If you’re a team site owner, it’s a good idea to create a governance model to address your site’s policies, processes, roles, and responsibilities.
In this article
What is governance?
An important but often invisible part of any site is its governance model—the set of policies, roles, responsibilities, and processes that you establish to determine how the people in your group use SharePoint.
Many organizations have a governance model in place for sites at the Central Administration or site collection level, which may be created and maintained by an Information Technologies (IT) department or team.
If you’re a site owner for a sub-site in a site collection, such as a team site, it’s a good idea to create your own additional governance model to address your specific issues.
A governance model makes it easier to:
- Let site users know when they should create a new sub-site, as opposed to creating a list or other site content.
- Make sure sub-sites and content are retired when they’re obsolete, rather than using up your storage space and diluting your search results.
- Ensure that the right people have access to the right content.
- Let sub-site owners know what templates and themes they can use.
- Smoothly transition ownership of a site from one person to another.
Elements of a governance model
Your governance model needs to address topics such as:
- Site creation
- Permissions management
- Information architecture
- Site lifecycle and retirement
- Storage limits
- Classification of information
- Data protection
- Roles and responsibilities for supporting the site
Some of these questions might already be decided for you by the site-collection or organization-level governance model, such as how much storage space you have for your site, and what sorts of customization you can do to the look and feel of the site. Others may not be relevant, depending on how complex your team site is, and how many people you have using it. But even if you don’t have to make decisions about these topics, it’s a good idea to know what decisions have been made, so that you can inform your site users and enforce policies appropriately.
Here are some things to consider when you’re setting up a new site.
You might want your team members to be able to create sub-sites under the team site for use on specific projects.
Being able to spontaneously create new sub-sites can be a great benefit to the group, but unrestricted site creation can get out of hand. When sub-sites proliferate freely, problems can arise. For example:
- It’s hard for users to find the right sub-site, or be sure if they have.
- Information can be duplicated in several sub-sites, using up expensive storage space, and requiring duplicated effort to maintain.
- Out-of-date information can reside on sub-sites, potentially for years, showing up in search results. It can be hard to tell what version of information is correct.
- Managing permissions for a multitude of sub-sites can become a major chore, and users might inadvertently wind up with access to information they really shouldn’t have.
- As employees leave the group, the sub-sites they create may be abandoned, creating confusion and muddying search results for remaining site users.
You can save time and energy if you set some policies for site creation that address the following areas:
- Who is allowed to create sub-sites?
- Do new sub-sites need to be approved in advance? If so, what are the criteria for approval, and who grants the approval?
- Should new sub-sites use established templates and themes?
- How much information may be stored on a site? (That is, how much server disk space can it take up?)
- What are the rules for including navigation strategies on the site?
- How long should information be stored on sub-sites before it is deleted or archived?
The integrity, confidentiality, and privacy of your organization’s mission-critical information rests on how secure you make your site — specifically, to whom you choose to grant access to your site.
Granting and restricting access to your site is called managing permissions, and it’s one of your most important responsibilities as a site owner.
Here are some tips to keep in mind when you’re developing a permissions strategy.
- Follow the Principle of Least Privilege: Give people the lowest permission levels they need to perform their assigned tasks.
- Give people access by adding them to standard, default groups (such as Members, Visitors, and Owners). Make most people members of the Members or Visitors groups, and limit the number of people in the Owners group.
- Use permissions inheritance to create a clean, easy-to-visualize hierarchy. That is, avoid granting permissions to individuals, instead work with groups. Where possible, have sub-sites simply inherit permissions from your team site, rather than having unique permissions.
- Organize your content to take advantage of permissions inheritance: Consider segmenting your content by security level – create a site or a library specifically for sensitive documents, rather than having them scattered in a larger library and protected by unique permissions.
A site’s information architecture is like the table of contents for a book: It determines how the information in that site — its Web pages, documents, lists, and data — is organized and presented to the site’s users. Information architecture is often recorded as a hierarchical list of site content, search keywords, data types, and other concepts.
To create an information architecture, you must analyze the information to be presented in the site. Here are some of the questions you can use to develop an information architecture:
- What kind of content will you have on the site? How will that translate into sub-sites, lists, libraries, and so on?
- How will information be presented in the site?
- How site users will navigate through the site?
- How will information be targeted at specific audiences?
- How will search will be configured and optimized?
Part of your information architecture might include classification of information.
If the information you’re dealing with has high value to the company, requires special security, or is covered by regulatory compliance rules, you might want to set up a classification scheme to identify specific types of content that need to be managed carefully.
After you’ve organized information into specific lists and libraries, you can use governance features to manage how the content is managed. For example:
Require check-out of files
When you require check-out of a file, you ensure that only one person can edit the file until it is checked in. Requiring documents to be checked out prevents multiple people from making changes at the same time, which can create editing conflicts and lead to confusion. Requiring check-out can also help to remind team members to add a comment when they check a file in, so that you can more easily track what has changed in each version.
If you need to keep previous versions of files, libraries can help you track, store, and restore the files. You can choose to track all versions in the same way. Or you can choose to designate some versions as major, such as adding a new chapter to a manual, and some versions as minor, such as fixing a spelling error. To help manage storage space, you can choose the number of each type of version that you want to store.
Require document approval
You can specify that approval for a document is required. Documents remain in a pending state until they are approved or rejected by someone who has permission to do so. You can control which groups of users can view a document before it is approved. This feature can be helpful if your library contains important guidelines or procedures that need to be final before others see them.
Stay informed about changes
Libraries support RSS technology, so that members of your workgroup can automatically receive and view updates, or feeds, of news and information in a consolidated location. You can use RSS technology to alert you of any changes to a library, such as when files that are stored in the library change. RSS feeds enable members of your workgroup to see a consolidated list of files that have changed. You can also create e-mail alerts, so that you are notified when files change.
A document library or content type can use workflows that your organization has defined for business processes, such as managing document approval or review. Your group can apply business processes to its documents, known as workflows, which specify actions that need to be taken in a sequence, such as approving or translating documents. A workflow is an automated way of moving documents or items through a sequence of actions or tasks. Three workflows are available to libraries by default: Approval, which routes a document to a group of people for approval; Collect Feedback, which routes a document to a group of people for feedback and returns the document to the person who initiated the workflow as a compilation; and Collect Signatures, which routes a document to a group of people to collect their digital signatures.
Define content types
If your group works with several types of files, such as worksheets, presentations, and documents, you can extend the functionality of your library by enabling and defining multiple content types. Content types add flexibility and consistency across multiple libraries. Each content type can specify a template and even workflow processes. The templates act as a starting point, for formatting and any boilerplate text and for properties that apply to the documents of that type, such as department name or contract number.
If you have a group of sensitive files, and it would be helpful to know how the documents were being used, you can define a policy that allows you to enable 'Audit' tracking of events, such as file changes, copies or deletion.
Site lifecycle and retirement
Sites such as document worksites and discussion sites tend to hang around after they are no longer useful, using up valuable storage space and muddying search results. It’s a good idea to set a schedule for reviewing sites and their contents (at least once a year) to see if they are worth keeping.
It’s good to keep in mind, too, that your organization’s larger governance model might also be on the lookout for stale sites. For example, an administrator might automatically delete sites that have been untouched for 90 days. As a site owner, you would receive an e-mail warning you this was going to happen.
An administrator might have set a limit on the amount of disc storage your group can use. You need to find out if there is a limit and, if so, decide how you will apportion it amongst your sites, pages, and libraries.
By default, SharePoint Server imposes a 50 MB limit on the size of a single document that can be uploaded into a document library. Also, by default, Team site owners receive alerts when storage is at 90% of quota.
After you know what your limits are, you can use features like version or audit tracking to ensure your site stays within them.
Chances are your organization will have some standardized branding, site templates, or site layouts that are preferred or required. How far can users go in customizing the appearance of their sites and pages?
To control customization, you might decide to lock down who on your team has permission to customize, or you might opt for using standardized page layouts to ensure that certain requirements are met, such as having the site owner displayed in the upper left corner of all sites.
You might also want to set guidelines about the functionality people can use on their sub-sites. For example, you might want to ask that people not use Web Parts that would require any custom coding.
On the other end of the spectrum, you might provide everyone on your team with SharePoint Designer, so they can make all the changes they want.
Navigation elements help people to browse through the content that they need. Two navigation items that you can customize are the top link bar and the Quick Launch.
By using the settings pages for each list or library, you can choose which lists and libraries appear on the Quick Launch. You can also change the order of links, add or delete links, and add or delete the sections into which the links are organized. For example, if you have too many lists in the List section, you can add a new section for Tasks Lists where you can include links to your tasks lists.
The top link bar provides a way for users of your site to get to other sites in the site collection by displaying a row of tabs at the top of every page in the site. When you create a new site, you can choose whether to include the site on the top link bar of the parent site and whether to use the top link bar from the parent site.
Content appears in many places including sites, lists, libraries, Web Parts, and columns. By default, when someone searches your site, all the content on the site of any of its sub-sites appear in the Search results.
As a site owner, you can choose whether or not the content on your site appears in search results. When you prevent the content of a site from appearing in search results, the content of all the sub-sites below it also is blocked from appearing in search results.
By default, content with restricted permissions does not appear in search results for users who don’t have the permissions to read it. You can change that so that restricted content does display in search results, but users won’t be able to open content they don’t have permission to.
Top of Page
Roles and responsibilities for supporting the site
It’s a good idea to define roles and responsibilities to reduce the chaos that can ensue on a site when staff members rotate in or out of a team. Here are some of the things it’s good to have spelled out about who does what on your site:
- Training: Basic navigation, search, and document management training can be very useful for people new to the product.
- Support: You might want a designated expert on your team to troubleshoot problems and be a liaison to an administrator.
- Compliance with legal or organizational guidelines: Sometimes this might just be a matter of maintaining up-to-date links to the appropriate guidelines, but it’s good to have a person responsible.
Backup and recovery features protect your data from accidental loss. The frequency of backup and the speed and level of recovery are set up by an administrator.
Top of Page