Want to See a CIO Twitch? Ask about the Company's SharePoint Strategy
Deploying SharePoint without a governance strategy is a recipe for trouble
Information Management Magazine, Nov/Dec 2009
Few topics get a CIO's attention like Microsoft's SharePoint document and collaboration platform and the governance challenges that accompany it. The relationship business has with SharePoint is very much a balance of love and hate.
SharePoint is typically deployed with the goal of solving certain defined challenges around collaboration and content management. But once the application gets out of its cage, look out. Without tight control, it quickly becomes viral without hope of containment.
There is no question the business climate today forces organizations to face ever-growing challenges in managing, protecting and regulating their information. As the amount of business content grows, the number of challenges and amount of risk grows as well. Add in the need to be prepared for litigation and e-discovery document requests, and the lack of governance and enforcement of business policy on SharePoint content suddenly pose a risk you can attach significant cost to. These are persistent risks that bring large exposure to your business operations.
Advertisement
Breaches can occur as content is created, during an e-discovery investigation and at many other points along the information lifecycle. Thus, those without a comprehensive governance program are ill equipped to proactively manage, control or discover their own business-critical content.
So why is SharePoint so hot? There are many reasons, but two float to the top very quickly. First, there is a belief that SharePoint is the answer to a whole host of business problems. Generally speaking, this is absolutely legitimate and true. Second, SharePoint allows the business end user (that's you and me) to go about creating and storing content as we see fit. As a company rolls out SharePoint, a lack of forethought to governance lays the path for out-of-control and completely unmanaged content growth. As a case in point, CMS Watch noted that a North American bank reported more than 5,000 uncontrolled and unaudited instances of SharePoint. Another business, a major energy company, reported finding more than 15,000 previously undetected instances of SharePoint. Houston, we have a problem.
SharePoint is uber successful. It's the fastest-growing server product Microsoft has ever released. During 2008's SharePoint conference, Bill Gates' remarks about SharePoint were very telling: "SharePoint is a product that's based on a vision of letting workers share information in a better way, and making sure that it's done in a very broad fashion, creating a product that you can assume everyone in a company has access to, and creating templates that everybody is familiar with and they just use as a matter of course to get their job done."
It's clear that Microsoft wants SharePoint to become part of global business's DNA, and they're well on their way to achieving that goal.
Enabling the end user to proliferate content seems to be the natural enemy of information governance, but it shouldn't be. The business should do everything possible to enable workers to do their jobs as fast and accurately as possible. Policy that disrupts business processes is not effective governance. Transparency is the key. The reality is a SharePoint deployment can be a terrific opportunity to provide governance architecture for your information assets.
Be clear, we're referring to a governance architecture, not a governance solution, and a little intellectual honesty is called for here. No single tool will provide an information governance silver bullet. Effective governance is the result of the right combination of tools, business processes and policies. Tying these things together in a way that meets the goals and obligations of the business is the essence of a solid governance strategy.
The output of collaborative processes or ad hoc content development in SharePoint can create important business records that need to be managed and maintained according to organizational and regulatory policies. For accuracy, these policies must be applied consistently across the enterprise, not just with SharePoint content but with every format or host application. As you probably know, a document originated in an informal workflow or unaudited SharePoint site is as susceptible to regulation requirements or e-discovery requests as any other.
Your organization may intend to use SharePoint to create simple or even complex workflow mechanisms where, for example, client contracts are developed and approved. The workflow can oversee the evolution of a Microsoft Word document from a standard template through the addition of terms, conditions and pricing. A process such as this can be simplified greatly through SharePoint and improve the responsiveness and consistency of the process. SharePoint can be used not just to duplicate existing processes but to improve them so the work can be more closely aligned with the organization's goals.
But what type of policy is applied to the final version and all the drafts before it? An even greater question lies in how the policy is applied. Is the printed, signed copy maintained as an important business record? What about the electronic version? Are any earlier drafts valuable for other uses, and if so, how are they stored? Moreover, what policy dictates how a collaborative project is handled upon its finalization?
In a larger context, these questions and many others are probably answered within your corporate records management policy and retention schedule. Knowing what to retain, where to find it and how to retrieve it is an objective of any comprehensive information governance strategy and solution. And, policies that are applied across SharePoint need to be consistent with other repositories, such as email, email archives, line of business applications and enterprise content management systems.
Using the U.S. Department of Defense standard as a guide is a good start.
The Department of Defense 5015.2-STD version 3 is the accepted standard by which to measure in the records management community, which includes industry professionals, vendor suppliers and users of electronic records management systems. It is no doubt the gold standard used around the world and across all industries for evaluating the functional requirements of records management solutions.
Page 1 of 2.
