Governance, Information Policies, and Records

Kashish Sukhija

» SharePoint Development Lead – Sony (SNEI)˃ Previous Employer (5 Years) – Qualcomm Incorporated

» Based in San Diego, California» Expertise: Enterprise Content Management, Collaboration Strategy,

Governance, Migrations, Development, Architecture.» Publications -

˃ File Analyzer on the Web (IEEE)˃ Finite Automata Visualization (Link)˃ Intergalactic travel using laser powered robots (Link)˃ Smart Tanks - Armed Unmanned Ground Vehicles (Link)

» Education˃ Doctorate in Business Administration˃ Masters of Science Computer Science

» Blog - http://spdevstore.com/» Twitter - @spdevstore

» LinkedIn – http://www.linkedin.com/profile/view?id=15715591

Agenda

» Governance Overview» Record Management» Information Management Policies» Tagging» Search» Best Practices

Customizations

» Governance˃ Custom Post Provisioning Provider

» Record Center˃ Custom Record Center File Submission˃ Custom Record Center Router

» Information Management Policy˃ Custom Expiration Formula˃ Custom Expiration Action˃ Custom Simple IM Policy˃ Custom Configuration IM Policy

» Tagging˃ Custom Department Tagging Policy˃ Custom Attach Policy to Content Types

» Search˃ Custom Advanced Search Web Part

» Feature Stapling˃ Custom Feature Stapling

What is Governance?

“Governance is the set of policies, roles, responsibilities, and processes that guides, directs, and controls how an organization's business divisions and IT teams cooperate to achieve business goals.”

“Governing SharePoint is not just throwing a team together or rehashing old policies. Design and configuration of SharePoint is a key responsibility for modern IT Business Analysts”

Mistakes

» No Quotas, No Blocked File Types, No Policies» Unreliable support» No strategy, no training» Not defining policies on what to use SharePoint for (and

what not to use it for)» Empowering users without appropriate training and

guidance» Letting users manage security when they have no clue what

they are doing» Not planning for scale and/or growth» No life cycle management» Not testing the backup/recovery process

What to Govern?

» Quotas – Quota templates define how much data can be stored in a site collection and the maximum size of uploaded files. Associate different quota templates with site collections a different service levels.

» Site lifecycle management – You can govern how sites are created, the size of sites, and the longevity of sites by using self-service site management and site use confirmation and deletion. Set expiration and access policies to control content in sites.

» Asset classification – Classify sites and content by value and impact of the content to the organization (such as high, medium, or low business value/impact). Classification then controls other behaviors, such as requiring encryption for high business impact information.

» Data protection (backup and recovery) – Vary the level of data protection that you offer based on service levels. Plan the frequency at which you back up the farms and the response time that you will guarantee for restoring data.

» Security, infrastructure, and Web application policies – how is the system and infrastructure maintained and who has access at what levels. Are you controlling use of fine-grained permissions?

Governance Model

» IT governance of the software itself and the services you provide

» Application governance of the custom solutions you provide

» Information Management governance of the content and information that users store in those services.

Planning

» Ensure that content quality is maintained for the life of the solution

» Provide a consistently high-quality user experience» Establish clear decision making authority and

escalation procedures» Ensure that the solution strategy is aligned with

business objectives» Ensure that content is retained in compliance with

record retention guidelines» Ensure that site designers understand best practices

Planning

» Identify an Inclusive Team» Start with “Framing” Decisions» Determine Your Deployment Model» Define a Clear Vision» Identify Roles and Responsibilities» Develop Guiding Principles» Decide Your Organizational Comfort Level with Social

Computing» Define Policies and Standards» Document the Plan» Socialize and Promote

Strategy

» Develop a strategy around architecture, security, maintenance, storage planning, development, and policies; the sooner the better. Ideally this should be well before deployment, but can still be done years later if necessary.

» Who will support it?» What is technology impact?» Get acceptance and feedback from users» Involving business stakeholders has the largest

impact on operational success.

Process Models for Dev Life Cycle

• Code• Introduction• Coexistence

Dev

• UAT• Authoring• POC• Validate

Test• Users• Workflows• BPM

Prod

» Release Management» Configuration Management» Operations Monitoring, Security & Patch Management» Communications & Service Management» Code Propagation Testing & Deployment

Decisions

» Who will be allowed to set up a new page/site within the existing hierarchy?» Who will be allowed to create a new level in the navigation or promote an

existing site to the top level of the navigation? » Can page owners re-design the page/site layout? If yes, how much of the

page are they allowed to modify? » Who is allowed to make changes to the overall branding for the portal? » Who is allowed to manage metadata? For example, change metadata types

or metadata values?» What processes/roles can we assume for enterprise management of

metadata? » Who controls security on pages/sites? » What is the default model for access? » What kind of “penalties” will be supported for non-compliance with

governance standards? » How will the Governance Model be updated and maintained?

Enforcing Decisions

» Group Permissions» Audit Settings» Portal Settings» Designer Settings» Search Settings

Post Provisioning Provider

» Custom Post Provisioning Demo

Record Management

» A record is a document or other electronic or physical entity in an organization that serves as evidence of an activity or transaction performed by the organization and that requires retention for some time period. Records management is the process by which an organization:

RM - SharePoint 2010

» Content Organizer» Document Sets» Document IDs» Location Based Metadata» In-Place Records Management» Managed Metadata» Metadata Navigation

Record Management

Process

» Content analysis » File plan» Compliance requirements document» Method for collecting records that are no

longer active from all record sources, such as collaboration servers, file servers, and email systems.

» Method for auditing records while they are active.

» Method for capturing records' metadata and audit histories and for maintaining them.

» Legal Holds » A system for monitoring and reporting on the

handling of records (Governance)

Record Center

» Demo - Out of Box Routing» Demo - Out of Box Legal Holds » Demo - custom Routing

Record Center

» Demo - Custom Record Center File Submission» Demo - Custom Record Center Router

Information Management

Information management is the governance of information in an enterprise — its documents, lists, Web sites, and Webpages — to maximize the information’s usability and manageability. Another aspect of information management is determining who has access to what content – how are you making content available internally and externally and to whom?

Information Architecture

Information architecture determines how the information in that site or solution – its Web pages, documents, lists, and data – is organized and presented to the site's users. Information architecture is often recorded as a hierarchical list of content, search keywords, data types, and other concepts.

Information Architecture

» How information is organized and presented to users

» Product knowledge to apply the information architecture to the SharePoint tool

» Content types» Managed Metadata» Navigation» Search

Policies & Standards

» Policies define rules to use SharePoint» Standards describe best practices» Verify that your SharePoint polices and standards

do not conflict with broader organizational polices.» Publish policies and standards where users can

easily find and follow them. » Regularly review and revise policies and standards

to keep them aligned to organizational needs.

Policy Features

» Expiration» Auditing» Document Labels» Document Bar Codes

Information management policies

» Demo – Out of box Expiration Policy» Demo - Out of box Auditing Policy» Demo - Out of box Document Labels Policy» Demo - Out of box Document Bar Codes Policy

Policy Architecture

Policy Feature

» A policy feature is an assembly or other piece of code that provides content management functionality to Microsoft SharePoint

» Install a valid Policy Feature Definition into the Policy Feature Definition List. You can do this by calling the Add method of the PolicyFeatureCollection class.

» Implement the IPolicyFeature interface.

IPolicyFeature Interface

» In addition to installing a valid Policy Feature Definition, each policy feature must also contain a class that implements the IPolicyFeature interface.

» This interface enables Microsoft SharePoint Server 2010 to call the code to perform any initiation work that the policy feature requires.

» The interface also enables SharePoint Server 2010 to call the code to perform any tasks required when a policy item that is associated with the policy feature is added, deleted, or changed for a content type.

IPolicyFeature Interface

The IPolicyFeature interface contains the following methods:

» Register()» UnRegister()» OnCustomDataChange()» OnGlobalCustomDataChange()» ProcessListItem()» ProcessListItemOnRemove()

Information management policies

» Demo - Custom Expiration Formula» Demo - Custom Expiration Action» Demo - Custom IM Policy Simple» Demo - Custom IM Policy Config

Taxonomies and Tagging

» Easier information retrieval ˃ A taxonomy provides a consistent way of classifying and describing

information, allowing more accurate search results and giving users the ability to rapidly locate the content that they need.

» Easier navigation ˃ A taxonomy dictates how users navigate SharePoint sites and various

sub-sites.

» Audience targeting ˃ By effectively leveraging content types, search results can be tailored

to specific audiences within an organization.

Tagging

» Demo - Department IM Policy» Demo – Search Tagged Departments

What's new in 2013

» Site-based retention˃ Compliance features of SharePoint Server 2013 have been extended to sites. You can

create and manage retention policies in SharePoint Server 2013, and the policies will apply to SharePoint sites and any Exchange Server 2013 team mailboxes that are associated with the sites.

˃ The retention policy for the whole site and the team mailbox, if one is associated with the site.

˃ What causes a project to be closed.˃ When a project should expire.

» Managed Navigation» Document Sets

˃ You can now add One Note and Folders into Document Sets, improving flexibility. There’s also the ability to manage the entire document set by sending it to a record center.

» eDiscovery Center˃ You can now manage preservations, search and export across site collections,

SharePoint farms and even Exchange servers.

Summary

» Establish a Governance Plan to ensure quality and relevance of content and to ensure that all users understand their roles and responsibilities.

» Keep your governance model simple. Solutions need a strong governance model, but they don’t need complicated models with lots of bureaucracy.

» Don’t make the solution itself more complicated than it needs to be. Be careful about “over designing.” Just because SharePoint has a cool feature doesn’t mean that you need to deploy it—at least not right away.

» Ensure that all users with design or full control privileges have internalized your design guiding principles and that content contributors understand guiding principles related to content.

» Think about how you will ensure compliance with your Governance Plan over time, particularly for highly visible sites.

» An effective Governance Plan doesn’t have to constrain every move—it has to provide guidance to users to ensure that your solution remains effective and vibrant over time.

Resources

» TechNet˃ Governance resource center

+ http://technet.microsoft.com/en-us/sharepoint/ff800826.aspx˃ Governance features

+ http://technet.microsoft.com/en-us/library/cc262287.aspx˃ Plan for Software Boundaries

+ http://technet.microsoft.com/en-us/library/cc262787.aspx ˃ SharePoint Server 2010 Governance Model

+ http://go.microsoft.com/fwlink/?LinkId=200533˃ SharePoint 2010 Governance Planning

+ http://go.microsoft.com/fwlink/?LinkId=197150˃ Implementing Governance on SharePoint 2010

+ http://go.microsoft.com/fwlink/?LinkId=201195˃ SharePoint Server 2010 Governance Resources

+ http://go.microsoft.com/fwlink/?LinkId=197150

» Blog ˃ http://spdevstore.blogspot.com/

» LinkedIn˃ http://www.linkedin.com/profile/view?id=15715591

» Email – kashishsukhija@gmail.com» Questions & Answers

Thank You

Q & A

Don’t ForgetSharePint!!

Join us at after the closing ceremony at The Daily Pint for

drinks and laughs. A great opportunity to network with other

SharePoint Professionals!

Atera Prime K2

Axceler KnowledgeLake

CBT Clips KwizCom

Dell QuickStart

Hershey Technologies Virtualworks

Thank you to all our sponsors! Please visit the booths outside.

Platinum & Gold

Sponsors

Silver Sponsors