3.4 Policies and Standards
define rules for SharePoint use; standards describe best practices.
From a governance perspective, policies are usually driven by
statutory, regulatory, or organizational requirements. Users are
expected to meet policies without deviation. If your organization is
subject to regulatory oversight, be sure you can actually enforce your
policies because a failure to do so may target you as being
noncompliant. Standards are usually established to encourage consistent
practices. Users may adopt some elements of the standard that work for
them while not implementing others.
As applied to the topic of file names, a policy
might state, “Do not include dates or version numbers in file names,”
while a standard might state “File names should be topical and
descriptive.” In another example, the policy might state “All
SharePoint sites will have a primary and secondary contact responsible
for the site and its content,” and the standard might state, “The site
contact is listed on the site home page and in the site directory.”
Each organization will have its own set of policies
and standards. General topics should include content oversight, site
design, branding and user experience, site management, back-end systems
(hardware, software, and database management), and security. To ensure
your content is relevant, do the following:
Verify that your SharePoint polices and standards do not conflict with broader organizational polices.
policies and standards where users can easily find and follow them.
Some policies may need to be published to “all readers,” while others
may need to be secured to protect the integrity of the application.
Regularly review and revise policies and standards to keep them aligned to organizational needs.
The next sections describe some specific examples of
policies and standards that you might want to consider for your
organization. This is not an exhaustive list but includes some reusable
ideas to consider.
Content Policies and Standards
Consider the following example content policies and standards, each of which is discussed in more detail in this section:
Posting content to existing pages or sites
Posting content to the home page
Content auditing and review
Posting Content to Existing Pages or Sites
You will definitely need a policy or standard to
ensure that the “one copy of a document” guiding principle is enabled.
Take a look at the Content Contribution and Ownership sidebar that
follows for a good policy to guide users regarding only posting content
that they “own.” In addition, consider creating policies for these
other content topics:
Content posting cycle.
Create a policy to remind users to delete content from its original
source or collaboration environment when it is “published” to the
official SharePoint repository (or use automated content disposition
policies to make sure this happens routinely).
Because content contributors on one site might have a link to content
on a site they don’t own, it is important to have a standard reminding
users to “edit documents in place” so that links do not break.
Content formats and names. Decide
whether you need policies for where certain types of content are stored
in your solution and whether or not you need file naming standards.
Consider a policy for defining what types of content belong in your
SharePoint solution and what types of content belong in other
locations. Given the rich search capabilities in SharePoint, it is not
always necessary to define strict standards for file names other than
to encourage users to choose names that will help someone else identify
the file contents.
Content containing links. Clearly define who is accountable for making sure that links in content or on a site are not “broken.”
Site Sponsors are accountable for ensuring that the
content posted on their pages is accurate and relevant and complies
with records retention policies.
Only post content on a collaboration site or in My
Site that you “own.” Ownership means that the document is or was
created by someone in your department, and your department is committed
to maintaining the content for its entire life cycle. If a document is
not owned by your department, but access to the document is needed on
your site, ask the owner to post it and then create a link to it on
Do not post content that you do not own the legal
right to post electronically, including .pdfs or scanned images of
journal articles or other documents from sources to which your
organization does not have online publishing rights. A link may be
created to this content on the content owner’s Web site.
Posting Content to the Home Page
You will definitely want to consider creating a
specific policy for posting content to the home page of your portal
solution. Most content on the home page should be carefully controlled,
especially for your intranet. After all, you get one chance to make a
first impression, and your home page is where users get that
impression! On an enterprise intranet, the home page can become a
battle for “real estate” among several business units, usually
Corporate Communications or Marketing and Human Resources. Even if your
“solution” is a project team site,
you will need to carefully consider how information is presented on the
home page of the site and who is allowed to create and place content in
this critical location. Some organizations solve the battle for home
page real estate by assigning areas of the page (“neighborhoods”) to
specific departments. Others assign primary ownership to one specific
department (often the department responsible for internal
communications) but use the Portal Governance Board or Steering
Committee to provide oversight and escalation if there are
disagreements about content.
Content Auditing and Review
Consider a policy to define the frequency and type
of review that you will have on each type of content or site. All
content posted to enterprise-wide sites should be governed by a content
management process that ensures content is accurate, relevant, and
current, but even private team sites should have a content management
strategy. For most sites, the maximum content review cycle should be no
more than 12 months from the date content is posted. Confirm that your
review cycles conform to any regulatory or statutory requirements.
Be sure you define clear policies regarding how your
records retention policies will be implemented in your solution and the
responsibilities content owners have to identify content as records and
associate the appropriate record retention code to a given content item.
Design Policies and Standards
Consider creating policies and standards for each of the following design elements:
Creating new subsites
Page layout and organization
Content Types and metadata
Creating New Subsites
If individual “end-user” site owners will have
permissions that enable them to create their own information
architectures for sites under their control, it is important to provide
some guidance to help them understand best practices for creating nodes in an information hierarchy. For example
If a particular business group is the primary owner of all of the
content to be posted on the page or site, creating a separate subsite
(“node”) for that business group probably makes sense.
If a significant group of content is highly sensitive, create a
separate subsite, workspace, or node to more easily control the
security settings for that content.
If there is a need to backup, restore, or otherwise manage content in a
single group, having a unique subsite or page for that content will
make these processes easier to manage.
Minimize the levels of nesting in the information architecture. It is a
good practice to keep the number of levels in the hierarchy to no more
than three so that users do not have to continuously “click through” to
get to critical content. If a new node in the architecture is not
needed for any of the other reasons just outlined, don’t create it.
Page Layout and Organization
Nothing makes a site more confusing than a random
collection of disorganized Web Parts cluttering a page. Anyone with
page design permissions needs to remember the guiding principle about
focusing on the end user, but these page designers should also be
familiar with general design usability best practices. Usability guru
Jakob Nielsen publishes a bi-weekly newsletter with excellent advice,
best practices, and tips for Web page designers. You can sign up to get
your copy directly in your e-mail inbox at http://www.useit.com/alertbox. Some of the recommended best practices for page design include
Establish a standard design for all pages of each site to ensure that
users can navigate without getting surprised by changing page layouts.
Speed. Make sure that users can get important information as quickly as possible.
Does the page layout require that users scroll up or down or left to
right to find important information? Design a page to fit your
organization’s standard screen size and then make sure that users
do not have to scroll to find the most important information or Web
Parts on the page. Scrolling should never be tolerated for critical
Important content in the upper left.
Put the most important content toward the top-left part of the page.
This is where readers will “land” visually when they get to the page.
If the most important information is in this location, chances are
better for capturing the user’s attention than if the information is
buried somewhere else on the page.
Content Types and Metadata
A Content Type is a collection of settings that
define a particular type of information, such as a project plan or
financial report, and can be defined for the entire enterprise, for an
entire Site Collection, or it can be defined “locally” for a specific
page or site. Site Columns are the “properties” of a particular type of
content. Columns are part of the attributes or properties of a Content
Type. Site Columns can also be defined across the entire solution or
for an individual site or Site Collection. Content Types and Site
Columns are both types of “metadata” in SharePoint 2010. The values for
many Site Columns (metadata) are specific to specific sites.
Social Tags and Ratings
Social feedback, content added by users as tags and
ratings, is new in SharePoint 2010. These capabilities allow users to
participate and interact with your SharePoint solution and improve
content “findability” by allowing individuals to supplement formal
classification with additional tags they find personally meaningful.
Social tags refer to metadata that users add to content to help define
what it is, what it includes, or what it does. Your governance policies
should include guidelines for how you want users to participate in
social tagging and provide guidance and examples of meaningful tags for
your organization. You should also make sure that users understand that
social tagging uses the Search Index to provide security trimming on
content that is stored in SharePoint, which means that users will be
able to tag confidential documents, but those tags are not visible to
anyone who doesn’t have read access to the document.
High-impact collaboration solutions ensure that
content is easily accessible by end users. This means that the content
is not just “findable,” but that it is structured and written to be
consumed online. Assuming that your content contributors are good
writers to begin with, they may not be familiar with best practices for
writing for the Web. It’s helpful to provide some standards and
policies for specific SharePoint lists and libraries. Following are
several examples of standards, policies, and best practices you may
wish to consider for your solution.
Blogs and wikis.
End users should be aware of what your organization considers
appropriate for posting social content to personal sites such as blogs
and wikis. While in some organizations, blogging about your hobbies is
acceptable; in others, it’s not. Be very thoughtful about how you
define governance policies for social content because you need to be
sure that you are not placing so many rules on your content that you
will discourage content contributions. There is no single right answer
for every organization.
Overall, the tone of all text should be concise and helpful. For
announcements, create a descriptive but succinct title. In the
announcement text, put the important information first and write
briefly, using no more than four to five sentences. Try to avoid using
large fonts and avoid lots of white space in announcement text. Do not
underline anything that isn’t a hyperlink. Make the link text a concise
description of the link so that it aids the reader in scanning:
Bad: Click here for the latest application form
Better: Download the latest application form
Best: Download the latest application form
Effective discussion boards must have someone who will serve as the
discussion board moderator to ensure that questions are answered and
that the discussion board adds value. In some organizations, you will
need to consult with the Legal department to ensure that information
about products, research, patients, data, regulated content, or legal
issues are appropriate in online discussion boards.
Picture or video libraries.
Content posted to picture or video libraries should be business-related
and appropriate for publication in the corporate environment. Be sure
to obtain permission from any individual in a picture or video that
will be posted to a site before it is uploaded. Also make sure that
your organization owns the image or has obtained the proper licenses
for its use.
In some cases, users and site designers will have the option to
indicate whether or not a link should open up in a new window. In
general, the following standards are recommended for links:
Links to documents or pages within the Site Collection: Do not open in a new window.
Links to documents or pages in another Site Collection: Open in a new window.
Links outside your intranet (to another application within the company or to an Internet site): Open in a new window.
Document libraries.Consider how documents will be used when you upload to SharePoint.
Documents may be uploaded to SharePoint using almost any document
format (Word, .pdf, Excel, PowerPoint, and so on). If you upload
documents in their native formats, users will be able to download them
and easily edit them
to create their own versions. Unless they have Contributor privileges
to a library, they will not be able to post them back to the same
sites. Documents that might be reused as an example for others should
always be uploaded in their “native,” editable formats. Documents that
must be protected from editing or changing, even on a “private” copy,
should be uploaded in a “protected” format or with passwords for
editing. Consider the .pdf format for very large documents given that
this format will reduce the file size and thus download time for others.
Security considerations are one of the most
important design elements for a SharePoint site. It is important to
think about security during the design process because understanding
how objects will need to be secured on the site will affect the site
structure, page layout, and metadata design. Considering that in almost
all SharePoint deployments, end users will have some capabilities to
manage security for sites they control, it is critical to ensure that
anyone with permissions to assign security understands how SharePoint
SharePoint provides the capability to secure content
down to the item level and provides multiple options for creating
security groups. This is both a blessing (due to the flexibility it
enables) and a curse (because it makes it very easy for users to create
overly complex and virtually unmanageable security models). As a best
practice, it is helpful to offer “security planning” consulting to
users who are new to SharePoint because planning security can easily
fall into the category we call “Don’t try this at home.”
The Corporate Communications department (or
its equivalent) in most organizations will typically define branding
standards for your intranet and Internet presence. A key governance
decision you need to think about is whether the corporate branding can
be changed in a given SharePoint Site Collection. There may be valid
business reasons to deviate from the corporate brand: For example, you
may want an extranet collaboration site that is “co-branded” with your
organization and a partner. Within an intranet solution, users may find
it confusing and wonder “Where am I?” if the site branding changes from
site to site, so you need to consider defining
branding standards and policies with the site user in mind. Using some
elements of color or brand variability in the site branding might help
reinforce your security model. For example, you may want the site
“brand” or theme to communicate the security model on the site—one
theme or brand for enterprise-wide intranet sites and another theme or
brand for secure team sites. This can help to provide visual cues to
content contributors, reminding them when they post to a site with the
“public” brand, the content can generally be seen by everyone in the