In-Depth
Build a Successful SharePoint Governance Plan
Coming up with a viable governance strategy is critical and requires a careful balancing act.
Attend any SharePoint conference and you'll see several sessions on the schedule highlighting the importance of SharePoint governance. Inevitably, speakers tell a story that resonates with the vast universe of organizations that use SharePoint. "We launched SharePoint, it grew like an out-of-control wildfire, and now, we need to put that fire out," is the typical refrain. So it goes, organization after organization -- SharePoint governance was an afterthought. SharePoint governance is the "solution" after the problem is already out-of-hand, rather than the mechanism designed to stop the problem from transpiring in the first place.
Nearly half of those responding to a survey last year by the Association for Information and Information Management (AIIM) said it has become easier to find SharePoint governance resources. At the same time, 30 percent still felt their organizations had "big issues" with governance and security in their SharePoint implementations.
The traditionally accepted top-down SharePoint governance model, however, is far less valuable in an era where it has evolved from a complex documents and records management platform, into a full-blown enterprise content management system complete with multi-dimensional social tools. The governance model, once simple -- though generally ignored by IT executives and SharePoint administrators -- now requires a careful balancing act.
The prevalent SharePoint pyramid (see Figure 1), where governance is tightly controlled at the top, and less controlled at the bottom, isn't an accurate depiction of the current struggles facing organizations with large SharePoint implementations including management of social collaboration, the bring your own device (BYOD) revolution and the common challenge of SharePoint site sprawl. A well-executed governance plan compares the various elements of governance and balances security with the current evolution of business mobility (see Figure 2).
Why Bother?
Governance plans are insurance. But, like changing insurance providers, governance is a pain. It consumes resources, those who presumably already have full-time responsibilities. Also, it requires vigilance, dedication and a general commitment to excellence -- all of which our organizations strive to embody, but at a macro-level. The trickle-down effect rarely reaches the SharePoint trenches. So why create all the fuss?
Consider the high-costs of implementing SharePoint -- some estimates suggest that an organization of 3,000 employees will spend more than $4 million in SharePoint-related costs over a three-year period. Combine that with the fact that many organizations are turning to SharePoint as their enterprise content management (ECM) platform, which houses mission-critical and sensitive data, and suddenly an insurance policy designed to protect and potentially improve your investment isn't a terrible idea.
Steps for Success
First, forget the phrase "successful SharePoint governance." Success implies completion -- and governance is never complete. "Governed SharePoint business improvement" is a more accurate description of the perpetual cycle of improvement in a SharePoint implementation supported by a solid SharePoint governance plan and an active governance committee.
Second, define measurable milestones for improvement. Without a clear declaration of what constitutes improvement, even the most well-intentioned governance plan will fall flat. Each policy and procedure outlined in a SharePoint governance plan should be a quantifiable milestone. For example, as SharePoint implementations become larger and less centralized, organizations struggle to "stop" business units from placing duplicate content in sub-site after sub-site. This is a specific problem that can be addressed with sound governance policies and socialization.
In this example, success in governance can be demonstrated by continually measuring and benchmarking the number of duplicate documents in the system. As the number goes down, it becomes evident that the SharePoint governance policy addressing this issue is successful.
Governance committees should continually document and measure metrics to demonstrate the extent to which their governing process is improving the overall SharePoint enterprise.
Third, create a governance committee empowered to actually govern. According to the 2014 IT Priorities Survey from Protiviti Inc., while IT Executives face significant competing priorities, nearly half of all organizations still rely on IT to deploy, configure and launch SharePoint. Information governance and management programs rank in the top five among the significant priorities for CIOs and fellow IT executives -- topped only by the significance of IT project management, virtualization and cloud computing. SharePoint governance is only one aspect of the larger information governance puzzle, but given organization's commitments to collaborative technologies such as SharePoint, its importance can't be over-stressed.
SharePoint governance committees, the voice of the SharePoint governance plan, are not only comprised of representatives from the business and IT sides of the organization, but also executives and organizational champions. Individuals, regardless of their position or role at an organization, who lead by example and are role models to their fellow colleagues, are invaluable assets in any SharePoint governance planning process.
Despite adherence to this mix-composition plan, many governance committees still fail in their quest to draft and effectively implement SharePoint governance. The problem is three-fold. One, these governance committees aren't recognized as legitimate policy-making bodies in the organization. They're generally considered project-based committees, not governing bodies. The distinction is critical. Project committees live in silos; governing bodies have the support and infrastructure in place to touch all aspects of the business. An effective governance committee depends on its ability to make and, perhaps more important, enforce decisions and policies around all aspects of SharePoint technology and information. Second, they're not given the resources, both financial and human, to socialize SharePoint governance via multiple channels. Last, participants aren't recognized as going above and beyond their typical job responsibilities to participate in an activity that's for the improvement of the entire organization.
"Often clients do some of the things the best practices guidance recommends despite not having a governance team, but it is hit or miss and the misses gradually erode at the integrity of the project and the system," says SharePoint MVP Doug Hemminger.
Most governance committees suffer from at least one of these flaws, and perhaps can compensate for the shortcomings that come with the imperfection of any business process, but any combination of these flaws can prove fatal to the best-intentioned committees.
The fourth step for success is to write appropriate, concise, thorough and useful content. Microsoft highlighted in a TechNet Library article the importance of a governance plan that distinguishes IT governance, application management and information management.
Governance plans will mature as an organization's SharePoint implementation matures. Likewise, governance plan content will have different points of emphasis at different organizations. For example, Office 365 and SharePoint online governance plans are less technical, but place a heavy emphasis on social content and other collaborative tools available in the online SharePoint environment. In such cases, technical governance is less significant because Microsoft bears the burden of many of the technical governance decisions that an organization with an on-premises SharePoint solution would otherwise have to resolve.
Governance plans should include the following core elements:
- Operational Management
- Technical Operations
- Site and Security Administration
- Content Administration
- Personal and Social Administration
The extent to which each of the broad categories is defined will depend entirely on the maturity of an organization's SharePoint implementation.
Operational Management: Operational management defines not only the membership of the governance committee, but more important, its role and responsibility to the larger SharePoint community. It defines all the roles and related responsibilities necessary to run an effective SharePoint solution.
Technical Operations: Technical operations outline the basic technical structures, requirements and quotas for the SharePoint environment. It references existing documents defining SharePoint architecture or existing IT policies such as uptime and backup requirements. It also defines the authentication mechanisms by which users access the site -- if necessary, defining in detail the differences between internal and external users and the processes for provisioning and de-provisioning access for users.
Site and Security Administration: The aforementioned TechNet Library article also suggests, rightly so, different types of SharePoint sub-sites can, and likely should be governed in different ways. This makes for a potentially complex, but ultimately more thorough picture of content governance. Site and security administration articulates the use cases for different site templates in SharePoint. It also dictates the procedures for the following:
- Site provisioning
- Site de-provisioning
- Site ownership and responsibilities associated with ownership
- Permissions structures and best practices
- Different use cases for Yammer groups vs. SharePoint sites
Content Administration: Content administration is typically the most difficult element to define for governance committees, largely because by the time governance is put in place, defining a vast wasteland of content is an overwhelming proposition. Information management is more easily addressed when the SharePoint implementation is rooted in a foundation of sound information architecture. Content administration covers a wide range of topics, including:
- Defining the differences between business-critical and non-critical content
- Creating guidelines for the use of metadata, content types and workflows
- Determining review cycles for content, and policies enforcing archiving and deleting of content
- Legal considerations regarding document and content retention, and the associated retention policies
- Administration and use cases for lists, libraries, pages and different Web Parts
Personal and Social Administration: Not too long ago, many SharePoint implementations completely deactivated all social and personal features. MySites weren't introduced to internal audiences, profiles were barely editable and were mostly populated via outdated Active Directory information, and the probability of an active discussion list was incredibly low. However, since the introduction of SharePoint 2013, Microsoft's acquisition of Yammer and the company's emphasis on Office 365, it's no longer possible for IT teams to turn a blind eye.
Indeed, according to the Computerworld 2013 State of the Enterprise survey, 73 percent said their companies have deployed or are currently deploying a wide range of collaboration technologies. In fact, more than 50 percent said they believe collaborative technologies give their companies a competitive edge, and the implementation of such tools is critical to the future success of the business.
All of this is to say that policies and procedures for personal and social use of SharePoint, and the wider suite of Office 365 applications, cannot be ignored.
Personal and social governance doesn't necessarily have to be complicated. From a social perspective, most organizations already have a published Social Media policy. That policy should be referenced regarding the use of any "social" tool, regardless of internal or external use. Additionally, the ubiquity of sites such as LinkedIn have inadvertently educated professionals worldwide on the perils of unprofessional social activity, and the benefits of thoughtful knowledge contribution in professional communities of practice.
Personal administration suggests a user will be allowed to manage some aspects of his profile, and store and share business documents in personal sites and libraries. Communicating quotas and storage limits for personal libraries will prove effective. Additionally, giving the some control over his own profile has significant benefits in communities where knowledge sharing and specialized skill sets are sought after.
Governance Implementation
Finally, buy a SharePoint governance tool (see "7 SharePoint Governance Tools,"). From an IT resourcing perspective it's unrealistic to expect that a human will oversee the majority of the policies and procedures defined in the SharePoint governance plan. There are sophisticated tools that will monitor and automate nearly all of the scenarios defined in the governance plan, making the actual implementation of the plan possible.
There are also smaller, less-sophisticated governance tools available that still have a very valid place in the marketplace. Not only do these tools put SharePoint governance automation in the realm of possibility for smaller organizations with tighter budgets, but they also generally have a less-steep learning curve and can be effectively utilized by even the most resource-stretched IT departments.