BLOG

Office 365 Data Governance – Getting Started

6 min read
Governance Header

Within corporate setting, the management team — sometimes working with outside investors and advisors — is responsible for the ongoing governance of the business, helping determine whether key decisions, systems, and personnel will fit within agreed upon goals and priorities. This governance body is also responsible for ensuring that all actions are done within known constraints (laws, industry standards, etc.) and mitigating risks as they arise. IT, and more specifically, Office 365 data governance, is a key part.

The concept of governance and data governance within SharePoint and Office 365 is nothing new, but it continues to be one of the primary concerns of organizations where SharePoint and Office 365 (Microsoft 365) remain business-critical.

There is some fatigue around the topic as a talking point, and whether you think Office 365 data governance is your priority, or uncontrolled growth and orphaned resources are leading to  unpredictable costs and a lack of security overview, a complete governance plan should remain a key aspect of your planning as you build out your intranet.

Within the IT world, most of us are familiar with the concept of “change management,” which is a critical aspect of a healthy governance process that ensures change of data, permissions, for example, (through code management, operations oversight, or even business process modeling activities) is accomplished with the right level of transparency and stakeholder input.

Office 365 data governance image in-text 2

Taking the time to establish an agreed-upon governance model means having a set of clearly defined roles, responsibilities, policies, and procedures that will help your company to proactively manage your information technology resources in a way that maximizes business value. These governance policies will help guide and inform your initial environment design, your information architecture, and of course roles and responsibilities to enforce Office 365 data governance.

Clarifying your own definition

Starting from scratch is never easy. Organizations are struggling to agree on a definition that works across disparate teams and business units — but there is also some variance in how it is defined across the SharePoint community. Everyone has a different take on what it means, from specific records and data management policies to a broader change management philosophy that guides how a company administers all information technology. Different companies bring different perspectives. Governance as a category is very broad, and there’s no single definition that fits all organizations.

However, there are certain governance “truths” that are consistent across all definitions. For one, governance is not a “checklist” of activities as much as an ongoing strategy for staying on top of your SharePoint environment, assessing performance and the never-ending list of end user requests within regulatory and compliance boundaries, and balanced with a healthy dose of change management. Additionally, governance is not a tool, a solution, or a product — and someone who tells you otherwise is trying to sell you something. However, there are tools that can certainly help you to automate your governance activities.

As you begin to review current governance definitions for your SharePoint environment, some of the most common questions asked include:

  • Where should we begin?
  • Who should be involved?
  • How do we manage change?
  • What are the industry best practices?
  • What does Microsoft recommend?
  • Are there common methodologies we should consider?

No matter what methodology you follow, or how stringent your processes, transparency is key. One of my favorite sayings is “the more you involve people in the process, the more likely people will support that process.” People want reassurance that their voice, their inputs, and their concerns are being heard. They also want to understand the review and approval process (“We meet weekly and review all new feature requests”), the constraints of the system (“Your request to add that 3rd party tool cannot be approved because its architecture breaks several security protocols, and would render us non-compliant”), and feedback mechanisms (“We’re happy to discuss your needs in more details, and work with you to find a workable solution within the current platform, or with a more compliant vendor”).

Creating Shared Understanding

My first experience with IT governance was being handed a giant 3-ring binder with all of my organization’s policies and procedures meticulously outlined and updated via a complex paper trail. The problem with a paper-based approach is that most governance documentation comes with an expiration date due to rapidly changing business requirements and shifting legal and regulatory constraints. Governance is a living, breathing, always-changing activity — and if not properly managed (I prefer the term “curated”), many of the lessons learned through real-world experiences are seldom reflected within governance documentation. As a result, new projects and teams are forced to reinvent the wheel each time.

Even when your governance body is well-managed, that success is generally the result of one strong leader — and ongoing success is difficult to maintain once that leader departs the team or company. Long-term success comes only through “codifying” your processes and best practices into company memory, creating “governance blueprints” for your organization.

Office 365 data governance image in-text 2

Beyond capturing corporate and system requirements, your governance activities necessitate a strong change management model. This is especially important if you have open policies about the tools and devices end users can adopt, as an increasing number of companies support. Part of change management is having a clearly defined and communicated plan — which may include (and I strongly recommend) a logical diagram of your business requirements, systems constraints, and the policies and procedures to maintain all of them. Having this visual component can make it easier to communicate the plan, and also helps you identify where changes need to be made when need tools or processes are introduced, or when your business requirements change. And they will frequently change.

With a visual overview of your systems, processes, and personnel, your team will better understand where governance rules are, or should be, applied to your systems. A little bit of “systems thinking” can go a long way in governance planning. You will better be able to manage business-led changes to requirements, see the effects of system updates, or the impacts of legal and regulatory changes. With a blueprint of your governance activities, you can more proactively monitor and manage your business systems and technology platforms.

Of course, it is incredibly difficult and time-consuming to build out visual maps of your systems and infrastructure, and map out your governance policies against them. Few organizations recognize the value of the exercise, but doing so makes it easy for teams to capture supporting documentation and artifacts and correlate that data with their related policies and procedures. It also helps your organization to develop a shared understanding of the governance methodology (sort of like a governance baseline against which you can measure your progress) and capture best practices as they are surfaced.

With a baseline in place, and a system for capturing your collective learning, employees are better able to learn from the experiences of others, and understand the impacts of a change by quickly showing which related policies and procedures are impacted. Simply put, governance is about creating “shared understanding” across your organization. To be effective and successful, governance must be an active and transparent part of the organization. People need to know where to go find the latest policies and procedures, and to see the impact of business changes.

Scaling Office 365 data governance with Rencore

Office 365 environments grow rapidly as user adoption increases once users become accustomed to what the platform can do to meet business needs. Uncontrolled growth and orphaned resources can lead to a lack of oversight over security, permissions, external access, to naming convention rules, and documentation.

All governance areas must be a priority, and businesses are finding it challenging to scale governance that meets organizational processes, and those who carry them out.

Rencore hosted a recent webinar: How to stay in control of Office 365 in 2020, which you can catch up on demand if you have time. They demoed their Rencore Governance software. Participants could view and feedback first-hand on what policies they would find helpful when automating their governance efforts.

Rencore Governance allows you to choose what you want to track, build relevant reports, and automate with your business processes in mind. If you would like to learn more about Rencore governance, see it in action and discover how it can help you scale your Office 365 data governance, please head to the Rencore Governance product page by clicking the button below.

Learn more

Christian Buckley

Christian is a Microsoft Regional Director and Office Servers and Services MVP, consulting CMO and researcher, and the Founder and CEO of CollabTalk LLC, an independent analyst and technical marketing services company based in Salt Lake City, Utah.