So you've heard about "Governance" from all angles in the SharePoint community-the fact that you need "People" to define "Policies", but what Processes are actually required to bring this to fruition? This session will discuss how to bring these three P's together by enforcing established Policies through Processes built using out-of-the-box SharePoint by the People (SharePoint IT Administrators and Site Owners). The session will cover what is feasible using native SharePoint 2010 functionality, and what to watch for to ensure you are planning for common challenges customers face.
2. A big thanks to our sponsors
Platinum Sponsors
Gold Premium Sponsors Venue Sponsor
Gold Sponsors
3. AGENDA
• Definition and Purpose of Governance
• SharePoint Governance Challenges
• IT Governance
• Information Governance
• Application Management
• What does SharePoint Governance look like?
• Out of the box capabilities
• When to think about additional technology options
• Final Considerations
4. KEY PLAYERS OF GOVERNANCE
People
Policy Process
Technology
7. TODAY’S FOCUS AREAS FOR SHAREPOINT
GOVERNANCE
IT governance of the
software itself and the
services you provide
IT Information
Governance
Information governance of
Governance
the content and information
that users store in those
services.
Application
Management
Application governance of
the custom solutions you
provide
9. GETTING THE RIGHT TOOLS FOR THE JOB…
• Standard administration interfaces
• Quotas, locks, permissions, records
management
• Powershell
• Administrative functions, Data
protection
• SharePoint services and features
• Managed metadata service for
classification
• ISV solutions for management
• SharePoint Designer, Visual Studio Manual
Automated
10. WHAT TO GOVERN IN SHAREPOINT?
• Best Practices: Quotas and Limits
• Content: Site lifecycle management
• Social or not? Impact = Exposure
If this leaks, will it hurt
Value = Availability
If this isn’t available,
my business? can my business run?
Asset classification
• Security, Infrastructure and Web Application policies
• Service Level Agreement
11. IT GOVERNANCE
Centrally
Managed Locally
Managed
Software, Services, and
Sites are hosted and Software, Services, and Sites
managed centrally by a core are hosted and managed
IT group locally by individual groups
A successful IT service includes the following elements:
• A governing group defines the initial offerings, policies, and evaluates success of the service
• The policies you develop are communicated to your enterprise and are enforced
• Users are encouraged to use the service and not create their own solutions – installations are tracked
• Multiple services are offered to meet different needs in your organization
12. SERVICE-LEVEL AGREEMENTS SHOULD
INCLUDE:
• Length of time and approvals necessary to create a site.
• Costs for users/departments.
• Operations-level agreement – which teams perform which operations and
how frequently.
• Policies around problem resolution through a help desk.
• Negotiated performance targets for first load of a site, subsequent loads,
and performance at remote locations.
• Availability, recovery, load balancing, and failover strategies.
• Customization policies.
• Storage limits for content and sites.
• How to handle inactive or stale sites.
13. THROTTLING AND LIMITS
Function Limit Configurable
List View Threshold 5,000 (20,000 for admins & Yes, Central Admin/web App
auditors) Settings
List View Lookup 8 Yes, Central Admin/web App
Settings
Allow OM Override On by default Yes, Central Admin/web App
Settings
Daily time window None Yes, Central Admin/web App
Settings
Indexes Per List 20 No
Unique Permissions 50,000 Yes, Central Admin/web App
Settings
SharePoint Workspace 30,000 No
14. SOCIAL
Social Feature Benefits Considerations
Tagging Navigation, Search, Personal Content Control, Security,
Search
Note Board Quick communication Content Control, Security,
Search
Ratings Feedback Usage
Bookmarklets Quick and easy links External links
Expertise Find people Examples, Privacy, Content
Control
Profiles Additional Info Privacy, Content Control
Blogs Knowledge Transfer Corporate Policy
Wikis Knowledge Transfer Performance and Policy
Discussion Boards Knowledge Transfer Moderation and Policy
16. SIMPLIFYING IT GOVERNANCE
IMPLEMENTATION WITH TECHNOLOGY
CONSIDER 3RD PARTY TOOLS TO:
• Centrally enforce limitations – plans and policies for
• Data Protection, Recovery, and Availability
• Audit Policies
• Permission management
• Scalability in Management
• Giving IT Teams the technology to manage thousands of users
• Terabytes of Content
• Millions of Audit Records
17. INFORMATION GOVERNANCE
Loosely
Managed Highly
Restricted
Content is tagged only socially and Content is tagged with structured
not tracked; permissions and metadata, permissions are tightly
archiving are not controlled or controlled, content is archived or purged
managed. per retention schedules.
Appropriate for: Appropriate for:
• Low-business-impact • Structured content
content • High-business-impact content
• Short-term projects • Personal identifiable information
• Records • Records
• Collaboration
19. INFORMATION ARCHITECTURE
Wireframe & Search &
Site Map Navigation
Information
Architecture
Managed
Content Types
Metadata
20. MANAGEMENT CONTROLS AND SCOPES
Farm
Service
Zone Web Application
Application
Content DB
Site collection
Top-level site
Sub site List/Library Sub site
[Folder]
Item / Document
21. QUESTIONS TO ASK WHEN DESIGNING A SITE OR
SOLUTION:
• How will the site or solution be structured and divided into a set of site collections and
sites?
• How will data be presented?
• How will site users navigate?
• How will search be configured and optimized?
• Is there content you specifically want to include or exclude from search?
• What types of content will live on sites?
• How will content be tagged and how will metadata be managed?
• Does any of the content on the sites have unique security needs?
• What is the authoritative source for terms?
• How will information be targeted at specific audiences?
• Do you need to have language- or product-specific versions of your sites?
http://www.criticalpathtraining.com/Members/Pages/Presentations.aspx
Incorporating Managed Metadata in Custom Solutions in SharePoint 2010 Session
22. INFORMATION ACCESS
Information Management:
IT Governance: Access
Permissions and Audiences
Should I use How do I make
How do I structure How do I target How do I make this
Information Rights sure that only
permissions in a content to specific content accessible
Management (IRM) people who need
site? audiences? to external users?
to protect content? access have it?
Determine the rules or policies that you need to have in place for the following
types of items:
• Pages • Blogs and Wikis
• Lists • Anonymous comments
• Documents • Anonymous access
• Records • Terms and term sets
• Rich media • External data
26. SHAREPOINT 2010 IM: IN PLACE RECORDS
LOCK DOWN DOCUMENTS, PAGES, AND LIST ITEMS WITHOUT AN
ARCHIVE
Declare items
records in bulk
Lock down non-
document content,
like wikis
27. IN PLACE RECORDS & POLICIES
CREATE SEPARATE RETENTION SCHEDULES FOR RECORDS
Different policies
for records
Schedule
declaration as part
of lifecycle policy
28. APPLICATION MANAGEMENT
Strictly
Managed Loosely
Managed
Customizations must adhere to
customization policy, deployments Rules about development
and updates tested and rigorously environments or customizations
managed. are less rigid.
Determine customization types you want to allow, and how to manage them:
• Service level descriptions • Guidelines for updating customizations
• Processes for analyzing customizations • Approved tools for development
• Process for piloting and testing customizations • Who is responsible for ongoing code support
• Guidelines for packaging and deploying • Specific policies regarding each potential type of
customizations customization (done through the UI or SD)
29. CUSTOMIZATIONS & BRANDING
• Isolate custom solutions: Sandbox Solutions
• Cannot use certain computer and network resources
• Cannot access content outside the site collection they are deployed in.
• Can be deployed by a site collection administrator.
• Governed: only a farm administrator can promote a sandboxed solution to run
directly on the farm in full trust.
• Master Pages and Page Layouts
• Themes
• To “Designer” or not to “Designer”
• Separate development, pre-production, and production environments (keep
these environments in sync)
30. CHALLENGES WITH SHAREPOINT
DEVELOPMENT
• Environment setup
• Platform learning curve
• Toolset support
• Team development
• Versioned releases
34. GOVERNANCE PLANS
Quotas Customizations Information
10 GB SP Designer Ownership
50 GB Site Galleries Content Types
100 GB Sandbox Solutions Ethical Walls
Backup Storage InfoMgmt Auditing
1 hour Tier 1 – SAN 7 years Full Audit
1 day Tier 2 – NAS 3 years Views + Edits
1 week Tier 3 – Azure 1 year Views
35. SHAREPOINT POLICY BUNDLES
Gold Silver Bronze
Backup 1 hour 1 day 1 week
Storage Policy (RBS) Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure
Info Mgmt Policies 7 years 3 years 1 year
Auditing Full View + Edits Views
SharePoint Designer Enabled Disabled Disabled
Content Database Isolated DB Shared Shared
Sandboxed Solutions Enabled Disabled Disabled
Quota 100Gb 50Gb 10Gb
Cost $$$$$$ $$$$ $$
36. SERVICE REQUEST TYPES – SURFACING
OPTIONS TO CONTENT OWNERS AND BUSINESS
USERS
• Site Collection Request
• Transfer / Clone User Request
• Site Collection Content Lifecycle Request
• Sub-site Request
• Content Move Request
• Solution Package Deployment Request
• Gallery Artifact Deployment Request
• Recover Content Request
• Report Request
37. SERVICE REQUEST TYPE - SITE COLLECTION
REQUEST
Sales HR Project
Policy Silver Silver, Bronze Gold, Silver
Security Sales Management HR Management Marketing
Management
Site Templates Custom Sales Enterprise Wiki Team Site,
Template Publishing Site
Service Type Metadata Acct Type:
EPG/SMB/FIN
Workflow 1 Step 3 Step 2 Step
Global Metadata Location Location Location
Primary/Secondary *Fill in the blank* *Fill in the blank* *Fill in the blank*
Site Contact
39. GOVERNANCE AND TRAINING
• Governance doesn't
work without user
adoption and
compliance.
• End-user training and
education, good content,
and search are keys to
user adoption.
• Document governance
plan.
40. GOVERNANCE STAKEHOLDERS
Form and use a governance group to create and maintain the policies and
include the following roles:
• Information architects or taxonomists
• Compliance officers
• Influential information workers
• IT technical specialists
• Development leaders
• Trainers
• IT managers
• Business division leaders
• Financial stakeholders
• Executive stakeholders
41. KEY TAKEAWAYS
• Governance is there to ensure IT solutions achieve business goals
• Start simple
• Training
• Keep it fresh
• Don’t have a policy unless you can enforce it
42. We need your feedback!
Scan this QR code or visit
http://svy.mk/sps2012be
Our sponsors:
43. CONTACT
AvePoint Mary Leigh
Phone Slides (sorry, no phone )
(201) 793-1111 www.slideshare.net/mlmackie
1-800-661-6588 (toll-free)
Email Email
sales@avepoint.com
maryleigh.mackie@avepoint.com
Social & Community Social & Community
www.DocAve.com www.DocAve.com
http://www.facebook.com/AvePointInc www.facebook.com/maryleigh.mackie
@AvePoint_Inc @mlmackie
44. RESOURCES
Product Info:
http://www.avepoint.com/sharepoint-
solutions/governance-and-compliance
NEW PRODUCT! Governance Automation:
http://www.avepoint.com/GovernanceA
utomation
Download a FREE, fully-enabled 30 Day trial of DocAve at
www.avepoint.com/download
Website houses all white papers, case studies, download links, datasheets, etc!
46. AVEPOINT: WHO WE ARE
Global Leader -- Microsoft® SharePoint Infrastructure Management
“Clearly AvePoint is making the most of both Microsoft technology and the Microsoft
Partner Network in its quest to create a profitable business.”
– Jon Roskill, Microsoft Corporate Vice President, Worldwide Partner Group