Building Blocks of a SharePoint Governance Plan

SharePoint- as a key collaboration and content management platform for many organizations- can be utilized in different ways and capacities, such as:

• Discovering, sharing, and managing content securely within the organization, as well as externally with partners and customers, across any device and from anywhere
• Managing team and project activities through shared calendars, capturing project milestones, contact lists, and other relevant data
• Connecting with experts, discovering insights, and previewing search results to find relevant answers quickly with powerful metadata driven search results

With SharePoint as an enterprise-level platform, it is common for many organizations to spend much of their time and effort on setting up the SharePoint environment, making it available to their teams and groups, customizing it to meet their unique needs, and just performing the routine maintenance activities.  While most of those are necessary, the Governance around the content, security, and usage of the SharePoint capacities is usually neglected.  An unmanaged SharePoint environment, specially SharePoint Online service in Office 365, can lead to uncontrolled content sprawl, ownership confusions, and security issues.

One of the most important steps in establishing and enforcing SharePoint governance in any organization is the creation and execution of a solid Governance Plan along with a governing body and a set of procedures and processes to encourage and enforce the policies and standards.  An effective Governance Plan documents the governing policies and guidelines around content, storage, security, and performance that provides structure and guidance to the business and IT operations and ensures that the environment is managed and used in accordance with its designed intent. 

Given that a Governance Plan is not a one-size-fit-all and realizing that every organization has its own unique needs and requirements for SharePoint governance, we are providing an overview of a “Standard” Governance Plan, specific to SharePoint Online, in this article that is divided into 3 main areas as shown below:

Content Governance

The collaboration capabilities that SharePoint Online offers is also available with some of the other services available in Office 365.  The image below is an overview of these other collaboration services and when SharePoint is best suited and should be recommended:

In your organization’s Governance Plan, the acceptable usage of SharePoint and other online services above along with a logical architecture of the content should be defined for different business lines and organization functional units.

Site Provisioning processes for SharePoint Sites included with Office 365 Groups and Teams, Project Online Sites utilizing Project Web App, and SharePoint Classic Team Sites should also be clearly defined in the plan. Also, the procedures around site ownership, maintenance, monitoring, and manual/automatic deletion of sites need to be defined and documented.

Governance policies around security & permissions, external sharing, site size, folders vs. metadata, branding, and taxonomy & metadata should be also included in the plan.

The table below provides an example of a Security and Permissions governance model:

Infrastructure Governance

If your organization is utilizing an on-premise infrastructure or a hybrid architecture -with infrastructure either hosted on premise or on cloud- then the governance policies for the infrastructure need to be clearly defined in the plan.

Application Governance

InfoPath Forms

Your organization needs to have a clear road map regarding the InfoPath Forms due to this technology being phased out by Microsoft.  You’ll need to have a plan in place to convert any existing InfoPath Form into PowerApps (for basic forms) or 3^rd party Form Solutions, such as Nintex.

PowerApps and Office 365 Forms

For content stored in custom SharePoint lists that require basic forms with business rules and logic implementation the creation of a PowerApps will be recommended with data source connections to the custom SharePoint lists.  Also, Office 365 Forms can be used for requirements that need to capture user survey or conduct quizzes within a team, department or at an organization level.  Office 365 Forms cannot be used for any other enterprise use cases besides quizzes and surveys.

Third-Party Forms

When requirements are complex that cannot be met with the above three methods, Microsoft approved third party form solutions such as Nintex which offers a vast array of functionality can be considered.

Workflows

The workflow tool selection can be made on a case by case basis based on requirements complexity and business needs. Clear rules and policies need to be documented in the plan for using SharePoint Designer Workflows, Microsoft Flow, and Nintex Workflow solution.

Custom Apps

Custom Apps for SharePoint Online can be either SharePoint Hosted Apps or Provider Hosted Apps for business requirements which cannot be met with natively available apps in SharePoint, third party tools or available for purchase at Microsoft Store. All requirements for a custom app in SharePoint needs go through a formal Project Request process with design requirements and evaluations.

Business Connectivity Services

The authorized data sources for setting up external content types that allow access to data outside of SharePoint to be surfaced as external content needs to be determined and documented.

Search

Your organization needs to have a clear plan and road map for using Out of the Box Search that is available in Office 365 vs. hybrid search with ability to search and index content from data sources outside of Office 365.

Third Party Apps

All requirements for the use of third party tools needs be evaluated and tested before the tools are allowed in use in SharePoint Online.  The behavior, features and licensing model need to be thoroughly tested and evaluated before the app is made available for use in the production site.  All these policies and procedures need to be defined and documented in the plan.

Reports and Dashboards

Policies and procedures around using Excel Reporting (with its advanced Power Query, Power Pivot and Power Map capabilities) and PowerBI need to be defined and documented in your plan.

Adoption and Training

Possible approaches for increasing user adoption can be defined and documented in your plan. Some examples are:

• Quarterly lunch and learns educating users with SharePoint tips
• Newsletters or quarterly email subscriptions with ‘how-to’ links for everyday activities including link to training videos
• Yammer Group with adoption quick tips that users can subscribe to
• Periodic engagement with site users to determine areas of improvement

Governance Committee

A Governance Committee- that is a group of members that represent different departments in the organization, such as IT, Security and Legal- should be established. The main role of this committee is to ensure and enforce compliance of information governance policies.  The committee members will be responsible to act on any violations of the policies defined which will be determined by activities, such as quarterly review of content shared externally, all retention policies, and external sharing activity reports. This committee also liaise with content owners to ensure that the external accounts are still valid and no security has been breached.

Brining It All Together

The goal of this article was to provide a very high-level overview of building blocks of a standard governance plan to our readers. It is obvious that the establishment and enforcement of SharePoint Governance is not an easy and straightforward undertaking, especially when there is a Cloud and external access component involved. At Optimum, we have a team of seasoned SharePoint consultants who specialize in defining and establishing governance policies and procedures, based on the unique organizational structure and needs of our clients. Schedule a free consultation session with us to learn more about how we can help your organization set up and enforce a SharePoint Governance model that is right for your business needs and structure.