Real-World SharePoint Information Governance: A Case Study

Antonio Maio – Protiviti


2 case studies –

Helps enterprises establish governance plans

  • Control chaos

once you have the plan, how do you put this into practice..this is the hard work

Key areas to focus on:

  • Security
  • Low hanging fruit (quick and dirty)
    • Roles and responsibility, starts with it..admins -all of them/architects/records management/legal/etc.
      • Make sure you have two site and data owners primary and secondary
    • Information Architecture
      • data classification field
        • public/sensitivity/confidentiality
    • Define rules for site creation management, decommissioning
    • Define security groups permissions and roles for assigning permissions
      • logs
    • Determine training needs plan to educate the user community

Now you have a plan:

  • How do we make this happen?
  • Governance is about organizational change
    • it’s politically difficult
      • you have to convince them that the change and movement is beneficial to the org.* this!!! Politically heavy.

Case study one: Oil and Gas (4500 people)

Heavily regulated / PHMSA/DOE/DOT

  • Most sensitive/ceo’s salary bonus and stock grants (costs)
  • Took 18 months to have 18 departments up and running
  • Started with one department
  • Governance committee (most difficult part) they wanted 40 people on it, they got it down to 15, they wanted less, 9-10
    • Establishing gov com, then meet with people
    • Define a charter with committee
    • It took two months
  • Roles and responsibilities
    • Define roles
    • Define responsibilities
  • Define architecture
    • Site owners are not able to create subsites (this does not work with large organizations with more than 8000 employees)
    • 3rd party tools that monitor /site creation / last modified / etc.
    • Annual process to review, archive i.e. this project is closed –> archive
    • Patches/updates is critical
    • Recommend stay two months behind, MS has released problems in an update, and they get fixed in two months
    • Disposition process after expiration goes on a disposition list to get permission to delete * workflows help automate this process, ask data owners if data can be deleted
    • Does not like records center in general use in place records management
    • No Business Social

Other info

  • 4500 people
  • Farm admins (2) 5 farms
  • AD (3)
  • SQL (3)
  • IT (6)SP ┬ádevelopers / pm group handled management, and scheduling
  • End user and power user training was 2 hours a piece, provided materials and videos
  • Each department had a site collection

Site for information governance

  • Set up governance notebook
    • Meetings
    • Minutes (If you still do this)
    • Documents
    • Planning goals
    • Visions
    • Rules
    • Charter
    • Responsibilities
    • Timelines
    • It/business/executive roles
    • All Requirements
    • 18 months (8 departments)
  • Timing was critical
  • IT involved was critical
  • Defining data owner
    • Understand the regulation for their data
    • Approve access requests (may delegate)
    • Regular permission reviews (annually) for each department)*

Still had to produce a document

  • They took all the information and created a pdf


Q. If organization is unstructured, departments are ambiguous, and enterprise is process driven?

Q & A. Two primary approaches:

  1. Address the unstructured (no departments/hierarchy) by defining some structure
  2. Create collections based on enterprise processes.
    1. Projects
    2. Collaboration(teams)
    3. Search center
    4. MySites

Case Study – Financial services – (4000 employees)

  • Material Non-Public Information (insider trading) failed an SEC audit.
  • 2200 file shares and 1600 sites
  • 3 months
    • Identify data owners
      • Reporting
      • Primary and secondary data owners/primary and secondary site owners ***** these people need assistance and training!!
      • Permission remediation*
      • Create ownership claim list – need executive sponsorship and compliance to review this**
      • This form was simple (5 questions)
        • note: Look at step two on the slide, this is the form for claim list
        • step 3 IT needs to help them with this

Success criteria and Outcomes

Voronus to monitor and automate the site creating and deleting and approval process.