As the excitement surrounding SharePoint 2013 increases, those of us who make a living helping companies deploy SharePoint are beginning to consider the Governance implications of the latest release.
The need for SharePoint Governance has, of course, not gone away with the new version (there is still no Governance “check box”). Quite the contrary, the wealth of new services and features will trigger new and different discussions. As one example, the significant broadening of Social functionality (community sites, activity streams, etc.) will increase the time and energy spent by organizations in formulating governance policy. If you thought past discussions about “My Sites” were sometime heated, just wait!
What we need, of course, is a Framework for SharePoint Governance that neatly categorizes all of the Governance-related aspects of the product, presents a process for understanding the possibilities, provides decision trees for feature deployment analysis, and extends the analysis through to proper configuration and monitoring of the system.
Unfortunately, such a resource doesn’t exist, even for SharePoint 2010. There are, of course, many governance resources available. Microsoft created a governance sites and supporting collateral for both MOSS and SharePoint 2010. While valuable, these approach governance from a distinctly IT perspective and don’t consistently incorporate the larger organizational view. If history is a guide, Microsoft will create a 2013 instance of governance tools that will be useful, but will reflect the same IT-centric view.
Those looking for a more general, vendor-neutral framework can turn to ISACA, an independent, organization that provides resources for information systems assurance, control/security, and enterprise governance of IT. Noteworthy in their offerings is the Certified in the Governance of Enterprise IT (CGEIT) designation and COBIT, a business framework for the governance and management of enterprise IT.
COBIT provides an enterprise-level view of governance that needs to be modified to deal with the use case of ONE particular system such as SharePoint. Such a mapping is no trivial task, but the outcome is useful. For SharePoint, one such mapping has been published (see Chennault and Strain).
This mapping is, of course, a great starting point for SharePoint 2013, with one caveat. The COBIT framework has recently undergone a significant overhaul/expansion/simplification. The latest version (COBIT 5) should prove to be an even better governance foundation for the following reasons:
- Clearer separation of management and governance processes
- Inclusion of many new processes; substantial revision of processes
- Explicit inclusion of more “soft” factors, including culture, ethics, and organizational structure
- Definitive process for mapping from business/stakeholder goals to governance processes
- Integration of risk management and compliance within a unified framework
Perhaps Chennault and Strain are, at this moment, working on a new version of their SharePoint/COBIT process. Regardless, it would be well worth the time of anyone with responsibility for SharePoint Governance to review COBIT 5 along with SharePoint 2013 and incorporate the framework into their processes and deliverables.