The topic of SharePoint Governance can generate strong opinions. At one extreme, we have strong governance policies that can potentially restrict the use and benefits of SharePoint, and at the other we have little or no governance, which can result in an uncontrolled environment with proliferation of sites, content silos, support and maintenance issues, and a potential migration nightmare.
“Governance is the set of policies, roles, responsibilities, and processes that control how an organization’s business divisions and IT teams work together to achieve its goals. Every organization has unique needs and goals that influence its approach to governance. Larger organizations will probably require more (and more detailed) governance
than smaller organizations.”
Who is responsible for the Governance Plan?
There are a number of roles responsible for SharePoint governance, starting with a Steering Board. This is usually a group of senior stakeholders who evaluate objectives, define the rules and processes, and, most importantly, make decisions.
Additionally, there may be a number of other supporting roles which may include other business stakeholders, including SharePoint Administrator(s), IT Operations, Information Workers, Information Architects, Compliance Officers, Site Designers, Site Owners, and Trainers. These roles will be set out and included in the Governance Plan.
What should be included in a Governance Plan?
Objectives and Goals – Outlines what your objectives of governance are and what you aim to achieve by putting a governance plan in place. This can include strategic considerations such as the processes, rules, and policies for use, as well as any other mandates or factors required to run an effective SharePoint platform within your organization.
Roles and Responsibilities – Sets the roles and responsibilities for managing, changing, supporting, and maintaining the SharePoint environment. Typical roles include a Steering Board (the SharePoint owner), a Change Board, a support team, development teams, content authors, general users, and visitors. You can also include a RACI (a term used to describe who is Responsible, Accountable, Consulted, and Informed) matrix and any escalation paths.
Policies and Rules – Defines the policies and rules that the product owner, Steering Board, or governance team have put in place for the SharePoint platform to operate. There will generally be a number of these, which can include some or all of the following:
- IT Governance Policy – The rules around governing the platform itself and the services provided by the IT department. This may include areas such as backup and recovery, content storage, security, support, and service levels.
- Information Management Policy – The guidelines surrounding the creation of content within SharePoint and how it is presented. This could include rules around site structure, division of content, navigation structures, content types, and metadata, as well as types of content, such as webpages, documents, images, lists, and data. This should also consider social features, OneDrive/My Sites, eDiscovery, search, and content expiration.
- Application Management and Customisation Policy – The rules around customisation and branding. An organisation should decide what level of customisation is allowed and how it is managed. Rules around branding define use of imagery, fonts, and themes. If you allow customisation, then defining the types of customisation such as the app model or use of the new SharePoint framework is a necessity. You should also determine how SharePoint will be extended to support business process and data dashboards, and define the rules around tools and third party applications.
- Governance Processes – Defines what processes need to be followed in order to fulfil the rules and policies for running SharePoint. Areas covered in this section could include any processes which must be followed for general everyday activities, such as user management and site creation, as well as backup and restore. Additionally, there should be processes developed around change and/or release management.
How do you enforce the Governance Plan?
This is a question I’ve seen come up a number of times. A company has established a Steering Board and created a set of governance policies, but now what? How are the policies and rules enforced, and by whom?
All users should be aware of and feel responsible for the systems they use and the rules surrounding them; however, this is often not the case. It is inevitable that a sneaky site will pop up, where someone has found a way to change a theme, override branding rules, or turn off required compliance metadata. Whilst we can turn off some features, such as SharePoint Designer, manage a user’s permissions, or even hide some features, it generally comes down to the IT department’s SharePoint Team and empowering them with a mandate to enforce the rules.
In conclusion, a SharePoint Governance Plan is a must for all SharePoint environments. It’s a blueprint for how SharePoint is used within an organisation, and how it should be managed, extended, and enhanced. A SharePoint Governance Plan will uphold a set of specific rules, ensuring that your environment remains consistent, supportable and maintainable. Once a plan has been put in place, your SharePoint Team or IT Department must authorised to enforce the rules. This will keep your SharePoint environment functional, consistent, and useful.
If you need help in getting started, just get in touch!