SharePoint Governance PLANNING THE PLAN
Define Governance Microsoft defines governance as:
◦ “The set of policies, roles (people), responsibilities, and processes that control how an organization’s business divisions and IT teams work together to achieve it’s goals.”
In the context of our work, governance provides guidance on how the SharePoint Online solution and services should be used to improve the current business of Family Service Association. Governance comes down to four key components: “The people, processes, policies, and technologies that deliver a service.” Also within the context of our work, the use of the words policies and procedures have different meanings. Policy: The formal guidance needed to coordinate and execute activity throughout Family Service. Procedures: The operational processes required to implement institutional policy. If policy is “what” Family Service does operationally, then its procedures are “how” it intends to carry out those operating policy expressions. The SharePoint Oversight Committee with follow all existing Family Service policies and procedures. When appropriate procedures do not exist, the Oversight Committee will research, document, create and recommend.
Subtle Differences The distinctions commonly drawn between policy and procedures can be subtle depending upon the nature of the Family Service organization and the level of operations being described in the statement. There are common characteristics that can help the Oversight Committee discern policy from procedures or practices used to implement policy. They are as follows: POLICY
PROCEDURE
W ides pread applic ation
Narrow applic ation
C hanges les s frequently
P rone to c hange
Us ually expres s ed in broad terms
O ften s tated in detail
S tatements of "W hat" and/or "W hy"
S tatements of "how," "when" and/or s ometimes "who"
Ans wers major operational is s ue(s )
S tatements of "how," "when" and/or s ometimes "who"
Sample Policy Statement POLICY FS525
It is the policy of Family Service Association in San Antonio, Texas that information, as defined hereinafter, in all its forms – written, spoken, recorded electronically or printed – will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout it’s life cycle. ETC.
SCOPE
The scope of information security includes the protection of the confidentiality, integrity and availability of information. ETC.
RISK MANAGEMENT
A thorough analysis of all Family Service information networks and systems will be conducted on a periodic basis to document the threats and vulnerabilities to stored and transmitted information. ETC.
DEFINITIONS
HIPPA: The Health Insurance Portability and Accountability Act, a federal law passed in 1996 that affects the healthcare and insurance industries. A key goal of the HIPAA regulations is to protect the privacy and confidentiality of protected health information by setting and enforcing standards. ETC. The first sentence represents a clear statement of policy that Family Service has certain responsibilities.
Sample Policy Procedure Statement PROCEDURE PRO525
◦ Handling copyright infringement notifications
INTRODUCTION
◦ Copyright is defined in Policy FS525. Family Service receives notification from legal representatives of the producers of copyrighted material used on SharePoint sites when that material has been copied, posted, downloaded and/or used by Family Service-owned IP addresses in infringement of its copyright. Family Service is required to observe the protection of client’s copyrighted work.
PURPOSE
◦ This procedure outlines how Family Service complies with requests for the blocking of access to copyrighted works.
SCOPE
◦ All computer systems on the Family Service network using Family Service IP addresses.
RESPONSIBILITIES ETC.
Living Document The Family Service SharePoint Governance Plan is a living document. It is intended to be read and understood by all Family eSrvice members. To ensure it’s viability, the plan content will be updated over time. Oversight Committee members will change over time. Te chnology solutions will change over time. Questions to consider: 1. What was the goal for selecting Office 365 and SharePoint?
◦ i.e. The SharePoint technology solution is two-fold: first, one that will work with intranet (internal) sites; and second, one that will enhance our current internet site and provide a portal structure for better marketing to various Family Service constituencies. ◦ Where is this documented? Family Service Office 365 and SharePoint Charter
2. What is the Family Service vision for SharePoint?
◦ i.e. A single system wherein members of external constituencies (current or prospective, community members, etc.) find information and software tools to support their information or learning needs. ◦ Where is this documented? Family Service Office 365 and SharePoint Charter
3. What is the Family Service mission for Office 365/SharePoint?
◦ i.e. Provide the vehicle for the creation, dissemination, and collaboration of information and document management to both internal and external constituencies. ◦ Where is this documented? Family Service Office 365 and SharePoint Charter
Living Document [con’t] 4.
5.
What are the immediate Family Service goals for the use of SharePoint?
i.e. ◦ Incorporate document management procedures into employee training. ◦ Create appropriate taxonomy for categorizing content. ◦ Effectively govern the environment to ensure appropriate and current content by creating a governing board, referred to as the SharePoint Governance Committee, consisting of representatives from [the service areas]. ◦ Where is this documented? Family Service Office 365 and SharePoint Charter, SharePoint Governance Plan
How will the SharePoint Intranet Site be used?
i.e. ◦ Communicating with internal participants, thereby alleviating use of unnecessary emails. ◦ Strategically creating social networks. ◦ Providing workspaces which can be utilized by Committees and Departments for documentation (i.e. meeting agendas, schedules, minutes, working documents, proposals, decisions, process and procedures). ◦ Collaborating, storing, and archiving program and service area processes, procedures, information, data, and work products. ◦ Where is this documented? SharePoint Governance Plan, policies and procedures.
Living Document [con’t] 6. How will the SharePoint Internet Site be used? i.e. ◦ Providing external constituencies (current and prospective students, alumni, and community members) with current and useful information via an intuitive navigation interface. ◦ Hosting all departmental sites (including those currently hosted by third parties) without losing the functionalities of the current sites. ◦ Where is this documented? SharePoint Governance Plan, policies and procedures. 7.
What is the primary objective of this Governance Plan? i.e. ◦ The primary objective of this Governance Plan is to establish a set of policies and procedures that allow Information Technology services division to meet the stated Vision, Mission and Goals for the systems, and to deliver on the performance and availability commitments to the user communities. Additionally, shared roles and responsibilities are defined for the fulfillment of these policies and procedures, and tools will be identified to facilitate these processes. ◦ Where is this documented? Family Service Office 365 and SharePoint Charter, SharePoint Governance Plan
Living Document [con’t] 8.
What are the operational risks and concerns association with Office 365 and SharePoint use?
i.e. ◦ As the use and adoption of the SharePoint system grows, the resulting loss of data due to hardware failure and accidental or malicious destruction of data will negatively affect Family Service’s ability to conduct business. ◦ Due to the limitations in staffing, a clear path of higher level technical support is hard to chart. ◦ As the size of each site grows, the available space for critical sites diminishes. ◦ Budgetary constraints could affect the overall acceptance and vision. ◦ Ongoing training and support for the site administrators will hinder their primary duties. ◦ Without ongoing end-user training, adoption of the system will be slowed. ◦ Without clear management of new site creation, "sprawl" could occur detracting from the user experience ◦ Without regular analysis of usage patterns, site modifications, voiced/written end user concerns, and other sources of data (end user surveys), the system may not meet the needs of the user communities. ◦ SharePoint default management tools are minimal and difficult to use, so a third party suite of tools will most likely be required. ◦ Where is this documented? Policies and procedures, Quality Assurance Plan
Living Document [con’t] 9.
What should the initial collaboration service offerings be to internal Office 365 users?
i.e. ◦ team sites ◦ document libraries ◦ shared lists ◦ blogs ◦ workflows ◦ Where is this documented? Executive management, SharePoint Governance Plan
10. Do current Family Service network users have appropriate hardware and software to work effectively in SharePoint in the Cloud? • Where is this documented? User profiles, inventory reports, purchasing guidelines
11. Is the current Family Service network performance adequate for performing routine just-in-time Office 365 and SharePoint Cloud processes? • Where is this documented? Family Service Network Standards, Policies and Procedures
Support Roles, Responsibilities & Tasks 12. What are the roles, responsibilities and tasks for supporting SharePoint sites?
i.e. ◦ Executive Sponsors and Leadership Teams: This group drives SharePoint adoption by setting the organization’s priorities. They also seek to identify new opportunities that SharePoint can address and add value to the organization. ◦ Operations and Maintenance Teams: This group provides operational support and routine maintenance of the system by performing backups, usage monitoring and analysis, scheduled tasks, and keeping the system current with security releases and system upgrades. ◦ Frontline Support Teams: This group provides an effective support system with proper channels of escalation for SharePoint end-users. They handle application questions, requests, and other problems requiring issue resolution. ◦ Development and Customization Teams: This group develops solutions to customize and extend SharePoint in a manner that fulfils business opportunities, as prioritized by the executive sponsors and leadership group. ◦ End-Users: This group derives business value from adoption and usage of the SharePoint service and the group consists of all members of the organization who interact with SharePoint in some form.
13. Who are these people?
Why is SharePoint Governance Necessary? Adoption Strategy: SharePoint is a fairly complex solution. It can deliver on diverse operational needs such as a web portal, collaboration, document management, search, and many others. Because SharePoint will require people to change their work habits. Many users may not easily adopt SharePoint and adapt their work habits around it. Thus, it is important to think of governance as the how-to guide for users – one that encourages desirable behavior. How should users be using SharePoint in your organization? What is the desirable behavior that reduces risks for the organization? What processes will help put the organization’s business functions in better state? Without a governance plan, this can be confusing for the end-users or the project team deploying SharePoint. Additionally, governance helps address the struggle with user adoption by providing clear guidance on who should use SharePoint and how. By addressing the people component, you manage the adoption rate. Content Management Strategy: Another common challenge with a deployed SharePoint environment is managing growth of sites, files, storage, and the overall volume of content. Organizations without a governance strategy often struggle with proliferation of content, or sprawl, with no solutions to manage or dispose of it.
Necessary [con’t] Support Framework Strategy: The support framework is made of a support stack: governance, training, online resource, and support team. Support is not simply a person. Real support is a collection of policies, processes, and resources. Support starts with governance. Then comes training. Well-trained end users are the Family Service 1sdt line of defense. Online resource is the “go-to” site for SharePoint support. There should be a support hub within Family Service for all things SharePoint built on SharePoint. Additionally, the site should have issues and resolutions published by end-users for endusers. Expect users to support each other. Certain people in Family Service will become SharePoint experts. Encourage the formation of a community of these experts, whose expertise will enrich the experiences of all users. Acknowledge and reward participation in the Community Forum.
How much governance is needed? Key Factors • Environmental size and complexity • Usage • Business criticality
The key point to remember is that larger sites with more users and business impact need more attention than smaller ones.
The Five Pillars of SharePoint Governance These elements fit into to what is called the Five Pillars of SharePoint Governance: 1.
Security – The policies and procedures to protect your SharePoint from security incidents;
2.
Auditing – The policies and procedures to track user, content and configuration compliance;
3.
Reliability –The policies and procedures to prevent end user productivity interruptions in SharePoint;
4.
Usability – The policies and procedures to maintain SharePoint’s usability; and,
5.
Supportability – The policies and procedures to fix what goes wrong in SharePoint.
What do Target and Family Service SharePoint have in common? Pillar
Target
Family Service SharePoint
Security
Unsold goods are locked up overnight.
User permissions are set and managed effectively.
Auditing
Secure credit card transaction histories are available.
Reports on content changes by users are available.
Reliability
Open 10am - 10 pm 364 days a year.
High (>99.9%) availability.
Usability
You can find the perfect sweater.
You can find the relevant PowerPoint document.
Supportability Frequent "You are Here" signs are posted throughout the store. Links to online support resources are consistent across SharePoint sites.
SharePoint Governance Control Levels This is an image of control levels within internal and external sites. You can think of these levels as zones with associated permission levels and governance. This structure is based on industry best practices and should be used going forward with all Family Service intranet sites. The higher the level in the pyramid, the more governance and control.