How to Implement an Effective SharePoint Governance Plan

Brought to you by and the SharePoint Zone

Are you thinking about deploying SharePoint in your organisation? You won’t have to do much research before you come across the big “G” word – governance. Just the word itself is somewhat imposing and definitions for it will vary. In fact, if you ask three different experts what governance means, you’re likely to get four different answers. And while I have yet to find that one, perfect definition of governance, I can accept this one from Microsoft: “Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organisation’s business divisions and IT teams cooperate to achieve business goals.” In short, it is a “how to” guide.

Why do we need governance? Because we want to ensure (or even better, assure) that the IT solution achieves the business goals. With complex systems like SharePoint, users need help. Users need guidance on what they can do and how they do it. Trust me, they aren’t going to just “figure it out.” You may also have content that must comply with legal regulations such as HIPAA or Sarbanes Oxley—without a governance plan, you may be in legal jeopardy.

Moving past the “what” and “why” of governance, an even harder question to answer is how to implement SharePoint governance. Part of the challenge here is that there is no one way, no right way. How SharePoint is used varies greatly, and for that reason, you’ll never find a master template on implementing SharePoint governance. Nonetheless, there a number of suggestions I’d like to share on how you can effectively implement a SharePoint governance plan.

Start Small

There are many reasons why organisations avoid governance altogether. Since governance is so overarching, it seems overwhelming and many don’t know where to start. For others, they dive in and start setting policies on everything and never finish. In overly optimistic companies, they assume or expect end users will somehow collectively develop the plan over time. Avoid these traps.

One of the best practices for a SharePoint deployment also applies to your governance plan: start small and grow it incrementally. For example, we wouldn’t recommend turning on every SharePoint feature starting on day one. SharePoint does way too many things. Turning on everything confuses users and makes governance planning impossible. Start by enabling a small subset of features to match only some of your business goals. Maybe you only start with social collaboration or enterprise search. Then, have the governance plan focus on just this area. As SharePoint expands, you revise the governance plan.

Be sure to recognise that the degree of governance will vary depending on what your business goals are. For example, if you plan on using SharePoint for informal team collaboration, you’ll need fewer rules than if you’re a hospital managing sensitive patient records.

Consider the Organisation’s Readiness

Assess your company’s culture and determine what I like to call governance readiness. Do you have clearly defined policies and procedures in other systems? Are users comfortable with these policies? Governance policies you create should match the readiness or maturity level. For example, if your company has been lenient on how expense reports are approved, you don’t want the new process to be rigid and tightly managed. People adapt slowly and your governance plan must keep that in mind.

If this is your organisation’s first attempt at governance, you might consider holding off on some of SharePoint’s advanced features such as records management as it does involve complex governance planning. And, even if you can articulate the ideal governance plan, the users won’t be ready for it. As time passes, the organisation and its staff will adapt and evolve. When it does, you can tackle the more complex business problems.

Form a Governance Board

SharePoint is a business and technical solution, and, therefore, you should have a cross-functional board of business and IT personnel that develop the plan. Membership should include key departments that are affected by the SharePoint solution. In many cases, your board consists of the major stakeholders. In all cases SharePoint involves people so make sure HR has a seat at the table. If SharePoint will be protecting and preserving legal records, make sure legal is present as well. While the board functions like a steering committee, don’t make it too large. If possible, try to limit the count to no more than 10 people to avoid committee paralysis.

Here’s another important reason to have a cross-functional board membership: your organisation may have other governance plans that are owned and enforced by other business units. When you develop a SharePoint governance plan, be sure that it aligns with other plans. For example, you may have an IT policy that states that no personal files shall be stored on any corporate system. This policy should then be inherited by SharePoint’s governance plan.

Make Sure to Answer Common Questions

Getting users to accept and properly use a new system is not easy. We call this the adoption challenge. A typical reason is because there is no guidance on how the system should be used and who should be doing what. The governance plan should provide clear guidance, like an easy-to-follow recipe. Remember, it’s the “how to” guide. The best way to do this is to make sure that it answers common questions that come up. And with SharePoint, you’ll have a lot of them – here are just a few:

• How/when do I create a new website?
• How do I find/publish/protect/preserve/expire/recover content?
• Where do I store this type of document?
• How do I apply metadata to classify this document?
• Who owns this content and what are this person’s responsibilities?
• Should I still store files on the file server?

The questions you come up with should be based on how your organisation will be using SharePoint, and they will vary from other organisations. When answering the “how” questions (e.g. How do I create a new website?), don’t just fill in the how-to-do-this-in-SharePoint answer. Really think about how users should be using SharePoint for this task. For some organisations, the built-in way to create a new website works. For others, there may need to be a request and approval process.

Answers to the “who” questions become the roles and responsibilities part of your plan. This is essential to make sure that users understand and are empowered to fulfill their duties. You should know that SharePoint often creates new roles, and these roles may need to be filled by new or reallocated employees. Be sure to consider who will be responsible for content areas that have special rules such as security or data quality.

To make the answers easy to find, publish them as a FAQ within SharePoint. When it comes to training, your governance plan becomes a core part of your training plan. You can’t just train people on how to use the basic SharePoint product and expect them to correctly apply it in their day-to-day tasks. Instead, train them on how they will use SharePoint to perform these daily tasks. For example, you might have an HR scenario such as “Using SharePoint to manage the onboarding of a new employee.” When you do this, you’ll often get an unexpected benefit: users want to use the new system. By showing users how it will make their job easier (which hopefully is a business goal), you’re able to sell them on it, making them advocates. This is the best way to address the adoption challenge.

Can you enforce it?

While you hope most people do the right thing, if you have no way to enforce a governance policy, it becomes weak and ineffective. Within SharePoint, some policies can be enforced in an automatic way, whereas others must be enforced manually. For example, you can enforce what types of files (e.g. PDF or MP3) users can upload into SharePoint, but there is no automatic way to limit the total space used by a single user.

While SharePoint is an incredibly powerful product, there are a number of areas like this where built-in features do not provide any automatic enforcement. Fortunately, SharePoint is very customisable, and often times a software developer can write custom code to supplement these limitations. Also, a number of third-party vendors offer products to help address many of the governance needs. Be sure to consider these when planning your governance enforcement.

You should not define governance policies in areas where they cannot be enforced. So, in the previous example, unless you have a user running and monitoring a custom report on how much space each user has, you should not have a policy on it. This is a reason why your IT department has a seat on the governance board. He or she provides input on what you can and can’t do with the system.

However, sometimes the limitation is not with the system but with the organisation. For example, you may need to have legal approve all portal content before it gets published. If your legal team is busy (isn’t everyone?) and you publish a lot of content, this becomes a bottleneck and is impractical. When this happens, the governance plan is perceived as a bureaucracy, stifling productivity and adoption. If you really need to have legal approve all content, address the resource problem.

Keep your Governance Plan Fresh

One of the biggest worries with a governance plan is that it will be written, stored in a binder and left on the top shelf to collect dust. For your governance plan to be your “how to” guide, it must be kept up to date. Plus, I can guarantee that you’ll be off target with your first version. You’ll find that you can’t enforce parts of it, and guidance in other areas is lacking.

Of course, how people use SharePoint will evolve over time. You’ll encounter new and better ways to solve problems. You’ll incrementally release new SharePoint features, and updated versions of SharePoint will come out. Business processes will change, requiring you to adjust your policies. Remember that your plan started out small – give your plan the necessary attention so that it grows with you. At a minimum, I would suggest your governance board meet quarterly to revisit and revise as needed.

Conclusion

So, don’t fear the governance plan. It should be an intrinsic part of your deployment and operational guides. But don’t just take my word for it. Do it for the right reasons. And when you do it, take a good, hard look at your organisation to create a plan that will work today and can grow into tomorrow’s plan. Your staff works hard already. Give them the guidance and structure that enables them to achieve even greater success.

Share a PDF of this whitepaper with your colleagues now:

Follow us on Twitter for more SharePoint Governance tips: @AvePoint_Inc; @tweetraw (Randy Williams)