Governance in SharePoint – Part 4

In Governance in SharePoint – Part 1 I focussed on some of the key thoughts, definitions and critical factors of developing and implementing SharePoint governance. Part 2 explored some of the best practical and theoretical frameworks I’ve come across to effectively apply SharePoint governance. Governance in SharePoint – Part 3 identified some of the main aspects for consideration when creating a SharePoint governance plan while this article will highlight some of the main out-of-the-box features that can be harnessed in SharePoint to implement governance policies, standards and procedures.

SharePoint provides a number of features that assists in governing SharePoint. These features are primarily based on the 2010 version of the platform however a vast majority are still relevant across the board. While compiling this list a couple of blog posts worth reading proved useful – Michal Pisarek has a number of useful posts at SharePoint Analyst HQ and Kanwan Khipple’s article Practical SharePoint Governance for Everyone also provided numerous practical examples.

SharePoint features that can help implement governance

Track or block SP2010 installations: After going through all the effort of establishing a governance plan, it is quite difficult to enforce it if you don’t know a farm is being hosted somewhere across the organisation separate to the main IT controlled farm. Fortunately, you are able to track or block SharePoint 2010 installations to prevent this from being an issue.

Web application permission policies: These permission policies provide a centralised way of managing permissions within a web application. They are useful for any governance around security for web applications enabling you to GRANT or DENY permissions.

Maximum File Upload Size: This setting helps in terms of enforcing policies around file sizes to prevent content database sizes spiraling out of control. You can set the maximum file upload size per web application – just be aware there are also some other configurations necessary to enable large file uploads as per the previous link.

Blocked File Types: Just as you can control the maximum size of uploaded files so can you control the types of files unable to be uploaded. This helps you enforce governance policies around what content is allowed to exist within SharePoint, for instance giving you the ability to prevent mp3 files from being uploaded.

SP Designer: Central administration allows you to control access to SharePoint Designer. This feature allows you to enforce governance policies relating to customisation, specifically regarding what users can do with SPD.

Site Content and Structure: Information architecture, site hierarchy and navigation are all huge elements of information governance, and SharePoint provides the tools to manage those aspects. Both the inbuilt navigation within site settings and the Site Content and Structure page are useful tools to control these governance aspects – the publishing feature is required to be enabled however.

Site Templates: Site templates allow you to pre-define a number of aspects of a site to allow you to conform to numerous information governance aspects. It is important to automate as much governance as possible, and by building in best practice guidance into the site templates it makes it far more likely that the governance defined will be followed throughout the organisation.

Site Quotas: Another way to control the size of your site collections, along with setting the maximum file upload size, is setting site quotas. This enforces storage limits on the site collections and allows you to align this with your governance plan to prevent limited resource issues.

Locks: Locks are useful for a number of governance scenarios. One particular one that stands out is in terms of site lifecycle policies particularly in terms of archiving. Locking a site collection can ensure that the content remains archived and no new content will be added to it.

Self-service site creation: Depending on your governance policy you may determine that the bottleneck of IT creating site collections for the business is an unnecessary hurdle and that it would be great if the business could create their own site collections. This is were self-service site creation steps in.

Site collection auto-deletion: If your governance policy specifies the site lifecycle time including disposition, then site collection auto-deletion can assist. Resources can be freed up after a specified period of inactivity or based on a response to a notification.

Policies for user profiles and my sites: Any governance policy worth its salt should touch on social in SharePoint – whether that is denying its use altogether or determining how it will be used. A number of configurations exist for my sites and user profiles to help enforce those governance policies.

Solutions and Features: Any defined software development lifecycle should factor in the deployment of that custom development and SharePoint assists in implementing those governance policies by providing the solution and feature framework. You’d hope that any governance policy recommended the best practice approach to solution deployment for SharePoint which would fit right in with these features.

Sandboxed solutions: Sandboxed solutions opened up the door for different forms of governance over solution deployment and customisations. Not only did it allow flexibility over SDLC strategies but also introduced a number of other elements which could be governed including resource points, solution quotas and solution validation.

Workflows: One of the best ways governance can be enforced throughout SharePoint sites is by using workflows. The flexibility in terms of what can be achieved here is huge, but for a basic example workflows can be used to enforce governance policies around content validation and publishing, auditing requirements and really most things which are process based.

Document & Records management: One of the major aspects of information governance in SharePoint is document and records management. SharePoint provides numerous features that assist in the governance of this area, more than can be listed here, so I’d suggest reading the 2 links to discover what is available.

Digital asset library: The digital asset library assists in governing digital assets within SharePoint. It can be used to set up specific approval workflows for publishing assets or assigning specific metadata to them.

Content approval: As mentioned above workflows are able to be used for content validation – however SharePoint also provides another feature which assists with governing content called content approval. It is a more simple method of enforcing content validation within SharePoint.

Groups and Permission levels: One of the key factors of SharePoint governance is maintaining security and ensuring the only users who have access to content are the ones that should. SharePoint provides a number of mechanisms to maintain this security, primarily using groups and user permission levels.

Access request: It’s one thing to lock down security on a site but often a governance plan will need to factor in how access is managed down the track including granting access to users who need it at a later date. SharePoint includes the ability for a user to request access to a pre-configured address to assist in this process.

Information Rights Management: Taking the premise of security to the next step, SharePoint is able to enforce information rights management governance policies for documents stored in document libraries. It may be that the governance policy states that particular users can access a document but should not have rights to edit, copy text, download/save or print the document – all enforceable by IRM.

Master pages, page layouts and themes: Another facet of governing SharePoint identified was establishing a consistent brand and content structure. SharePoint provides a number of ways to enforce these guidelines including themes, master pages and page layouts.

Versioning: The versioning of documents can quickly lead to blown out content database sizes as each copy of the document is stored. Having governance policies around what level of versioning is required for documents can be easily enforced configuring the version settings available in SharePoint including whether to retain versions at all, limiting the number of versions retained and whether minor versions are also required.

eDiscovery: Legislative and legal requirements are factors that must be considered when defining a governance policy for SharePoint. One feature that helps to assist in this area is eDiscovery to locate and produce information to support litigation, audits or investigations.

Information Management Policies: Two key aspects of information governance include the ability to audit use and to expire information after a certain period of time. These features (as well as labelling and barcoding) are enabled via the information management policy feature in SharePoint.

Content Types: Content types are the best way of ensuring stipulated metadata requirements identified in a governance plan are consistent across a site. SharePoint also includes the content type hub to enable this consistency across site collections.

Managed Metadata: One of the major facets of information governance is establishing a taxonomy and metadata sets. To handle this requirement, SharePoint introduced managed metadata to structure term sets and terms to be applied across an organisation.

Search: Search is an integral part of any organisation’s SharePoint implementation and it is important that a governance plan consider the search requirements for a given site. There are a number of settings which are able to assist in creating the search experience an organisation requires including but not limited to managed properties, best bets, scopes and refinements.

Diagnostic logging (Event logging and Trace logging): A key component of IT assurance involves monitoring error logs to ensure everything is running smoothly. This can be difficult however if the amount of information that is being logged is either too little or too great. SharePoint’s diagnostic logging contains a number of settings that assist in ensuring that logging of errors is appropriate including event throttling, correlation IDs and event log flood protection.

Health check analyzer: Another method of ensuring a healthy system built in to SharePoint is the health check analyzer. This functionality works by automating a number of health checks across the system and reporting on any issues that are discovered.

Web analytics: As mentioned in numerous SharePoint governance literature, no governance process would be complete without the ability to measure the success of it. SharePoint provides a number of reporting capabilities to assist in this manner via its web analytics feature including traffic, search and inventory reporting. For a good explanation of the 3 have a read of Implementing Governance in SharePoint 2010.

Managed accounts and password management: A common output of an IT assurance governance policy is determining service accounts to be used for SharePoint and complying with any password policies the organisation may have. SharePoint’s managed accounts functionality assists in complying with those policies.

Timer jobs: The key to a good governance process is for it to be continual – it is imperative that reporting is performed consistently and any automated processes that need to run do so when required. SharePoint’s timer jobs allow either pre-defined or custom jobs to be scheduled to run over different time periods.

Backup / Restore: One of the most important aspects of a SharePoint governance plan is the backup/restore and disaster recovery plans. SharePoint provides a number of backup and restore features to assist in implementing those plans to form an overall strategy that may include the central administration features, STSADM/PowerShell, SQL backup or 3rd party tools.

In this post we highlighted some of the main out-of-the-box features that can be harnessed in SharePoint to implement governance policies, standards and procedures. While the list is long, is should not be considered exhaustive and proposes to serve as an eye opener to some of the many features that SharePoint includes to assist with the implementation of your governance plan. This series has touched on a number of aspects from definitions to frameworks, aspects for consideration to implementation features. It is hoped that it will help promote the message of how important SharePoint governance is for a successful implementation of the platform and help steer organisations in the right direction to achieving a quality governance process and plan.

Governance in SharePoint – Part 3

In Governance in SharePoint – Part 1 I focussed on some of the key thoughts, definitions and critical factors of developing and implementing SharePoint governance. Part 2 explored some of the best practical and theoretical frameworks I’ve come across to effectively apply SharePoint governance. This article will identify some of the main aspects for consideration when creating a SharePoint governance plan and part 4 will highlight some of the main out-of-the-box features that can be harnessed in SharePoint to implement governance policies, standards and procedures.

One of the things that tends to lack in a lot of the theoretical frameworks is what should actually be considered within each ‘Pillar’, ‘Process’, ‘Stage’ or ‘Phase’. That’s not to say that this information doesn’t exist – it certainly does and in huge quantities – and with any luck, this post will go some of the way to bridging the gap between the theory and practical points. To reference this post accurately would be largely impossible considering notes were taken through trawling across numerous sites, blogs, books and white papers and collated at the end, so rather than even attempt to do so what I will do is list a number of resources not reflected anywhere else in this governance series at the end of this post.

When thinking of the most logical way to structure this post i’ve decided to grab one of the theories from my previous post and very loosely categorise the items within those Pillars. I’ve chosen Ant Clay’s 5 Pillars of SharePoint Governance as it most clearly aligns with the majority of items I have to list. I’ve also chosen to expand on some of the possible roles that may exist when governing SharePoint – I suggest reading some of the referenced links towards the end of this post to expand on why they may exist.

Possible Roles when Governing SharePoint

  • Executive sponsor/stakeholders
  • Governance board/steering committee:  Financial stakeholders, IT leaders, Business owners
  • Compliance officers
  • Change management
  • Stakeholder management
  • Project management
  • Business analysis
  • Solution administrator
  • Development team
  • Infrastructure and operations team
  • Technology support team
  • Metadata steering committee/content steward (IA or taxonomists)
  • Trainers
  • SharePoint coach or centre of excellence (provides evangelism, mentoring, support)
  • Power users community of practice
  • Site owners
  • Site users

Things to Consider when Creating a Governance Plan

IT assurance

  • Establish hardware requirements
  • Ensure the physical environment (secure hardware, ensure environment temperature etc)
  • Establish farm topology and configuration requirements
  • Undertake capacity planning
  • Devise a suitable backup/restore and disaster recovery plan
  • Devise failover strategies / high availability
  • Plan to hold disaster recovery drills
  • Identify and monitor sizing and storage limits (file system and database)
  • Identify and monitor the Microsoft limits and boundaries
  • Plan to perform database configuration and maintenance activities
  • Identify and implement web application policies
  • Plan to monitor error logs (Application/Security event logs and the ULS)
  • Plan to monitor SharePoint health check
  • Plan to monitor performance and perform optimisation (server and network)
  • Identify load balancing requirements
  • Plan for updates and patching
  • Ensure valid service accounts and plan for password management
  • Plan application pools for security, reliability, performance
  • Identify the content and solution deployment process
  • Determine process for allowing 3rd party solutions

Project governance

  • Consider establishing a PMO
  • Determine activities and processes required for effective project governance
  • Determine stakeholder management requirements
  • Determine change management requirements
  • Ensure an effective support and problem resolution structure is in place
  • Identify structure to implement changes and maintenance
  • Ensure the SDLC has been considered and appropriate ALM is in place
  • Determine process for code review and acceptance
  • Ensure appropriate system documentation is a part of any project phase

Information governance

  • Identify compliance requirements in terms of company policy, regulatory and legal requirements
  • Establish the terms of use (copyright, disclaimers, privacy codes)
  • Monitor and enforce copyright restrictions
  • Identify requirements for multi-language support
  • Define security requirements
  • Determine how users can request access and will be granted access
  • Maintain visibility into users’ usage and permissions
  • Consider authentication requirements (internal/external access)
  • Define SharePoint’s information architecture
  • Define the site hierarchy
  • Define navigation requirements
  • Determine how sites will be provisioned (how to request a new site, reasons for creating a new site)
  • Identify site design requirements and develop site templates
  • Establish content guidelines
  • Determine content auditing and review requirements
  • Determine versioning requirements
  • Define content retention and disposal policies
  • Establish recycle bin policies
  • Define site lifecycle management requirements (time of life, deletion, archiving)
  • Determine records retention requirements
  • Define taxonomy and metadata
  • Define content types
  • Establish user experience guidelines
  • Establish consistent branding requirements (use of themes? master pages?)
  • Ensure page layouts and content organisation
  • Determine policies around social tags and ratings
  • Determine customisation policy (SP Designer + custom code)
  • Establish consistent views for document libraries
  • Identify and implement search requirements

Technology and business alignment

  • Identify the SharePoint sponsor
  • Establish the SharePoint steering committee
  • Identify business unit participation
  • Establish the vision statement for SharePoint
  • Identify the scope and intentions of implementing SharePoint
  • Identify and agree upon the business goals
  • Define the roles and responsibilities for SharePoint
  • Determine site and content ownership, accountability and responsibility
  • Establish RTO, RPO and RLO disaster recovery requirements
  • Plan for user lifecycle management (on-boarding, transferring, termination of users)
  • Determine browser standards and support requirements
  • Define communication standards for SharePoint
  • Establish service level agreements with stakeholders
  • Determine budget and charging models

Continuous improvement

  • Establish the key performance indicators and metrics
  • Determine automated notification requirements where governance isn’t being enforced
  • Identify and implement training plans with associated governance topics
  • Determine auditing and reporting requirements
  • Ensure success of the governance process is measured consistently
  • Identify how users can provide feedback for the process
  • Determine how governance will be enforced across the board
  • Ensure all changes are sufficiently documented and updated
  • Ensure a user adoption plan has been considered and is given focus

In this post we identified some of the main roles that may exist when governing SharePoint and touched on some of the points for consideration when governing across Ant Clay’s 5 Pillars of Governance. This list should be considered far from exhaustive and is simply an example of some of the items which may be of importance – it should merely serve as a starting point to both cull and build upon to suit your organisational needs. The next post in this series, Governance in SharePoint – Part 4, will highlight some of the main out-of-the-box features that can be harnessed in SharePoint to implement governance policies, standards and procedures.

References:

Governance in SharePoint – Part 2

In Governance in SharePoint – Part 1 I focussed on some of the key thoughts, definitions and critical factors of developing and implementing SharePoint governance. This article will explore some of the best practical and theoretical frameworks I’ve come across to effectively apply SharePoint governance. Part 3 of the series will identify some of the main aspects for consideration when creating a SharePoint governance plan and part 4 will highlight some of the main out-of-the-box features that can be harnessed in SharePoint to implement governance policies, standards and procedures.

One of the main reasons SharePoint governance is considered difficult is that no two governance plans should ever be exactly the same. This makes consistent application of governance across different organisations more challenging and less prescriptive than say deploying SharePoint using published best practices. One of the ways to mitigate this is by following some of the practical and theoretical frameworks designed to lead you in the right direction when faced with implementing a successful SharePoint governance plan. The following will seek to get some of the best frameworks available (in my opinion) into the spotlight and give you some choice over which best fits your definition of what SharePoint governance is and how it should be applied.

Governance using CoBIT 4.1

CoBIT 4.1 according to the ISACA site is ‘an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.’

Dave Chennault and Chuck Strain have built upon this widely recognised framework to provide the guidance required to create processes and controls that avoid or limit the impact of risks encountered when deploying SharePoint.

Taking the principles and processes from the CoBIT framework, they have realigned them into 6 phases:

  • Scope
  • Plan for Launch
  • Prepare for Operations
  • Launch
  • Operate
  • Enhance

The beauty of this framework is that it is practical and applicable in a consistent manner. This goes somewhat against what we mentioned previously – that this can’t be done – but the CoBIT framework mitigates this by stating that not every conceivable activity/task is listed as a control objective and that it is a starting point that should be added to based on needs. It also states not all the control objectives need to be met and that they are goals and guideposts only – essentially meaning that this is a great starting point for a thorough governance plan in a framework which is recognised internationally for auditing and compliance purposes.

Chris McNulty’’s Governance Cycle & 5 Pillars and Ps

Chris has written some excellent pieces in relation to SharePoint governance, a couple which I found highly useful and applicable as a theoretical framework to approaching the topic. There are a few different main theories which i’ll point out below, all of which can be found in either his post 2012 is the Year for SharePoint Governance or in his white paper (you must sign up to access it) The 5 Pillars of SharePoint Governance

The first theory in Chris’ methodology is the cycle itself:

  • Establish stakeholders: These should be business users and stakeholder engagement should remain constant
  • Gather requirements: Must understand the business goals and develop a consensus on how the requirements match these goals
  • Develop governance framework: The policies and procedures that make up the governance plan – these should map to the business goals
  • Implement governed operations: Guided by the policies and procedures, this should involve training and communication and be automated where possible
  • Measure results: Sustained governance programs require evaluation, both qualitative and quantitative
  • Evaluate success for next steps: This essentially forms the basis of the governance’s continual improvement

The second is his 5 Pillars of SharePoint Governance:

  • Security
  • Auditing (compliance)
  • Reliability
  • Usability
  • Supportability

And the third his 5 P’s which make up SharePoint governance:

  • People
  • Purpose
  • Policies and Procedures
  • Products
  • Partners

Overall the 3 main theories provide an insight into how to establish an overall governance plan for SharePoint. Like most of the theoretical frameworks they require a lot of knowledge and work to apply them practically, but it forms a great basis for understanding the principles of effective SharePoint governance.

Ant Clay’’s 5 Pillars of SharePoint Governance & The Visual Thesis of Kubernao

Ant is one of the leading governance voices in the SharePoint community currently. Building upon previous governance posts such the 5 Pillars of Governance and Governance 3.0, he has now self-published The SharePoint Governance Manifesto which I believe deserves the small asking price for the book. Ant is a business-focussed SharePoint governance practitioner and his 5 Pillars theory ensures broad coverage over what needs to be covered and achieved for successful governance.

In his own words, the 5 Pillars of SharePoint Governance is a guiding, facilitative and inclusive approach to implementing the SharePoint platform and delivering measurable business outcomes that support the organisational strategy by combining:

  • IT assurance
  • Project governance
  • Information governance
  • Technology and business alignment
  • Continuous improvement

Combined with his governance rules in The Visual Thesis of Kubernao (read The SharePoint Governance Manifesto for more) Ant provides a tonne of theoretical guidance on how to effectively conduct SharePoint governance.

Navantis Governance Framework

This one was a bit of a surprise. I hadn’t heard of Navantis or the author Christopher Woodill previously but after giving his white paper, An Introduction to SharePoint Governance a read, was impressed and saw it as a solid framework with quality additional supporting information.

Navantis lists the model for mature SharePoint governance as requiring:

  • Business Goals and Objectives
  • Roles and Responsibilities
  • Program Strategy
  • Key Performance Indicators

The Program Strategy is further broken up into

  • Business Practices and Policies
  • Requirements
  • Customisation
  • Infrastructure and Maintenance
  • Operations and Support
  • Training and Adoption

They also define some key deliverables from the governance process which should help to identify the outputs that should exist at the end:

  • Implementation Strategy
  • Operational Strategy
  • Responsibility Matrix
  • Organisational Structure
  • Costs, Commitments and Funding Models
  • Tools

Overall I believe it’s a solid framework and touches on a number of key focus areas for consideration and deserves consideration when forming a SharePoint governance plan.

Salem’’s 7 Pillars of Wisdom / SharePoint Governance

Definitely not for the faint-hearted, Ian McNiece has penned an epic (152 pages) and unique take on SharePoint governance in SharePoint Governance & the Pillars of Wisdom. Relating SharePoint governance to a concept which has ‘underpinned global philosophies and theologies for centuries’ was an interesting angle but overall the theory is sound and the concepts discussed hard to argue against.

There is simply too much information in this one to sufficiently break it down into a short synopsis so I suggest you take some time to read through the white paper and discover how with theological support you can break down the elements of SharePoint governance into:

  • Global Governance
  • Corporate Governance
  • Program Governance
  • Service Governance
  • Platform Governance
  • Participatory Governance
  • Usage Governance

I was already a fan of Ian’s work having consumed his published e-book Step by Step SEO: Search Engine Optimisation for SharePoint Internet Sites and this governance piece has only enhanced my respect for both him and Salem.

Paul Culmsee’s f-laws

This one is more of an honourable mention rather than a practical or theoretical framework towards SharePoint governance – but Paul is currently in the process of blogging about his 17 f-laws in his Confessions of a (post) SharePoint Architect governance series. There is already some nuggets of wisdom in the initial posts and i’d encourage you to follow through the series and the rest of his CleverWorkarounds site to explore another unique take on the world of SharePoint governance. I’m hoping to someday be able to sit in on his SharePoint Governance and Information Architecture class to immerse myself in the theory to a greater extent, but for now the Confessions series will have to suffice.

In this post we’ve explored some of the best practical and theoretical frameworks I’ve come across to effectively apply SharePoint governance. My recommendation would be to take which ever bits seem most relevant to the needs of your organisation and use them as a guide to what you may need to cover – you may identify with one of these frameworks or may prefer to devise your own – but what is most important is you factor in which ever areas of SharePoint governance are relevant to you and ensure they’re considered when devising the governance plan. The next post in this series, Governance in SharePoint – Part 3, will identify some of the main aspects for consideration when creating a SharePoint governance plan.

Governance in SharePoint – Part 1

Governance has been a hot topic in SharePoint for the last couple of years now. If you’re an avid reader of blog posts or have attended any SharePoint related conferences in that time, it’s unlikely that you haven’t been exposed to the ‘G’ word. Companies are being created with a governance consultancy focus, vendors are releasing applications to automate governance – it’s something that, if it hasn’t already, is starting to gain widespread traction in organisations that implement SharePoint.

It was with this in mind that I set out to consume as much governance-related content over the Christmas period as I could fit in – and there is a lot out there. From blog posts to books to white papers, one thing that became apparent was that the definition of what governance in SharePoint is and should entail was as diverse as the amount of content that was out there.

This series is not intended to be revolutionary – it is more an amalgamation of all the information and resources I absorbed in the past couple of weeks. As I wrote reams of unattributed notes as I went, my referencing may not be specifically as accurate as I would like – but all the resources I used over the time will be reflected within these posts.

The first part of this series will focus on some of the key thoughts, definitions and critical factors of developing and implementing SharePoint governance. Part 2 of the series will explore some of the best practical and theoretical frameworks I’ve come across to effectively apply SharePoint governance. Part 3 will identify some of the main aspects for consideration when creating a SharePoint governance plan and part 4 will highlight some of the main out-of-the-box features that can be harnessed in SharePoint to implement governance policies, standards and procedures.

So, what is SharePoint Governance anyway?

Based on everything i’ve since read about SharePoint governance there seems to be 2 schools of thought when it comes to what it actually is or should be about. In my opinion the term is generally overused but perhaps only because its definition is so broad. There is the school of thought that treats governance as being about control, risk management and assurance and another which treats it as being about guiding the business to achieve their goals.

In reality it’s probably a bit of both – it involves facilitation and guidance on the most effective ways to achieve business goals and the rules and compliance necessary to ensure all the safety nets are in place to enable the system to run smoothly and effectively.

There are a lot of great quotes around the internet which bring home this message, some of my favourites which i’ll highlight below:

Governance is defined as a framework of guidelines to create processes and controls that avoid or limit the impact of risks – it is about control and managing risksSharePoint Development and Governance using CoBIT 4.1

Governance is about risk management, or providing assurance to stakeholders.

Governance should be the what, why, who and how to get from the present state to a future aspirational state. It is a means to an end, not the end itself. It relies on shared understanding of what the problem is and where we need to get to for it to be considered solved. It relies on metrics which are not platitudes to measure the success of the project. – Paul Culmsee, author of CleverWorkarounds and the highly relevant (and ongoing) Confessions of a (post) SharePoint architect governance series

Governance needs to be aligned with the business goals and vision, the whole purpose of governance is to help use SharePoint to achieve these business goals. – Ant Clay, author of The SharePoint Governance Manifesto, the 5 Pillars of Governance and Governance 3.0

One important aspect of Governance is actually Guidance.

Governance is the set of policies, roles, responsibilities, and processes that guide, direct and control how an organisation’’s business divisions and IT teams cooperate to achieve business goals. – TechNet Governance Planning series and Resource Centre

Governance is the rules of the road, how those rules are enforced, who is responsible for making the rules, who is responsible for applying them and most importantly an opportunity to align your technology with the business – that is the key – it results in buy-in and a willingness to take on the responsibilities of governance. – Jim Adcock, author of the SharePoint Therapist and particularly his SharePoint Governance series

Communicating and Documenting SharePoint Governance

A common thread amongst the SharePoint governance literature was that how governance is documented and communicated throughout an organisation is critical to the ultimate success of the process. Too often the output of a governance initiative is a thick multi-page document that no one will ever read or apply – the below quotes highlight some of the best guidance in this area:

Governance isn’t a bloody huge document that no one reads, outputs should be small and relevant. They should be targeted and consumable – they are pointless if no one reads them. Should include short section-based plans and an overall 2 page cheat sheet. – paraphrased from various authors

Governance documentation should be a living, breathing document, it should be revisited as more is learnt and feedback is received.

Governance documents should be written in plain English, succinct and relevant. It must apply continuous improvement principles to it – it must evolve. – Ant Clay

Governance needs to be communicated throughout the organisation. – paraphrased from various authors

A governance plan doesn’t replace the need to provide training and training should include the governance plan. Training material should also reference the governance associated with it so it gets delivered in context, just in time. – Susan Hanley, co-author of Essential SharePoint 2010 Governance, Top 10 Considerations for SharePoint 2010 Governance and a number of quality white papers and presentations including a free governance chapter from the aforementioned book

For governance to be absorbed and followed by the business, it needs to be about them. Communicate how governance is necessary to help them get their job done, helps them to make good choices to achieve a good experience and match business objectives, saves time and delivers a better outcome. – Susan Hanley

A roadmap should be created that links governance material and training to the current state or task at hand, meaning that content doesn’t need to be consumed all up front.

Governance ‘sign-posting’ provides in-line governance visually within the site and content being created. – Ant Clay

A governance plan needs to be tailored to the organisation, all governance plans will be different. – paraphrased from various authors

Reporting on governance metrics / success is important to show that the governance is working. – paraphrased from various authors

SharePoint Governance as a Continuous Improvement Cycle

One of the most important take aways from multiple authors was the fact that governance should not be considered an apply-once solution. It was a consistent message across multiple sources of information – governance should be continually improved and re-aligned to ensure it remains effective and relevant. Metrics need to be defined with baselines measured up front to allow the success of the governance process to be measured and reported on and user adoption needs to be a consistent theme when implementing SharePoint governance. A couple of the best quotes regarding the continuous improvement cycle of SharePoint governance are highlighted below:

SharePoint projects are people projects and people projects are emergent and therefore they are most definitely not a one shot solution. Thus governance should take into consideration the ability to improve and adapt a system. – Ant Clay

Governance is too often implemented after the fact and when problems arise, or right at the start in a one-and-done fashion. It should be more of an iterative cycle. – Chris McNulty, author of 2012 is the Year for SharePoint Governance and The 5 Pillars of SharePoint Governance

In this post we’ve briefly touched on some of the key thoughts, definitions and critical factors of developing and implementing SharePoint governance. Of course there is no way this particular post could have been exhaustive – i’d recommend you read the remainder of this series and all related links from them to get the most out of your SharePoint governance learning journey. The next post in this series, Governance in SharePoint – Part 2, will explore some of the best practical and theoretical frameworks I’ve come across to effectively apply SharePoint governance.