Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SharePoint Governance 101 - Austin SharePoint User Group August 2014


Published on

What you need to be thing about when you start to design your SharePoint Governance

Published in: Business
  • Be the first to comment

SharePoint Governance 101 - Austin SharePoint User Group August 2014

  1. 1. SharePoint Governance 101 August 2014
  2. 2. Agenda • Who AM I • Who Are You • What is Governance • Consequences • Mode, Philosophy and Model • What should be in your governance plan • Governance Committee • Carrots and Sticks • Decisions, Decisions, Decisions • Q&A • Final Thoughts
  3. 3. Parental Advisory Warning There May Be F-Bombs
  4. 4. Who Am I?
  5. 5. Who Am I?
  6. 6. Who Am I? Panelist Thursdays 11:30 am Online Vice-President Fridays, 10am Capital City Events Center Director, Enterprise Development
  7. 7. Who Am I? Advertising and marketing Government PII & PHI (social security numbers, financial & medical info) Multiple contractors (vendors) Defense & HLS software High security Also – Real estate, manufacturing, high-tech, consumer goods Construction
  8. 8. Who are You? • IT? • Business users? • Management? • Something else? • Anyone here an accidental SharePoint Administrator?
  9. 9. What is Governance? My definition: Responsible Stewardship of a resource in order to ensure effective utilization
  10. 10. What is Governance? • Who is responsible • What they are responsible for • Best Practices – what you SHOULD be doing • Thou Shalt Nots – what you SHOULDN’T be doing • Change Management
  11. 11. You Probably Already Have Some • Information Governance • IT Governance • Employee Handbook
  12. 12. You Probably Already Have Some To comply with: • GAAP • SOX • HIPPA • Labor regulations • Other Local, State and Federal Laws
  13. 13. What Makes SharePoint Governance Special?
  14. 14. What Makes SharePoint Governance Special? Marketing hype from Consultants
  15. 15. What Makes SharePoint Governance Special? • Collaboration platforms are pretty new • Business hasn’t really figured it out yet • SharePoint is complicated • SharePoint is a POWERFUL tool • “With Great Power comes Great Responsibility”
  16. 16. What Makes SharePoint Governance Special? Nothing
  17. 17. Let’s talk about consequences
  18. 18. Undesirable Outcomes • Users cannot find what they are looking for/Site Sprawl • Managing the system takes too much IT resources • Content seen by the wrong people and/or can’t be seen by the right people • System performs poorly • Doesn’t help users get their jobs done or even makes their jobs more difficult • Users use non-approved systems to get around IT
  19. 19. Desirable Outcomes • Content is findable • Content securely available only to correct people • System is manageable • System performs well • serves the business’ needs (Alignment!)
  20. 20. Here’s the thing about governance: It’s as unique as your organization
  21. 21. Governance Modes • Collaborative • Top-Down • Either way you need buy-in! • Mode is different from governing philosophy and Governance Model…
  22. 22. Governance Philosophy Control vs. Adoption More control Less adoption More chaos Greater adoption
  23. 23. Variable Levels of Control
  24. 24. Governance Plan • It’s Just Documentation • Documentation isn’t Governance • But you still need documentation!
  25. 25. Governance Planning Is… (All you have to do is think of everything)
  26. 26. Actual Governance? That’s HARD. Because people.
  27. 27. What Should Be in Your Plan? Your first decision: What is your SharePoint for?
  28. 28. What Should Be in Your Plan? • What do we need SharePoint to accomplish in order to meet our business objectives? – What are our business objectives? – What SharePoint features enable achievement of business objectives or enhance efficiency toward reaching those objectives?
  29. 29. What Should Be in Your Plan? A Training Plan!
  30. 30. What Should Be in Your Plan? WHY Rationale for the design choices you have made
  31. 31. What Should Be in Your Plan? • Physical Architecture • Logical Architecture • Who is responsible for what – Backup & Disaster Recovery – Maintenance – Administration
  32. 32. What Should Be in Your Plan? • Administration – System – Farm – Site Collections – Sites • Does Site/SC Administration include User Management?
  33. 33. What Should Be in Your Plan? Sprawl Management – Who can authorize site creation – Duplication Prevention – Chain of custody – Expiration • Department sites/Team sites/Project sites – Decision tree
  34. 34. Do You Really Need That Site? • What is a site? – A site is a collection of lists, libraries and pages with similar ownership, access rights, and intent. • When should a site be created? – Consider creating a site when: 1. Content access controls are different 2. Content ownership is different from that of existing sites 3. Intent of the content is significantly different from existing sites 4. Content is of significant complexity and volume (for example, if a group needs its own calendar, document library and lists with multiple content types and tags specific to that group) • When should you consider other options? – If the content is minimal (only a few documents) – If the ownership or purpose matches an existing site • Other Considerations – Sites should have clear ownership (both a sponsor and a content manager).
  35. 35. What Should Be in Your Plan? Customization Management – Who can authorize customization – Who is responsible for requirements gathering – Dev/Test/Production Plan • If you don’t have dev/Test environment(s), you actually don’t have a PRODUCTION environment! – Testing and deployment of customizations
  36. 36. What Should Be in Your Plan? • SLA – Service Level Agreement – Performance Monitoring – Disaster Recovery – Issue Resolution – Customization • Change Management Plan – For SharePoint – For your governance plan
  37. 37. What Should Be in Your Plan? • Content Management – Duplication Prevention – Content Ownership – Content Expiration – Retention Plan – Content Auditing – Content Approval – Content types and Metadata
  38. 38. What Should Be in Your Plan? • Presentation Management – Branding – Page layout and organization • Governance Committee – Composition – Frequency – Responsibilities
  39. 39. Governance Committee • Business Users • IT • Management • HR, Legal
  40. 40. Governance Committee • Business Alignment! • SLA Compliance • Change Requests – Governance Plan changes – Major Changes • How minor the decisions made at this level determines frequency of meetings!
  41. 41. Carrots and Sticks • HR Discipline procedures • PIP • Annual Review metrics (for bonuses and pay raises) • Gamification – Recognition – Prizes (requires a budget, but doesn’t have to be big!)
  42. 42. Lots of decisions! Governance Guiding Principle Implication Remember … Policies are tied to the scope and intention of the site. Governance policies will be more flexible for sites with more limited access than they will for sites that are shared with a broad audience. The different audiences for sites allow you to adapt the governance model according to business needs. While some policies will be enforced across the entire organization, others may be determined by each site owner. This means that there may be some content that will not be as structured or searchable compared to other content that will be consistently “managed.” One size does not fit all. Yes, we’ve got rules but we’re smart enough to know when it’s appropriate to deviate from a standard in order to achieve a business objective more effectively. Even though SharePoint 2013 Server may be a new vehicle for collaboration, SharePoint content is governed by all general policies pertaining to the use of IT resources, including privacy, copyright, records retention, confidentiality, document security, and so on. Content ownership, security, management, and contribution privileges are distributed across the entire organization, including users who may not have had content contribution, security or records management privileges in the past. All content contributors need to be aware of organization policies for business appropriate use of IT resources. Existing rules still apply – would you want your mother/boss/customer/client to see this picture? Should your mother/boss/customer/client be able to see this content?
  43. 43. Lots of decisions! Governance Guiding Principle Implication Remember … SECURITY PRINCIPLES Overall firm security policies about who can see what content still apply and govern the portal. Users need to think about where content is published to ensure that confidential content is only shared on sites with limited access. Publish to meet the “need to know” standards for your organization: no more, no less! Role-based security will govern access control and permissions on each area of the portal (intranet and extranet). Users may have different permissions on different areas of the portal, which has an implication for both governance and training. While most users may not have content contribution privileges for tightly governed intranet pages, all users have “full control” privileges on their My Site Web sites. You may not have the same permissions on every page of the portal.
  44. 44. Lots of decisions! Security – • When possible, use Active Directory groups. – Pro – This provides a single location to add and remove users. – Con – Limited visibility to end users (“Is X a member of this site?”) – Con – Users cannot be added to AD Groups by site owners
  45. 45. Lots of decisions! Security – • Add AD Groups and individuals to SharePoint Groups (do not assign SharePoint permissions directly to either individuals or to AD Groups). – Pro – This gives a single location inside SharePoint to add and remove users from SharePoint permissions – Con – Requires some advance planning to make sure groups (both AD and SharePoint) are designed properly – Con – Site content must be placed in appropriate containers with rights appropriately applied – Con – Site administrators must understand the security design of their sites and the memberships of the groups.
  46. 46. Lots of decisions! Security – • Avoid breaking inheritance within sites as much as is practical. Design security groups to live inside the sites with proper inheritance before breaking inheritance. Avoid applying permissions to individual objects (documents, list items, etc). • Avoid using folders. While folders can make appropriate security boundaries within a library, they can cause unexpected results in workflows and permissions assignments. Use metadata (like managed metadata, tagging and site or list columns) to provide logical groupings of files, and create views based on those groupings.
  47. 47. Lots of decisions! Governance Guiding Principle Implication Remember … CONTENT PRINCIPLES All content is posted in just one place. Users who need access to content should create links to the Document ID for the document to access the content from its “authoritative” location. This means that the official version of a document is posted once by the content owner (which may be a department, not necessarily an individual). For the reader’s convenience, users may create a link to the official copy of a document from anywhere in SharePoint Server, but should not post a “convenience copy.” Users should not post copies of documents to their personal hard drives or My Site Web sites if they exist elsewhere in the solution. One copy of a document.
  48. 48. Lots of decisions! Governance Guiding Principle Implication Remember … CONTENT PRINCIPLES Edit in place – don’t delete documents to create new version. Version control will be enabled in document libraries where prior versions need to be retained during document creation or editing. If prior versions need to be retained permanently for legal purposes, “old” versions of documents should be stored in an archive location or library. Documents will be edited in place rather than deleted and added again so that document links created by other users will not break. Limits for version retention should be created and enforced. Someone may be linking to your documents. Update, don’t delete!
  49. 49. Lots of decisions! Governance Guiding Principle Implication Remember … Content PRINCIPLES Site Sponsors/Owners are accountable, but everyone owns the responsibility for content management. All content that is posted to a site and shared by more than a small team will be governed by a content management process that ensures content is accurate, relevant, and current. Site Sponsors/Owners are responsible and accountable for content quality and currency and archiving old content on a timely basis but site users are responsible for making Site Sponsors/Owners aware of content that needs updating. We’re all responsible for content management. Links instead of e-mail attachments. Users should send links to content whenever possible rather than e-mail attachments. No more e-mail attachments!
  50. 50. Q&A
  51. 51. Final Thoughts • Governance Plan <> Governance • Include a Training Plan in your Governance plan! • Buy-in is critical! • Your goals: Content Findability & Security, System Performance & Manageability, and Business Alignment
  52. 52. Resources • us/library/ff848257(v=office.14).aspx • • int-governance-part-i-eating.html •
  53. 53. Stay in touch! Feel free to contact me or connect with me: – @dlairman and @SPointTherapist – – – –