and the SharePoint Zone
Are you thinking about deploying
SharePoint in your organisation? You won’t have to do much research before you come across the big “G”
word – governance. Just the word itself is somewhat imposing and definitions
for it will vary. In fact, if
you ask three different experts what governance means, you’re likely to get
four different answers. And while I have
yet to find that one, perfect definition of governance, I can accept this one
from Microsoft: “Governance is
the set of policies, roles, responsibilities, and processes that guides,
directs, and controls how an organisation’s
business divisions and IT teams cooperate to achieve business goals.” In short, it is a “how to” guide.
Why do we need governance?
Because we want to ensure (or even better, assure) that the IT solution achieves the business
goals. With complex systems like SharePoint, users need help. Users need
guidance on what they can do and how
they do it. Trust me, they aren’t going to just “figure it out.” You may also
have content that must comply
with legal regulations such as HIPAA or Sarbanes Oxley—without a governance plan, you may be in legal
jeopardy.
Moving past the “what” and
“why” of governance, an even harder question to answer is how to implement SharePoint governance. Part
of the challenge here is that there is no one way, no right way. How SharePoint is used varies greatly, and
for that reason, you’ll never find a master template on implementing SharePoint governance. Nonetheless,
there a number of suggestions I’d like to share on how you can effectively implement a SharePoint
governance plan.
Start Small
There are many reasons why organisations
avoid governance altogether. Since governance is so overarching, it seems overwhelming and
many don’t know where to start. For others, they dive in and start setting
policies on everything and never
finish. In overly optimistic companies, they assume or expect end users will
somehow collectively develop the
plan over time. Avoid these traps.
One of the best practices
for a SharePoint deployment also applies to your governance plan: start small
and grow it incrementally. For
example, we wouldn’t recommend turning on every SharePoint feature starting on day one. SharePoint does
way too many things. Turning on everything confuses users and makes governance planning impossible. Start
by enabling a small subset of features to match only some of your business
goals. Maybe you only start with
social collaboration or enterprise search. Then, have the governance plan focus
on just this area. As
SharePoint expands, you revise the governance plan.
Be sure to recognise that
the degree of governance will vary depending on what your business goals are.
For example, if you plan on
using SharePoint for informal team collaboration, you’ll need fewer rules than
if you’re a hospital managing sensitive
patient records.
Consider the Organisation’s
Readiness
Assess your company’s
culture and determine what I like to call governance readiness. Do you have
clearly defined policies and
procedures in other systems? Are users comfortable with these policies?
Governance policies you create should
match the readiness or maturity level. For example, if your company has been lenient on how expense
reports are approved, you don’t want the new process to be rigid and tightly managed. People adapt
slowly and your governance plan must keep that in mind.
If this is your organisation’s
first attempt at governance, you might consider holding off on some of
SharePoint’s advanced features such as
records management as it does involve complex governance planning. And, even if you can articulate the
ideal governance plan, the users won’t be ready for it. As time passes, the
organisation and its staff will adapt
and evolve. When it does, you can tackle the more complex business problems.
Form a Governance Board
SharePoint is a business
and technical solution, and, therefore, you should have a cross-functional
board of business and IT
personnel that develop the plan. Membership should include key departments that
are affected by the SharePoint
solution. In many cases, your board consists of the major stakeholders. In all cases SharePoint involves
people so make sure HR has a seat at the table. If SharePoint will be
protecting and preserving legal
records, make sure legal is present as well. While the board functions like a
steering committee, don’t make it
too large. If possible, try to limit the count to no more than 10 people to
avoid committee paralysis.
Here’s another important
reason to have a cross-functional board membership: your organisation may have other governance plans that
are owned and enforced by other business units. When you develop a SharePoint governance plan, be sure
that it aligns with other plans. For example, you may have an IT policy that
states that no personal files
shall be stored on any corporate system. This policy should then be inherited
by SharePoint’s governance
plan.
Make Sure to Answer Common
Questions
Getting users to accept and
properly use a new system is not easy. We call this the adoption challenge. A typical reason is because
there is no guidance on how the system should be used and who should be doing what. The governance plan
should provide clear guidance, like an easy-to-follow recipe. Remember, it’s
the “how to” guide. The best
way to do this is to make sure that it answers common questions that come up.
And with SharePoint, you’ll
have a lot of them – here are just a few:
- How/when do I create a new
website?
- How do I
find/publish/protect/preserve/expire/recover content?
- Where do I store this type
of document?
- How do I apply metadata to
classify this document?
- Who owns this content and
what are this person’s responsibilities?
- Should I still store files
on the file server?
The questions you come up
with should be based on how your organisation will be using SharePoint, and
they will vary from other organisations.
When answering the “how” questions (e.g. How do I create a new website?), don’t just fill in the
how-to-do-this-in-SharePoint answer. Really think about how users should be
using SharePoint for this task.
For some organisations, the built-in way to create a new website works. For
others, there may need to be a
request and approval process.
Answers to the “who”
questions become the roles and responsibilities part of your plan. This is
essential to make sure that users
understand and are empowered to fulfill their duties. You should know that
SharePoint often creates new roles,
and these roles may need to be filled by new or reallocated employees. Be sure
to consider who will be responsible
for content areas that have special rules such as security or data quality.
To make the answers easy to
find, publish them as a FAQ within SharePoint. When it comes to training, your governance plan becomes a
core part of your training plan. You can’t just train people on how to use the basic SharePoint product
and expect them to correctly apply it in their day-to-day tasks. Instead, train
them on how they will use
SharePoint to perform these daily tasks. For example, you might have an HR
scenario such as “Using SharePoint
to manage the onboarding of a new employee.” When you do this, you’ll often get an unexpected benefit:
users want to use the new system. By showing users how it will make their job
easier (which hopefully is a
business goal), you’re able to sell them on it, making them advocates. This is
the best way to address the adoption
challenge.
Can you enforce it?
While
you hope most people do the right thing, if you have no way to enforce a
governance policy, it becomes weak and ineffective.
Within SharePoint, some policies can be enforced in an automatic way, whereas
others must be enforced manually.
For example, you can enforce what types of files (e.g. PDF or MP3) users can upload into SharePoint, but
there is no automatic way to limit the total space used by a single user.
While SharePoint is an
incredibly powerful product, there are a number of areas like this where
built-in features do not provide any
automatic enforcement. Fortunately, SharePoint is very customisable, and often
times a software developer can
write custom code to supplement these limitations. Also, a number of
third-party vendors offer products to
help address many of the governance needs. Be sure to consider these when planning your governance
enforcement.
You should not define
governance policies in areas where they cannot be enforced. So, in the previous example, unless you have a
user running and monitoring a custom report on how much space each user has, you should not have a
policy on it. This is a reason why your IT department has a seat on the
governance board. He or she provides
input on what you can and can’t do with the system.
However, sometimes the
limitation is not with the system but with the organisation. For example, you
may need to have legal approve all
portal content before it gets published. If your legal team is busy (isn’t
everyone?) and you publish a lot of
content, this becomes a bottleneck and is impractical. When this happens, the
governance plan is perceived as a
bureaucracy, stifling productivity and adoption. If you really need to have
legal approve all content, address the
resource problem.
Keep your Governance Plan
Fresh
One of the biggest worries
with a governance plan is that it will be written, stored in a binder and left
on the top shelf to collect dust.
For your governance plan to be your “how to” guide, it must be kept up to date.
Plus, I can guarantee that you’ll
be off target with your first version. You’ll find that you can’t enforce parts
of it, and guidance in other areas is
lacking.
Of course, how people use
SharePoint will evolve over time. You’ll encounter new and better ways to solve problems. You’ll
incrementally release new SharePoint features, and updated versions of
SharePoint will come out. Business processes
will change, requiring you to adjust your policies. Remember that your plan
started out small – give your plan
the necessary attention so that it grows with you. At a minimum, I would
suggest your governance board meet
quarterly to revisit and revise as needed.
Conclusion
So, don’t fear the
governance plan. It should be an intrinsic part of your deployment and
operational guides. But don’t just take my word
for it. Do it for the right reasons. And when you do it, take a good, hard look
at your organisation to create
a plan that will work today and can grow into tomorrow’s plan. Your staff works
hard already. Give them the
guidance and structure that enables them to achieve even greater success.
Share a PDF of this whitepaper with your colleagues now: 
Follow us on Twitter for more SharePoint Governance tips:
@AvePoint_Inc; @tweetraw (Randy Williams)
