Operational Governance

Most of my job with AvePoint involves talking about “operational governance”. Those two words, not to mention those two words together, can mean different things to different people, so I have a lot of conversations clarifying what we mean at AvePoint when we talk about operational governance. Since writing is a good way to efficiently say the same thing repeatedly yet only once, I decided to dedicate a entire blog post to the topic.

AvePoint is a Microsoft partner and Independent Software Vendor (ISV), so most of the time we’re talking about Office 365 or SharePoint platforms. However, the basic concepts can apply to any collaboration solution. I’ll keep the following generic, but will occasionally mention these solutions by way of example.

In the world of collaboration, multiple users are alternately accessing, creating, or modifying content. This can be word processing files, spreadsheets, presentations, and the like. This content gets organized into logical containers, which may have subcontainers, or may have other ways of organizing information – sites, folders, subfolders. In SharePoint and SharePoint Online, we’d organize things around site collections, sites, and libraries, maybe with some lists for good measure.

This is the “operational” part of the phrase. These are the operations that need to be governed.

Whether applied to content or the logical containers it gets organized into, we can imagine a life cycle. Operational governance leans heavily on life cycle management or content lifecycle. It’s the birth, life, and disposition* of content or the logical containers it lives in.

*Some might say “death” but I’ve been told that is morbid. Another alternative is “retirement”.

Different companies use different words, but if we’re being fancy, let’s say:

Some examples of what “birth, life and retirement” are, re-labeled Provisioning, Management, and Disposition.

Provisioning

Create content.

Create Folder.

Create Site.

Management

Disposition

Re-organize content.

Move/Copy content.

Change permissions.

Attestations.

Archive content, folder, or site.

Delete content, folder, or site.

Report on disposition of archived or deleted content.

Good operational governance will make each one of these processes consistent, repeatable, auditable, and scalable. Some customers I work with might create new content a couple of times a day; others, hundreds of times a day. They may have a dew dozen or a few thousand site collections at any given time, and they may be faced with deciding, daily, which sites get archived, which get deleted, and which continue being available.

Consistent means that every time someone goes to do something – create a folder, move content, change permissions, etc – it works the same way. In an environment where non-technical people are expected to create and manage content using highly configurable services, making the process consistent and simple is very important. If it’s too frustrating, people won’t use it. If it’s to easy, they may get careless in how things are named, labeled, and controlled.

Repeatable means that the same process can be executed over and over, and over and over and over again. In an environment where hundreds of small projects are started, with different sets of people and different requirements for sharing their work each time, having a process that can be used repeatedly makes the collaboration service itself more efficient.

Auditable processes are important for purposes of accountability. Who created this content? Who created the site or library where it lives, and who approved it? This all helps identify who can answers questions about the content, questions like, “how sensitive is it”, or “is this still needed”, for starters.

Scalable processes are what separate serious collaboration services from ad-hoc attempts to collaborate. Experienced IT professionals may be familiar with new technologies that were tested well with a few dozen users, but when they “went wide” to the whole company, they failed, perhaps in part because the underlying service could not handle the demand.If you can’t scale it, you will fail it.

Governance is about Ownership

The above points are not, in themselves, governance. They’re side effects of good governance. Good governance is about ownership. That is, governance is about responsibility.

  • Who requested this?
  • Who approved this?
  • Who uses this?
  • Who decides what can be stored here?
  • Who can approve access?
  • Who attests that the metadata is correct?
  • Who responds to questions about this?
  • Who decides whether this is still needed?
  • Who decides whether and when to delete content?
  • What if some content has to be retained, who decides what that is?
  • Who approves whether content can be deleted or retained?

These are just a few examples of what ownership means in a collaboration context.

Why is this important? Microsoft has made great strides in making collaboration usable and, dare I say it, fun. I remember the days when using Microsoft technologies was a burden, compared to the ease and gleam of other operating systems, applications, and web services.

However, in making collaboration easier, Microsoft has eased up on the controls. If you’re responsible for compliance, privacy, security, retention, or service adoption, then life without governance is like driving a car with no steering wheel and no brakes.

As I said at the top, I have a lot of conversations with customer clarifying what AvePoint means by operational governance, which always leads to the question of, “what does governance mean to you?” Rarely does a customer have a strong idea of what kinds of governance should be in place, and if they do, it’s the classic blind-men-and-elephant story: everyone has an idea of what governance should be in place for their area of expertise, but there’s no coherent vision.

Operational governance supports and builds on business requirements. It should never start with a technology solution. Take time to define your requirements and understand what is driving them, and then go find a solution that meets those requirements.

Leave a Reply

Your email address will not be published.