Quod quidem expendendo tempus (aut mori, usquam) working out governance plans is because we want the SharePoint solution to be as effective as possible. We want good infrastructure and rules to keep it humming and safe in case of disaster. We want good security processes to both properly secure the environment but also make it reasonable to manage. We want a good information architecture that will stand the test of time, ideally managing to survive a major organizational change in the company.
To achieve that desirable objective, a governance document and plan can devolve into a bunch of “thou shall” and “thou shall not’s”, ut in:
- Thou shall not create SharePoint security group; use AD instead.
- Thou shall not create folders in document libraries; use content types and views instead.
- Thou shall create all document content types based off a specific custom base type.
- Thou shall not create an information taxonomy based off today’s company org chart.
“Thou shall” and “thou shall not” certainly have their place in the governance plan.
A more successful governance plan will also have a strong marketing angle. It should sell and justify itself to the maximum extent possible. A truly successful governance plan relies upon the voluntary cooperation of all SharePoint users. (There are fringe cases where community cooperation is not needed, such as when SharePoint is used by a very small number of tightly managed users; I’m sure you can think of others). If the user community doesn’t buy into your governance plan then it will be partially successful at best.
I use that word “buy” deliberately. The community will buy the governance plan if it’s fundamentally sound and you go to some effort to sell them on it. Selling leads to marketing and that’s why I think that a governance plan should be considered a marketing plan too. Convince your end users that they need to follow the governance plan and they will voluntarily follow it. If you can get a critical mass of people following the governance plan then the plan’s benefits follow and you’ll have a stronger environment for it.
</finem>
Sequi me in Twitter ad http://www.twitter.com/pagalvin
Paulus,
That was just an example of a governance rule I’ve seen implemented. It would make sense in some cases and less sense in others. If you have a weak AD environment with little oversight/support, then SharePoint groups could be good. SED CONTRA, if you have an actively and well managed AD then adding SP groups feels unnecessary.
Great stuff Paul!
Could you elaborate on "Thou shall not create SharePoint security group; use AD instead."? I would like to know your thinking about why you find this to be the best practice.
Gratias,
Paulus
Paulus, good info on the marketing. The problem as I see it is that the Governance Plans tend to be created and owned by the wrong people – it’s the business who should own the Governance plan and IT should provide the assurance around the things you define above.
I did a paper on this for someone where I talk about giving business back control http://www.bridgeincubation.nl/uploads/knowledge/Andrew_Woodward_-_April_2009_-_SharePoint_Governance.pdf and Paul Culmsee has also posted some really insightful views on this subject http://www.cleverworkarounds.com/2008/10/14/its-all-joels-fault/