Governance has become a hot topic in the SharePoint community. This is my fourth installment exploring SharePoint governance.
In my first installment, I talked about Why SharePoint Governance is a hot topic (basically because without governance, you will have a mess). Next, I talked about What SharePoint Governance is, or can be (more than just “Thou shalt not”!). Most recently, I talked about the challenges to good governance that lurk in your organizational culture.
I hear a lot about how difficult it is to come up with a governance plan. In this post, I’m going to hand you your governance plan, on a silver platter.
I’m kidding. Seriously, I’m kidding.
A governance plan is as unique as a fingerprint. No two organizations are alike – from the structure of the organization to the organizational culture. The challenges each organization faces drives the shape of the SharePoint implementation, and the tolerances for organizational change and the current operational state limit the amount of progress that you can drive toward good governance.
There are templates and checklists available to help you get started, including one by Joel Oleson and Mark Wagner. Let these templates and checklists become inspiration for your organization’s plan, and use them to help you understand some of the options available to you, and to inspire you to think about issues you have yet to consider, and perhaps spur you to think about issues in your environment that the template hasn’t considered.
Even though I can’t give you your plan, I can talk about the plan I am currently developing.
The sample governance plan I linked above is for a massive company, much larger than the organization I am helping to develop a plan for. This is good, because it is easier to scale a document down than it is to scale it up without overlooking functions that are crucial to a larger organization but not relevant to a smaller one. We started with the sample document, scaled it down… then threw it out.
In our organization (and likely yours, too), getting buy-in was absolutely essential. And in our organization, no one was likely to take the time to really read the document and understand the whole of it, divine what was relevant to them, and actually adhere to the requirements. The only thing worse than having no governance plan is having one that no one pays any attention to – you’ve put in all the time and work but still have the same failure as a result.
We started with the business alignment – mapping the capabilities of SharePoint with the needs and goals of the organization. We distilled the governance plan down to a list of broad statements (cribbed from here and modified for our organization), governing principles and their implications, that cover the goals, the needs, and the mapped capabilities. Once we had acceptance of the general principles, we followed it with a list of requirements that are more specific. The total length of the principles and requirements is seven pages, with nice allotment of whitespace. Here is an example of a principle and some requirements for it:
|Governance Principles||Implication||Remember …|
|SharePoint content is governed by all general policies pertaining to the use of IT resources, including privacy, copyright, records retention, confidentiality, document security, and so on.||Content ownership, security, management, and contribution privileges are distributed across the entire organization, including users who may not have had content contribution, security or records management privileges in the past. All content contributors need to be aware of organization policies for business appropriate use of IT resources.||Existing rules still apply – would you want your mother/ boss/ customer/ client to see this picture? Should your mother/ boss/ customer/ client be able to see this content?|
Posting Content to Existing Pages or Sites
|Site Sponsors are accountable for ensuring that the content posted on their pages is accurate and relevant and complies with records retention policies.|
|Only post content that you “own” on a collaboration site or on your My Site Web site. Ownership means that the document is or was created by someone in your department and your department is committed to maintaining the content for its entire lifecycle. If a document is not owned by your department but access to the document is needed on your site, ask the owner to post it and then create a link to it on your site.|
|Do not post content that we do not own the legal right to post electronically, including .PDFs or scanned images of journal articles or other documents from sources to which our organization does not have online publishing rights. A link may be created to this content on the content owner’s Web site.|
Roles and responsibilities are defined, both in the governance team and in the user community (another three pages). A team has been tasked with specifying best practices, templates, and end-user training. A separate team, in charge of Document and Records Management, is gathering specific requirements for content types, retention, workflows and disposition. Each of these groups is charged with creating detailed specifications that flow from the general principles.
This layered approach is also how the company as a whole approaches policies, processes and procedures. Procedures are derived from processes, and each process is mapped to a policy – the policy is the general statement, and the procedure is the fine-grained details of how those policies are carried out.
With this approach, we can get sign-off and buy-in by creating a series of documents and other content – checklists, FAQs, training materials, and more – so that what individuals are responsible for is findable, and can be presented and managed using the tools within SharePoint – workflows, audiences, tasks, search, and so on, rather than presenting an intimidating monolithic document.
We still have some hard choices in front of us. For instance, Active Directory, or SharePoint Groups? Using AD means a single source of the truth, only one place to have to maintain user memberships. This comes at a price, though… transparency and flexibility. Users don’t maintain AD memberships, I.T. does. Without significant customization, users ability to see who is in the membership of a group is non-existent, so how are users going to be sure that everyone in a particular group should get rights to an area? Users can’t add someone to a group to quickly give them access they need (and should have). And committing to AD commits I.T. to keeping AD up-to-date at all times. Using SharePoint Groups, on the other hand, provides the flexibility and visibility to the end users, but relies on the site managers (and our training program) to take the right actions, or on the purchase of third-party tools to help monitor user behavior.
(Wait… did I use the word “monitor”? That could be a problem…)
Next up, the final installment (for now) – SharePoint Governance – Law & Order (Hey, it was either reference a successful TV franchise or pull out a Dostoevsky reference…)
|Read the whole series on SharePoint Governance:|
|Part One:||SharePoint Governance – Why?|
|Part Two:||SharePoint Governance – What is it?|
|Part Three:||SharePoint Governance – vs Organizational Culture|
|Part Four:||SharePoint Governance – Your Plan (You are here!)|
|Part Five:||SharePoint Governance – Law & Order|