What is Governance – Getting Started

5 min read
Governance Header

Within corporate setting, the management team — sometimes working with outside investors and advisors — is responsible for the ongoing governance of the business, helping determine whether key decisions, systems, and personnel will fit within agreed upon goals and priorities. This governance body is also responsible for ensuring that all actions are done within known constraints (laws, industry standards, etc.) and mitigating risks as they arise.

The concept of governance within SharePoint and Office 365 is nothing new, but it continues to be one of the primary concerns of organizations where SharePoint remains business-critical. There is some fatigue around the topic as a talking point, however it remains (or should remain) a key aspect of your planning as you build out your intranet, as well as all of the other business-critical systems, tools, and processes necessary to run your business. Within the IT world, most of us are familiar with the concept of “change management,” which is a critical aspect of a healthy governance process that ensures change (through code management, operations oversight, or even business process modeling activities) is accomplished with the right level of transparency and stakeholder input.

Taking the time to establish an agreed-upon governance model means having a set of clearly defined roles, responsibilities, policies, and procedures that will help your company to proactively manage your information technology resources in a way that maximizes business value. Within SharePoint, these governance policies will help guide and inform your initial environment design, your information architecture, and of course roles and responsibilities.

Our token gesture will give you an insight into the current state of governance practices in SharePoint and Office 365.

Learn More

Clarifying your own definition

Starting from scratch is never easy. Organizations are struggling to agree on a definition that works across disparate teams and business units — but there is also some variance in how it is defined across the SharePoint community. Everyone has a different take on what it means, from specific records and data management policies to a broader change management philosophy that guides how a company administers all information technology. Different companies bring different perspectives. Governance as a category is very broad, and there’s no single definition that fits all organizations.

However, there are certain governance “truths” that are consistent across all definitions. For one, governance is not a “checklist” of activities as much as an ongoing strategy for staying on top of your SharePoint environment, assessing performance and the never-ending list of end user requests within regulatory and compliance boundaries, and balanced with a healthy dose of change management. Additionally, governance is not a tool, a solution, or a product — and someone who tells you otherwise is trying to sell you something. However, there are tools that can certainly help you to automate your governance activities.

As you begin to review current governance definitions for your SharePoint environment, some of the most common questions asked include:

  • Where should we begin?
  • Who should be involved?
  • How do we manage change?
  • What are the industry best practices?
  • What does Microsoft recommend?
  • Are there common methodologies we should consider?

No matter what methodology you follow, or how stringent your processes, transparency is key. One of my favorite sayings is “the more you involve people in the process, the more likely people will support that process.” People want reassurance that their voice, their inputs, and their concerns are being heard. They also want to understand the review and approval process (“We meet weekly and review all new feature requests”), the constraints of the system (“Your request to add that 3rd party tool cannot be approved because its architecture breaks several security protocols, and would render us non-compliant”), and feedback mechanisms (“We’re happy to discuss your needs in more details, and work with you to find a workable solution within the current platform, or with a more compliant vendor”).

Creating Shared Understanding

My first experience with IT governance was being handed a giant 3-ring binder with all of my organization’s policies and procedures meticulously outlined and updated via a complex paper trail. The problem with a paper-based approach is that most governance documentation comes with an expiration date due to rapidly changing business requirements and shifting legal and regulatory constraints. Governance is a living, breathing, always-changing activity — and if not properly managed (I prefer the term “curated”), many of the lessons learned through real-world experiences are seldom reflected within governance documentation. As a result, new projects and teams are forced to reinvent the wheel each time.

Even when your governance body is well-managed, that success is generally the result of one strong leader — and ongoing success is difficult to maintain once that leader departs the team or company. Long-term success comes only through “codifying” your processes and best practices into company memory, creating “governance blueprints” for your organization.

Beyond capturing corporate and system requirements, your governance activities necessitate a strong change management model. This is especially important if you have open policies about the tools and devices end users can adopt, as an increasing number of companies support. Part of change management is having a clearly defined and communicated plan — which may include (and I strongly recommend) a logical diagram of your business requirements, systems constraints, and the policies and procedures to maintain all of them. Having this visual component can make it easier to communicate the plan, and also helps you identify where changes need to be made when need tools or processes are introduced, or when your business requirements change. And they will frequently change.

With a visual overview of your systems, processes, and personnel, your team will better understand where governance rules are, or should be, applied to your systems. A little bit of “systems thinking” can go a long way in governance planning. You will better be able to manage business-led changes to requirements, see the effects of system updates, or the impacts of legal and regulatory changes. With a blueprint of your governance activities, you can more proactively monitor and manage your business systems and technology platforms.

Of course, it is incredibly difficult and time-consuming to build out visual maps of your systems and infrastructure, and map out your governance policies against them. Few organizations recognize the value of the exercise, but doing so makes it easy for teams to capture supporting documentation and artifacts and correlate that data with their related policies and procedures. It also helps your organization to develop a shared understanding of the governance methodology (sort of like a governance baseline against which you can measure your progress) and capture best practices as they are surfaced.

With a baseline in place, and a system for capturing your collective learning, employees are better able to learn from the experiences of others, and understand the impacts of a change by quickly showing which related policies and procedures are impacted. Simply put, governance is about creating “shared understanding” across your organization. To be effective and successful, governance must be an active and transparent part of the organization. People need to know where to go find the latest policies and procedures, and to see the impact of business changes.

Over to you!

Rencore’s free Risk Assessment is a good place to start your governance planning. it will help you discover what’s happening in your SharePoint environment and highlight the requirement’s needed for application longevity. Furthermore, it detects real production security issues and builds a risk report based on your data. Learn about quick wins for application governance, security and extending SharePoint. Schedule a demo today.

Try for free

Christian Buckley

Christian is a Microsoft Regional Director and Office Servers and Services MVP, consulting CMO and researcher, and the Founder and CEO of CollabTalk LLC, an independent analyst and technical marketing services company based in Salt Lake City, Utah.