Last Updated on December 14, 2023
Need a governance plan?
In this guide, you will learn how to create your own governance plan in SharePoint step-by-step, complete with action steps.
Let’s get started.
Table of Contents:
SharePoint governance involves creating rules and business processes to guide how your organization uses SharePoint.
It’s like a framework that helps manage access, usability, and security to meet your company’s goals and compliance needs.
Here’s why it matters:
- Compliance: Ensuring that data storage and management practices comply with legal regulations
- Security: Protecting sensitive information from unauthorized access or alteration
- Usability: Making sure that SharePoint is user-friendly and aligns with the needs and skills of its users
- Efficiency: Streamlining processes to make optimal use of resources, thereby reducing costs
- Scalability: Preparing the system for growth in terms of users, data, and functionality
A strong governance plan turns SharePoint into a well-oiled machine, boosting productivity, preserving data integrity, and ensuring smooth operations.
Sign up for exclusive updates, tips, and strategies
Common Governance Challenges
I have talked about some of these challenges in different articles — understanding them is crucial for addressing these issues.
But here are the common challenges in SharePoint governance:
| Challenge | Description | Solution |
| Uncontrolled growth | SharePoint environments can grow quickly, leading to sprawling sites with unmanaged content. | Regular audits and reviews to remove redundant or obsolete data. |
| User adoption | Employees may be resistant to adopting SharePoint, sticking to older, less efficient systems. | Create user-friendly guides and training programs to ease the transition. |
| Permission management | Without proper governance, permission settings can become complex and difficult to manage, leading to potential security risks. | Implement a role-based access control system and review permissions regularly. |
| Inconsistent metadata | Inconsistent or poor use of metadata can make data retrieval and management cumbersome. | Implement metadata standards and educate users on best practices. |
| Compliance and legal risks | Failing to adhere to compliance guidelines and legal requirements can expose your organization to risks. | Regular audits and making sure data retention policies align with legal requirements. |
| Poor performance | As more people use SharePoint, you may experience performance issues like slow load times. | Regularly monitor performance metrics and optimize accordingly. |
| Lack of a backup and recovery plan | Without a proper backup and recovery plan, you risk losing important data. | Implement a comprehensive backup and recovery strategy. |
| Over-customization | Customizing SharePoint too much can make it difficult to manage and upgrade. | Stick to out-of-the-box features as much as possible and limit custom development to essential needs only. |
| Communication gaps | Lack of effective communication can lead to misunderstandings about how SharePoint should be used. | Regularly update all stakeholders and conduct training sessions. |
| Budget constraints | Governance initiatives may require financial resources, which could be a challenge for some organizations. | Prioritize governance activities based on risk and impact, and allocate resources accordingly. |
By being aware of these common challenges, you can proactively address them in your SharePoint governance plan.
This proactive approach ensures that you not only mitigate risks but also maximize the benefits that SharePoint can offer to your organization.
A well-thought-out SharePoint governance document or plan will guide you in maintaining an organized, secure, and efficient system.
Here’s a step-by-step guide to help you craft an effective SharePoint governance plan:
Step 1: Assemble a Governance Team
Creating a governance team is vital as it gathers key stakeholders responsible for executing and maintaining your Plan.
Who should be in the governance committee and their responsibilities/roles:
| Who Should Be Involved | Roles and Responsibilities |
| IT Managers | Overall governance oversight and ensuring technical compliance. |
| SharePoint Administrators | Day-to-day management, including permissions, user training, and system updates. |
| Business Unit Leaders | Ensuring the plan aligns with business goals and objectives. |
| Legal and Compliance Officers | Making sure the plan adheres to legal standards and compliance requirements. |
| End Users | Providing feedback and adhering to the governance policies. |
Action steps:
- Identify stakeholders: Make a list of all departments, teams, and individuals who will be using SharePoint.
- Assign roles: Clearly define what each team member is responsible for.
- Initial meeting: Convene an initial meeting to discuss objectives, timelines, and responsibilities.
- Documentation: Document the team’s structure, roles, and contact information for easy reference.
Use a collaborative tool, like a SharePoint list, to maintain the team’s details and meeting schedules.
Regularly update the team about changes in SharePoint features, organizational goals, or compliance requirements.
Step 2: Conduct a Needs Assessment
This is a critical step in understanding the requirements, limitations, and opportunities within your SharePoint environment.
Note: This assessment will provide the data needed to make informed decisions for your governance plan.
Here’s what to asses:
What to Assess
| What to Assess | Description |
| Business objectives | Goals and objectives you aim to achieve with SharePoint, such as enhanced collaboration or data management. |
| Current SharePoint Online usage | How different departments and teams are currently using SharePoint. |
| User skills and needs | The skill levels and requirements of the users who will be interacting with SharePoint. |
| Data management | Types of data stored, security protocols, and any data management requirements. |
| Compliance requirements | Legal or regulatory guidelines that must be considered in the governance plan. |
Action steps:
- Survey users: Use surveys or interviews to gather information about how various teams are using SharePoint.
- Analyze data: Review the types of data being stored, how it’s being accessed, and by whom.
- Review compliance: Consult with legal and compliance teams to understand any mandatory regulations.
- Document findings: Compile all the information into a comprehensive report.
It can help if you involve representatives from different departments to get a well-rounded view and then use analytics tools.
When creating surveys or interviews, Microsoft Forms might be able to help (plus it also has all the extra features you need).
Related: How to Create Microsoft Forms: The Definitive Guide
Step 3: Define the Scope
Defining the scope of your SharePoint governance plan is essential for setting clear boundaries and expectations.
It helps you focus on what’s most critical for your organization, ensuring that resources are allocated effectively.
Here’s what to include and exclude:
| Aspect | What to Include | What to Exclude |
| Sites and subsites | List of SharePoint sites and subsites that will be governed. | Out-of-scope sites that won’t be part of the governance plan. |
| User groups | Identify which groups of users will be affected by the governance plan. | Groups not using SharePoint or not impacted by governance rules. |
| Features and functions | Specify SharePoint features and functions to be governed (e.g., document libraries, workflows). | Features not being used or not critical for governance. |
| Data types | Types of data that will be part of the governance plan (e.g., documents, personal data). | Data types that are irrelevant to your governance objectives. |
| Compliance standards | Mention compliance standards to be met, such as GDPR or HIPAA. | Compliance standards not applicable to your SharePoint environment. |
Action steps:
- List elements: Make a comprehensive list of all SharePoint intranet elements that will be governed.
- Prioritize: Rank the elements based on their importance to your organization’s objectives.
- Document: Clearly document what is included and excluded in the scope.
- Get approval: Obtain approval from key stakeholders to finalize the scope.
Use a scope statement template for consistency and be realistic about what can be achieved with available resources.
Clear communication prevents confusion and ensures governance efforts align with your organization’s goals and resources.
Step 4: Create Policies and Procedures
Creating policies and procedures is at the heart of your governance plan.
These guidelines serve as the operational manual for SharePoint use, ensuring that everyone knows what to do and what not to do.
Here are the types of policies and procedures you should create:
| Policies and Procedures | Description |
| Access Control | Guidelines detailing who has permission to access specific SharePoint resources. |
| Data Management | Rules for uploading, storing, and sharing data within SharePoint. |
| Content Lifecycle | Procedures for archiving, deleting, or updating content within SharePoint. |
| Security Protocols | Measures and best practices to protect sensitive data and prevent unauthorized access. |
| Compliance | Policies to ensure that SharePoint usage aligns with legal and regulatory requirements, such as GDPR or HIPAA. |
Action steps:
- Draft policies: Begin by drafting initial versions of each policy and procedure.
- Stakeholder review: Circulate these drafts among stakeholders for feedback.
- Revise and finalize: Make necessary revisions based on feedback and finalize the documents.
- Approval: Obtain formal approval from key decision-makers.
- Publish: Make these policies and procedures easily accessible, ideally within SharePoint itself.
When creating the policies and procedures, use clear and simple language to make the policies easy to understand.
Don’t forget to update policies periodically to adapt to new regulations or organizational changes.
Related: Admin Guide: How to Create a SharePoint Retention Policy
Step 5: Develop an Implementation Plan
Developing an implementation plan is crucial for turning your governance policies and procedures into action.
This outlines how you will implement your governance plan effectively with your organization’s business processes.
Here are the key components that you must consider when creating an implementation plan:
| Key Components | Description |
| Timeline | Specific deadlines for each stage of the implementation, often visualized using a Gantt chart. |
| Resources | Identification of human and technical resources needed to carry out the plan, including staff, software, and hardware. |
| Tasks | Detailed list of tasks to be completed, usually broken down into smaller, more manageable pieces. Assign responsible parties for each task. |
| Risk Assessment | Identification and evaluation of potential risks that could hinder the implementation, along with strategies to mitigate these risks. |
| Monitoring Metrics | Key performance indicators that will be used to evaluate the success of the implementation. These could include user adoption rates, data integrity, and security metrics. |
Action steps:
- Create a Gantt chart: Develop a visual timeline using a Gantt chart to plot out tasks and deadlines.
- Assign responsibilities: Clearly specify who is responsible for each task.
- Resource allocation: Determine the resources needed for each task and allocate them accordingly.
- Risk mitigation: Develop strategies to mitigate identified risks.
- Approval and launch: Obtain approvals from key stakeholders and initiate the implementation.
When creating the implementation plan, I highly recommend that you break down complex tasks into smaller, manageable tasks.
You must also update the stakeholders regularly on the progress and be flexible enough to adopt the plan as you go along.
Step 6: Create a Training Program
Training is an indispensable component of implementing your SharePoint governance plan.
A well-designed training program educates your staff on new policies and procedures, ensuring effective and secure SharePoint usage.
Here are the types of training you can conduct:
| Types of Training | Description |
| Onboarding Training | Aimed at new users who are unfamiliar with SharePoint. Covers the basics of navigating and using the platform. |
| Policy Training | Focuses on educating all staff members about the new governance policies, ensuring everyone knows the dos and don’ts. |
| Skill Enhancement | Advanced training for users who need to use specific SharePoint features deeply, such as administrators or power users. |
| Compliance Training | Provides education on legal and compliance aspects that impact SharePoint use, such as data protection laws. |
Action steps:
- Identify training needs: Assess the skill levels and training needs across different departments.
- Develop material: Create training content, which could include videos, manuals, and quizzes.
- Schedule sessions: Plan and schedule training sessions, whether they are in-person or online.
- Conduct training: Execute the training program according to the schedule.
- Evaluate effectiveness: Use quizzes and feedback forms to measure the effectiveness of the training.
It could help if you make the training materials easily accessible, ideally hosting them on SharePoint itself.
You can also use relatable, real-world examples and consider refresher courses or periodic training updates.
Step 7: Monitor and Review
Monitoring and reviewing the implementation of your SharePoint Governance Plan is important for long-term success.
This step helps you ensure that the plan is effective, compliant, and continues to meet the organization’s evolving needs.
Here are some of the key metrics that you can focus on:
| Key Metrics | Description |
| User Adoption Rates | Measures the percentage of targeted users who are actively using SharePoint, indicating the platform’s acceptance level. |
| Data Integrity | Monitors the quality and accuracy of data stored in SharePoint, ensuring it meets organizational standards. |
| Security Incidents | Tracks instances of security breaches or unauthorized access, highlighting any vulnerabilities that need attention. |
| Compliance Audits | Regular checks to confirm that SharePoint usage aligns with legal and regulatory guidelines, such as GDPR or HIPAA. |
Action steps:
- Define monitoring metrics: Decide on the key performance indicators that will be used to evaluate the plan’s effectiveness.
- Implement monitoring tools: Use SharePoint’s built-in analytics or third-party tools to collect data.
- Conduct reviews: Periodically review the collected data to assess whether governance objectives are being met.
- Adjust policies: Make any necessary adjustments to policies and procedures based on the review.
- Report findings: Share the results of the review with stakeholders and make recommendations for future actions.
For this step, you can set up automated alerts for key metrics to promptly identify issues.
Make sure to engage with end-users for qualitative feedback to complement quantitative metrics.
Creating a Governance Plan
Setting up a robust governance plan for SharePoint is not just a matter of good practice—it’s essential for long-term success.
The guide I shared above includes everything from defining the scope and creating policies to developing an actionable implementation plan.
By proactively addressing common governance challenges, you can maximize SharePoint’s benefits while minimizing risks.
If any part of this in-depth SharePoint governance guide leaves you with questions, don’t hesitate to leave a comment below.
For specialized SharePoint consultancy or further inquiries, feel free to reach out to me via the contact form on this page.
