Governance: Are your teams really governing your SharePoint environment?

Calculating the cost of downtime in IT systems can vary significantly between industries and verticals. However, industry analyst Gartner estimates that, across all sectors, IT failures cost on average $5,600 per minute. In practice, the true cost of downtime will depend entirely on your specific business and Gartner’s estimation may be far more – or far less – expensive than the price your company would really pay.

Either way, downtime is definitely costly and, ultimately, it will be senior IT management who will have to answer questions once the issue has been resolved. If the cause of downtime in SharePoint is due to a faulty customization, then the obvious question will be: “what governance plans did you have in place?” Worryingly, in a large proportion of businesses, the answer here will be: “none”. We asked respondents in our last SharePoint and Office 365 state of development survey just this question – below are the results:

Do you have a governance plan for your SharePoint environment customizations?

Do you have a governance plan for your SharePoint environment customizations?

As the chart shows, close to half of businesses either don’t have a governance plan, or don’t know if they do. So, if a breach did arise in these companies, and the head IT decision-maker was unable to explain why a customization hadn’t been governed properly, there would be serious questions to answer. Even if your teams do have some form of SharePoint governance process in place, this will only be valuable if it has been implemented correctly and consistently.

So, what should your SharePoint customization governance policy involve?

WHAT IS SHAREPOINT GOVERNANCE?

Microsoft explains customization governance as follows:

SharePoint includes customizable features and capabilities that span multiple product areas, such as business intelligence, forms, workflow, and content management. Customization can introduce risks to the stability, maintenance, and security of the environment. To support customization while controlling its scope, you should develop a customization policy”.

Pause
Whether your customizations are as simple as a change to the way SharePoint views are presented, more complex – like branding changes to the interface – or highly complex, like introduction of workflows or connecting to external programs, they should all be governed. Essentially, this involves someone taking responsibility for decisions around what types of customizations you allow, a process for reviewing customizations and a process for testing them to ensure they remain safe and secure. A governance program should ensure that now, and into the future, your customizations remain useful, boost productivity and avoid the risks of downtime.

KEY FEATURES OF A SHAREPOINT CUSTOMIZATION POLICY

Governance is about two things – people and processes. In many ways, the processes are the easiest part of governance; once they are in place, they simply need to be followed. On the other hand, people can easily be distracted and fail to carry out important tasks which ensure governance is happening. Therefore, the first stage in making your SharePoint governance policy a success is to assign management responsibilities to dependable colleagues.

Once this person is managing your policy, they should (at a minimum) incorporate the following activities into their processes:

  • Service level agreements
    Set up an approval process to monitor changes to SharePoint, including a review of cost, setting up a support team, and failover strategies among other key considerations.
  • Guidelines for customization updates and review
    You should have a method of managing changes to your customizations; rules about how updates should be rolled out and have a method of controlling and reviewing your source code.
  • Use approved customization and code analysis tools
    Carry out a review of which tools and methods you are using to decide if they are safe. Consider a tool like SPCAF to ensure customizations follow best practice and discover any problems in your code before it is deployed to your farms.
  • A process for analysis, testing and deployment
    You should have a clear series of steps for deciding if a customization is safe and necessary, as well as establishing best practice for testing then deploying it.
  • Decide what customizations you will allow
    Some companies are very strict and allow minimal changes to out-of-the-box SharePoint. Others allow much greater flexibility. This will depend entirely on your IT needs, but you must have a clear definition of what is and isn’t accepted in your environment, and act accordingly.
  • Clarify which third party add-ins and apps are allowed
    You should have an established list of third party tools and providers that your company judges to be safe and secure. Of course, this needs to be flexible, but all new providers need to undergo a vetting procedure so as to be sure they will not put your environment at risk.

GOVERNANCE LETS YOU SLEEP EASY

At Rencore, we highly recommend implementing a SharePoint governance policy. All too often, downtime is a result of poor quality, outdated or risky customizations which can cause damage to your environment and cost you significant sums of money. By putting a governance policy in place, you significantly reduce the chances of these downtime events from happening, and, in the worst case scenario, should have a clear paper trail to discover exactly what went wrong. For more insights into governance and how businesses are using SharePoint and Office 365 in 2016, download your complimentary report today.

Reference:
Einig, M. (2017). Are your teams governing your SharePoint customization environment?. [online] Available at: https://rencore.com/blog/sharepoint-governance/ [Accessed 31 Aug. 2017].

Share this on...

Rate this Post:

Share: