One Step Forward... A review of Microsoft's latest SharePoint Governance guidance
One step forward... No steps back.... <phew>
This is a good news blog post.
As you will undoubtedly know I have my own, very clear (I hope) perspectives about what SharePoint Governance really means.
Historically, Microsoft's guidance has been very IT and technical feature based and I have been unhappy with its contents and effectively the lack of guidance they have offered.
With this latest release of it's SharePoint 2013 Governance Guidance (November 19th 2013), things haven't changed as much as I would have liked, but there are definite significant signs of things moving in the right direction, it articulates Governance in a less techie way and I haven't found myself shouting at my screen quite as much!
The purpose of this blog post is to run through the contents and highlight my perspective of where it works and where it falls short and also, I hope, articulate some pointers to other content and approaches that will help you on your Governance journey.
The content is structured into four sections:
- What is governance?
- IT governance
- Information management and governance
- Application management and governance.
What is governance?
Microsoft starts off with using the same definition as most organisations would come up with:
"...Governance is the set of policies, roles, responsibilities, and processes that control how an organization's business divisions and IT teams work together to meet organizational goals..."
My perspective is that although this is correct in part, it does miss out one vital ingredient that Wikipedia states as the origin of the word:
The word governance derives from the Greek verb κυβερνάω [kubernáo] which means to steer and was used for the first time in a metaphorical sense by Plato. It then passed on to Latin and then on to many languages
This reference to 'steering', in my mind (and my consulting activities), directly equates to making positive progress towards a Vision or Strategy. Steering also frees the governance activities from being shackled to a single straight unyielding set of processes and rules and allows much more flexibility in facilitating us in reaching our goal. To me, in this ever emergent business and technology world, the flexibility to alter course and steer continuously towards your goal is of significant value.
What would have been really nice would be if Microsoft had explained in a little more detail how that Wikipedia definition applies in reality to your SharePoint implementation. So I am a little worried that those new to SharePoint Governance are going to think "so what?". The best that they come up with is:
- Streamline the deployment of products and technologies, such as SharePoint Server 2013.
- Help keep your organization’s system secure and compliant.
- Help ensure the best return on your investment in technology.
A great addition to this content would be some guidance as to how to talk about governance to your business users and stakeholders and how to explain its value and purpose. Perhaps there is sufficient insights in the first few sample pages of my book on the subject, The SharePoint Governance Manifesto ? Take a peek at the sample chapters here on Slideshare, they may help a bit.
As alluded to earlier, Microsoft's Governance approach hits three segments - IT, Information and Applications. Although I do see value in those three areas I don't feel that covers enough for such a large scale strategic platform as SharePoint.
I define 7 segments, or rather 7 waves of SharePoint Governance (in no particular order):
- Information Governance
- IT Assurance
- Change Management and User Adoption
- Social Business
- Business Alignment
- Project Governance.
In my experience, looking at Governance across all of these 7 areas gives you a holistic and sustainable approach.
I do really like the piece Microsoft have in this first section on Governance and Site Types, it's not rocket science for those of us in the guys of governance, but for the newbie or business stakeholder I think it's a nice illustration of where typically governance effort is applied.
Next up I need to shake the Microsoft person on the hand (see I told you this was a positive blog post) who made the decision to state some guidance about forming a Governance Team. The guidance mentions a plethora of different roles that should ideally be present on the governance team, there's none that I can think of right now that I would add or remove, it's a pretty good list.
What I would say to clarify is that these governance team members need to be spread across multiple governance boards. It's my experience that in any mid-size or larger organisation you need 3 governance boards at a minimum. Each board bound together by a shared understanding and shared commitment to your SharePoint Vision and engaging in governance activities in different ways. The three classifications of governance boards I use are as follows:
I would also recommend that you use the list of roles that Microsoft is suggesting as your Governance team as the core for your SharePoint Center of Excellence, which is an autonomous team responsible for maximising the business value you get from the SharePoint platform.
From a Training perspective in the penultimate part of this section, I would reiterate the need for multiple approaches to socialising your governance guidance, just as Microsoft have stated. I would also add to the list investing in a SharePoint Centre of Excellence, identifying and proactively supporting your SharePoint Tummelers and using in-place governance guidance within your SharePoint solution.
The last part of this section, 'Best practices for governance plans', should really be somewhere towards the start of the guidance as it highlights some very important aspects of implementing and sustaining effective SharePoint governance.
I am really happy to see this section appear anywhere in Microsoft's guidance... The section (paraphrasing) starts of by stating that every organisations governance requirements are different (Ant says: Yes!) and that there are four steps to tailoring governance to be right for your organisation:
- Determine initial principles and goals
Ant says: Hell Yeh! Absolutely develop a vision, although I would say that it should be a vision for your SharePoint platform and not the governance itself. This is great to hear Microsoft actually say these words and I have some awesome tools and techniques to help you facilitate the vision.
- Classify your business information
Ant says: Yep, you should definitely do this, don't underestimate how long it will take and also don't be suprised if some parts of your organisation are indifferent about the process and don't get why... This is where step 1 vision will help bring people on-board.
- Develop and education strategy
Ant says: Microsoft say that the human element is the most important thing after the governance plan, I think the human aspect is more important than the governance plan, if you get the human, culture, ways of working aspects nailed then the reliance on governance plans wanes into the background. That said Amen to Microsoft for including people in the governance approach!!
- Develop an ongoing plan
Ant says: Wow Microsoft you're on a roll! Not much more to add to this in this review. Continuous improvement or kaizen as I call it in my Governance approach is absolutely essential to sustain governance and you will need to work to change the way both your IT department and your business work and engage together to make this really successful. Have a read of Dave Snowden's Cynefin Framework to really get your head around why continuous improvement and emergent governance requirements are so critical.
In The SharePoint Governance Manifesto I don't really talk about this topic much because in theory this is the easy stuff, keeping your technology under control. From what I can tell, Microsoft's guidance is pretty much on the money, focused on delivering services.
One thing that I will mention here though is that I would mention that ensuring that the services you deliver and govern are the ones that the business needs are important. What I mean is that we shouldn't deliver (and hence govern) any services that don't support the business achieving its goals or vision. As a [poor] example, there's no need to define and create a 'records management service' and then govern that service if the business have no interest in using SharePoint's records management features. Deliver the technology features and governance that are appropriate, no more and no less.
Information management and governance
In my guidance I call this 'Information Governance; which I split into two related but separate sections:
- Information Management (IM)
- Information Architecture (IA).
Despite the title Microsoft have given this part of the guidance, I think they pretty much align with my thinking which is great news for me and for you!
In the Information Governance work I am currently doing for a global financial services organisation, I am seeing that this aspect can be further split into two very different perspectives, depending on your organisations Information Governance drivers:
- Compliance / Regulation
- Business Value
Of course some organisations thankfully come at it from both angles! I really like that Microsoft states explicitly these differences by asking of you to evaluate:
Meets requirements Does the information architecture meet regulatory requirements, privacy needs, and security goals?
Increases business effectiveness Does the architecture add to your organization’s effectiveness?
They include a nice set of tables listing some key questions for you to ask yourself (or your SharePoint team) when designing your solution across both SharePoint IA and IM.
Something else that I noticed that I really approve of is the mention of other types of content i.e. not just Office documents; the guidance also mentions (and therefore you need to think carefully about) information in lists, social data and social interactions. The way you want to govern this type of non Office information, which is becoming more and more prevalent, is a key consideration and an area a lot of organisations just completely miss out when applying governance to their SharePoint environments; remember getting business guidance around the governance of something they don't fully understand in this context (social) is much much harder than you could possibly imagine!
Finally for this section, is a brief but important mention of 'Social Computing'. This comment builds upon the last one and although I am very heartened to see social mentioned in the context of governance I do think it warrants separation out of the Information Governance category and into it's own. When I see 'social' within SharePoint I see both information (comments, discussions, tagging etc.) as well as social interactions like 'Likes', social connections between people, membership of groups etc. and depending on your vision these aspects of your platform content may need their own special consideration.
Application management and governance
I think Microsoft give some great guidance in this area of application governance, like the IT governance previously, it's all a bit techie for me to really analyse in any depth, but that said I think it is missing the 'business ingredients'. What do I mean by this, well it would be great if there was mention of aligning the applications to the business and the SharePoint vision, using goal alignment is a fantastic technique for validating this.
I was really pleased to see mention of 'Processes for analyzing' whether your application is really delivering business value, that certainly needs to have more focus on it and guidance as to how you might do continuous improvement and analysis on use and value would be welcomed by the community I am sure.
But as I say, this is an area that I think Microsoft has no real issues with providing good governance guidance, just remember to stay aligned to your vision as well.
Let me finish this blog post by articulating where I think the latest SharePoint Governance Guidance fit's with my thinking in terms of the 7 waves of SharePoint Governance:
- Information Governance - Some really good coverage, much more business focussed than before
- IT Assurance - As you would expect, the IT part of governance has some very well thought out guidance
- Kaizen - Although mentioned behind the scenes in a few places, continuous improvement could do with much more focus
- Change Management and User Adoption - Almost no mention of the end user within this guidance, I guess this is the most worrying (but not surprising) deficiency in the guidance
- Social Business - Mentioned a little, but no thoughts or guidance on social ways of working, just focussed on the social features of the technology
- Business Alignment - Better than it used to be, some glimpses that the organisation is being considered in their governance guidance, but again it needs more emphasis and more content
- Project Governance - Not mentioned, with the exception of some inferred involvement with the 'application management' content; I appreciate Microsoft won't dictate to the community how to deliver projects, but the mention that project governance is required would be an important and useful addition.
So to summarise, I really do feel that Microsoft has come along way with the latest release of their 'Governance planning for SharePoint 2013'.
Well done Microsoft, our future together banging the governance drum, looks significantly more positive than it did last week!
Please don't forget that 90% of what is in the guidance is applicable to other versions of Microsoft SharePoint and the principles apply to any strategic technology platform.
Check out my slides on Governance on Slideshare
If you want a more in-depth view of effective SharePoint Governance then check out The SharePoint Governance Manifesto
Finally, I am in the midst of developing a 2 day SharePoint Governance course, based on the approach articulated in my book. If this sounds of interest to you, your team or your organisation then please get in touch and let me know,