SharePoint Governance is a topic everyone talks about, yet very few actually understand. The confusion surrounding SharePoint Governance is well-rooted; for one, it’s an incredibly large set of policies, roles, responsibilities, and processes that detail, literally, every aspect of how the SharePoint platform should be used. For another, successful SharePoint Governance is only achieved when it is tailored for your organization. SharePoint Governance is not cookie-cutter – it is specific to each organization’s culture, preferences, tendencies, and current processes.
At Perficient, we often participate in Governance Planning engagements for the SharePoint platform. A typical Governance Planning engagement includes hosting collaborative workshops with stakeholders of all levels within the organization to determine both the current state of collaboration, as well as the desired future state of collaboration. It is essential that representatives from all parts of the organization are included, as they will all be impacted by the Governance Policy decisions. A good governance model will not only emphasize ensuring management and control of the platform, but also in driving adoption and maximizing the return on investment.
SharePoint Governance is broken into three major areas:
IT Governance – policies governing the platform itself and the services to be performed by the IT department
Information Management – policies governing the content and information stored on the platform
Application Management – policies governing the use of custom development on the platform
The pillars of SharePoint governance are intended to be both mutually exclusive, as well as collectively exhaustive. While there is inevitably overlap between the three pillars, as you can see above, they govern very different parts of the platform. There are many resources available to organization’s looking to establish a SharePoint Governance Plan – if that is you, a great place to start is with Microsoft’s interactive “What is Governance” guide.
Formalizing a Governance Plan for SharePoint is key to the successful adoption of the platform, but what happens after all of the workshops, revisions, and documentation are complete? What happens AFTER the Governance Plan?
SharePoint Governance in Action
Successful SharePoint governance involves an ongoing dialogue between IT, management, and end users throughout the organization. The goal of SharePoint governance is to ensure that the solution continues to provide ROI throughout the entire lifecycle of the application. There are two sides of the governance coin: management and control on one side, and driving adoption and value on the other.
SharePoint Governance Committee
At the core of SharePoint Governance is the SharePoint Governance Committee. The role of the Governance Committee is simple:
“Critically evaluate requests from the organization that would violate current governance policies to determine whether they will help the organization to realize the goals and objectives of the SharePoint platform.”
SharePoint Governance is not intended to be immutable; it is intended to evolve and change as the solution evolves and changes. The Governance Committee’s task is to ensure that any exceptions or modifications made to the Governance policies are reflective of the intended use of the platform. In doing so, the Governance Committee is able to continually ensure the ROI of the solution.
Governance Committee Composition:
The membership of the SharePoint Governance Committee should reflect the various functions and stakeholders across the organization that will be leveraging the platform. The committee should hold enough authority to make decisions and enforce policies, but also needs to have input from end users through the company. To accomplish this, a mix of IT executives, Business Segment leaders, IT managers, and information workers should be included on the Governance Committee. The exact size and composition of the Governance Committee will be dependent upon the size and composition of your organization. A typical SharePoint Governance Committee should be a mix of:
- IT Executive Stakeholders
- Compliance Stakeholders
- IT Leaders
- Information Workers
- Application Development Leaders
- Business Segment Leaders
A good rule of thumb is that the Governance Committee should consist of no more than twelve, but no less than four members – no matter the size of the organization.
With a maximum of twelve members on the committee, for large organizations it is not feasible to expect the Governance Committee to hold all the expertise necessary to make well informed decisions on every type of policy related to SharePoint governance; that – is the responsibility of the SharePoint Steering Committee.
SharePoint Steering Committee
While the SharePoint Governance Committee is tasked with ensuring the continual ROI of the platform by evaluating new governance policies in relation to the solution’s goals and objectives, the SharePoint Steering Committee is tasked with providing ongoing guidance regarding the potential technical and user impact of new governance policies. The Steering Committee is designed to collect feedback from the organization and advise the Governance Committee on the best direction for the platform moving forward. Not all organizations will need a Steering Committee; for some, there will be enough thought leadership on the Governance Committee itself to provide the necessary expertise. Typically, the larger the organization, the more stakeholders there are in the solution, and more likely a SharePoint Steering Committee will need to be established.
SharePoint Steering Committee Composition:
- IT Governance Subcommittee
- Information Management Subcommittee
- Application Management Subcommittee
A typical Steering Committee is composed of three subcommittees, each related to the three pillars of SharePoint governance: IT Governance, Information Management, and Application Management. The various subcommittees will be made up of stakeholders representing the different types of policies present within each pillar.
For example, the IT Governance subcommittee will hold a large amount of technical leadership, due to its policies centering on topics such as data protection, deployments, and application costs. In contrast, the Application Management subcommittee should be more diverse, since Application Management encompasses topics such as application branding, project management, and custom development.
The size of the subcommittees is largely determined by the number of subject matter experts (SMEs) in your organization. In smaller organizations, it is likely that a single SME might cover multiple topics, such as deployments and service offerings, whereas in larger organizations these roles may be separated. The Steering Committee should be staffed with enough members to properly provide expertise on the all of the various policy types found in the SharePoint Governance Plan.
SharePoint Governance Request Process
The SharePoint Governance Committee and SharePoint Steering Committee collaborate to make decisions regarding new governance policy requests. The final element of successful SharePoint governance is the Business Analyst team. The Business Analyst team acts as a funnel that screens end-user requests to determine if the request will violate current SharePoint governance policies.
If a request is determined to violate current governance policies, then this request is directed to the Governance Committee to evaluate at their next meeting. When evaluating the request, the committee must determine if they feel they have enough information to make a decision. If the committee feels they do have enough information to make an informed decisions, they can decide immediately. If the committee does not feel they can make an informed decision, then they must engage the relevant subcommittee pertaining to the policy.
The Governance Committee ultimately has three options when making a decision regarding governance policies:
- Approve a governance policy change
- Approve a governance policy exception
- Reject the governance policy request
The entirety of the process is shown in the workflow diagram below:
Whether a governance policy change or a governance policy exception is made should be determined by the potential impact of the change.
- Policy Exceptions should be used when there is a specific, non-threatening, business case for a violation of a governance policy that is still, primarily, a good policy. An exception allows the solution to capture additional ROI in a specific instance, while not opening the application to wide-spread risk if the policy were to be abused.
- Policy Changes, in contrast, should be used when a policy has become outdated, or begins preventing the solution from achieving goals and objectives established for the platform.
- Policy Rejections should be used when the proposed policy request poses a strategic or technical risk to the solution. It is the Governance Committee’s responsibility to evaluate the risk of the request vs. the potential ROI that could be achieved.
SharePoint governance requires input from stakeholders throughout the entire organization and a constant dialogue between the end users, management, and IT department. SharePoint governance is reliant on two essential bodies:
- SharePoint Governance Committee
- SharePoint Steering Committee
While the Governance Committee is intended to be staffed with members that have the authority to make decisions regarding governance policies, the Steering Committee serves to advise the Governance Committee on the technical and user-impact risks associated with policy decisions. Together these two committees help to ensure that the governance of the solution continues to change and evolve along with the platform. SharePoint Governance is a balancing act between management and control on one side and driving user adoption and value on the other.