The SharePoint Information Governance Mismatch
•
2 gefällt mir•989 views
The SharePoint Information Governance Mismatch. Presented first at the SharePoint Evolutions Conference 2015. This session highlights the key challenges of trying to implement IG in SharePoint for Large and Global Organisations. The session also provides pointers towards some ways of managing the complexity effectively.
![The SharePoint Information
Governance Mismatch
[The Law vs Technology vs Business]
Ant Clay
Founder, CEO & Tummeler
Soulsailor Consulting Ltd](https://image.slidesharecdn.com/antclay-informationgovernancemismatch-150423081935-conversion-gate02/85/the-sharepoint-information-governance-mismatch-1-320.jpg)
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (15)
Ähnlich wie The SharePoint Information Governance Mismatch
Ähnlich wie The SharePoint Information Governance Mismatch (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
The SharePoint Information Governance Mismatch
- 1. The SharePoint Information Governance Mismatch [The Law vs Technology vs Business] Ant Clay Founder, CEO & Tummeler Soulsailor Consulting Ltd
- 2. Ant Clay Soulsailor Consulting Ltd www.SoulsailorConsulting.com Ant@SoulsailorConsulting.com @Soulsailor Founder of Soulsailor Consulting Ltd SharePoint IG Product Owner Zurich Insurance Combined Knowledge Trainer (Requirements & Governance courses)
- 6. I want to open your eyes
- 7. Assumptions: You already know ‘Why?’ you need Information Governance. Assumption: You know ‘Why?’
- 8. scope
- 10. who wins?
- 15. typical drivers for IG projects
- 17. questions to ask 1st
- 18. in scope systems
- 22. global laws & requirements
- 23. local laws & requirements
- 27. what about?
- 29. what’s a record?
- 30. what’s a business record?
- 32. we are scared of deleting
- 33. Archiving
- 34. Disposal
- 35. Record Retention
- 36. when is the right time?
- 37. - Data Owner - Data Classification - Retention Period - Disposal Period - Archive Period - ‘May Contain Nuts’ - Any other attributes??? typical IG Attributes
- 39. why is it so damn hard?
- 41. how do we do it…?
- 42. what are you doing?
- 43. business system IG is easy
- 44. in SharePoint IG is complex
- 45. cost of solving vs. penalties
- 46. theory
- 47. practice
- 48. IG is not the users problem
- 49. tools
- 50. vendor tools fit simple IG scenarios
- 52. steer towards one Vision
- 54. key question
- 55. analyse your rules early
- 57. business led versus IT led
- 60. Don’t go to prison
- 61. Don’t get big fines
- 63. stay high-level
- 65. Focus on Business Change
- 66. Migrating your Intranet and Managing your Documents in SharePoint - Randy Perkins Managing the Content Lifecycle in Office 365 - John Halliday Making Sense of the Information Jungle and the Path That Lies Ahead - Agnes Molnar & Dan Holme Achieving Governance through Transformative Migration - Bradley T Smith Content Classification Using Dependency Structure Matrix Analysis - John Holliday SharePoint Information Management - Paul Turner more of the iceberg!
- 67. Thank you for attending! Ant Clay
Hinweis der Redaktion
- Soulsailor Consulting is a small micro-consultancy focussed on: "Enabling organisational value by positively disrupting technology projects"
- bit.ly/BuySPGovManifesto
- The topic of Information Governance is HUGE, it is much larger, more complex and harder to implement than you think, trust me…
- In this session Intend to open your eyes to Information Governance and compliance and how they are mismatched in large global corporations. I won’t give you an answer, but you will leave with lots of questions to ask your business and a steer towards the right way to approach this for you and your organisation
- Assumptions: You already know ‘Why?’ you need Information Governance.
- Large / Global Organisations Highly regulated Collaboration/Knowledge (informal content) SharePoint
- My Knowledge Context: Session based on experience in: Zurich (Finance) SABMiller (Brewery) First Quantum Minerals (Mining) large universities (Education) Swisslog (Logistics).
- Who wins? Business or Technology? Neither, perhaps it’s Legal & Compliance & Law that wins?
- Wikipedia definition of IG http://en.wikipedia.org/wiki/Information_governance
- Clients definition of IG
- My Governance definition
- My IG Definition
- What typically drives major investment into IG? DataProtectionAct FreedomOfInformationAct DataProtectionDirective HealthInsurancePortability&AccountabilityAct GermanWorkersCouncil(BetrVG) US-EUSafeHarbor Sarbanes-Oxley Basel_I Basel_II ISO FACTA RightToBeForgotten German_BDSG
- The impact of inaction includes: - Fines / - Scale of fines - Reputational damage - Lack of value from information assets
- Questions to ask the business first IG Requirements Gathering
- What are your target systems? SharePoint Yammer Lync Exchange Fileshares? etc
- If your target system is SharePoint, then what bits should you govern? - Site Collections / Sites? - Libraries – all or just document? - Pages? - Lists? - Social?
- What business data is in scope? Records, Fileshares Collaboration / Social knowledge
- What business data is in scope? email voice customer / business records Application generated content ???????
- Easier to govern What local legal or compliance or business led rules and requirements do you have? EU Directives Global initiatives Organisation / Strategy led requirements
- Nightmare to consolidate and govern What local legal or compliance or business led rules and requirements do you have? Local is the killer? How local? Country? Business Unit?
- What are your data classification rules? Public/Open Internal Use Confidential Highly Confidential
- What about using the concept of Business Impact instead? High Medium Low There’s no legal requirement for the traditional conf, highly, conf etc approach.
- What does your data classification rules impact? Security/Access Who can change the data classification of content?
- …is this different to data classification? Is it linked? Personal Data – means its highly confidential Legally Privileged – exempt from Legal Hold Data Pertaining to Minors – Highly confidential SOX Compliant – whole can of worms
- Have you clearly identified the types of information you have? Will all these types of content live and be managed in under one platform??
- Have you clearly identified: A Record (read-only/non-delete)
- Have you clearly identified: A Business Record?
- A Non-Record? Social content
- We keep too much stuff… Common across most businesses is the fact that content does not get deleted. How far back does your email archive go? What’s the oldest file on your personal drive / file share?
- Based on everything above, what are your Archive rules? Are you going to, do you need to, do you want to? WHY? Cheaper storage? In 2013 is it really much cheaper? (Shredded storage etc) 3rd party tools for management? What about access to the content? Based on everything above, what are your Archive (housekeeping) rules? 12mnths probably to soon (annual reviews etc.)
- Based on everything above, what are your Disposal rules? Reduced storage? 3rd party tools for management? Based on everything above, what are your Disposal (housekeeping) rules? 12mnths probably to soon (annual reviews etc.)
- Based on everything above, what are your Disposal rules? Reduced storage? 3rd party tools for management? Based on everything above, what are your Disposal (housekeeping) rules? 12mnths probably to soon (annual reviews etc.)
- For all the above what will trigger the ‘action’? X months after last modified? X months after last accessed X months after custom trigger Think about content usage cycles i.e. documents only used once a year or legacy system documentation
- This is a BIG question! Typical Basic IG attributes include: - Data Owner - Data Classification - Retention Period - Disposal Period - Archive Period - ‘May Contain Nuts’ Indicators What do you guys use?
- Data Classification and Security - Twins? - Brothers & Sisters? - Unrelated? I’ve found that data classification should inform but not explicitly state the security…. Data classification informs the user how to ‘handle’ the content i.e.e steers them to appropriate behaviours
- Back to the original question, why is it so hard for large and global organisations to implement information governance and why is there such a mismatch between the technology, principles and business requirements? All the things we’ve talked about so far!
- Cynefin… ‘Place of multiple belongings’ As you will see later this is extremely relevant to the practice of IG Information Governance sits in the ‘Complex’ Quadrant as an ‘Emergent Practice’ Dave Snowden (Ex-IBM) Place of Multiple Belongings – multiple influencers SenseMaking model, not a Classification Model Highlight Analysis versus Facilitation in each zone. Technology Projects are typically in the Complex zone Business Problems & Technology projects are what I would class as “Complex” Problems Show the pronounced ‘canevan’ - Cynefin Matrix… Show where Business & Technology is versus a technology problem. Simple Domain - “Everytime you do X you get Y” Complicated Domain - “If you apply method A, on the advice of experts B and C, you will get to Z” Exchange deployment Complex Domain - “Based on department X feedback, let’s try this new configuration of sites, document libraries, folders and content types” Business projects & Technology Chaotic Domain- “Try method A and see whether it got you any closer to Z. Review whether your understanding of Z has changed as a result” http://www.youtube.com/watch?v=N7oz366X0-8
- How the hell do you implement a solution that caters for all this IG stuff AND delevers usability, putability, finability, business adoption and business value?
- Ask the audience whose doing IG? Whose doing a simple approach? Whose going all out complex?
- In business systems (CRM, Accounts etc.) its easy because business systems do one thing
- In SharePoint, it’s complex because SharePoint can do many things, we’re building solutions and functionality and new use cases AFTER the IG foundations have been applied, especially in the context of Collaboration.
- The cost of solving the problem versus the financial penalty What motivates me to do this over and above other business priorities (make money / cut costs etc.) For many Global orgs the financial penalties are insignificant. This may change with some legislations proposed to have the fine at 5% Global annual turnover EVEN if the issue is at a local level.
- Theory: Evolving, global approach but with many local nuances. Germany, USA, EU etc Rules based (doesn’t fit collab) Records ‘heritage’ (doesn’t fit collab)
- Practice: Business expects one solution, but has many complex rules, some date back pre- SharePoint, what is practical to implement versus the rule book Many rules aren’t complimentary i.e. we can’t take the worst case from all the rules and just implement that (no covering arse)
- Practice: Business doesn’t expect information governance to be the problem the responsibility of the end user, except perhaps data classification. But they expect it to be intuitive. Complexity should be in the system, not business users heads
- Tools: SharePoint Has simple approach to IG through Information Governance Policies. O365 is evolving this further with more Compliance & data management & rights management features Metalogix Sharegate Gimmal
- Tools: Tools (Avepoint, metalogix etc) come from SharePoint Governance not Information Governance Vendor tools fit simple scenarios (3 levels of compliance etc etc) In a lot of cases they are focused on admins,
- So how do we manage this complexity, assuming we want to even try? Lets finish of with some approaches to managing the complexity of IG in our SharePoint solutions Approaches to managing IT Complexity
- Vision (and stick to it)
- Whatever steps we take they need to allow us to do ‘goal alignment’ every step of the way….
- Age old question: Build versus Buy versus Customize versus Do Nothing!
- If your orgs Governance rules (such as values for retention disposal etc) are owned by business locally, do that analysis first before solutionising. The granularity and diversity of the rules & values can have a huge impact on solution & usability
- Local capability versus global Tech Solution. - One solution for everyone to use consistently - deliver capability that local IT customize to meet local needs
- Business Led Requirements = Too Complex IT Led Requirements = Too simple get a balanced approach
- ** SharePoint Information Management Policies deliver a lot of whats needed for a pragmatic solution Simple Global IG -> Use SharePoint information management policies Complicated global IG ->Use SharePoint & a tool Advanced IG –> Custom Complicated & local -> Custom
- Try to consolidate (rules), Try to trust (people), Try to be pragmatic (technology)
- Don’t go to prison
- Don’t get fined [too much]
- Don’t get a bad reputation
- When applying governance policies don‘t go lower than library level… user & tech complexity Ideally stay at Site or Site Collection level.
- A good (tech) solution to IG in a global organization with considerable complexity would be
- You need a HUGE FOCUS ON Business change… extract of your xls Especially if your migrating from fileshares to a well governed SharePoint solution Centre of Excellence / Records & Information Management Function
- Lots of great sessions this week on Information Governance related topics. Check them out or watch them on the Conference DVDs.
- Any questions?