Alan Calder on IT Governance, information security & ISO 27001

A new AIIM study on SharePoint takeup has recently been published. This report builds on their survey of a year ago. Barb Mosher, writing about the AIIM report on CMS, draws this conclusion from the two surveys:

“SharePoint 2007 will be in use for a while to come, and SharePoint 2010 will likely see even more uptake by organizations for a number of reasons. The problems related to SharePoint, whether it’s 2007 or 2010, are not going to change. Not because of the platform itself, but because the strategy, planning and governance that are required to implement it are still not being taken seriously.

What will we see in surveys run next year? The way it looks now, nothing that different than this year or the year before.”

And that tends to be the story where project level governance is concerned: those organisations that plan ahead, that put in place methods for dealing with the wide range of SharePoint issues – from ghost sites through to backup failures – will usually end up with robust, effective and useful SharePoint services. Effective SharePoint governance really can be the difference between success and failure – both short and long term – with a SharePoint deployment. For this reason, Microsoft publish guidance on SharePoint Governance, and our own SharePoint Governance Toolkit helps with MOSS implementations.

The idea of applying the governance concept to the deployment and use of SharePoint within organisations does, at one level, seem odd- it seems a very detailed level for the application of concept which is fundamentally about how the board governs the use of ICT within the organisation.

Microsoft Office SharePoint Server (MOSS) is an immensely useful collaboration and information sharing tool for organisations, teams and workgroups. However, poorly governed SharePoint deployments can create significant holes in organisational information structures as well as exposing the organisation and its information to a wide range of risks.

 Maximising value from your SharePoint deployment requires a joined−up approach that is aligned with the communication objectives and risk controls of the business − a governance approach. Microsoft introduced the idea of SharePoint governance with MOSS 2007 and has applied it to MOSS 2010 as well. The ITGP SharePoint Governance kit starts with the excellent Microsoft work and then goes substantially further, in terms of providing a practical and useful set of templates and tools that can integrate into any information security management system or IT Governance Framework.