I have come to realize that governance and compliance are two words that few companies in the SharePoint world truly understand. What do these words mean, and how do they wreak havoc on otherwise successful projects? Moreover, why is governance so difficult to dictate, implement and manage for organizations? Many articles have been written to try to address this issue, but this one takes a slightly different perspective by looking at the foundation or starting point in governance—a common understanding.
When I am working with a client, my first step is always to ensure a common understanding between us, so that we can begin moving forward together. My description of governance and compliance in kick-off meetings is as follows: Picture a huge parking lot on a beautiful summer day, with cars neatly lined up row after row. From a bird’s-eye view, you can see the yellow lines clearly marking each spot, and the cars, each backed in, waiting for their owners. You can make out the parking receipts on the dashboard of each car, indicating that the owner has paid for that spot for a specific amount of time. In the adjacent building, you can see that the meter man is leaving his office to check the cars, as he does every two hours, on the hour.
So, how does my parking example relate to governance and compliance? It’s simple. The existence of yellow lines, expectation of purchase and cars parking between the lines are all part of governance. Each of these standards has been created from what largely amounts to a governance plan. When drivers pull into a parking lot, they understand that they must park between the lines, pay for use of that spot, and park in an organized way in order to only use one spot (we have all seen that car parked on or over the line, so trigger that memory the next time a site is created or used improperly). Compliance is the meter man, the individual who has to look at each receipt to ensure the owner has paid for use of the spot. If they do not, a ticket will be issued for a higher value than the original ticket purchase, to underscore the fact that one must pay for use of the spot.
Now, let’s bring this back to a SharePoint context, specifically around site creation, location and taxonomy. Your organization needs the same foundation as the parking lot: asphalt on the ground, painted lines, and expectations and policies in place to ensure compliance when each site is created. I’m limiting this article to site creation only; future articles will address things like a governance plan and how it is to be created and implemented across an organization.
For a site to be created, the underpinnings and high-level architecture will have taken place. In the parking lot, this was the foundation that made sure the site was graded, leveled and filled with asphalt. I can extrapolate further to include things like the mix or type of asphalt, which company was used to pour it, the procurement process, whether it was competitively bid on, and so on. This is the foundation that ensures that sites for different business units are created appropriately and within the appropriate areas.
When defining your sites and site collections, decisions have to be made similarly to the parking lot. How many sites and sub-sites (parking spots) will you allow? What is the size of each? Will they be created from the same master page and template (painted lines)? What process will be followed to request that a site is made, and how will access be granted and governed?
Now that you have some theoretical sites created, how will you set policies and expectations for their use? This is the compliance component, where the meter man comes into the picture. In an office environment, it is rare that someone volunteers for that position as the whistleblower who walks around ensuring that rules are followed. My advice here is two-fold: First, there is an argument that, if your governance has been created with the right policies and procedures, compliance should be straightforward and for the most part not necessary at the whistleblower level. Having someone point and click through your top-level sites once a week or month should be sufficient.
Of course, there is always the possibility that some users will inevitably park over the lines. You can plan for this by initially trying to self-police as much as possible. If you have site or site-collection owners, empower them with the responsibility of making sure that policies are followed.
In my next article on governance, I’ll begin breaking down the policies you’ll want to consider for inclusion in your governance plan, and their implementation at your organization.
Eric is the EVP of Systems Integration for Concatenate, a software firm focused on maximizing SharePoint through product innovation and systems integration based in Toronto. You can reach Eric by e-mail at firstname.lastname@example.org or on Twitter at @rizinsights. Read his other SharePoint thoughts on his blog at www.ericriz.com and catch his sessions at SPTechCon San Francisco, March 3-6, 2013.