SharePoint 2010Governance Best Practices

Ivor DaviesSharePoint Evangelist & Senior Technical Specialist@IvorDavies59 (Twitter)

December 1st, 2012

My Biography….– 10 Years of SharePoint experience – back to 2003– 22 Years of IT work with the Province of Ontario

(30 years with company)– Seasoned IT Professional in SharePoint / Business

Intelligence / Project Server / Microsoft Office / Virtualization

– Social Media Enthusiast (Twitter / LinkedIn, Facebook / Pinterest / Klout / Yammer)

– SharePoint Evangelist in Social Media!– Lover of Dogs!

Agenda:

• What is Governance?• Why should we care?• Governance is based upon reach• SharePoint Pain Points• The Governance Process• Implementing Governance• Governance Teams (Strategic / Tactical)• Governance Planning Roadmap Overview• Governance Plan Elements• Key points to remember…• References

Governance is…..

4

A set of policies, roles and responsibilities and processes to guide how organizations and divisions at Microsoft best use of SharePoint to keep SharePoint sites under control, limit security threats, and practice document lifecycle management.

SharePoint Governance

• A set of policies, roles and responsibilities and processes to guide how organizations and divisions at Microsoft best use of SharePoint to keep SharePoint sites under control, limit security threats, and practice document lifecycle management.

• Helps to:– Keep SharePoint sites & access under control– Limit security threats– Practice document lifecycle management

• What do we govern?Govern Information Architecture SharePoint

Services

Why should we care?

6

Governance is based on “reach”

Home Page

Functional

Areas

Divisions– “Public”

Departments – “Private”

Team Sites

Personal Sites – My Sites

“PUBLIC” SITES: Open to all employees

TEAM SITES: Generally open to team members

Tightly controlled,

formal governance

Looser control, less formal governance

Some control, some formal governance

“PRIVATE” SITES: Open to business group members

7

• Too many sites; users can't find content• Users don’t know the security of the library

before saving. (Not easy to know.) • Users can't remember URLs• Orphaned Team & Personal Sites, Document &

Meeting Workspaces• Rollover of site ownership• Users consistently exceeding site quota• No Site Recycle Bin complicates cleanup

SharePoint Pain Points

SP Pain Points Continued…• Document versioning is turned on without

limitation – e.g. a single document with 2GB of versions

• Features installed in the environment and no longer used – you should clean these up as part of any migration

• Every single FAB 40 server admin template installed & activated in the farm – installed just because & made available to everyone

Problems with Unmanaged SharePoint

1. SharePoint growth which is costly to manage2. Sensitive content not properly secured,

information leaked3. Outdated & irrelevant search results4. Difficulty in finding desired information

Governance Process

Define or Update Policies

Implement Policies

according to definition

Enforce Policies

Measure & Analyze

Effectiveness

Implementing Governance

• Organize Governance Committee including the following roles, LCA, Records Management, Taxonomist, IT Ops, IW worker and INS team

• Review Information Architectures and identify potential inefficiencies

• Determine goals & policies• Organize contents, pilot and deploy management

process & policies• Develop Education Strategy & Training material• Develop ongoing assessment & evaluation of

Governance strategy

Governance Goals and Policies

• Goals– Manage SharePoint growth– Reduce # unused site collections– 100% of sites compliance with classifications– Clear end-user responsibility & accountability of

content• Policies

– Site lifecycle management & expiration – Site ownership validation– Site decommission process– Site storage & quota management

• Quality– Provide easy access to information – Intuitively designed navigation and information architecture– Offer hosting service packages – Provide feedback to teams

• Awareness– Showcase SharePoint as an intranet/portal solution

• Usage– Promote frequent use of SharePoint among all employees– Maintain portfolio of hosted content

Governance Goals and Policies

Governance Teams

Strategy Tactical

Vision

User adoption

Training

IT & Business

Operation

Support

Development

Strategic Team• How do we improve business processes & how

do we deliver on that?• What structures need to be in place to deliver

this value?• What areas of the business offer the most

opportunity for growth?• How can we align our activities with the goals

of the business?• Are there synergies that can be created

between divisions and departments?• What ways can we reduce inefficiencies and

duplication?

Tactical Team• The tactical team consists of three sub teams all

charged with supporting the directives of the strategy team: – Operations– Support– Development

It’s easy to make mistakes …

18

…so it’s especially important to plan!

• Avoid sprawl• Ensure quality • Deliver a great user experience• Consistency in UI (User Interface) experience across the

portal• Consistent navigation• Clear decision-making authority• Align portal with business objectives• Communicate best practices• Content ownership (who owns the content?)

19

But, the plan is not enough – it must be CONSUMABLE …

20

What percent of employees say they don’t always their company’s security policies?

What percent say the aren’t even of the policies?Aware

follow

… and most importantly, you must be prepared to

21

Governance Planning Roadmap

22

2. Identify an Inclusive Team

5. Discuss “Framing” Decisions

3. Document the Vision

6. Identify Roles and Responsibilities

7. Develop Guiding Principles

8. Get Social?

4. Review the Deployment Model

10. Document

11. Socialize, Promote, Verify

9. Understand Policies; Define Guidelines

1. Design First

Courtesy of Susan Hanley

Governance Best Practices

• Define your audience• State the service opportunity• Identify stakeholders• Operational requirements

(i.e., maintenance windows)• Good Communication plan• Get user feedback• What is out of scope?• Create strong partnerships

Governance Best Practices

24

Target specific audiences

Don’t read without training

Just in time, just enough – make it consumable

Basics first, then the hard stuff – 10/2 rule

Lessons Learned

• It’s really about both assurance and guidance & it takes COMMITMENT – plan, plan, plan

• No one cares about governance – until you make it all about them!

• Less is more – avoid unnecessary bureaucracy & documents

• Create & communicate a roadmap• Build best practices into your site templates &

automate everything you can• A governance plan doesn’t replace training • … & training should include the governance plan

25

Governance Plan Elements

26

Governance Plan Element

Description Target Audience

Overview Explains the vision, why governance is important, and the overall model

All Users

Guiding Principles Key statements that support the vision All Users

Roles and Responsibilities

Describes the key roles required to ensure success Users with a key role

Content Authoring Policies and Guidelines

Describes policies and best practices for content publishing and content management

Content Authors

Design Policies and Guidelines

Describes what must be done (policies) and best practices (guidelines) for site configuration

Site Owners/ Solution Analysts

Processes and Procedures

Describes key processes (for example: request or de-commission a site)

Site Owners

Key Points to remember…• Establish a governance plan to ensure quality &

relevance of content• Keep the governance model SIMPLE

(Don’t OVER DESIGN)• Think about how we will ensure compliance with

the plan over time• An EFFECTIVE governance plan does not have to

constrain every move – it has to provide guidance to users to ensure that the solution remains effective & vibrant over time.

• Ensure a strong advocate / Executive Sponsor

Good SharePoint ResourcesSharePoint Server 2010 Plan for Sites and Solutions: http://technet.microsoft.com/en-us/library/cc789336.aspxSharePoint 2010 Governance White Paper: http://technet.microsoft.com/en-us/library/ff848257.aspxPlanning Guide for Sites and Solutions: http://www.microsoft.com/download/en/details.aspx?id=23613Good Books about SharePoint Planning and Implementation, and Governance(quoted above):

Governance – SharePoint Server 2010

A governing group defines the initial offerings of the service, defines the service's ongoing policies, and meets regularly to evaluate success.

The policies you develop are communicated to your enterprise and are enforced.

Users are encouraged to use the service and not create their own solutions – installations are tracked and rogue installations are blocked.

Multiple services are offered to meet different needs in your organization. Offering a set of services enables you to apply unique governance rules and policies at various levels and costs. In addition, you can phase in services in a manageable way.

Service-level agreements should include:

© 2010 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at ITSPdocs@microsoft.com.

Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals.

Three major areas for governing SharePoint 2010 Products:

IT governance of the software itself and the services you provide

Application governance of the custom solutions you provide

Information Management governance of the content and information that users store in those services.

Deployment governance

I T Governance

When you develop an IT service to support SharePoint 2010 Products, a key to success is your enterprise's ability to govern the service and ensure that it meets the business needs of your organization in a secure and cost-effective way. A successful IT service includes the following elements:

IT service governance

I nformation Management

Information architecture

Application Management

Customization policy

Lifecycle management

Governance and Site TypesDifferent types of sites frequently require different governance policies.

Typically, published sites have tighter governance over information and application management than team sites and My Site Web sites.

Each type of site should have a specific IT Service plan, so that the service level agreements match the importance of the site to the organization as a whole.

Con

cep

ts

Governance Areas Governance StakeholdersYou must ensure that your governance policies are appropriate to your organization's goals, and you must keep them up-to-date as business needs change. Form and use a governance group to create and maintain the policies and include the following roles:

Governance and Training

Governance doesn't work without user adoption and compliance.

End-user training and education, good content, and search are keys to user adoption.

What to govern: Quotas – Quota templates define how much data can be stored in

a site collection and the maximum size of uploaded files. Associate different quota templates with site collections at different service levels.

Site lifecycle management – You can govern how sites are created, the size of sites, and the longevity of sites by using self-service site management and site use confirmation and deletion. Set expiration and access policies to control content in sites.

Asset classification – Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). Classification then controls other behaviors, such as requiring encryption for high business impact information.

For IT governance, you can control the services that you offer, and you can control or track software installations in your environment to prevent proliferation of unmanaged servers for which you can't provide support. What will you provide with each service, and what will you include in service-level agreements for each service?

Information management is the governance of information in an enterprise — its documents, lists, Web sites, and Web pages — to maximize the information¶s usability and manageability. Another aspect of information management is determining who has access to what content – how are you making content available internally and externally and to whom?

How will you manage the applications that are developed for your environment? What customizations do you allow in your applications, and what are your processes for managing those applications?

You can block installations of SharePoint 2010 Products to prevent users from installing them to unauthorized servers that you cannot support. You use a group policy in Active Directory Domain Services (AD DS) to set a registry key on all servers that block installations.

Block installationsAn Active Directory Domain Services (AD DS) marker named Service Connection Point identifies the SharePoint 2010 Products servers in an organization. To use this marker, create a container in AD DS and set the permissions for the container before you install any SharePoint 2010 Products in the environment. Then, when you or another user in your domain runs the SharePoint Products Configuration Wizard as part of installing SharePoint Server 2010, this marker is set and can be tracked by using AD DS. You must set this marker for each domain in your organization if you want to track installations in all domains. This marker is removed from AD DS when the last server is removed from a farm.

Track installations

In addition to governing services that you offer, you also need to govern installations of SharePoint 2010 products in your environment. You can block all installations, or track and monitor installations. And you should make sure that your installations have the current software updates installed.

Information architects or taxonomists

Compliance officers

Influential information workers

IT technical specialists

Development leaders

Trainers

IT managers

Business division leaders

Financial stakeholders

Executive stakeholders

Centrally managed Locally managedSoftware, services, and sites are hosted and managed centrally by a core IT group

Software, services, and sites are hosted and managed locally by

individual groups

I T Governance

What's the right balance for your organization?

Keep current with software updatesAlways keep your servers current with the latest software updates. For more information, see the Updates for SharePoint 2010 Products Resource Center at http://go.microsoft.com/fwlink/?LinkID=160585.

Information architecture determines how the information in that site or solution – its Web pages, documents, lists, and data – is organized and presented to the site's users. Information architecture is often recorded as a hierarchical list of content, search keywords, data types, and other concepts.

Questions to ask when designing a site or solution:

How will the site or solution be structured and divided into a set of site collections and sites?

How will data be presented?

How will site users navigate?

How will search be configured and optimized?

Is there content you specifically want to include or exclude from search?

What types of content will live on sites?

How will content be tagged and how will metadata be managed?

Does any of the content on the sites have unique security needs?

What is the authoritative source for terms?

How will information be targeted at specific audiences?

Do you need to have language- or product-specific versions of your sites?

Good information architecture supports the following goals:

Manageability: can the IT team effectively implement and manage the information?

Requirements: does the information architecture meet regulatory requirements, privacy needs, and security goals?

Business: does the architecture add to your organization's effectiveness?

Information management tools

Follow these best practices to manage applications that are based on SharePoint 2010 Products throughout their lifecycle:

Use separate development, pre-production, and production environments (see Deployment model) and keep these environments in sync.

Test all customizations before releasing initially and after any updates have been made before you release them to your production environment.

Use source code control and solution and feature versioning to track changes to code.

1 Initial requirements are gathered and tasks assigned.

Developers use tools to track development and store source code for customizations.

Automated builds are generated for integration testing.

Build verification farm is used for additional testing (larger environments).

After testing, customizations are deployed to pre-production environment.

Pre-production environment matches production environment as closely as possible.

After verifying in pre-production, customizations are deployed to production.

End users use the production environment, provide additional feedback and ideas. Issues are reported and tracked.

Feedback and issues are transformed to requirements and tasks, cycle begins again.

2

3

8

10

11

6

4

Summary of lifecycle management process

For a full explanation of this process, see the video Development Lifecycle for SharePoint 2010 at:http://go.microsoft.com/fwlink/?LinkId=200174.

Determine which types of customizations you want to allow/disallow, and how you will manage customizations. Your customization policy should include:

BrandingConsistent branding with a corporate style guide makes for more cohesive-looking sites and easier development. Store approved master pages in site galleries for consistency so that users will know when they visit the site that they are in the right place. Define which parts of the template can be changed by site owners and which cannot. Allow room for sub-branding of individual team or project brands.

Govern your content by using tools for content management, including:

Use workflows and approval for document centers and site pages – wherever official documentation is stored.

Use approval for published Web sites to control pages.

Use version history and version control to maintain a history and master document.

Use content types with auditing and expiration for document libraries to manage document lifecycle.

Manage uploads to large libraries by using the Content Organizer.

Use site use confirmation and deletion to manage site collection lifecycles.

Identify important corporate assets and any sites that contain personally identifiable information – be sure that they are properly secured and audited.

Use Records Centers to store, audit, and control records in compliance with regulations or laws.

When thinking about content, consider the balance between the following factors. Which of these factors is the highest priority for each type of content?

5

7

9

Testing personnel test the customizations.

Previous testing ensures that when customizations are deployed to production, there are no unexpected issues or problems encountered.

Service level descriptions

Processes for analyzing customizations

Process for piloting and testing customizations

Guidelines for packaging and deploying customizations

Guidelines for updating customizations

Approved tools for development

Who is responsible for ongoing code support

Specific policies regarding each potential type of customization, whether the customization is code-based or no-code (done through the user interface or SharePoint Designer)

Sandboxed solutionsConsider using a restricted execution environment, called a sandbox, to isolate custom solutions. Sandboxed solutions cannot use certain computer and network resources and cannot access content outside the site collection they are deployed in . Sandboxed solutions can be deployed by a site collection administrator. Only a farm administrator can promote a sandboxed solution to run directly on the farm, outside its sandbox, in full trust.

For example, having a single copy of a document is good for reducing redundancy, but it is a problem for availability and access if it is deleted.

Map out the preferred content lifecycle. What steps need to happen when a list item, document, or page is created, updated, or deleted? For best results, develop a long term rather than a temporary solution.

Much of this should be covered by your document and records management plans, but also consider the storage costs for the content. Understand the capacity planning limits for documents and items, and keep performance and scale in mind.

Impact = Exposure If this leaks, will it hurt my

business?

Value = AvailabilityIf this isn't available, can my

business run?

Data protection (backup and recovery) – Vary the level of data protection that you offer based on service levels. Plan the frequency at which you back up the farms and the response time that you will guarantee for restoring data.

Security, infrastructure, and Web application policies – how is the system and infrastructure maintained and who has access at what levels. Are you controlling use of fine-grained permissions?

Length of time and approvals necessary to create a site.

Costs for users/departments.

Operations-level agreement – which teams perform which operations and how frequently.

Policies around problem resolution through a help desk.

Negotiated performance targets for first load of a site, subsequent loads, and performance at remote locations.

Recovery, load balancing, and failover strategies.

Customization policies.

Storage limits for content and sites.

How to handle inactive or stale sites.

Multi-language support.

Information accessBe sure to consider access to content when you design your solution and sites. This overlaps with IT Governance as you consider your entire environment. Ask the following questions:

Information Management: Permissions and AudiencesHow do I structure permissions in a site?

How do I target content to specific audiences?Should I use Information Rights Management (IRM) to protect content?

IT Governance: AccessHow do I make this content accessible to external users?

How do I make sure that only people who need access have it?

Integrate your information architecture with your environment's search strategy. Take advantage of Enterprise search features like best bets, people search, and content sources and connectors for external content.

Central published site

Divisional published sites

Group and team sites

Projects and workspaces

My Site Web sites

Typ

ical

de

gre

e o

f go

vern

anc

e

Site types in a typical environment

Determine the rules or policies that you need to have in place for the following types of items:

Pages

Lists

Documents

Records

Rich media

Blogs and Wikis

Anonymous comments

Anonymous access

Terms and term sets

External data

Content needs to be available when users

need it, and where they can get to it.

Shared copies reduce redundancy, and provide one version of the truth.

Availability Redundancy

Access Consider who has access to the content. If it should be secure, is it?

Strictly managed development

Application Management

Customizations must adhere to customization policy, deployments and updates tested and rigorously managed.

Rules about development environments or customizations are

less rigid.

What's the right balance for your organization?

Loosely managed development

Tightly managed Loosely managed

Appropriate for: Structured content High-business-impact content Personally identifiable

information Records

Appropriate for: Low-business-impact content Short term projects Collaboration

I nformation Management

Content is tagged with structured metadata, permissions are tightly controlled, content is archived or purged per retention schedules.

Content is tagged only socially and not tracked; permissions and archiving are not

monitored or managed.

What's the right balance for your organization?

References:• Microsoft SharePoint Team Blog:

http://blogs.msdn.com/SharePoint/archive/2006/12/13/management-and-governance-resources.aspx

• Governance overview(SharePoint Server 2010):http://technet.microsoft.com/en-us/library/cc263356(office.14).aspx

• Plan to share terminology & content types (SharePoint Server 2010):http://technet.microsoft.com/en-us/library/ee519603(office.14).aspx

References (continued):• Managed metadata service application overview

(SharePoint Server 2010):• http://technet.microsoft.com/en-us/library/ee4

24403(office.14).aspx• Managed metadata overview (SharePoint Server

2010):http://technet.microsoft.com/en-us/library/ee424402(office.14).aspx

• Best practices for My Sites:http://technet.microsoft.com/en-us/library/cc262706.aspx

Additional Resources on Social Media• SharePoint 2010 Group on LinkedIn:

– http://www.linkedin.com/groups/SharePoint-2010-1869506?trk=myg_ugrp_ovr

• SharePoint 2013 Group on LinkedIn:– http://www.linkedin.com/groups?gid=3854668&trk=myg_ugrp_ovr

• Twitter Hastags for SharePoint 2010– #sp2010 / #sharepoint / #spsottawa

• 50 Must-Follow Tweeters for SharePoint Enthusiastshttp://www.topsharepoint.com/50-must-follow-tweeters-for-sharepoint-enthusiasts

• Follow Ivor Davies on Twitter– @IvorDavies59

Supplement Example

33

For an example of a “quick guide” for Content Authoring for SharePoint, visit:

http://bit.ly/H03c42

Thank You !@IvorDavies59

Thank you to all of our Sponsors!!

Join us for SharePint today!

Date & Time: Dec 1st, 2012 @6:00 pmLocation: Pub Italia Address: 434 ½ Preston StreetParking: On street with meters $Site: http://www.pubitalia.ca/

Remember to fill out your evaluation forms to win some great prizes!

&