Enforcing SharePoint Governance Mary Leigh Mackie

Director of Product Marketing

@mlmackie maryleigh.mackie@avepoint.com

AvePoint: Who We Are Global Leader -- Microsoft® SharePoint

Infrastructure Management

“Clearly AvePoint is making the most of both Microsoft technology and the Microsoft

Partner Network in its quest to create a profitable business.”

– Jon Roskill, Microsoft Corporate Vice President, Worldwide Partner Group

Session Objectives and Takeaways

• Definition and Purpose of Governance

• SharePoint Governance Challenges

– IT Governance

– Information Governance

– Application Management

• What does SharePoint Governance look like?

– Out of the box capabilities

– When to think about additional technology options

• Final Considerations

Key Players of Governance

People

Process

Technology

Policy

Governance Spectrum

Chaos Restricted

Key Policy Areas of Governance

IT Assurance Project

Governance

Information Governance

Technology & Business Alignment

Continuous Improvement

http://www.21apps.com/governance/sharepoint-governance-3-0/

Introducing a Governance Plan

Integration

Applications

Collaboration

Content

Today’s Focus Areas for SharePoint Governance

Information Governance

Application Management

IT Assurance

IT governance of the

software itself and the

services you provide

Information governance

of the content and

information that users

store in those services.

Application governance

of the custom solutions

you provide

Governance and Site types

• Standard administration interfaces – Quotas, locks, permissions,

records management

• Powershell – Administrative functions,

Data protection

• SharePoint services and features – Managed metadata service

for classification

– ISV solutions for management

• SharePoint Designer, Visual Studio

Manual Automated

Getting the right tools for the job…

What to govern in SharePoint?

• Best Practices: Quotas and Limits

• Content: Site lifecycle management

• Social or not?

Asset classification

• Security, Infrastructure and Web Application

policies

• Service Level Agreement

Impact = Exposure If this leaks, will it hurt

my business?

Value = Availability If this isn’t available,

can my business run?

IT Governance

A successful IT service includes the following elements:

A governing group defines the initial offerings, policies, and evaluates success of the service

The policies you develop are communicated to your enterprise and are enforced Users are encouraged to use the service and not create their own solutions –

installations are tracked Multiple services are offered to meet different needs in your organization

What’s the right balance

for your organization?

Centrally Managed Software, Services, and Sites are

hosted and managed centrally by a

core IT group

Locally Managed Software, Services, and Sites are

hosted and managed locally by

individual groups

IT Governance Challenges

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,

without the prior written consent of AvePoint, Inc.

Proliferation

Service-level agreements should include:

• Length of time and approvals necessary to create a site.

• Costs for users/departments.

• Operations-level agreement – which teams perform which

operations and how frequently.

• Policies around problem resolution through a help desk.

• Negotiated performance targets for first load of a site,

subsequent loads, and performance at remote locations.

• Availability, recovery, load balancing, and failover strategies.

• Customization policies.

• Storage limits for content and sites.

• How to handle inactive or stale sites.

Throttling and Limits

Function Limit Configurable

List View Threshold 5,000 (20,000 for admins & auditors)

Yes, Central Admin/web App Settings

List View Lookup 8 Yes, Central Admin/web App Settings

Allow OM Override On by default Yes, Central Admin/web App Settings

Daily time window None Yes, Central Admin/web App Settings

Indexes Per List 20 No

Unique Permissions 50,000 Yes, Central Admin/web App Settings

SharePoint Workspace 30,000 No

Social

Social Feature Benefits Considerations

Tagging Navigation, Search, Personal

Content Control, Security, Search

Note Board Quick communication Content Control, Security, Search

Ratings Feedback Usage

Bookmarklets Quick and easy links External links

Expertise Find people Examples, Privacy, Content Control

Profiles Additional Info Privacy, Content Control

Blogs Knowledge Transfer Corporate Policy

Wikis Knowledge Transfer Performance and Policy

Discussion Boards Knowledge Transfer Moderation and Policy

Reports and Inventory of Usage

• Web Analytics Reporting – Traffic

– Search

– Inventory

• PowerShell

• Inventory – Sites

– Quotas

– Content Types

– Branding

– Customizations

– Security

Simplifying IT Governance Implementation

with Technology

Consider 3rd party tools to:

• Centrally enforce limitations – plans and policies for

– Data Protection, Recovery, and Availability

– Audit Policies

– Permission management

• Scalability in Management

– Giving IT Teams the technology to manage thousands of users

– Terabytes of Content

– Millions of Audit Records

Information Governance

What’s the right

balance for your

organization?

Tightly Managed Content is tagged with structured

metadata, permissions are tightly

controlled, content is archived or

purged per retention schedules.

Loosely Managed Content is tagged only socially

and not tracked; permissions and

archiving are not controlled or

managed.

Appropriate for: • Structured content

• High-business-impact

content

• Personal identifiable

information

• Records

Appropriate for: • Low-business-impact

content

• Short-term projects

• Records

• Collaboration

Information Architecture

Wireframe & Site Map

Search & Navigation

Managed Metadata

Content Types

Information Architecture

Questions to ask when designing a site or solution:

• How will the site or solution be structured and divided into a set of site collections and sites?

• How will data be presented?

• How will site users navigate?

• How will search be configured and optimized?

• Is there content you specifically want to include or exclude from search?

• What types of content will live on sites?

• How will content be tagged and how will metadata be managed?

• Does any of the content on the sites have unique security needs?

• What is the authoritative source for terms?

• How will information be targeted at specific audiences?

• Do you need to have language- or product-specific versions of your sites?

http://www.criticalpathtraining.com/Members/Pages/Presentations.aspx Incorporating Managed Metadata in Custom Solutions in SharePoint 2010 Session

Information Access

Determine the rules or policies that you need to have in

place for the following types of items:

Pages

Lists

Documents

Records

Rich media

Blogs and Wikis

Anonymous

comments

Anonymous access

Terms and term sets

External data

Information Management: Permissions and Audiences

How do I structure permissions in a

site?

How do I target content to specific

audiences?

Should I use Information Rights Management (IRM) to protect content?

IT Governance: Access

How do I make this content accessible to external users?

How do I make sure that only

people who need access have it?

Information Assessment

Availability

Access Redundancy

Birth Life Rest

Information Lifecycle Management

Information Management Keeping content ‘clean’, enabling auditing for

specified content types, & restructuring as you grow

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,

without the prior written consent of AvePoint, Inc.

SharePoint 2010 IM: In Place Records Lock down documents, pages, and list items without an archive

Declare items records in bulk

Lock down non-document

content, like wikis

In Place Records & Policies Create separate retention schedules for records

Different policies for records

Schedule declaration as part of lifecycle policy

Application Management

Determine customization types you want to allow/disallow, and how to manage them:

Service level descriptions Processes for analyzing customizations Process for piloting and testing

customizations Guidelines for packaging and deploying

customizations Guidelines for updating customizations

Approved tools for development Who is responsible for ongoing code

support Specific policies regarding each

potential type of customization (done through the UI or SD)

What’s the right balance

for your organization?

Strictly managed

development Customizations must adhere to

customization policy, deployments and

updates tested and rigorously managed.

Loosely Managed

Development Rules about development

environments or customizations are

less rigid.

Customizations & Branding

• Isolate custom solutions: Sandbox Solutions – Cannot use certain computer and network resources

– Cannot access content outside the site collection they are deployed in.

– Can be deployed by a site collection administrator.

– Governed: only a farm administrator can promote a sandboxed solution to run directly on the farm in full trust.

• Master Pages and Page Layouts

• Themes

• To “Designer” or not to “Designer”

• Separate development, pre-production, and production environments (keep these environments in sync)

Lifecycle management process

Implementing Governance Policies

© 2011 AvePoint, Inc. All rights reserved. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.

Governance Plans

Backup

1 hour

1 day

1 week

Storage

Tier 1 – SAN

Tier 2 – NAS

Tier 3 – Azure

InfoMgmt

7 years

3 years

1 year

Auditing

Full Audit

Views + Edits

Views

Quotas Customizations Information

10 GB SP Designer Ownership

50 GB Site Galleries Content Types

100 GB Sandbox Solutions Ethical Walls

SharePoint Policy Bundles

Gold Silver Bronze

Backup 1 hour 1 day 1 week

Storage Policy

(RBS)

Tier 1 – SAN Tier 2 – NAS Tier 3 – Azure

Info Mgmt Policies 7 years 3 years 1 year

Auditing Full View + Edits Views

SharePoint Designer Enabled Disabled Disabled

Content Database Isolated DB Shared Shared

Sandboxed

Solutions

Enabled Disabled Disabled

Quota 100Gb 50Gb 10Gb

Cost $$$$$$ $$$$ $$

Service Request Types – Surfacing Options to

Content Owners and Business Users

• Site Collection Request

• Transfer / Clone User Request

• Site Collection Content Lifecycle Request

• Sub-site Request

• Content Move Request

• Solution Package Deployment Request

• Gallery Artifact Deployment Request

• Recover Content Request

• Report Request

Service Request Type - Site Collection Request

Sales HR Marketing

Policy Gold, Silver Silver Bronze

Security Marketing

Management

Sales

Management

HR Management

Site Templates Team Site,

Publishing Site

Custom Sales

Template

Enterprise Wiki

Service Type

Metadata

Acc Type:

EPG/SMB/FIN

Workflow 2 Step 1 Step 3 Step

Global Metadata Location Location Location

Primary/Secondary

Site Contact

*Fill in the blank* *Fill in the blank* *Fill in the blank*

Additional Considerations

and wrap-up

Governance and Training

• Governance doesn't

work without user

adoption and

compliance.

• End-user training

and education, good

content, and search

are keys to user

adoption.

• Document

governance plan.

Governance Stakeholders

Form and use a governance group to create and maintain the policies and include the following roles:

Information architects or taxonomists

Compliance officers Influential information workers IT technical specialists Development leaders

Trainers IT managers Business division

leaders Financial stakeholders Executive stakeholders

Key takeaways

• Governance is there to ensure IT solutions achieve

business goals

• Start simple

• Training

• Keep it fresh

• Don’t have a policy unless you can enforce it

Questions?

Your feedback is greatly appreciated!