SharePoint is not an IT resource, it is a business resource. Despite that, many organizations see the technical requirements of deployment and relegate full-time management and information governance within their SharePoint environment entirely to IT.
But IT staff are not necessarily experts on critical business content or compliance requirements: they are technology experts. For your SharePoint sites to be effective, you will need to identify and include stakeholders across your organization in the planning process for information governance.
You will also need to consider business processes and the user experience, ensuring vital tasks are easy to complete so that IT is not constantly needed to put out fires.
Understand your information
The organization must understand its information, especially content that is critical to the business or required for compliance and classified as records. In addition to understanding the retention periods for records, it is important to define an information lifecycle for non-records, where content can be stored, who has access, and the policies that will be applied. It is also crucial to know what types of users are generating content, who might have access to the information, and finally, where it will be stored and managed, (immutably if it is a record). The organization must have a clear picture of what information looks like throughout its life and know what should be done with it after its usefulness has expired and regulatory requirements have been met.
As a basic example, it is important to keep personally identifiable information (PII) such as social security numbers separate and locked down to only certain departments or employees. The documents that contain PII are often required to be held for specific periods of time to maintain compliance with local, state, or federal laws. Understanding these requirements will help prevent potential harm to an individual, in addition to mitigating the liability an organization could face if there were a data breach or compliance audit.
Most data within the typical organization is “unstructured” – that is, it is not organized within a defined data model. Where a spreadsheet or database contains structured data, things like documents, employee files, and contracts do not benefit from such straightforward classification.
This causes many of the problems users face when attempting to retrieve proper information. A good first step is to work with department directors and establish which types of information are critical, as well as which are records.
Once that has been established, this content will need to be addressed with policies and in the overall retention schedule and file plan. The proper metadata must be applied when this content becomes a record – this helps eliminate confusion, and it allows automated information governance to correctly apply policies to records.
Creating a plan for your information governance program
Just like any other business initiative, critical review and analysis are important and can reveal any weak points in your SharePoint governance program. This investigation will require you to bring together directors from the relevant business units. Consider also including business units that were not a part of the initial initiative, as their exclusion could have led to some of your challenges. What they know will help you better understand what you don’t know.
This process will establish the “task force” in charge of the project, and take some of the load away from IT.
From there, the main goal of this phase is to review how data is created, to define a lifecycle model, to inventory places where content is stored, and define whether it is ultimately disposed (or not!). Make sure to keep legal holds in mind, the differences between department needs and systems, and security concerns. At this phase, we are not only looking for inefficiencies, but also potential compliance violations along with the behavior that led to them.
This period of review can be executed in phases to prevent becoming overwhelmed, depending on the size of the organization, but it is the necessary groundwork for an overarching SharePoint governance program. Jumping too quickly to make changes without the data to support those changes is a recipe for certain disaster.
A clearer picture
After the review and planning is complete, you and your team have hopefully uncovered some common best practices, defined your information lifecycle model, and identified appropriate systems and groups with higher priority needs. These will be the cornerstones on which the deployment will take place. Your governance program can be rolled out in phases, and ultimately should be rolled out to all departments. A solid change management plan will ensure that everyone is on the same page.
Additionally, there are generally certain types of information and content that multiple departments handle in some form or another. It is crucial that this data is properly managed and that all departments understand how they affect each other when it comes to how this business-critical data is used.
Keep in mind, the goal of a SharePoint governance program is to meaningfully organize your sites and content, to automate management of non-records and records against an information lifecycle model, and to improve the efficiency of your business users while minimizing risk. Sharing best practices across your organization is a must if you want to achieve this goal.
Managing risk and running a successful SharePoint governance program are a lot easier said than done. There will be sacrifices, and compromises that must be made. Pushing your goals forward may not always make you the most popular person in the office.
SharePoint governance will not be a priority to most of your organization's employees. In fact, it may be a completely new concept to many of them. Patience, as well as a willingness to understand their points of view, will be critical to your success.
Putting the plan into action
It's clear that there is a need for SharePoint governance for companies of all sizes. The component that some may be missing, however, is cooperation between the business, records teams, and IT.
As with all other parts of an information governance strategy, creating a proactive and comprehensive plan to address those involved in SharePoint governance and define where and when approvals are needed is crucial. As IT manages and stores data, the entire department must understand how important it is to maintain a proper process to avoid compliance penalties.
Finally, step back and be objective. Ruthlessly eliminate any process in the program that causes more problems than it solves. A complete SharePoint governance program takes time to implement, but the end result will prove invaluable.
By Cynthia Wood