Tag Archive for SharePoint Governance

Part 4: SharePoint Governance Best Practices for Adoption, Training and Measuring Success

In Part 3 of this blog series: Building your Governance Plan – A Deeper Dive we examined the details of building out your Governance Plan in a way that meets your business requirements while striking the balance that ensures a successful adoption.  In this installment, we will discuss additional Adoption topics as well as Training Guidelines and Measuring Success.

Adoption Woes

Getting users to adopt a new tool or way of doing their jobs can be very difficult, and SharePoint is certainly no exception.  SharePoint has historically been brought into organizations by IT professionals who understand the platform enough to believe it will add tremendous value.  Unfortunately this group often does not understand the business requirements enough to build the solutions most relevant to users across the organization.  The absence of the conversations needed to gather these requirements leads to many failed adoptions.

Once installed, tools like Microsoft Office experience almost instantaneous adoption because they are tools that can be used independently.  They aren’t tailored to how individual users work, and they usually aren’t tailored to how they work together.

Successful adoption of a collaboration tool such as SharePoint requires an understanding of how users engage with each other currently, (“current state”) and how that could be made better (“desired future state”).  The people best suited to tell you this are the users themselves, or representatives thereof.

If your SharePoint project is planned without input from your primary business units your adoption will fail.  Put a different way:  If you don’t fully understand how your users do their jobs, you can’t build them tools to improve how they do their jobs and they won’t use what you build them because it’s an irrelevant burden.  

Adoption Best Practices

A successful SharePoint Adoption involves proper planning with Key Stakeholder involvement and a full understanding of your business requirements across the organization.  Because of this, Adoption Planning must start at the very beginning, during the solution design process.

During the Discovery Phase of your project, you will hold envisioning sessions with your Leadership team (“Executive Stakeholders”), your Department Stakeholders and your Information Security Team (“Key Stakeholders”).  These sessions allow you to capture a clear picture of the needs of your users and areas that will need to be governed.  During this process, you also begin grooming your “Champions”.

Champions are the boots-on-the-ground that represent their constituents and spread the SharePoint excitement.  The thought process of their fellow workers goes something like this:  “Jake understands what we need and is excited about this change.  We are going to get what we need because Jake is involved.  We can learn from him, and though the change will be difficult, we feel properly represented so expect this to be a good thing.”  The first impression win in this game is a significant win, and keeping an “A” is a lot easier when you start with an “A”.

These Champions are an integral part of all phases of the project and will continue to be hands on in the evolution of the solution; participating in Design sessions, and periodic demonstrations of functionality as it is completed.  They will also be key players in the creation of training plans for their teams and often will play an active role in delivering that training, and follow-up support.

Keeping Momentum, Building Excitement

Throughout the project, regular team meetings should be held where your Champions share project status and updates with their organizational units.  These sessions can include demonstrations as well.  It’s important during these sessions that the message is business solution-oriented and not techno-speak.  Technology discussions can be overwhelming when introducing new tools, but the business solutions are familiar ground and build excitement for the change that’s coming.

Corporate launch events or broadcasts and announcements, brown bag lunch sessions and other activities are a great way to build enthusiasm for what’s to come, especially when these activities include participation from the Leadership team and Champions of the project.  This shows Corporate Leadership “buy in”, validates the project and allows your users to become invested without fear that this is just an unsupported flash in the pan.

Targeted Training

Your Training programs will include instruction on how to use the platform and solutions being built.  These programs will also include details around Governance and the specific importance of each piece of your Governance Plan as it applies to that particular group of users.  A typical Training Plan would include at least the following types of training:

  • Administrator training.  Administering, configuring and maintaining the business solutions in your SharePoint portal, as well as the portal itself.  Topics from all three Governance Pillars will be covered in this training:  IT Governance, Information Management, and Application Management Governance.
  • Content Owner Training.  For users who will be responsible for updating content in the sites, sub-sites and pages.  Typically this training will include topics of Information Management and Application Management Governance.
  • Power User Training.  For users who will expand the features for their organizational units based on a deeper understanding of the platform and how it can be leveraged to better serve business requirements.  Information and Application Management Governance will be covered here, and depending on the level of customization, these users may also need to be fully educated on the IT Governance policies of your organization as well.
  • Help Desk.  For employees who will support your end users.  The members of your Help Desk team also need to be instructed on the other project roles and their division of responsibility for the platform; Administrators, Content Owners, Power Users.  A Help Desk request is often where the clock starts ticking on your SLA’s so be aware that this is an incredibly important role in your rollout, adoption and user satisfaction metrics.
  • End User Training.  Basics of how to use the applications in your sites.  This training can often be delivered by departmental Champions.  Governance topics covered for these users are typically centered on your Information Management Governance, but can include topics from the other pillars as well.

The format for your training sessions can be demonstration based, or presented as hands-on sessions where users perform a series of scenario-based instructions that give them the opportunity to learn by doing.  This hands-on approach is also a fantastic opportunity to identify areas of improvement in your user experience and your end user documentation.

To supplement your group based training you can make use of training tools, FAQ’s, Wikis, and video tutorials for these different user groups and these elements can be factored into your Information Architecture.  You can also use SharePoint surveys and social features to gather important feedback from the consumers of your training to improve your delivery of these important topics.

In addition to the initial training that occurs as part of the solution development and rollout, periodic refresher training is important as you identify areas that are not gaining adoption or where Governance is failing.

Gathering Feedback and Measuring Success

Providing channels for feedback increases engagement and expands your team of champions.  As adoption grows, so will the need for new features, solutions and Governance improvements.  Providing channels for this communication will increase user engagement and timely response to those requests will increase adoption of SharePoint as a valuable business tool.

Adoption activities happen frequently during the planning, design, build and initial SharePoint deployment, but they should not stop there.  Once the solution has been delivered, it is important to hold regular sessions with your teams of end users to gather feedback, positive and negative and use this as a mechanism to improve your business solutions and your Governance.  This end user interaction allows you to understand the items that are enabling or driving success, and the issues that are inhibiting or slowing your users down.

Your help desk statistics are also a fantastic way to measure success and identify areas in need of improvement based on call volume.

Supporting Your Users

In Part 3 of this series, we discussed Service Level Agreements and their importance in your Governance Plan.  Not surprisingly, these SLA’s play a large part in your Adoption.  A system that is dependable, remediated in a timely fashion when there are issues, and a responsive Help Desk go a long way toward growing trust and adoption of your solution as an integral tool in the daily lives of your users.

Putting it all Together

In summary, SharePoint is a highly customizable and flexible platform, and collaboration at its root, is highly individual.  Because of this, when building business solutions and forming policies for how SharePoint can be used it is important to expand the conversation to include key representatives from across the organization in all phases of the project.  These individuals are not only your Governance Committee, but they are your project Champions and play an integral role in your Adoption.

There is a very balanced relationship between Governance and Adoption.  Your Governance Committee, in understanding your business and your users is best suited to come up with a Governance Plan that meets the business requirements without inhibiting productivity.  Rollout activities that keep your users engaged in the project build ownership of the end solution and ensures successful adoption.  Proper initial training programs targeted to different user types, periodic refresher training and feedback sessions will help you evolve your Governance Plan and your platform in a way that ensures continued success.

This wraps up our 4-part series on SharePoint Governance Best Practices. If you need help developing your Governance Plan, please contact us for assistance!

 


Part 3: Building your Governance Plan – A Deeper Dive

As discussed in Part 2:  Building a Governance Plan that works for YOU, the most successful Governance plans are those that achieve the right blend of control vs freedom to meet your business requirements without inhibiting productivity.  In this installment, we will examine the details of building out your Governance Plan in a way that meets your business requirements while striking the balance that ensures a successful adoption.

Understand your Business Content

By now you should have formed your Governance Committee.  Representatives on that team have in-depth knowledge of your business, its processes and collateral.  The next step is defining your Information Architecture and that requires an understanding of your Business content, how it needs to be organized, presented, secured, managed, who the content owners are and any regulatory compliance or Information Rights Management needs that surround it.

For each department or team in the organization, you will identify the types of content they work with in their day to day activities.  This includes content that they produce and share with others and content that others share with them.   Throughout these discussions you will begin to lay out the structure of your sites and a picture of what types of permissions and access will be permitted or required based on answers to questions like the following:

Question

What does it tell you?

Is this content shared with other users outside of this department or team?  This can include internal users and users external to the company.

 

Content that is not accessed outside the department or team can live in an internal department or team site.  Content that needs to be available to users outside of the department or team will call for different placement.

 

Does this content have unique security needs?

 

If this content requires limited access, it will need to live in a site that has restricted access.

 

Is this content under regulatory control?   If so, what are the restrictions placed on it?

 

This will indicate the level of security and potentially the availability needs for this content as well as any other controls that need to be placed on it.

 

If this content is accessed by an unauthorized user, will it hurt my business?  Could this content be part of an eDiscovery and what is the legal lifetime it needs to be retained for?

 

This provides further indication of where this content might live and what type of controls it may need, including Information Rights Management needs; Expiration, and Restrictions on Print or Email for example.

 

If this content isn’t available, can my business run?

 

This will help you define the Service Level Agreement necessary around this content to ensure that business critical content is highly available.

It is helpful to establish a baseline plan for taxonomy and tagging during your Information Architecture Discovery discussions.  Taxonomies are used to classify or “Tag” your organization’s content.   Identify your most critical content; and at a minimum address these 2 important questions:  “What is the Risk of Corporate Exposure?” and “What are the Availability Requirements?”  For instance, it may be enough to begin by identifying “internal”, “need to know – external” and “public” content.  Even this little piece of information allows you to begin to identify what sites this content can live in, who owns the content, permissions around it and whether it should fall under Information Rights Management Policies.

Information gathered in these discussions allows you to determine the Availability and Security needs for all business content as well as its Classification.   Now that you have gone through this cataloging exercise, you can identify which site types this content will live in; specifically where it can live and where it must not live.

Microsoft has published a guideline for determining Governance Levels needed based on site type.   While this is helpful to use as a guide, it is not always enough.  For instance, though My Sites are typically lightly governed, your Governance Plan will specify the types of content that should not be shared in those sites.

Governance_by_Site_Type_Graphic.png

Service Level Agreements

Quite often you will find a direct correlation between the level of Governance needed and the SLA (Service Level Agreement) needs around availability.  For instance, Personal Sites and Community Sites typically require less Governance, and have lower availability needs, whereas Department Sites with information critical to running the business, as well as the Intranet Home pages that communicate critical information across the organization will have tighter Governance and a more secure SLA that guarantees higher availability.  Content shared outside of your organization with business partners or vendors may have a more stringent SLA as well due to the need for that communication mechanism to be of higher availability.

IT Governance provides the details needed to guarantee the Service Level Agreements identified for your different business content are met.   Topics that are typically covered are:

  • Policies around problem resolution through a support team i.e. Helpdesk
  • Backup and Restore policies and Disaster Recovery Plans – these differ according to the SLAs you offer for each site type.
  • Update Schedules and Code Deployment processes – Code Review, Test, Signoff
  • Quotas
  • Life Cycle Policies – How will you handle stale or inactive sites?

Site Management Policies

Each Site will have a Site Owner who is responsible and accountable for all content published in their site.   Site Management Policies should be established that specify how tightly controlled the site or site collection is and indicates the rights given to the Site Owner.  For instance:

  • Can they grant permissions to other users?
  • Can they create and delete Subsites?
  • Can they add apps? – Is there an approval process and if so who governs that?
  • Can they create pages, lists, libraries, site columns, content types?
  • Can they create SharePoint groups and are they required to be based on Active Directory groups?
  • Can they modify permissions of their sites or is approval required?

Site Customizations

SharePoint is a highly customizable platform and the number of 3rd party applications that can be used to augment the out of the box functionality grows every day.  In addition, tools like SharePoint Designer and Visual Studio can be used to build customizations and deploy them to your sites and site collections; this can include Branding and custom Master Pages, or full-fledged custom code.  Further, code can be placed directly in SharePoint pages, and the list of ways to customize your sites goes on.

Your Governance Plan should include details on which types of customizations you will support in your organization, any approval processes required and relevant Change Management Policies.  For instance, where are these customizations developed and tested prior to deployment in your production environment?  A schedule can also be included for Production Update windows that support these activities.

In Summary

There are a fair number of topics that should be covered in your Governance Plan, but not all of these topics require paragraphs of information.  The best and most adopted Governance Plans are concise, to the point and under 3 pages long.  It’s important to remember that unless you can think of a reason why something should be governed, it likely shouldn’t be governed.  Contact us for help with your governance plan!

Tune in next for Part 4:  Training, Adoption & Measuring the Success of your Governance Plan.

Part 2: Building a Governance Plan that works for YOU

As discussed in “Part 1:  What the heck is a SharePoint Governance Plan? a successful Governance Plan is one that allows the platform to be leveraged in an organized and thoughtful way, based on an understanding of the business information and requirements, environments and processes that work best with the team members in your organization.  In this post, we will walk through the steps involved in developing a Governance Plan that is tailored to your organization.

Form a Governance Committee

A Governance Committee is a group of people from across your company who understand the needs and inner-workings of your organization and works together to build your Governance Plan.

Typically, this committee consists of the following types of people:

  • Executive Stakeholders who hold the corporate vision
  • Department Stakeholders from representative Business Units. For example:  Human Resources, Finance, Legal, Research, and of course IT
  • Compliance and Information Security Representatives who can represent any mandated compliance over your content based upon your business and associated regulatory control. For example PCI, HIPAA and FedRAMP

Together, this combination of members represents an understanding of your business content, how it is used, its logical groupings, and any related security or regulation and control it requires.

It’s important to remember that even if you are not in a business that falls under regulatory control, there are important business documents that require different levels of security such as:

  • Human Resources: Employee reviews, confidential employee benefits information
  • Finance: Accounts Receivable and Payable, Payroll Records, Client References
  • Research: Competitive Intelligence and other information that if “leaked” could compromise corporate goals.

Establish a Governance Plan

Determine initial principles and goals

Your governance committee should develop a governance vision, policies, and standards that can be measured to track compliance and to validate the benefit of your plan to your organization.   Periodic audits can be performed using out of the box SharePoint audit capabilities for basic auditing, or 3rd party tools such as Metalogix ControlPoint for more detailed audit and tracking.  Audit data can be used to identify what’s working and what’s not working in your Governance Plan and where additional user training may be required.

Classify your business information 

Taxonomies are used to identify and classify or “Tag” your organization’s content.   This step can be overwhelming but it’s important to remember that you will start basic and build upon this over time.  Identifying your most critical content – remember those 2 questions – risk of corporate exposure and availability requirements – is a good place to start.

For instance, it may be enough to begin by identifying “internal”, “need to know – external” and “public” content.  Even this little piece of information allows you to begin to identify your Information Architecture – what sites this content can live in, who owns the content, permissions around it and whether it should fall under Information Rights Management Policies for expiration, archiving, eDiscovery or restrictions on print or email.

Develop an education strategy

The best written Governance Plans have fallen on their sword because of the lack of training around them.  At the end of the day, the consumers of your Governance Plan need to understand it in order to apply it to their day to day corporate lives.

When a Governance Plan is too complicated, it has a negative impact on user adoption.  Folks will resort to using file shares or emails to share content because they are worried about making a mistake, or worse, confused as to where to put things.  Alternatively, they can store content in the wrong places and make it difficult to find, which results in the consumers of their content throwing up their hands and requesting email copies to be sent.  Frustration is the key to failed adoption and frustration is often the product of a failed training program.

A comprehensive training plan should show how to use SharePoint according to the standards and practices that you are implementing and explain why those standards and practices are important.

Your education strategy should be included in your plan and should include auditing and periodic refresher training as you identify areas that are not gaining adoption.   Keep in mind that different user groups in your organization will require different levels of training, and different methods.  Site and Content Owners will need training in the policies and practices of creating sites, editing pages, and modifying permissions.  End users will need training in how to use the applications in your sites; document libraries and metadata tagging and search.

You can make use of training tools, FAQ’s, Wikis, and Videos for these different user groups and these elements can be factored into your Information Architecture.  You can also use SharePoint surveys and social features of SharePoint to gather important feedback from the consumers of your training to improve your delivery of these important topics.

Develop an ongoing plan 

A Governance Plan is a living, breathing document that will evolve over time.  Refinement of the plan and its associated training will be ongoing.  You will likely add members to your Governance Committee as adoption increases and you identify gaps in your committee’s representation of your business needs.

In support of this, your governance committee should meet with regularity to review potential new requirements, reevaluate and adjust governance policies based upon usage, feedback and audit reports.   Refresher training should be available to your end users as well.

My recommendation is that during the initial months of deployment, the Governance Committee should meet several times a month, and as time goes on the frequency of this can drop down to monthly and then quarterly, or several times a year.  Once again, this schedule will be highly individual to your company and based completely on what your audit and tracking and user feedback is telling you about what is needed.

In Summary

SharePoint is a highly customizable and flexible platform, and collaboration at its root, is highly individual.  Because of this, when forming policies for how SharePoint can be used, and moderating that based upon the business criticality of the different types of business content, its important to tailor these policies to your users and business needs.

There is a very balanced relationship between Governance and Adoption.  Your Governance Committee, in understanding your business and your users is best suited to come up with a Governance Plan that meets the business requirements without inhibiting productivity.  My recommendation is to start small, and through the evolution of the plan over time, you will identify the areas that need refinement.

In Part 3:  Building your Governance Plan – A Deeper Dive I will lead you through more detailed discussion of building out your Governance Plan to address the different areas of Governance called out in Part 1 (IT Governance, Information Management, Application Management).  See you soon!

Part 1: What the heck is a “SharePoint Governance Plan”?

This is Part 1 in a multi-part series on Governance.  See the first post “A Word on SharePoint Governance“.

Microsoft provides a sample Governance Plan and overview on their website, and in this sample plan, they indicate:

Governance is the set of policies, roles, responsibilities, and processes that control how an organization’s business divisions and IT teams work together to achieve its goals. Every organization has unique needs and goals that influence its approach to governance. Larger organizations will probably require more, and more detailed governance than smaller organizations.

Clear as mud, right? Let’s break it down. In less general terms, there are 3 basic pillars of governance in a SharePoint Governance Plan.

1. IT Governance

IT Governance is the set of policies that allow for support and management of the basic infrastructure and planning, as well as supporting predicted growth of your environment. What does that mean? This section of the plan will address your security, infrastructure and web application policies around things like quotas, permissions, site ownership and backup and recovery.

In an on-premises installation, you will also establish governance around SharePoint installations in your environment.   Is your IT Governance centralized with your IT Department, or do you allow a more decentralized approach that lets others install SharePoint, create web applications or site collections, and grant permissions? You will include details of how you will track installations of SharePoint 2013 in your environment; block installations if your governance plan does not allow for them, keep servers current with software updates, and manage site collection upgrades.

Office 365 and the ability to host your SharePoint infrastructure with other Cloud providers like Rackspace call for different details in this section of the plan. For example, the management of your servers, backup and recovery, and SharePoint installations and patches or updates are handled by your hosting provider based upon the service level agreement (SLA) you have established with them.

2. Information Management

Information Management is achieved through a well thought out and planned Information Architecture that specifies how business content in SharePoint is organized, presented, secured, managed and the content owners who are responsible for it.

In simpler terms, this means – understand your Business collateral, who uses it, how it can be classified and who owns it.   You don’t need to boil the ocean here, and your information architecture will evolve over time, but a basic understanding of how the users in your organization collaborate around content and work together is the key to identifying the organization, tagging and ownership of that content in your SharePoint portal in such a way that it can be properly secured and easily found.

Companies that have content that is regulated by compliance will have those details in this section of the plan.  Information Rights Management decisions will be made including plans for content expiration and retention.

3. Application Management

Application Management Governance defines the corporate policies for Customization, Life Cycle Management, and Branding.  SharePoint is a deep and wide technology that allows for unlimited customization, whether that’s in look and feel (Branding) or additional applications that can be custom built by your team, or downloaded from the App Store; things like news sliders, accordion controls, and custom workflows.

Depending on the level of customization your organization will allow, processes must be put into place that establish:

  • Change Management Policies: The types of changes that are supported, who is authorized to make these changes, and how they are rolled out.
  • Life Cycle Planning: Versioning, updates, aging of older code, and rollback strategies; what to do when things go wrong.
  • Production update schedule and sign off committee, code reviews, maintenance windows and such.

In summary, a successful Governance Plan is one that allows the platform to be leveraged in an organized and thoughtful way, based on an understanding of the business information and requirements, environments and processes that work best with the team members in your organization.

Next, we will walk through the steps of creating a SharePoint Governance Plan tailored to your organization, in Part 2 : One size does not fit all – Building a Governance Plan that works for YOU.