The simple truth: SharePoint governance cannot be easily defined and not one company in the marketplace "owns" how to "do" governance. Everyone has different perceptions and opinions about what SharePoint governance is, and how it applies to their roles and responsibilities.
Wikipedia states that governance "relates to decisions that define expectations, grant power, or verify performance.1 It consists of either a separate process or part of management or leadership processes." Microsoft defines governance as "the set of policies, roles, responsibilities, and processes that guide, direct, and control how an organization's business division and IT teams cooperate to achieve business goals." 2
AvePoint's Interpretation: Governance consists of the people, processes, policies, and technologies that deliver a service.
People: Governance doesn't exist without the people who create and develop the policies and plans. The governance plan must cover people's roles and tasks as well as incorporate change in human capital due to turnover and expansion.
Process: This consists of steps taken to achieve a business goal, with the output usually occurring in a product or service.
Policy: While a governance plan is about guiding people to do the right thing, there are cases – perhaps due to regulatory or statutory requirements – where policies are mandatory and users are then required to abide by them.
Technology: In a recent article, SharePoint MVP Dan Holme writes, "You must understand the technology that you are trying to govern; you can't ask it to do something it cannot do."3 The features or limitations of a platform or product (technology) influence how the governance plan is implemented, regardless of the processes and policies established by the people.
While most organizations are concerned about calculating and increasing the monetary return on investment (traditional ROI) of their SharePoint deployment, we'd like to offer another angle that SharePoint MVP Dan Holme calls ROI, the Risk of Inaction. Governing a SharePoint deployment is not easy – in fact, it can be time and resource intensive. However, governance is a fundamental requirement for SharePoint success.
Risk of Inaction is a basic "what if" scenario that lays out real-life examples of the risks associated with not developing a sound, comprehensive governance plan. In his blog series "SharePoint Gone Wild", SharePoint MVP and AvePoint Chief Architect Jeremy Thake shares tales of the negative consequences when governance plans do not account for the following characteristics:
Before implementing governance plans and policies, it is imperative to understand what it takes to ensure it.
Developing and implementing good governance is not easy. Why? SharePoint is a complex platform with numerous services available – including portal, collaboration, document management, and search – each of which could require their own policies and procedures. The level of governance for any particular service or application often correlates to the intended size of the audience.
|Levels of SharePoint Governance Vary Based on Visibility|
|Highly visible portals accessed throughout the organization need the highest level of governance enforcement. |
Example: External websites accessed by both internal and external users require the highest level of governance enforcement to ensure content updates and graphics changes have gone through the appropriate approval processes.
|Sites that have the least visibility throughout an organization require the least amount of governance enforcement, and thus less expended effort. |
Example: Personal My Sites that serve as a draft site for an employee and their manager require the least amount of governance enforcement and control over what content is added and deleted as well as the theme used, because the audience is smaller and the content is subsequently less exposed.
As with any 'rule', there are always exceptions. Content subject to regulations – for instance financial information – and can only be accessible or intended for a very small subset of the organization, could require very strict access controls, robust SLAs for content availability, and retention requirements.
Essentially, it is important to have a clear idea of what your organizations' dynamic business needs are before setting forth with a governance policy. As no two enterprises are alike, no two governance plans should be exact clones of each other, either.
Often the first step seems to be the most daunting when organizations look to establish governance for their SharePoint implementations. In order to make SharePoint governance seem more tangible and actionable, organizations can follow a few best practices for governance plan development and implementation, as outlined by AvePoint Enterprise Trainer Randy Williams in 'How to Implement an Effective SharePoint Governance Plan,' including:
|Start Small||Enable a small subset of your governance plan first, then plan to grow and evolve with your business plans for SharePoint.|
|Evaluate Readiness||Governance policies created should match the readiness and maturity level or your company's SharePoint environment and its people.|
|Form a Governance Board||SharePoint is a business and technical solution, and therefore, you should have a cross-functional board of business users and IT personnel that develop the plan. Membership should include key departments that are affected by the SharePoint solution.|
|Answer Common Questions||In order to provide the most detailed and comprehensive governance plan for your organization, the best way to provide clear guidance is to make sure you answer common questions that come up when users begin to adopt SharePoint.|
|Can You Enforce It?||While you hope most people do the right thing, if you have no way to enforce a governance policy, it becomes weak and ineffective. You should not define governance policies in areas where they cannot be enforced.|
|Keep Your Governance Plan Fresh||Remember that your plan started out small – give your plan the necessary attention so that it grows with you. At a minimum, your governance board should meet quarterly to revisit and revise as needed.|
Organizations not only need to establish comprehensive governance plans, but also ensure that the outlined policies are enforced and procedures are followed. There is a wide variety of options available to help enforce SharePoint governance policies, which range from heavily manual to fully automated.
|Rely on people to police |
|Custom solutions |
DocAve Governance Automation
For organizations looking to simplify and streamline the deployment, monitoring, and enforcement of SharePoint governance policies, AvePoint's DocAve Software Platform helps organizations:
DocAve Governance Automation allows organizations to provide SharePoint as a service to business users, encouraging the adoption of SharePoint by automating the way users provision, manage, and modify sites and permissions. Through an intuitive service catalog, which can be accessed from a browser-based management console or directly through SharePoint, Governance Automation helps to ensure all requests are fulfilled within established governance policies by providing a fully auditable business approval process.
As your adoption increases and environments evolve, Governance Automation closes the custom code gap created by home-grown solutions and resolves ambiguity around provisioning, managing, restructuring, and archiving sites and site collections by providing end users the following service request options:
The DocAve Difference: Using the entire DocAve 6 platform as a foundation for governance policy enforcement – including modules for migration, data protection, administration, storage optimization, compliance, and reporting – Governance Automation transcends the capabilities of niche SharePoint security management and provisioning tools by providing complete business process automation for content migration and restructuring, site and site collection provisioning, lifecycle management, and permissions management.
Automate processes and governance enforcement with policy-driven services that empower users and improve IT SLAs. Integrating request-based processes with the DocAve 6 platform, AvePoint’s Governance Solution alleviates the burden of handling repetitive services, allowing IT professionals to focus on driving technological initiatives that help improve business efficiency and productivity.
|DocAve Governance Automation||Automate the way users provision, manage, and modify sites and permissions. Ensure all requests are fulfilled within established governance policies by providing a fully auditable business approval process.|
|AvePoint Compliance Guardian||Proactively protect your environment from harmful information leaks, contamination, or misuse while simultaneously ensuring that all activities and content residing in the environment are compliant, accessible, and manageable.|
|DocAve Administrator||Centralize access controls to reduce cost of maintenance across the entire SharePoint deployment.|
|DocAve Archiver||Expire content, set a lease on content, and predict costs.|
|DocAve Connector||Present and manage file share documents and media content directly in Microsoft SharePoint 2013 and Microsoft SharePoint 2010 without migration, and configure SharePoint to handle digital asset management.|
|DocAve Content Manager||Utilize SharePoint’s site-based architecture to design an ECM system aligned with organizational structure – both today and tomorrow as enterprises continue to evolve their business and technical initiatives.|
|DocAve Granular Backup and Restore||Achieve self-service with single item restoration.|
|DocAve Platform Backup and Restore||Ensure fast, full-fidelity recovery of any lost or corrupted documents, objects, sites, and site collections directly to the production environment or to any other SharePoint location with no need for staging.|
|DocAve Replicator||Scale globally while managing content locally. Replicate content, configurations, and security settings between a single site, across multiple sites, or across geo-distributed SharePoint environments.|
|DocAve Report Center||Monitor SharePoint system performance and activity from a single dashboard to predict costs, prevent performance bottlenecks and non-compliance events, and assist in future scaling planning.|
|DocAve Storage Manager||Mitigate the negative consequences of exponential data growth by combining multiple real-time and scheduled business rules to externalize content based on file size, type, or other document properties.|