Post on 26-Apr-2020
Real-WorldSharePointInformationGovernanceACaseStudy
AntonioMaioEmail:Antonio.maio@protiviti.comBlog:www.trustsharepoint.comSlide share:http://www.slideshare.net/AntonioMaio2Twitter:@AntonioMaio2
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
InformationGovernance
InformationGovernancemeanssettingoutthestructures,people,policies,procedures andcontrolsnecessarytomanageinformationandsupportanorganization'simmediateandfuturerequirements
-Wikipedia
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
StandardsforManagingandUsingInformationImmediateandFutureRequirements
• DefineRoles&Responsibilities• DocumentEndUserNeeds• RegulatoryComplianceRequirements• LegalDepartmentRequirements
(Records,eDiscovery,legalhold)
• RiskManagement&Mitigation• AdministrativeNeeds• EnvironmentalNeeds• OperationalNeeds
andonandon…
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
DefineInformationArchitecture/Structures
(IncludesMetadataTaxonomy)
Confidential
DevelopingaSharePointGovernancePlanKeyAreastoFocus
DefineSecurityGroups,Permissions &RolesforAssigning Permissions
DefineRoles,Responsibilities,Authority
DetermineTrainingNeeds;PlantoEducateUser
Community
DefineRulesforSiteCreation,Management,Decommissioning
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Soyouhaveaplan!
Nowwhat?
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
GovernanceisreallyaboutOrganizationalChange
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Planning,Thought,Creativity
HardWork
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
OILANDGASInformationGovernanceCaseStudy
1
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
ClientProfile:OilandGasIndustry§Houstonbased§ 3500Employees§ Fortune70Company§HeavilyRegulated:PHMSA,DOE,DOT§MostSensitiveInformation:
HumanResourcesDataSalaries,Bonuses,StockGrants
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
InformationGovernanceJourney§GoingthruEnterprise-wideSharePoint2013migration
§ Buildingdepartmentbasedsitecollections
§ Securitywastopofmind§ Theyequatedgoodsecuritywithgoodinformationgovernance§ Otherdrivers:recordsmanagement,versioning,roles
§ ExecutiveSponsorship:VPofInformationServices§ EnterpriseMigrationtoSharePoint2013§ InformationGovernanceProcess
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
InformationGovernanceJourney
GovernanceCommittee– DefineVision&Goals§ EstablishaSharePointGovernancecommitteeorworkinggroup§ Define leadershipandownershipoftheoverallECMvisionfortheorganization§ Establishameetingcadence&defineavision, withgoals&objectives§ Defineacharterwithcommittee responsibilities
Roles&Responsibilities• Define theroles&responsibilities related tothedesign,administration&adoptionof
theECMenvironment• Includingexecutive, technical/administrative andbusinessleadership roles• DirectusageandgrowthofSharePointwithintheorganization
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
SiteArchitecture,Configuration&Processes§ DefineoverallSharePointsitestructurefortheorganization§ Includesiteownerresponsibilities§ Sitemonitoring,decommissioningandmanagementprocesses
OperationalandITAdministration§ Identifyoperational&ITmanagementprocesses§ Includemaintenance,disasterrecovery,backupandstorageneeds§ Definepermissionsrequired foreachITrole
ContentManagement&RegulatoryCompliance§ Define&identifyprocesses forcontentmanagement§ Recordsmanagement,retention,archiving§ Requirements tomeetregulatorycompliance standardswithinSharePoint
SocialCollaboration§ Defineusageofpersonal sites,newsfeeds,blogs,andsocial collaboration toolslike
Yammer
InformationGovernanceJourney
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Security&Controls§ Definesecurityandmonitoringcontrols§ Includefarmlevel controls,userauthentication,authorization/permissions, security
policies, identitymanagement,automatedmonitoring/alerts,access tocontent,etc.
Training§ Identifyimmediate andongoingSharePointtrainingneedsfordiverseaudiences§ Includeendusers,powerusers,siteowners,administrators§ IncludespecialtyareaslikeBusinessIntelligence, ResponsiveDesignandbuilding
Workflowprocesses.
UserAdoption§ Define&identifyneedsforincreasing SharePointuseradoption§ Includetopicslikegooduserexperience design,arobustinformationarchitecture and
clear role/responsibility definition
InformationGovernanceJourney
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
UsingaSharePointInformationGovernancesite,OneNoteandtheProtivitiInformationGovernanceTemplate,allowsstakeholderstoactivelyparticipateindevelopingthe informationgovernanceplan.InformationGovernanceSite&Notebook
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Developgoals&objectives,vision,formthegovernancecommittee,developgovernancecommitteecharterwithresponsibilities+tacticalmeetingdetails.InformationGovernanceSite&Notebook
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Identifyrolesandresponsibilities,environmentalstructure,serverconfigurationandoperationalconcerns,authentication&analyzesupport structure,etc…InformationGovernanceSite&Notebook
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Identifyrolesandresponsibilities,environmentalstructure,serverconfigurationandoperationalconcerns,authentication&analyzesupport structure,etc…SuccessCriteriaandOutcomes§ Timingwascritical
§ OccurredduringEnterprise-WideSharePointMigration§ Businessdepartmentsarealreadyengaged
§HeavyITinvolvementwhenimplementingtheplan§ Provide training, implementcontrols,automatethrough workflows,workwithbusinessgroups, regularsecurityreviews
§ Organizational changeoccurredonedepartmentatatime– manageable§ Centralizedpermissionmanagementandsitecreation
§ PlanningProcesswasveryinteractive§ SharePointSite&OneNoteallowsustodevelop theplanduringcommitteemeetings
§ Defineddataownersforeachdepartment§ Definedpermissionmonitoring andregularre-certificationprocess§ Defined/communicated responsibilities
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Stillhadtoproducethatdocument!
InformationGovernancePlan
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
FINANCIALSERVICESInformationGovernanceCaseStudy
2
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
ClientProfile:FinancialServices§NewYorkbased§ 4000Employees§ Fortune700Company§ SECRegulated§MostSensitiveInformation:
MaterialNon-PublicInformation(MNPI)Informationismaterial ifthereisasubstantiallikelihoodthatareasonableinvestorwouldconsideritimportantindecidingwhethertobuy,holdorsellasecurity.Informationisnon-publicifithasnotbeenpubliclydisclosed.
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
InformationGovernanceJourney§ FailedanSECAuditrelatedtoaccesscontrolonfilesharesandsites,specificallyforMNPIdata
§ 2200Filesharesand1600SharePointSites§ Permissionsmanagementwasdelegatedtobusinessusers
§ AlreadyhadaSharePointGovernancePlan§ Didn’tapplytothosefilesharesandsites
§ ExecutiveSponsorship:HeadofCompliance§ Remediatethesecurityissues§ Takemeasurestopreventissuesinthefuture…anddoitallwithin3months
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Step1:IdentifyDataOwners§GatheredlistofFileSharesandSites
§ Reportingtodetermineobviousownership§ Result:400filesharesorsitesclaimed(approx.200fileshares,200sites)§ Ensurealwayshave2dataownersforeach
§Workdirectlywithdataownerstoreviewandcertifypermissions§ Getdocumentedconfirmationofreview/certification
§Whatabouttheremaining2000fileshares,1400sites?
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
SharePointSitetoClaimOwnership
MakeitEasy!
CalculatedColumn,ContentEditorWebPart &JavaScripttoAuto-PopulateClaimForm
MakeitEasy!
ViewstoReview‘MyValidations’
(claimsI’vesubmitted)
MakeitEasy!Usetherightlanguagefor
yourbusinessusers.ProvideanFAQ
10,018Ownership
Claims(7400infirst5days)
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Step2:IdentifyMNPI
§ Cannotbeautomated
§Makeitpartoftheclaimform:§ DoesthissitecontainMNPI?§ Nodefaultanswer,butprovideoptions:Yes,No,Uncertain
§ Ifthereisanydoubt,assumeitdoescontainMNPI
MaterialNon-PublicInformation(MNPI)Information ismaterial ifthereisasubstantiallikelihood thatareasonableinvestorwouldconsider itimportant indecidingwhethertobuy,holdorsellasecurity.Information isnon-publicifithasnotbeenpubliclydisclosed.
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Step3:ReviewandCertifyPermissions§ Dataownersmustreviewpermissionsandeither:
§ Certifytheyarecorrect(provideemailthattheycertify)§ Makechangesandthencertify§ Requesthelptomakechangesandthencertify
§Givethemadeadline§ Checkupregularly§ Makesurehavesomeseniorpressuretogetitdone
§ Documenttheprocessheavily
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Step4:ShutdownSitesNotClaimed/Certified
§ Pickadate- Giveplentyofwarning!
§ Filesharesareeasy– addadenypermission
§ SiteCollectionsareeasy– implementthelockfeature
§ Sites/Subsitesarenoteasy– removeallpermissionsrecursively
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Step4:ShutdownSitesNotClaimed/Certified
§ ScriptedtheSharePointpermissionremovalprocesswithPowerShell§ Aspartofthescript,documentedpermissionsbeforeremovingthem
§ BePreparedforBacklash§ Willhelptodefinedataowners§ Defineaprocessbywhichyoucanrestorepermissionsifneeded–givebusinessanSLA(siteswillberestoredwithin6hrs,12hrs,etc.)
§ Scriptprocesstorestorepermissions§ Documentwhatyourestore
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Step5:ImplementGovernanceSystem§ Implementathirdpartyapplicationtocentralizerequestsforaccesstoinformation§ FilesharesandSites§ Approvalsrequestedofindividual’smanageranddataowner§ Accessgrantedautomaticallyonceapprovalsreceived
§ Performpermissionrecertificationevery6months§ Automatenotifications&reminderstodataownersgoingforwardofrecertificationactivities
§ Allaccessrequested/granted/deniedismonitoredandlogged
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
SuccessCriteriaandOutcomes§ Toplevelsupport§ MandatefromHeadofCompliancetogetitdone!§ Allfilesharesandsitesremediated,except76fileshares
and90sites
§ ProcessdrivenbyInfoSecteam§ SupportedbySharePointAdministrationteam
§ StartedwithDataowners§ Organizationalchangestartedfromdataowners§ Definedpermissionmonitoringandregularre-certificationprocess
§ Defined/communicatedresponsibilities
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Closing§ GoingthroughanInformationGovernanceplanningprocessisimportant§ Organizationalchangeiscritical!§ Considerhoworganizationalchangehappensinyourorganization
§ Considerdataownershipasamethodofkickstartingtheprocess§ Whoowns(orisresponsible)fordifferenttypesofdata§ Ownersunderstandtheirresponsibilities§ Ownersunderstandandperiodicallyreviewaccesstotheirdata
§ Considerapermissionmonitoringandregularpermissionrecertificationprocess
ThankYou!
AntonioMaioEmail:Antonio.maio@protiviti.comBlog:www.trustsharepoint.comSlide share:http://www.slideshare.net/AntonioMaio2Twitter:@AntonioMaio2
©2016 ProtivitiConsultingPrivateLtd.AnEqualOpportunityEmployer.
Appendix– ClaimSiteJavaScript
[javascript]<scripttype="text/javascript"src="../../Javascript/jquery-1.3.2.min.js"></script><scripttype="text/javascript">
//Getalthefieldnamesfromtheformfields=init_fields();//Getallquerystring parametersfromtheURLvar queryStr=getQueryParameters();
//Istheparameter"FileShareID"defined- ifsothenauto-assignthevaluefromtheURLtothefieldontheformif(queryStr[‘FileShareID’]!=undefined){
var properVal =decodeURI(queryStr[‘FileShareID’]);$(fields[‘FileShareID’]).find(‘input’).val(properVal);
}//Istheparameter"ShareName"defined- ifsothenauto-assignthevaluefromtheURLtothefieldontheformif(queryStr[‘ShareName’]!=undefined){
var properVal =decodeURI(queryStr[‘ShareName’]);$(fields[‘ShareName’]).find(‘input’).val(properVal);
}
//Istheparameter"UNCPath"defined- ifsothenauto-assignthevaluefromtheURLtothefieldontheformif(queryStr[‘UNCPath’]!=undefined){
var properVal =decodeURI(queryStr[‘UNCPath’]);$(fields[‘UNCPath’]).find(‘input’).val(properVal);
}
//RetrievealloftheparameterspassedontheURLfunction getQueryParameters(){
qObj ={};var urlSearch =window.location.search;if(urlSearch.length>0){
var qpart =urlSearch.substring(1).split(‘&’);$.each(qpart,function(i,item){
var splitAgain =item.split(‘=’);qObj[splitAgain[0]]=splitAgain[1];
});}returnqObj;
}//Retrievealltheinternalfieldnamesontheformfunction init_fields(){
var res={};$("td.ms-formbody").each(function(){
if($(this).html().indexOf(‘FieldInternalName="’)<0) return;var start=$(this).html().indexOf(‘FieldInternalName="’)+19;var stopp =$(this).html().indexOf(‘FieldType="’)-7;var nm=$(this).html().substring(start,stopp);res[nm]=this.parentNode;
});returnres;
}</script>[/javascript]
• Selectthelist• FromtheRibbonclickonFormWebParts• SelectDefaultNewForm• ClickonAddaWebPart• SelectMediaandContent• AddtheContentEditor• EdittheContentEditorwebpartandgiveitalinktothe
JavaScriptfile• PlacethefollowingJavaScriptintheSiteAssetslibrary