real-world sharepoint information governance a case...

Real-WorldSharePointInformationGovernanceACaseStudy

AntonioMaioEmail:[email protected]:www.trustsharepoint.comSlide share:http://www.slideshare.net/AntonioMaio2Twitter:@AntonioMaio2

©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.

InformationGovernance

InformationGovernancemeanssettingoutthestructures,people,policies,procedures andcontrolsnecessarytomanageinformationandsupportanorganization'simmediateandfuturerequirements

-Wikipedia


StandardsforManagingandUsingInformationImmediateandFutureRequirements

• DefineRoles&Responsibilities• DocumentEndUserNeeds• RegulatoryComplianceRequirements• LegalDepartmentRequirements

(Records,eDiscovery,legalhold)

• RiskManagement&Mitigation• AdministrativeNeeds• EnvironmentalNeeds• OperationalNeeds

andonandon…


DefineInformationArchitecture/Structures

(IncludesMetadataTaxonomy)

Confidential

DevelopingaSharePointGovernancePlanKeyAreastoFocus

DefineSecurityGroups,Permissions &RolesforAssigning Permissions

DefineRoles,Responsibilities,Authority

DetermineTrainingNeeds;PlantoEducateUser

Community

DefineRulesforSiteCreation,Management,Decommissioning


Soyouhaveaplan!

Nowwhat?


GovernanceisreallyaboutOrganizationalChange


Planning,Thought,Creativity

HardWork


OILANDGASInformationGovernanceCaseStudy

1


ClientProfile:OilandGasIndustry§Houstonbased§ 3500Employees§ Fortune70Company§HeavilyRegulated:PHMSA,DOE,DOT§MostSensitiveInformation:

HumanResourcesDataSalaries,Bonuses,StockGrants


InformationGovernanceJourney§GoingthruEnterprise-wideSharePoint2013migration

§ Buildingdepartmentbasedsitecollections

§ Securitywastopofmind§ Theyequatedgoodsecuritywithgoodinformationgovernance§ Otherdrivers:recordsmanagement,versioning,roles

§ ExecutiveSponsorship:VPofInformationServices§ EnterpriseMigrationtoSharePoint2013§ InformationGovernanceProcess


InformationGovernanceJourney

GovernanceCommittee– DefineVision&Goals§ EstablishaSharePointGovernancecommitteeorworkinggroup§ Define leadershipandownershipoftheoverallECMvisionfortheorganization§ Establishameetingcadence&defineavision, withgoals&objectives§ Defineacharterwithcommittee responsibilities

Roles&Responsibilities• Define theroles&responsibilities related tothedesign,administration&adoptionof

theECMenvironment• Includingexecutive, technical/administrative andbusinessleadership roles• DirectusageandgrowthofSharePointwithintheorganization


SiteArchitecture,Configuration&Processes§ DefineoverallSharePointsitestructurefortheorganization§ Includesiteownerresponsibilities§ Sitemonitoring,decommissioningandmanagementprocesses

OperationalandITAdministration§ Identifyoperational&ITmanagementprocesses§ Includemaintenance,disasterrecovery,backupandstorageneeds§ Definepermissionsrequired foreachITrole

ContentManagement&RegulatoryCompliance§ Define&identifyprocesses forcontentmanagement§ Recordsmanagement,retention,archiving§ Requirements tomeetregulatorycompliance standardswithinSharePoint

SocialCollaboration§ Defineusageofpersonal sites,newsfeeds,blogs,andsocial collaboration toolslike

Yammer



Security&Controls§ Definesecurityandmonitoringcontrols§ Includefarmlevel controls,userauthentication,authorization/permissions, security

policies, identitymanagement,automatedmonitoring/alerts,access tocontent,etc.

Training§ Identifyimmediate andongoingSharePointtrainingneedsfordiverseaudiences§ Includeendusers,powerusers,siteowners,administrators§ IncludespecialtyareaslikeBusinessIntelligence, ResponsiveDesignandbuilding

Workflowprocesses.

UserAdoption§ Define&identifyneedsforincreasing SharePointuseradoption§ Includetopicslikegooduserexperience design,arobustinformationarchitecture and

clear role/responsibility definition



UsingaSharePointInformationGovernancesite,OneNoteandtheProtivitiInformationGovernanceTemplate,allowsstakeholderstoactivelyparticipateindevelopingthe informationgovernanceplan.InformationGovernanceSite&Notebook


Developgoals&objectives,vision,formthegovernancecommittee,developgovernancecommitteecharterwithresponsibilities+tacticalmeetingdetails.InformationGovernanceSite&Notebook


Identifyrolesandresponsibilities,environmentalstructure,serverconfigurationandoperationalconcerns,authentication&analyzesupport structure,etc…InformationGovernanceSite&Notebook


Identifyrolesandresponsibilities,environmentalstructure,serverconfigurationandoperationalconcerns,authentication&analyzesupport structure,etc…SuccessCriteriaandOutcomes§ Timingwascritical

§ OccurredduringEnterprise-WideSharePointMigration§ Businessdepartmentsarealreadyengaged

§HeavyITinvolvementwhenimplementingtheplan§ Provide training, implementcontrols,automatethrough workflows,workwithbusinessgroups, regularsecurityreviews

§ Organizational changeoccurredonedepartmentatatime– manageable§ Centralizedpermissionmanagementandsitecreation

§ PlanningProcesswasveryinteractive§ SharePointSite&OneNoteallowsustodevelop theplanduringcommitteemeetings

§ Defineddataownersforeachdepartment§ Definedpermissionmonitoring andregularre-certificationprocess§ Defined/communicated responsibilities


Stillhadtoproducethatdocument!

InformationGovernancePlan


FINANCIALSERVICESInformationGovernanceCaseStudy

2


ClientProfile:FinancialServices§NewYorkbased§ 4000Employees§ Fortune700Company§ SECRegulated§MostSensitiveInformation:

MaterialNon-PublicInformation(MNPI)Informationismaterial ifthereisasubstantiallikelihoodthatareasonableinvestorwouldconsideritimportantindecidingwhethertobuy,holdorsellasecurity.Informationisnon-publicifithasnotbeenpubliclydisclosed.


InformationGovernanceJourney§ FailedanSECAuditrelatedtoaccesscontrolonfilesharesandsites,specificallyforMNPIdata

§ 2200Filesharesand1600SharePointSites§ Permissionsmanagementwasdelegatedtobusinessusers

§ AlreadyhadaSharePointGovernancePlan§ Didn’tapplytothosefilesharesandsites

§ ExecutiveSponsorship:HeadofCompliance§ Remediatethesecurityissues§ Takemeasurestopreventissuesinthefuture…anddoitallwithin3months


Step1:IdentifyDataOwners§GatheredlistofFileSharesandSites

§ Reportingtodetermineobviousownership§ Result:400filesharesorsitesclaimed(approx.200fileshares,200sites)§ Ensurealwayshave2dataownersforeach

§Workdirectlywithdataownerstoreviewandcertifypermissions§ Getdocumentedconfirmationofreview/certification

§Whatabouttheremaining2000fileshares,1400sites?


SharePointSitetoClaimOwnership

MakeitEasy!

CalculatedColumn,ContentEditorWebPart &JavaScripttoAuto-PopulateClaimForm

MakeitEasy!

ViewstoReview‘MyValidations’

(claimsI’vesubmitted)

MakeitEasy!Usetherightlanguagefor

yourbusinessusers.ProvideanFAQ

10,018Ownership

Claims(7400infirst5days)


Step2:IdentifyMNPI

§ Cannotbeautomated

§Makeitpartoftheclaimform:§ DoesthissitecontainMNPI?§ Nodefaultanswer,butprovideoptions:Yes,No,Uncertain

§ Ifthereisanydoubt,assumeitdoescontainMNPI

MaterialNon-PublicInformation(MNPI)Information ismaterial ifthereisasubstantiallikelihood thatareasonableinvestorwouldconsider itimportant indecidingwhethertobuy,holdorsellasecurity.Information isnon-publicifithasnotbeenpubliclydisclosed.


Step3:ReviewandCertifyPermissions§ Dataownersmustreviewpermissionsandeither:

§ Certifytheyarecorrect(provideemailthattheycertify)§ Makechangesandthencertify§ Requesthelptomakechangesandthencertify

§Givethemadeadline§ Checkupregularly§ Makesurehavesomeseniorpressuretogetitdone

§ Documenttheprocessheavily


Step4:ShutdownSitesNotClaimed/Certified

§ Pickadate- Giveplentyofwarning!

§ Filesharesareeasy– addadenypermission

§ SiteCollectionsareeasy– implementthelockfeature

§ Sites/Subsitesarenoteasy– removeallpermissionsrecursively


Step4:ShutdownSitesNotClaimed/Certified

§ ScriptedtheSharePointpermissionremovalprocesswithPowerShell§ Aspartofthescript,documentedpermissionsbeforeremovingthem

§ BePreparedforBacklash§ Willhelptodefinedataowners§ Defineaprocessbywhichyoucanrestorepermissionsifneeded–givebusinessanSLA(siteswillberestoredwithin6hrs,12hrs,etc.)

§ Scriptprocesstorestorepermissions§ Documentwhatyourestore


Step5:ImplementGovernanceSystem§ Implementathirdpartyapplicationtocentralizerequestsforaccesstoinformation§ FilesharesandSites§ Approvalsrequestedofindividual’smanageranddataowner§ Accessgrantedautomaticallyonceapprovalsreceived

§ Performpermissionrecertificationevery6months§ Automatenotifications&reminderstodataownersgoingforwardofrecertificationactivities

§ Allaccessrequested/granted/deniedismonitoredandlogged


SuccessCriteriaandOutcomes§ Toplevelsupport§ MandatefromHeadofCompliancetogetitdone!§ Allfilesharesandsitesremediated,except76fileshares

and90sites

§ ProcessdrivenbyInfoSecteam§ SupportedbySharePointAdministrationteam

§ StartedwithDataowners§ Organizationalchangestartedfromdataowners§ Definedpermissionmonitoringandregularre-certificationprocess

§ Defined/communicatedresponsibilities


Closing§ GoingthroughanInformationGovernanceplanningprocessisimportant§ Organizationalchangeiscritical!§ Considerhoworganizationalchangehappensinyourorganization

§ Considerdataownershipasamethodofkickstartingtheprocess§ Whoowns(orisresponsible)fordifferenttypesofdata§ Ownersunderstandtheirresponsibilities§ Ownersunderstandandperiodicallyreviewaccesstotheirdata

§ Considerapermissionmonitoringandregularpermissionrecertificationprocess

ThankYou!

AntonioMaioEmail:[email protected]:www.trustsharepoint.comSlide share:http://www.slideshare.net/AntonioMaio2Twitter:@AntonioMaio2


Appendix– ClaimSiteJavaScript

[javascript]<scripttype="text/javascript"src="../../Javascript/jquery-1.3.2.min.js"></script><scripttype="text/javascript">

//Getalthefieldnamesfromtheformfields=init_fields();//Getallquerystring parametersfromtheURLvar queryStr=getQueryParameters();

//Istheparameter"FileShareID"defined- ifsothenauto-assignthevaluefromtheURLtothefieldontheformif(queryStr[‘FileShareID’]!=undefined){

var properVal =decodeURI(queryStr[‘FileShareID’]);$(fields[‘FileShareID’]).find(‘input’).val(properVal);

}//Istheparameter"ShareName"defined- ifsothenauto-assignthevaluefromtheURLtothefieldontheformif(queryStr[‘ShareName’]!=undefined){

var properVal =decodeURI(queryStr[‘ShareName’]);$(fields[‘ShareName’]).find(‘input’).val(properVal);

}

//Istheparameter"UNCPath"defined- ifsothenauto-assignthevaluefromtheURLtothefieldontheformif(queryStr[‘UNCPath’]!=undefined){

var properVal =decodeURI(queryStr[‘UNCPath’]);$(fields[‘UNCPath’]).find(‘input’).val(properVal);

}

//RetrievealloftheparameterspassedontheURLfunction getQueryParameters(){

qObj ={};var urlSearch =window.location.search;if(urlSearch.length>0){

var qpart =urlSearch.substring(1).split(‘&’);$.each(qpart,function(i,item){

var splitAgain =item.split(‘=’);qObj[splitAgain[0]]=splitAgain[1];

});}returnqObj;

}//Retrievealltheinternalfieldnamesontheformfunction init_fields(){

var res={};$("td.ms-formbody").each(function(){

if($(this).html().indexOf(‘FieldInternalName="’)<0) return;var start=$(this).html().indexOf(‘FieldInternalName="’)+19;var stopp =$(this).html().indexOf(‘FieldType="’)-7;var nm=$(this).html().substring(start,stopp);res[nm]=this.parentNode;

});returnres;

}</script>[/javascript]

• Selectthelist• FromtheRibbonclickonFormWebParts• SelectDefaultNewForm• ClickonAddaWebPart• SelectMediaandContent• AddtheContentEditor• EdittheContentEditorwebpartandgiveitalinktothe

JavaScriptfile• PlacethefollowingJavaScriptintheSiteAssetslibrary

real-world sharepoint information governance a case...

Documents