With SharePoint sites being created at a record pace, you need to ensure the content within them remains secure, protected, and retained. We cover key components of a successful SharePoint governance strategy so you can breathe a little easier.
You know the saying: With great power comes great responsibility (and hopefully a great SharePoint intranet).
Who would have thought so many of us would be working from home? It would have been unheard of just a few years ago!
SharePoint allows for the seamless sharing and collaboration of files and content no matter where you are. But information architecture and management sit at the crux of the SharePoint governance strategy. In a constant effort to protect and secure sensitive data, IT admins have to address questions like ‘who has access to what and why?’.
External sharing and the ability to collaborate with outside users is part of what makes Microsoft’s modern workplace so great! But at the end of the day, even with all the opportunities it brings, external sharing is still a risk.
Without best practices and formal guidance in place, it can be a downward spiral in security and sprawl issues. Having an air-tight governance plan across your SharePoint is paramount.
Table of contents:
SharePoint Online basics
SharePoint is a cloud-based service that sits within Microsoft 365. It allows for real-time collaboration, editing, and sharing of files through its document library with exceptional version control (handy if you ever need to go back in time!). You can share files within teams, at an organizational level, or with external partners.
Learn SharePoint Online: best practices, tips, and tricks
SharePoint’s strength lies in its ability to allow groups to virtually collaborate efficiently and effectively. This is accomplished by using SharePoint sites.
The modern SharePoint Online experience offers two templates to create a new site. Depending on the site’s intended purpose, you can choose to create either a:
- Team site. Focused on collaboration and backed by Microsoft 365 Groups, team sites are generally organized by department or project, and bring together a group of people working together towards a common end goal.
- Communication site. Focused on broadcasting information to a wider audience, communication sites might be used to share information with an entire organization.
The SharePoint mobile app is also a handy tool to have under your belt when you are on the go!
There are various SharePoint online subscriptions, with the most basic plans allowing users to seamlessly manage files between OneDrive and SharePoint, and to flexibly organize information with cloud-based apps such as Microsoft Lists.
But it’s when SharePoint integrates with apps and services like Microsoft Teams, Yammer, and application development environments available through PowerApps that it can really shine.
For example, when you create a team in Microsoft Teams, SharePoint automatically creates a site specifically for that team. The same happens the other way around. When employees message each other through a Teams channel, they can easily share links to SharePoint files and collaborate directly from there.
What’s great about SharePoint as a cloud-based service is that IT admins don’t have to worry about updates and patches as it’s all done by Microsoft. This frees up more time for you to focus on critical tasks such as security and governance that align with your business processes.
What is SharePoint governance and why it’s so essential?
Governance is the set of rules, policies, roles, processes, and procedures around using SharePoint Online in your organization.
By implementing good governance, you’re helping to ensure that your organization’s IT infrastructure is being used in a way that supports and meets its objectives and goals. You wouldn’t have a school without its rules. The place would be a mess! The same goes for an organization’s IT.
SharePoint governance is an integral part of SharePoint deployment and can’t be ignored.
- Assets and liabilities: Sensitive data is wide-ranging, and can include a number of personal details and well as confidential corporate information that, if leaked, could seriously compromise your operations.
- External sharing: Our internal data shows a significant increase in external sharing. Considering the rise in cybercrime, you need to stay in control of the who, what, where, and when of external sharing without hindering user productivity.
- Compliance management: SharePoint has many features to help with IT compliance management such as auditing tools and role-based permissions. Configuring SharePoint for compliance management will go a long way to helping you meet compliance requirements and regulations.
We recommend forming a governance steering committee that includes stakeholders from across your organization (not just IT!) and that meets regularly to discuss risks, governance strategy, and any steps you need to take to keep data secure in your organization’s intranet.
And since governance is a living, breathing thing that evolves as your organization’s business divisions undergo continuous growth, your plan should be reviewed whenever new features and updates are introduced.
But, we all know that hefty documentation can sit on drives collecting cobwebs and remain unread. They can also be too technical for non-IT staff to understand. That’s why it’s important that IT teams communicate governance, and best practices for SharePoint information architecture with users in a way that is easy to understand, especially during organizational change.
Establish a SharePoint governance plan from day one
SharePoint houses valuable and sensitive organizational data. If users are unclear about the correct protocols and business processes when using SharePoint, it will inevitably lead to an inefficient workplace, reduced productivity, and a heavy lean on technical support.
Use the template below to create a successful SharePoint governance strategy. Your system should include:
Governance steering committee: Develop a governance vision, policies, and standards with your committee for how your SharePoint intranet should be used and managed within your organization, and make sure that your business needs are being met.
Roles and responsibilities: Defining roles and responsibilities helps position the right person for the job in your governance plan and supports the efficiency of your organization. Create an easy-to-manage table with three columns:
The roles may be different depending on your organization, but here’s an example of commonly used admin center roles:
|Governance committee||-Assigns SharePoint roles and responsibilities |
-Defines rules and processes
|SharePoint administrator||– Creates and deletes sites |
– Manages site collections and global SharePoint settings
|User administrator||– Adds users and groups |
– Assigns licenses
– Manages most user properties
– Creates and manages user views
– Updates password expiration policies
– Manages service requests
– Monitors service health
|Helpdesk administrator||– Resets passwords for all non-admins and some admin roles |
– Manages service requests
– Monitors service health
|Message Center reader||– Monitors and shares messages in Message Center |
– Has read-only access to Azure AD services, such as users and groups
|Site owner||Creates and manages subsites, lists and libraries, and security|
|Trainer||Creates training plans and implements all appropriate training|
Creation process: By default, anyone in your organization can create Microsoft 365 groups–and any group created opens functionalities of and impacts many associated collaboration tools. There are various ways to restrict and manage self-service creation for Microsoft 365 groups, including teaching users about key Microsoft 365 concepts, establishing a naming convention for your groups, and setting group expiration policies in Azure AD.
SharePoint integrations: Microsoft allows you to enable your governance policies across SharePoint and related apps like Microsoft 365 Groups and Teams. There are some settings for Groups, Teams, and SharePoint that overlap with each other, particularly related to sharing and group or team site creation. Check out Microsoft’s official documentation on the topic.
Site templates and settings: When you build a SharePoint governance plan, you need to clearly identify what kind of sites, site pages, and subsites can be requested and what their definitions are. By that, we mean their intended purpose as well as what they come with in terms of features and policies.
Retention policies: If security and compliance are a big concern for your organization, then retention policies are probably your best bet. They’re designed to address a specific compliance requirement by preserving or deleting data after the expiration timeline that you’ve set. When you set a retention policy to a SharePoint site, it will apply to all documents—even those that were created before the policy was applied.
Sensitivity labels: Sensitivity labels from the Microsoft Information Protection (MIP) solution let you classify and protect your organization’s data while making sure that user productivity and their ability to collaborate aren’t hindered. Sensitivity labels in Microsoft 365 can help you take the right actions on the right content. With sensitivity labels, you can classify data across your organization, and enforce protection settings based on that classification.
Communication: Don’t forget about your end users! They are a crucial part of your organization, and key to a successful SharePoint governance plan so make sure you have a communication plan, or a planning guide available at the starting point.
You always want to think one step ahead of where you’re at. Make sure your modern SharePoint intranet is as future-proof as possible.