Paragon's Brett Claffee shares his perspectives on trends, strategies, tools and technologies fueling information management and information governance.
SharePoint is often described and positioned as a multi-purpose platform. When it comes to Information Governance (IG) it delivers meaningful alignment, particularly with respect to disaster recovery, IT backups and security.
These components of IG programs are more back-end IT processes though, and therefore speak volumes about SharePoint and its IG user community.
In AIIM’s latest industry watch, The Impact of SharePoint 2016, 274 individual members of the AIIM community during June of 2016 shared their perspectives on SharePoint. One of the discoveries the research uncovered is that the majority of respondents reported having no IG policies associated with SharePoint or a lack of alignment between metadata and taxonomy, two key components of digital transformation and IG strategies.
Even as newly released versions of SharePoint get better at addressing key IG concerns, many organizations are not migrating platforms to the latest versions - some are even just now implementing SharePoint 2007. This fragmentation is difficult across the board—from vendors looking to integrate SharePoint with other Information Governance and Records Management tools, to users that must learn new ways to carry out an action in different versions, to Microsoft that supports the many flavors of SharePoint, and to IG practitioners that build strategies for enterprise data, content and information governance that need to plan for or address capability differences.
Is SharePoint 2016 finally addressing information governance?
Read any information governance blogs and white papers and you will find that the key to successful information governance programs and strategy implementations does not rely on the technology, but rather on the people, processes, policies and technology working together in harmony and alignment to provide that documented consistency and methodology that is so important in corporate compliance and defensibility.
So, it may not be a question of whether or not SharePoint is lacking for IG, but whether or not the organization is applying information governance to SharePoint.
IG policies must be in place first before looking for tools that are aligned or can be implemented to control IG policies. In order for policies to be in place, there needs to be strong governance and clear accountability, repeatable, consistent processes need to be agreed and documented and training programs must be developed to define clear responsibilities, behaviors and actions for managing data and records.
There must be retention schedules for records and policies for data and content management with clear delineation between the two. Implementation must be evaluated and controlled, particularly with respect to technology and tools.
- What good is the SharePoint Records Center capability if an organization does not have a retention schedule?
- Why does a robust metadata model and capability matter for SharePoint if there aren’t any rules and guidelines for collecting and applying this metadata such that it may be integrated with other platforms?
- If metadata is not captured and controlled, how can legal holds be consistently applied?
- If ownership and accountability cannot be established, who can make the decision to defensively destroy the records and data or make decisions regarding archiving and long term preservation?
- If you transition to the cloud from on-premise, are you addressing the latest digital shield/ safe harbor requirements?
- If you are enabling a digitally mobile workforce, have you assessed security and privacy implications of your mobile policies?
SharePoint projects should not be left entirely to IT
IT promotes using SharePoint as part of strategic vision and cost savings strategies for a collaborative content management platform – and it is.
IT, and to a greater extent an organization's CIO, is responsible for the ecosystem and infrastructure for solutions to be built and managed. In previous blog posts, my colleagues and I have talked about a need for a Chief Information Governance Officer or CIGO to be responsible for assigning accountability to the data, information and records that are generated and managed on the infrastructure.
At the base level, what is needed is accountability for information creation, use, management and destruction – business users that are the subject matter experts. Where are they in SharePoint implementation projects?
Users agree that if SharePoint is meant to be more than a replacement for file shares, implementation must be driven by use cases that align with their business strategies, including but by no means limited to supporting strategies such as digital transformation, information governance and records management, but even more so to core business capabilities, providing higher quality healthcare, more robust insurance policies, or personalized medicines as key examples.
- Is SharePoint being deployed at a Life Sciences company in a way that makes getting medicine to patients, faster?
- Is IT asking the business for metadata rules around classifying clinical study information, being able to identify records involved in the manufacture or marketing of a particular compound?
- Is the business pushing for these rules to be implemented?
While these rhetorical questions are geared toward a life sciences example, you should immediately see that this "push-pull" of business rule information is not occurring so organizations are left with:
- Out of the box functionality and thus a disconnected user interface that challenges change efforts
- Manual classification efforts that do not map to an enterprise data model
- A misunderstanding of whether they created information, data or records
- A lack of ownership and accountability for managing the information store
- Inability to defensively retain nor destroy the proliferation of content
If your organization is finding implementation and use of SharePoint stalled, perhaps it is not SharePoint, but a need to evaluate your information governance program.