Over the years one of the many things I’ve been involved with is governance. To most the word governance is synonymous with compliance, which is then in turn synonymous with records management. After that the focus becomes very specific. What I recommend people do when trying to understand how they should approach governance is to approach it as a strategy and make sure that strategy involves and intertwines three things: people, process and technology.
If this sounds familiar it was an integral part the first post I wrote in this series around understanding SharePoint from a big picture perspective. When it comes to governance specifically there is a certain part of this triumvirate that stands out: the people. We often run headstrong into governance deployments without really understanding who needs to be involved before the code hits the servers and processes are under way.
The very first step organizations need to take is defining that small group, who will steer the solution to and through implementation. Obviously IT pops up first as we look to define this working group, and they are unquestionably a very big part as they will be responsible for the technology doing what it needs to do. Another group that should also be considered a bit of a no-brainer is the group or department, or in many cases, the individual responsible for records. This person may be by title the compliance officer, records manager, IT security or legal counsel, regardless they are responsible for the information policy management of the organization. And lastly, but certainly not least we must include someone, or some group that represents the line of business worker, or end-user.
Surprisingly I have seen this last group consistently excluded from the planning process. Not because they are a problem or difficult to work with, but because the people that are actually going to use the solution are often an afterthought, or as IT would consider them: the customer. DO NOT forget to include this group! At the end of the day they will literally make or break the deployment’s success causing problems for both those other groups at the table as they won’t understand the technology (frustrating IT) or they don’t execute according to policy (putting the company at risk).
Once we have the right contributors at the table we can start to define the governance strategy. When people are defining their governance strategy I always promote that they ask themselves a few key questions to help better understand what they want to do, who it will affect and what they need to do it. Once these questions have been answered a plan can be more easily defined.
The first question is: do you understand your content? This is very important and can also be made as a statement: know your content! We have content broadly spread across our environment, not just in SharePoint. If we are planning to move large portions of that content into SharePoint – file share replacement is one of the top uses of SharePoint – think about what you are moving over. Is this relevant data? Is this data that must live under compliance? Is this duplicate data? Is this active data?
This last question is an important one to consider in terms of SharePoint. SharePoint is an active content solution, and a relatively costly place to store content. If you are moving massive volumes of data into SharePoint it just does not make sense to move old, inactive content into SharePoint from a cost perspective. This content should move directly into an archive that lives on a lower and cheaper tier of storage. Once again we must consider “the who” for a second here. Even though we are moving content out of SharePoint and into a more cost effective compliant place we cannot forget that users should be able to access it or restore it (permissions pending) directly from SharePoint.
My next question is: what are your specific compliance requirements? This varies widely from company to company and industry to industry – every company has corporate policies specific to their internal requirements, and many companies have to adhere to industry regulations. SharePoint does a great job of managing the content in SharePoint as records, but does an even better job when supported by partners. As broad as SharePoint’s records capabilities are when it comes to supporting industry regulations and government guidelines like the Department of Defense 5015.2 (DoD 5015.2), physical records and records living outside of SharePoint’s native repositories a third-party add-on solution is a requirement.
And for my last question, we go back to “the who” again: How will we govern the people? Again, for most, information governance has to do with the information, but we must also be sure to govern the people if we are going to be successful. This question relates to how we are enabling people to leverage the core strengths of SharePoint, and this all starts with the creation of Sites and filling them with content. Organizations have to have a Site provisioning plan in place or they risk putting the organization as a whole at risk. Site sprawl is not just a myth, it is a reality, but it doesn’t have to be feared. Attaching a lifecycle and policies to a Site at the point of creation will ensure that Sites are connected to the data center and can be managed under the watchful eye of IT. Not only this, but we can now monitor those same sites and move them to the appropriate tier of storage once they have become dormant or inactive. Site provisioning allows organizations to permit the creation of as many or as few sites required all in a controlled fashion.
As you can see, understanding “the who” when defining your governance strategy for SharePoint is a pretty big deal. Not to downplay the value of process or technology, but to use an analogy: it is the person that drives the car down the right road, and it really helps when that person knows where they’re going. Just like a good governance plan for SharePoint, people who drive cars will get to their destination faster if they have good maps.