IT governance

Go to related article at http://aka.ms/SPGov

Software + services

Service level agreements should include:

1.

2.
Negotiated performance targets for first load of a site, subsequent loads, and performance at remote locations. Recovery, load balancing, and failover strategies. Customization policies. Storage limits for content and sites. How to handle inactive or stale sites. Multilingual support.

What is governance?
SharePoint 2013
Basic concepts
Governance Segments
Governance is the set of policies, roles, responsibilities, and processes that control how an organization s business divisions and IT teams work together to achieve its goals.

How will you control the services that you offer? What will you provide with each service? What will you include in service-level agreements for each service? And how do you prevent proliferation of unmanaged servers?
What to govern:
Security, infrastructure, and web application policies How is the system and infrastructure maintained and who has access at what levels? What s the maximum upload size you want to allow? Are you controlling the use of fine-grained permissions? Data protection (backup and recovery)

Approval process, including length of time and approvals necessary to create a site. Costs for users/departments. Operations-level agreement which teams perform which operations and how frequently. Policies around problem resolution through a help desk.

Centrally managed

Software, services + sites hosted/managed centrally by a core IT group

Software, services + sites hosted/managed locally by individual groups

Locally managed

Vary the level of data protection that you offer based on service levels. Plan how often you back up the farms and how quickly you can guarantee the data is restored.

IT service governance
When you create an IT service to support SharePoint 2013, a key to success is whether you can govern the service and ensure that it meets the business needs of your organization in a secure and cost-effective way. When you add to the service, you need to do so in a manageable way. The following elements contribute to a successful service:
Form governance group A governing group defines the initial offerings of the service, defines the service s ongoing policies, and meets regularly to evaluate success. Communicate policies The policies you develop are communicated to your enterprise and are enforced. Encourage use Users are encouraged to use the service and not create their own solutions installations are tracked and rogue installations are blocked.

Deployment governance
In addition to governing services that you offer, you also need to govern installations of SharePoint 2013 in your environment.

Site policies

Use site policies to help control site proliferation. A site policy defines the life-cycle of a site by specifying when the site will be closed and when it will be deleted. When you close or delete a site, any subsites are also closed or deleted. If an Exchange mailbox is associated with a site, the mailbox is deleted from Exchange Server 2013 when the site is deleted.
Quotas Quota templates define how much data can be stored in a site collection and the maximum size of uploaded files. Associate different quota templates with site collections at different service levels. Asset classification Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). That classification then controls other behaviors, such as requiring encryption for high business impact information. Impact = Exposure If this leaks, will it hurt my business? Value = Availability If this isn t available, can my business run?

Track installations
An Active Directory Domain Services (AD DS) marker named Service Connection Point identifies the SharePoint 2013 servers in an organization. Set this marker for each domain in your organization if you want to track installations in all domains.

Block installations
You can block installations of SharePoint 2013 to prevent users from installing it to unauthorized servers that you don t want to support. Use a group policy in Active Directory Domain Services (AD DS) to set a registry key on all servers to block installations.

Keep current with software updates

Keep your servers current. Test and install recommended software updates. See the Updates Resource Center for SharePoint 2013 (http://aka.ms/SPUpdt).

Site collection upgrades

Site collections can now be upgraded independently from the content databases. Determine who, when, and how to upgrade site collections when a new version or an update is available.

Information management
How will you govern the information in your organization, such as: documents, lists, Web sites, and Web pages? How do you maximize the information s usability and manageability? Who has access to what content how are you making content available internally and externally and to whom?

Content + information stored by users

Good information architecture supports the following goals:
Manageable Can the IT team effectively implement and manage the information? Meets requirements Does the information architecture meet regulatory requirements, privacy needs, and security goals? Increases effectiveness Does the architecture add to your organization s effectiveness?

Information management tools

Govern your content by using tools for content management, including: Use workflows and approvals for Document Centers and site pages wherever official documentation is stored. Use approval for published websites to control pages. Use version history and version control to maintain a history and master document. Use content types with auditing and expiration for document libraries to manage document lifecycle. Manage libraries by using the Content Organizer. Use site policies to manage site collection lifecycles. Use Information Rights Management and auditing to secure and audit important corporate assets and any sites that contain sensitive information.

Governance and Site Types

Different types of sites require different governance policies. This is because different sites have different requirements, which reflect their importance to the organization. Published sites have tighter governance over information and application management than team sites and personal sites (My Sites).

Tightly managed

Content is tagged with structured metadata, permissions tightly controlled, content is archived or purged per retention schedules

Content is tagged only socially and not tracked; permissions/archiving is not monitored or managed

Loosely managed

Questions to ask when designing a site or solution: How will the site or solution be structured and divided into a set of site collections and sites? How will data be presented? How will site users navigate? How will search be configured and optimized? How can you organize content so that searches return useful results? What types of content will live on sites? How will content be tagged and how will metadata be managed? Does any of the content on the sites have unique security needs? What is the authoritative source for terms? How will information be targeted at specific audiences? Do you need to have language- or product-specific versions of your sites? Who will write content for the site and what method will you use to publish it?

Information architecture
Information architecture determines how the information in that site or solution its webpages, documents, lists, and data is organized and presented to the site s users. Information architecture is often recorded as a hierarchical list of content, search keywords, data types, and other concepts. Make your information architecture as efficient as possible. Identify efficiencies, such as:

Determine the rules or policies that you need to have in place for the following types of items:

Which of these factors is the highest priority for each type of content?

Three major areas for governing SharePoint 2013:

IT Governance
Typical amount of governance

Central published site (Intranet home page) Departmental site

Which priority do you optimize for?

Software + services

Group and team sites

Information Management

Content + information stored by users

Projects and workspaces

Use metadata to enable search and comparisons

Information access
Manage versions and records Catalog and store information properly Be sure to consider access to content when you design your solution and sites. This overlaps with IT Governance as you consider your entire environment. Ask these questions:
Information management: permissions and audiences IT governance: access 1. How do I make this content accessible to external users? 2. How do I make sure that only people who need access have it? 1. How do I structure permission in a site? 2. How do I target content to a specific audience? 3. Should I use Information Rights Management (IRM) to protect content?

When thinking about content, consider the balance between the following factors:

Application Management
Custom solutions

Personal sites (My Sites)

Proportion of site types in a typical environment

Design navigation to help users find important information

Integrate information architecture with search

Define publishing strategy

Pages Lists Documents Records Rich assets Blogs and wikis Feeds

Anonymous comments Anonymous access Terms and term sets External data

Availability

Content needs to be available when users need it, and where they can get to it.

Access

Consider who has access to the content. If it should be secure, is it?

Redundancy

The three areas of governance are equally important. This poster describes each area and provides key concepts for each area.

Shared copies reduce redundancy and provide one version of a document.

Governance Team
Your governance policies should support your organization s goals and be kept up-to-date as your organization s needs change. We recommend that you create a team from various disciplines across your organization to develop and maintain these policies.

Governance and Training

Great training, good resources, and effective search are keys to user adoption.

Application management
How will you manage the applications that are developed for your environment? What customizations do you allow in your applications, and what are your processes for managing those applications?

Custom solutions
Lifecycle management
Follow these best practices to manage applications based on SharePoint 2013 throughout their lifecycle: Development Pre-production Production

Solutions or apps for SharePoint?

New development model: apps for Sharepoint Apps for SharePoint are self-contained pieces of functionality that extend the capabilities of a SharePoint website. An app may include SharePoint components such as lists, workflows, and site pages, but it can also surface a remote web application and remote data in SharePoint. An app has few or no dependencies on any other software on the device or platform where it is installed, other than what is built into the platform. Apps have no custom code that runs on the SharePoint servers.
Design apps for end users Apps: Are easy for users (tenant administrators and site owners) to discover and install Use safe SharePoint extensions Provide the flexibility to develop future upgrades Can integrate with cloud-based resources Are available for both SharePoint Online and onpremises SharePoint sites Use farm solutions for administrators Solutions: Can access the server-side object-model APIs that are needed to extend SharePoint management, configuration, and security Can extend Central Administration, Windows PowerShell cmdlets, timer jobs, custom backups, and so on Are installed by administrators Can have farm, web application, or sitecollection scope

GOVERNANCE CHECKLIST:

Strictly managed

Governance team

Training Education Content Search User Adoption

Customizations must adhere to customization policy; deployments and updates tested and rigorously maintained

Rules about development environments or customizations are less rigid

Loosely managed

Sync

Sync

Customization policy
Determine which types of customizations you want to allow/disallow, and how you will manage customizations. Your customization policy should include: Service level descriptions Processes for analyzing Process for piloting and testing customizations Guidelines for packaging and deploying customizations

Control source code and use versioning

Test new and updated apps and solutions

Keep environments in sync to get best results from testing

Branding
Consistent branding with a corporate style guide makes for more cohesive-looking sites and easier development. Store approved themes in the theme gallery for consistency so that users will know when they visit the site that they are in the right place.

Governance policy for apps for SharePoint Set a policy for using apps for SharePoint in your organization. Can users purchase and download apps? How do you make your organization s apps available? How do you tell if they re being used?
SharePoint Store Determine whether users can purchase or download apps from the SharePoint Store. App Catalog Make specific apps for SharePoint available to your users by adding them to the App Catalog. App requests Configure app requests to control which apps are purchased and how many licenses are available. Monitor apps Monitor specific apps in SharePoint Server 2013 to check for errors and to track usage.

Information architects or taxonomists Compliance officers Influential information workers

IT technical specialists Development leaders Trainers IT managers

Business division leaders Financial stakeholders Executive stakeholders

Guidelines for updating customizations

Approved tools for customization

Who is responsible for ongoing code support

Specific policies regarding each potential type of customization

Design Manager for branding

With Design Manager, you can create a visual design for your website by using whatever web design tool or HTML editor you prefer and then upload that design into SharePoint. Design Manager is the central hub and interface where you manage all aspects of a custom design.
Creating the visual design of a site often fits into a larger process, in which multiple people or organizations are involved. For a roadmap of the tasks from a larger perspective, see Design and branding in SharePoint 2013 (http://aka.ms/Tbcvxm).