My career in technology

Governance has become a hot topic in the SharePoint community.  This is my fourth installment exploring SharePoint governance.

In my first installment, I talked about Why SharePoint Governance is a hot topic (basically because without governance, you will have a mess).  Next, I talked about What SharePoint Governance is, or can be (more than just “Thou shalt not”!).  Most recently, I talked about the challenges to good governance that lurk in your organizational culture.

I hear a lot about how difficult it is to come up with a governance plan. In this post, I’m going to hand you your governance plan, on a silver platter. 

I’m kidding.  Seriously, I’m kidding.

A governance plan is as unique as a fingerprint. No two organizations are alike – from the structure of the organization to the organizational culture. The challenges each organization faces drives the shape of the SharePoint implementation, and the tolerances for organizational change and the current operational state limit the amount of progress that you can drive toward good governance.

There are templates and checklists available to help you get started, including one by Joel Oleson and Mark Wagner.  Let these templates and checklists become inspiration for your organization’s plan, and use them to help you understand some of the options available to you, and to inspire you to think about issues you have yet to consider, and perhaps spur you to think about issues in your environment that the template hasn’t considered.

Even though I can’t give you your plan, I can talk about the plan I am currently developing.

The sample governance plan I linked above is for a massive company, much larger than the organization I am helping to develop a plan for.  This is good, because it is easier to scale a document down than it is to scale it up without overlooking functions that are crucial to a larger organization but not relevant to a smaller one.  We started with the sample document, scaled it down… then threw it out.

In our organization (and likely yours, too), getting buy-in was absolutely essential.  And in our organization, no one was likely to take the time to really read the document and understand the whole of it, divine what was relevant to them, and actually adhere to the requirements.  The only thing worse than having no governance plan is having one that no one pays any attention to – you’ve put in all the time and work but still have the same failure as a result.

We started with the business alignment – mapping the capabilities of SharePoint with the needs and goals of the organization.  We distilled the governance plan down to a list of broad statements (cribbed from here and modified for our organization), governing principles and their implications, that cover the goals, the needs, and the mapped capabilities.  Once we had acceptance of the general principles, we followed it with a list of requirements that are more specific.  The total length of the principles and requirements is seven pages, with nice allotment of whitespace.  Here is an example of a principle and some requirements for it:

Governance Principles Implication Remember …
SharePoint content is governed by all general policies pertaining to the use of IT resources, including privacy, copyright, records retention, confidentiality, document security, and so on. Content ownership, security, management, and contribution privileges are distributed across the entire organization, including users who may not have had content contribution, security or records management privileges in the past. All content contributors need to be aware of organization policies for business appropriate use of IT resources. Existing rules still apply – would you want your mother/ boss/ customer/ client to see this picture? Should your mother/ boss/ customer/ client be able to see this content?
Content Requirements
Requirements Area Requirement Comment

Posting Content to Existing Pages or Sites

Site Sponsors are accountable for ensuring that the content posted on their pages is accurate and relevant and complies with records retention policies.  
Only post content that you “own” on a collaboration site or on your My Site Web site. Ownership means that the document is or was created by someone in your department and your department is committed to maintaining the content for its entire lifecycle. If a document is not owned by your department but access to the document is needed on your site, ask the owner to post it and then create a link to it on your site.  
Do not post content that we do not own the legal right to post electronically, including .PDFs or scanned images of journal articles or other documents from sources to which our organization does not have online publishing rights. A link may be created to this content on the content owner’s Web site.  

Roles and responsibilities are defined, both in the governance team and in the user community (another three pages).  A team has been tasked with specifying best practices, templates, and end-user training.  A separate team, in charge of Document and Records Management, is gathering specific requirements for content types, retention, workflows and disposition.  Each of these groups is charged with creating detailed specifications that flow from the general principles.

This layered approach is also how the company as a whole approaches policies, processes and procedures.  Procedures are derived from processes, and each process is mapped to a policy – the policy is the general statement, and the procedure is the fine-grained details of how those policies are carried out.

With this approach, we can get sign-off and buy-in by creating a series of documents and other content – checklists, FAQs, training materials, and more – so that what individuals are responsible for is findable, and can be presented and managed using the tools within SharePoint – workflows, audiences, tasks, search, and so on, rather than presenting an intimidating  monolithic document.

Hard Choices

We still have some hard choices in front of us.  For instance, Active Directory, or SharePoint Groups?  Using AD means a single source of the truth, only one place to have to maintain user memberships.  This comes at a price, though… transparency and flexibility.  Users don’t maintain AD memberships, I.T. does.  Without significant customization, users ability to see who is in the membership of a group is non-existent, so how are users going to be sure that everyone in a particular group should get rights to an area?  Users can’t add someone to a group to quickly give them access they need (and should have).  And committing to AD commits I.T. to keeping AD up-to-date at all times.  Using SharePoint Groups, on the other hand, provides the flexibility and visibility to the end users, but relies on the site managers (and our training program) to take the right actions, or on the purchase of third-party tools to help monitor user behavior. 

(Wait… did I use the word “monitor”?  That could be a problem…)

Next up, the final installment (for now) – SharePoint Governance – Law & Order (Hey, it was either reference a successful TV franchise or pull out a Dostoevsky reference…)

Read the whole series on SharePoint Governance:
Part One: SharePoint Governance – Why?
Part Two: SharePoint Governance – What is it?
Part Three: SharePoint Governance – vs Organizational Culture
Part Four: SharePoint Governance – Your Plan (You are here!)
Part Five: SharePoint Governance – Law & Order

More posts about SharePoint.

Comments on: "SharePoint Governance – Your Plan, on a Silver Platter" (5)

  1. Thanks Jim. We will soon begin transferring our intranet to SP2010 and this is very topical for me. I plan to keep our governance model sharp and short in the hope that users will actually refer to and be guided by it (pipedream?). I look forward to the next instalments.

  2. Tod Beane said:

    Jim, thanks for a great series. Looking forward to part 5.

    One comment regarding “Hard Choices”, though – Active Directory permissions can be MUCH easier than you describe, within an organization using MS Outlook:
    1. Have IT setup AD groups that are both security enabled, and e-mail enabled – these become distribution lists in the Outlook/Exchange Global Address List (without any significant customization).
    2. Designate a group “owner” with update rights (the owner can be a person, or another AD group)

    The result:
    – Any employee can view the AD group membership in the Outlook address list (simply click on the Distribution List entry, and view Properties)
    – The designated owner(s) can easily maintain Active Directory membership without further assistance from IT (from the list Properties, simply click Modify Members)

    We have been using this approach successfully for several years now – it’s visible, flexible, and simple to manage.

    Note 1: These AD groups can be nested, so for example changes at a lower organizational hierarchy (team) can roll up to higher levels (group, department, division, etc) and be used to keep permissions current across all related SharePoint sites. A huge time saver!

    Note 2: SharePoint Groups still have their place, but I see them as a constant source of confusion for end users. Some people suggest a hybrid approach that sounds attractive to me for the future: Putting AD groups within SharePoint groups, as a way to avoid running into the 64kb ACL limits, but still keep the advantages of AD groups (nesting, cross-farm use, etc).

    — Tod

    • Ah, my hidden agenda pays off! I am accumulating ideas, tricks and techniques I didn’t know for use in our environment 🙂

      Thanks for the tip! This may be a workable solution in our environment. Depends on what the IT manager thinks about giving anyone else control over AD…. Even so, if he’s maintaining control himself, it is still “only” an alternative way he can manage the groups that gives everyone else visibility into the AD groups.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: