Part 2: Building a Governance Plan that works for YOU
As discussed in “Part 1: What the heck is a SharePoint Governance Plan?” a successful governance plan is one that allows the platform to be leveraged in an organized and thoughtful way, based on an understanding of the business information and requirements, environments and processes that work best with the team members in your organization. In this post, we will walk through the steps involved in developing a governance plan that is tailored to your organization.
Form a Governance Committee
A governance committee is a group of people from across your company who understand the needs and inner-workings of your organization and works together to build your governance plan.
Typically, this committee consists of the following types of people:
- Executive stakeholders who hold the corporate vision
- Department stakeholders from representative business Units. For example: human resources, finance, legal, research, and of course IT
- Compliance and information security representatives who can represent any mandated compliance over your content based upon your business and associated regulatory control. For example PCI, HIPAA and FedRAMP
Together, this combination of members represents an understanding of your business content, how it is used, its logical groupings, and any related security or regulation and control it requires.
It’s important to remember that even if you are not in a business that falls under regulatory control, there are important business documents that require different levels of security such as:
- Human Resources: Employee reviews, confidential employee benefits information
- Finance: Accounts receivable and payable, payroll records, client references
- Research: Competitive intelligence and other information that if “leaked” could compromise corporate goals
Establish a Governance Plan
Determine initial principles and goals
Your governance committee should develop a governance vision, policies, and standards that can be measured to track compliance and to validate the benefit of your plan to your organization. Periodic audits can be performed using out of the box SharePoint audit capabilities for basic auditing, or 3rd party tools such as Metalogix ControlPoint for more detailed audit and tracking. Audit data can be used to identify what’s working and what’s not working in your governance plan and where additional user training may be required.
Classify your business information
Taxonomies are used to identify and classify or “tag” your organization’s content. This step can be overwhelming but it’s important to remember that you will start basic and build upon this over time. Identifying your most critical content – remember those 2 questions – risk of corporate exposure and availability requirements – is a good place to start.
For instance, it may be enough to begin by identifying “internal”, “need to know – external” and “public” content. Even this little piece of information allows you to begin to identify your information architecture – what sites this content can live in, who owns the content, permissions around it and whether it should fall under information rights management policies for expiration, archiving, eDiscovery or restrictions on print or email.
Develop an education strategy
The best written governance plans have fallen on their sword because of the lack of training around them. At the end of the day, the consumers of your governance plan need to understand it in order to apply it to their day to day corporate lives.
When a governance plan is too complicated, it has a negative impact on user adoption. Folks will resort to using file shares or emails to share content because they are worried about making a mistake, or worse, confused as to where to put things. Alternatively, they can store content in the wrong places and make it difficult to find, which results in the consumers of their content throwing up their hands and requesting email copies to be sent. Frustration is the key to failed adoption and frustration is often the product of a failed training program.
A comprehensive training plan should show how to use SharePoint according to the standards and practices that you are implementing and explain why those standards and practices are important.
Your education strategy should be included in your plan and should include auditing and periodic refresher training as you identify areas that are not gaining adoption. Keep in mind that different user groups in your organization will require different levels of training, and different methods. Site and content owners will need training in the policies and practices of creating sites, editing pages, and modifying permissions. End users will need training in how to use the applications in your sites; document libraries and metadata tagging and search.
You can make use of training tools, FAQ’s, wikis and videos for these different user groups and these elements can be factored into your information architecture. You can also use SharePoint surveys and social features of SharePoint to gather important feedback from the consumers of your training to improve your delivery of these important topics.
Develop an ongoing plan
A governance plan is a living, breathing document that will evolve over time. Refinement of the plan and its associated training will be ongoing. You will likely add members to your governance committee as adoption increases and you identify gaps in your committee’s representation of your business needs.
In support of this, your governance committee should meet with regularity to review potential new requirements, reevaluate and adjust governance policies based upon usage, feedback and audit reports. Refresher training should be available to your end users as well.
My recommendation is that during the initial months of deployment, the governance committee should meet several times a month, and as time goes on the frequency of this can drop down to monthly and then quarterly, or several times a year. Once again, this schedule will be highly individual to your company and based completely on what your audit and tracking and user feedback is telling you about what is needed.
SharePoint is a highly customizable and flexible platform, and collaboration at its root, is highly individual. Because of this, when forming policies for how SharePoint can be used, and moderating that based upon the business criticality of the different types of business content, its important to tailor these policies to your users and business needs.
There is a very balanced relationship between governance and adoption. Your governance committee, in understanding your business and your users, is best suited to come up with a governance plan that meets the business requirements without inhibiting productivity. My recommendation is to start small, and through the evolution of the plan over time, you will identify the areas that need refinement.
In Part 3: Building your Governance Plan – A Deeper Dive I will lead you through more detailed discussion of building out your governance plan to address the different areas of governance called out in Part 1 (IT Governance, Information Management, Application Management). See you soon!