Thursday, January 07, 2010

Governance Concepts, Strategy, and Authority

One of the initial challenges with establishing governance model is organizing the concepts appropriately. In order for governance to be effective, the concepts need to be grouped according to the appropriate scope, authority, and audience.

Information Management is a concept that may apply across an entire enterprise; same with corporate polices and procedures. However, the SharePoint platform may only be responsible for organizing a sub-set of an organization's information and therefore the scope of this is smaller. Additionally, SharePoint is technical in nature and so the emphasis on Information Technology audience is greater. For these reasons, it makes little sense to try to encapsulate all of the governance topics for an organization's information management needs, within a SharePoint governance plan. Instead, topics should be divided and organized appropriately.

For example, if you were on a whiteboard brainstorming and creating idea clouds for the purpose of outlining your governance topics, you might start to group topics like this:

Information Management Statement of Governance

  • Overview
  • Roles and responsibilties
  • Decision making processes
  • Explanation of information architecture
  • How taxonomies are developed and integrated
  • References to file naming conventions
  • References to policies and procedures

SharePoint Governance

  • Overview
  • Roles and responsibilities
  • Operating processes
  • Explanation of the applied use of SharePoint with respect to Information Management
  • References to SLA
  • References to policies and procedures

Policies and Procedures

  • Information Security policies
  • System Use policies
  • Support policies
  • Request processes
  • Project processes

Thinking about these concepts right is a prerequisite to creating governance documents and perhaps even beginning to model any new, collaborative solutions. Authority needs to be defined and delegated up front. Without a central managing body having necessary authority, the decision making process will be a constant road block.

Consider this classic scenario; a hypothetical Information Technology department owns and manages technology systems for an organization. They don't happen to possess authority to own or commence initiatives around analysis, design, and integration of information architecture policies and processes. This department decides to deploy SharePoint as a technology offering. A likely, potential result of this is that the deployment becomes a commodity service. The odds that this platform will do much to improve information management practices throughout the organization, are thin. The initiative was not started by the body which governs information architecture practices for the company.

Now consider a variation. Consider that this hypothetical business unit now has the authority to work with other business units collectively, and facilitate a company wide initiative to analyze, interpret, and parse the information management requirements of the company, the teams, and the individuals. They also have authority to facilitate the creation and management of information management policies and procedures. Finally, they retain the authority to own and manage technology systems. This scenario has a much greater potential to produce a full bodied SharePoint deployment, adding lots of value throughout the business by integrating information management capabilities. In this scenario, the technology can actually be used to mandate how documents are organized, where they are stored, and how they are tagged.

Having said this, a commodity service may be the right next step for an organization, who is to say. But evolution of processes tell us that one day, silos of information will want to be joined. Progression is a natural thing and it should be embraced. SharePoint as a commodity service is not the end game, it is a starting point. Strategy is recognizing progression paths and figuring out how to make it happen. There will be people fighting the progression and arguing the direction is wrong, that they have different ideas. There will be resistance. Strategy demands authority. Governance provides it. The right combination of these pieces can act as one hell of a steam roller.

Outline for Disaster Recovery Plan Document

The purpose of this post is to share a disaster recovery plan outline. This is an outline that I have been evolving for several years. And, although this outline was intended for SharePoint environments, it can be used for any system or application.

The reason I like this outline is because I know it works. Unlike many other plans on the Web, I think this outline provides more complete coverage of the business and technical aspects of disaster recovery. Many of the plans I have seen are merely explanations of the SharePoint product features and limitations, or advertisements for third party products. Detailing what SharePoint's strengths and weaknesses are with regards to backup and restore will not do you an ounce of good in the event you need to perform a recovery of some sort. Additionally, no matter what tools you have for backing up and restoring, you still need a good plan to address the process. Different tools only change the content of the backup and recovery procedure section of the plan, they don't change the structure of the document or eliminate the need for any of the sections of the document.

The audience for this document can include the tactical team members who execute the plan, but also the business stakeholders, sponsors, and business process owners who are affected by the availability and recovery policies and procedures. Everybody should be involved with contributing to and reviewing the plan. This review process is very healthy because it resets expectations and keeps everybody on the same page.

SharePoint Disaster Recovery Plan Outline

I. Overview
a. Explanation of the document
b. Explanation of when to use the plan

II. Business Profile
a. Application or system owners, points of contact
b. Application or system summary
c. Related business processes
d. Usage information
e. Availability requirements (link to SLA)
f. Recovery requirements (link to SLA)

III. Technical Profile
a. Hardware inventory
b. Software inventory
c. Related systems
d. Vendor contact information (contact, support agreement information, etc.)

IV. Failure Scenarios
Matrix listing all failure scenarios with description of each scenario

V. Backup Procedures
Instructions for each method of back up used to support every possible recovery scenario

VI. Recovery Procedures
Instructions for recovering from each failure scenario

VII. Verification Procedures
a. Functional testing
b. Security testing
c. Performance testing
d. Checklists

VII. Appendix
a. Glossary
b. Links to policies, procedures

VIII. References

Interesting Change Affecting Microsoft Office 2003 and 2007

According to KB978951, versions of Microsoft Office 2003 and 2007 sold after January 2010 will no longer include some of the custom XML tagging capabilities. Full details are available in the article, "Description of the January 2010 update for Office Word."