with rights
appropriately applied
– Con – Site administrators must understand the security design of their
sites and the memberships of the groups.
49. WWW.SPBIZCONF.COM
Lots of decisions!
Security –
• Avoid breaking inheritance within sites as much as is practical.
Design security groups to live inside the sites with proper
inheritance before breaking inheritance. Avoid applying
permissions to individual objects (documents, list items, etc).
• Avoid using folders. While folders can make appropriate
security boundaries within a library, they can cause unexpected
results in workflows and permissions assignments. Use
metadata (like managed metadata, tagging and site or list
columns) to provide logical groupings of files, and create views
based on those groupings.
50. WWW.SPBIZCONF.COM
Lots of decisions!
Governance Guiding Principle Implication Remember …
CONTENT PRINCIPLES
All content is posted in just one place. Users
who need access to content should create
links to the Document ID for the document
to access the content from its
“authoritative” location.
This means that the official version of a document is
posted once by the content owner (which may be a
department, not necessarily an individual). For the
reader’s convenience, users may create a link to the
official copy of a document from anywhere in
SharePoint Server, but should not post a
“convenience copy.”
Users should not post copies of documents to their
personal hard drives or My Site Web sites if they
exist elsewhere in the solution.
One copy of a document.
51. WWW.SPBIZCONF.COM
Lots of decisions!
Governance Guiding Principle Implication Remember …
CONTENT PRINCIPLES
Edit in place – don’t delete documents to
create new version.
Version control will be enabled in document libraries
where prior versions need to be retained during
document creation or editing. If prior versions need
to be retained permanently for legal purposes, “old”
versions of documents should be stored in an
archive location or library. Documents will be edited
in place rather than deleted and added again so that
document links created by other users will not
break. Limits for version retention should be
created and enforced.
Someone may be linking to your
documents. Update, don’t delete!
52. WWW.SPBIZCONF.COM
Lots of decisions!
Governance Guiding Principle Implication Remember …
Content PRINCIPLES
Site Sponsors/Owners are accountable, but
everyone owns the responsibility for content
management.
All content that is posted to a site and shared by
more than a small team will be governed by a
content management process that ensures content
is accurate, relevant, and current. Site
Sponsors/Owners are responsible and accountable
for content quality and currency and archiving old
content on a timely basis but site users are
responsible for making Site Sponsors/Owners aware
of content that needs updating.
We’re all responsible for content
management.
Links instead of e-mail attachments. Users should send links to content whenever
possible rather than e-mail attachments.
No more e-mail attachments!
53. WWW.SPBIZCONF.COM
Final Thoughts
• Governance Plan <> Governance
• Include a Training Plan in your Governance plan!
• Buy-in is critical!
• Your goals: Content Findability & Security, System
Performance & Manageability, and Business
Alignment
55. WWW.SPBIZCONF.COM
Stay in touch!
Feel free to contact me or connect with me:
– @dlairman and @SPointTherapist
– jim@adcock.net
– http://www.linkedin.com/in/jimadcock
– http://SharePointTherapist.com
– http://dlairman.wordpress.com