5. The Building
Blocks of how all
companies
should run.
It’s the policies
and procedures
that make up the
administrative
and governing
body of your
organization.
6. Governance Team Questions
Who is the leader?
How Often will the Committee Meet?
What is the Mission/Vision of the Governance Team?
What are the roles and responsibilities?
Are there sub-committees for things like user adoption, content
strategy?
9. Environment Structure Questions
• Environment Structure
• QA/Dev/Prod – uses for each, when are sync'd, 3rd party tools,
management policies/processes, performance issues
• Back up, recovery plans, storage quotas
• Account controls
• Authentication—SSO, Kerberos, NTLM, Forms based, etc
• Processes and Procedures for enhancements, development of
enhancements, 3rd party support
• External Structure – if any
• Site Structure/Provisioning—what are the steps to create a new site
collection and how to manage, site decommissioning policies
12. Information Architecture
Who is responsible for overall management of Information Architecture?
Will the effectiveness be evaluated, how often, measurement?
Will the system use the Content Type Hub? Who has ownership?
Can Site Owners Create/Modify Site Level Content Types? How to request changes
if not
Can Site Owners Create/Modify Site columns? Request change process if not
Enterprise-wide mandatory core Metadata (records retention codes, classifications,
locations of business)?
Who is managing the Term Store and how often?
How is information about Enterprise terms communicated?
Request process for Global or Department specific taxonomy.
Who can add new items to a site (apps, list, libraries)
15. Content Management/Site Owner (two site owners per site collection/department)
Must have site owner training
Access to intranet, social media policy, electronic communications policies, use of IT
resources, accessibility standards compliance, protection of PI, all those other HR jail policies
people have to avoid
Compliance
Sox
ISO
HIPAA
Safe Harbor
Other
Auditing
Records Retention
Information Architecture – content type hub, global taxonomy, enterprise metadata
Security – who needs access to the content and at what level
Branding—who is responsible for it, management of it, can Infopath be used?
Corporate Policies and Procedures
18. Compliance and enforcement rules for existing policies and procedures
can be leveraged to govern SharePoint.
The Governance Committee should identify any gaps and include
specific rules in the Governance Plan. Any third-party tools used to
manage governance of the site should be described.
What regulatory compliance obligations are in other system?
How is compliance enforced?
Which departments are responsible for compliance/enforcement?
What standards are relevant to the organization? What information is
affected by those standards? Is there a need for special security?
Compliance Questions
21. • AD/SharePoint Groups/Permissions Levels--List these
• Who will manage
• Is there a process for determining the difference between business
sensitive content?
How is sensitive content secured or kept separate ? Must it be in
it's own database? What content is included?
Must content databases with sensitive content be encrypted
Are there different information management or security policies for
different types of content? What are those policies?
What 3rd party tools or workflows are being used to enforce
security policies? What are the policies, workflows or tools
Security Questions
24. Training Questions
• What levels of training are offered, topics, requirements?
• Is there training required before a user can be a Site Owner?
• Who is responsible for the training? Creation, scheduling,
providing
• How will new employees be trained?
• Training never ends. Is there a "recertification" in place?
• Communications/user adoption, strategy and executable
tactics
• Change management-ADKAR
• Events--IT Share Fair, Test Lounge
26. Governance Training and Communication
How will the information governance plan be socialized with
staff?
Will staff be responsible for ‘confirming’ that they have read and
understand the policies?
Who is responsible for communicating key changes of the
information governance policy to key stakeholders and end
users?
What are the consequences for non-compliance with
information governance policies?