How to implement SharePoint Governance


SharePoint GovernanceI bet you have certain rules in your household. Like, you can’t eat in the living room, only behind the kitchen table. Or, you have to clean the house on the weekends (Yeah, I know). What I find as a norm in my household, you might find unacceptable in yours. SharePoint is no different. All companies are unique and all have different rules and regulations. That is probably true with just about anything, but especially with an enterprise and company-wide system as SharePoint. To avoid an ugly mess and miscommunication, you need to set certain rules for your staff.

 

What you need is a SharePoint Governance. If you are a small company and you have a lonely SharePoint Administrator creating sites and managing security – you might get away without a formal Governance plan. However, if you have other users creating sites, maintaining security groups, managing permissions – you need to have a formal game plan all of you will adhere to.

 

What is SharePoint Governance?

In simple terms, SharePoint Governance is a set of policies that defines processes, roles, rules and regulations for user interaction with SharePoint in your organization. SharePoint Governance applies to everyone, no matter of their company role or title or SharePont permission/level of access.

 

What are the main components of Governance?

In my opinion, there are 3 main components that SharePoint Governance consists of:

 

1. Governance Plan

A SharePoint Governance plan is a formal document that serves as an official guideline for processes, rules and regulations, do’s and don’ts in your SharePoint environment.

 

2. Governance Committee

A SharePoint Governance Committee is a group of users that meets regularly to set, modify or discuss Governance policies, SharePoint issues, user feedback, SharePoint improvements and updates to the Governance Plan document.

 

3. User Communication

You can create all the documents and plans out there and meet all you want with your SharePoint Governance committee, but it is all useless if you don’t communicate with your users on the regular basis about the rules of SharePoint and the very decisions you make in your committee meetings. There are many options that are available to you as far as end user communication, choose one that better suits your company culture:

  • Company Email Newsletters
  • SharePoint-specific emails filled with tips and tricks
  • Formal Employee training
  • Informal lunch and learn meeting

 

What should I put in the Governance Plan?

While every organization is unique and there is no one-size-fits-all document template for a governance plan, below is what I think needs to be documented and addressed in the document at a minimum.

 

1. Site Owner Authority

Being a site owner does not necessarily mean that you can just create sites and security groups as you wish. To make sure SharePoint does not end up like Wild West, you must set some guidelines on what site owners can or cannot do. For example, site owners might be able to create sites, but they can’t alter look and feel or change the logo. Or maybe you do not want them to be able to create own site templates and just use the ones already created and used throughout the organization. Or, Site Owners cannot create own security groups and have to use/reuse the ones synchronized from Active Directory. You get the idea.

 

2. Site Hierarchy convention

While creating subsites may seem like a fun exercise, it is really important where you create your sites. There are certain best practices related to site hierarchy models that you need to follow. Whatever the model is in your organization, it needs to be consistent all across. This will assure you don’t create 10 levels of subsites and won’t accidentally put an external site on an internal site collection.

 

3. Security and Permissions convention

Just like the site hierarchy, you need to have common standards on security groups and permissions across your Intranet. For example, if your organization uses Active Directory Groups, everyone needs to be aware of this so they could be used and reused, instead of creating custom SharePoint security groups over and over again. Similarly, you need a common convention on permission levels and making sure existing Site Owners do not give super-user power to regular users without proper onboarding first.

 

4. Navigation convention

Navigation is another area that needs to be standardized. The chances are – your Intranet is using both the global and local navigation and most likely you want to make sure your global drop-down navigation is uniform across all subsites. To do that – you need to document the approach and set guidelines within the Governance Plan.

 

5. External Sharing guidelines

As already mentioned above – proper guidelines need to be put in place about external sharing. The best practice, for example, is to have a totally separate site collection for external sharing. As the user with the power to create sites, you need to be aware of how external sharing works and proper procedure for this needs to be documented in the document.

 

5. Metadata guidelines

In case you are using metadata – I am sure you will want to agree to certain standards. List or Site Columns? Choice Type or Managed metadata (Term Store) fro drop-down choices? That’s what you will need to answer in this section of the SharePoint Governance Plan.

 

6. Branding Guidelines

If you don’t want your Intranet to look like a rainbow, having a common convention on branding would help. This is a good place to document the theme, fonts, colors, logos and background images allowed in your SharePoint environment.

 

7. Term Store Administration

Being a site owner does not necessarily mean that you will have access to the Term Store (Term Store has a separate administration access mechanism), but in case you have such privileges – common standards need to be put in place. If you do allow certain users access to the Term Store – you need to set some guidelines on use/reuse of the terms/tags. This is really critical since the Term Store is a global vault of tags/labels and needs to be managed with great care and caution.

 

8. SharePoint Site Owner/Power User onboarding

This is a great section to set proper guidelines and education curriculum for those who want to become site owners. Just because you used SharePoint 2007 in your previous job does not automatically make you a Site Owner. So anyone who desires a certain level of access and authority in SharePoint must go through certain training, education, and familiarization with the company’s Governance Plan.

 

9. Escalation process

A great place to show off your Visio skills! In this section, define the process for escalation of SharePoint requests and issues. For example, who do you need to contact or get an approval from if you need to request a new department site, site collection for external sharing or security group? Having clear authority, roles and responsibilities defined and documented will help avoid the confusion and misunderstanding down the road.

 

10. Use of custom code/3rd party tools

If you have been following my blogs, you know that I am a big Out of the Box kind of guy. With SharePoint Online, you have an easy access to 3rd party web parts via the SharePoint Store. With that being said, you need to set some policies and rules as far as using 3rd party web parts, tools or custom code. Whatever decision you make here needs to be documented in the plan and communicated to all the site owners.

 

Recommendations for a Governance Committee

 

1. Have a proper mix of users

I have seen many cases where the governance committee consisted of senior leadership and executives who had no clue how SharePoint works or even had a slight idea on SharePoint terminology. Guess what, these committees fail miserably. You really need to get your hands-on users and actual SharePoint champions into the mix. It is still a good idea to have some execs sit on the committee (for the oversight, help setting up some of the guidelines + let’s face it, somebody needs to pay for pizza and coffee), but don’t overdo it. I recommended that the committee shall consist of 80% of actual site owners / SharePoint champions and 20% of senior leadership folks.

 

2. Meet often

Even if “everything is fine” – make sure you meet regularly to discuss the state of SharePoint, any issues, questions from the audience, discuss new features being rolled out in Office 365 and SharePoint, review how user adoption and training are going in each department, etc.

 

3. Transfer of Knowledge

As people come and go, it is important to maintain certain SharePoint culture and knowledge within the organization. As such, make sure to properly educate each other on ins and outs of SharePoint and best practices and standards set up across your organization.

 

4. Discuss User Adoption and Training

At a minimum, you should focus on user training and user adoption in your Governance Committee meetings. I don’t want to disappoint you, but in case you thought SharePoint was all about IT and technology, it is not. So make sure to keep a constant pulse on User Adoption and Training. Especially for those who run SharePoint in the cloud (as part of Office 365) – you and your users need to be familiar with the latest improvements and changes that can negatively affect the success of your SharePoint endeavor.