Array
(
    [post_type] => post
    [posts_per_page] => 6
    [order] => DESC
    [orderby] => date
    [ignore_sticky_posts] => 1
    [post__not_in] => Array
        (
            [0] => 45475
        )

    [category__in] => Array
        (
        )

    [tax_query] => Array
        (
            [relation] => OR
            [0] => Array
                (
                    [taxonomy] => category
                    [field] => slug
                    [terms] => Array
                        (
                            [0] => sharepoint-management
                        )

                    [operator] => IN
                )

        )

)

Your 7-Point Checklist for an Effective SharePoint Governance Plan: A practical, step-by-step guide that users can follow, covering the definition of a governance team, setting goals, and documenting roles. 

Here at Essential we do love SharePoint governance. Well, love might be a strong word, but we are certainly very keen on governance. 

Why? Because governance is critical in terms of supporting security and compliance and reducing risk around oversharing. It’s even more critical in the ever-increasing use of GenAI in business. 

SharePoint governance also underpins strong adoption and optimum business use, reducing site sprawl and even optimising each SharePoint site based on its use case. Effective SharePoint governance also reduces your admin overhead and effort, which is always a win. 

Because we love SharePoint governance, we also love a good SharePoint governance checklist and plan. In this post you’ll find our seven-point checklist for introducing strong and sustainable SharePoint governance, covering everything from roles and responsibilities to permissions to stie provisioning. If you follow each step, you should have a comprehensive approach that will have tangible business benefits. 

Ready? Here’s our 7-point plan:  

1. Set Clear Goals for Governance 

An effective SharePoint governance framework has multiple benefits that can lead to tangible positive outcomes. Articulating your main goals and objectives helps to: 

• Keep everyone on the same page and act as the rationale for the governance plan
• Get buy-in from business stakeholders to ensure they take SharePoint governance seriously
• Help support the business case for any investment required to underpin governance and execute your strategy
• Acts as an important input as you work out the scope and details of the plan
• Help to track and monitor success
• Help keep focus and value as SharePoint governance evolves.  

Take time to define your goals, ideally linking these to real world objectives and measurable business outcomes. For example:

• Reduce SharePoint-related data security and compliance incidents by implementing role-based access reviews, lifecycle policies, and quarterly site audits across all active SharePoint sites (with a defined date for completion). 

• Implement a standardised SharePoint site structure and metadata model across all new and existing team and communication sites, with an aim to achieve a defined % increase in active usage and a measurable reduction in oversharing incidents identified. 

Apply lifecycle controls with effective creation and archiving processes to reduce site sprawl, reduce related storage costs, your environmental footprint and the related support burden. 

2. Set up a Governance Team

Just because it’s a bit ‘techie’, SharePoint governance should not fall solely on the shoulders of the IT department. You ideally need stakeholders from different parts of the business involved to ensure you get the ‘buy in’ you’ll need.

• SharePoint Admins 
• Teams site admins 
• Site owners – this might be business leads such as HR and Sales, rather than just IT 
• Security teams 
• Non-technical site administrators 
• Content contributors – typically non-technical.

A RACI or RASCI matrix (Responsible, Accountable, Supportive, Consulted, Informed) is an excellent framework to help map out and define roles, while also acting as an effective tool to then manage ongoing roles and headline responsibilities as your governance plan takes effect and potentially evolves.  

3. Document the Roles and Responsibilities 

Once you’ve defined your governance team and some of the related roles, it’s important to then to add more detail and document all the related SharePoint responsibilities and how these interface with the various governance processes such as site creation.  

Documentation is particularly important for business roles such as site owners, business approvers, and content contributors, where working with SharePoint will likely only be a fraction of a person’s overall job. The detail provided by a role description helps to:  

• Provide clarity and consistency. 
• Let everyone know what is expected – and sometimes the ‘why.’ 
• Reduce the chance of task getting missed. 
• Clarify accountability for key areas such as ensuring content is relevant and permissions are always up to date. 
• Help new site owners and other roles get up to speed quickly. 

When working out roles and responsibilities it’s also worth considering two elements that can help everyone carry out their duties: 

• Targeted training and self-serve support resources that reinforce what needs to be done. 

• Automation tools that can notify and enforce periodic SharePoint site owner reviews – we like the provisioning platforms available from ProvisionPoint and AvePoint, which make it a much easier job. 
   

4. Standardise Site Creation and Templates 

• Every new site must go through an approval process to ensure value and avoid duplication

• Ensure sites that have a good business purpose, requisite ownership (for example at least two named owners) and relevant metadata added

• Apply defined templates relating to different business use cases that optimise the site set-up, and apply the right settings, supporting best practices while also speeding up the site creation process through automation

• Potentially direct users to deploy other appropriate collaboration tools for some use cases including Viva Engage and Microsoft Teams.  

Here at Essential we have developed a Site Provisioning Framework that can automate provisioning while ensuring every new site has an owner, the appropriate metadata tags and even the right naming conventions.  

5. Implement Policies for Permissions and Sharing

A key pillar of SharePoint governance is to implement robust policies around access, permissions and sharing resources externally. Having the right policies in place is critical to support security, prevent oversharing and reduce the chance of incidents.  

Where possible, permission-related policies should encourage and operationalise the ‘Principle of Least Privilege (POLP)’ which avoids over-permissioned accounts and strictly limits SharePoint admin rights to the level that people actually need. This reduces the chance of incidents in a way which will not impact the user experience. Using only role-based access within SharePoint too will help support this approach. 

Policies also need to cover areas such as: 

• Who can use SharePoint to share externally and how this is governed 
• Any restrictions that need to be in place for particular sites 
• How access is regularly reviewed and monitored.  

One detail we recommend covering explicitly in your permission policies is the ‘Everyone except external users‘ group in SharePoint, which all too easily can open a site to all employees and even service accounts, potentially without site administrators realising.  

6. Establish Lifecycle Management and Archiving Rules 

Just as your governance approach needs to focus on site creation, it also needs to focus on removing sites when they are not needed. Lifecycle management is very important to: 

• Avoid site sprawl and keep your SharePoint environment under control 
• Minimise data storage costs 
• Support security and compliance as inactive sites that are just left to languish present a significantly greater risk  
• Remove redundant data and content that is out of date or erroneous 
• Better support SharePoint as “one source of truth” to support your AI and Copilot efforts 
• And more. 

Lifecycle management policies need to set rules for: 

• When and how SharePoint sites are archived or deleted, aligning with compliance requirements around records management. 
• Setting up rules around review of sites both periodically and triggered by certain events. 
• Related processes around restoring sites or retrieving information if required.  

There are lots of different tools that can help automate or partly automate SharePoint and Team site lifecycle management covering review, retention and archiving processes including AvePoint Cloud Governance or Provision Point are two solutions we use and can recommend. If tooling is not in your budget, Power Automate can also help configure the appropriate workflows.   

7. Monitor, Measure, and Evolve

SharePoint governance is not something that is static – you certainly can’t “set and forget”. A governance framework needs to flexible and evolve, so that it adapts to: 

• Organisational needs around the use of SharePoint and other Microsoft tools 
• New capabilities, features, and changes to the Microsoft 365 platform 
• Employee needs and real-world use of SharePoint sites 
• Emerging compliance and security challenges. 

It’s critical to track metrics, monitor sites and gather feedback from users to work out what is working and what isn’t and to identify where changes to your governance framework are needed.  

For example, tracking the ratio of active to inactive sites or the growth of SharePoint storage might suggest tweaks are required to either your site provisioning or archiving policy. Additionally, internal and external incidents and events may be a trigger to review and refine governance documents. 

It’s important to regularly review documentation – for example every six months or a year.