Cabarrus County SharePoint Governance
Table of Contents Table of Contents... 2 Document Control... 3 Executive Summary... 3 Strategic Goals... 3 Roles and Responsibilities... 3 Operations and Support... 3 Strategy and Oversight... 4 Site Structure... 5 Site Structure Standards... 6 Global Tier (Intranet)... 6 Departmental Tier (Intranet)... 6 Personal Tier (MySites)... 6 Content Types and Site Columns... 6 Managed MetaData (Term Stores)... 6 Access Control... 7 Access Control Standards... 7 SharePoint Permission Levels... 7 Access Requests... 9 Retention and Recovery... 9 Content Standards... 10 Pages... 10 Lists... 10 Document Libraries... 11 Documents... 11 Images... Error! Bookmark not defined. 2
Document Control Version Date Author Notes 1.0 2/1/2013 Nick Roberts Initial Draft for Review 1.1 2/13/2013 Nick Roberts Expanding security section 2.0 2/28/2013 Nick Roberts Added TOC and expanded structure section Executive Summary Cabarrus County leverages Microsoft SharePoint as part of the Microsoft suite of software to support enterprise business processes throughout multiple lines of business including all County departments and several external agencies. The County website and intranet sites are built on SharePoint in addition to several custom developed solutions driven by specific business process requirements. An enterprise solution such as SharePoint can only be successful when specific standards and policies are in placed to govern use and development. This SharePoint Governance Policy outlines the administration, maintenance, development, support and use of all Cabarrus County SharePoint sites. The intent of the policy is to support strategic goals for SharePoint in the County environment. Strategic Goals 1. Provide a central repository for information to support Cabarrus County business processes. 2. Promote and support best practice standards for interdepartmental collaboration. 3. Support self service content management processes for both internal and external sites. 4. Deliver consistent solutions and present content in a homogenous manner. 5. Leverage investments including financial and skilled personnel to avoid costs associated with new software and consulting by focusing first on SharePoint as an enterprise solution. Roles and Responsibilities The Cabarrus County SharePoint environments are managed and supported by two distinct teams. The operations management team is composed primarily of Cabarrus County Information Technology Services staff and is responsible for the development and day to day administration of the technical infrastructure underpinning the SharePoint environments. The second and less formal team is focused on the strategic direction and evangelism of the SharePoint solution. This second team includes various key executive stakeholders and departmental power users. Operations and Support SharePoint System Administrator Current Assignment Duties Permission(s) Brad Eudy (backup Nick Roberts) Administer SharePoint Infrastructure including: Software maintenance / patch management Central administration SharePoint integration with other enterprise systems Manage Permissions in SharePoint applications Site Collection Administrator, Full Control on all SharePoint Sites 3
Web Master / Portal Owner Current Assignment Marci Jones (backup Debbie Brannan) Duties Develop solutions within SharePoint applications including: Create SharePoint objects in support of solutions (sites, sub sites, lists, libraries, etc ) Deliver end user training Develop training materials Gather and document user requirements for new solutions as needed Permission(s) Portal Owner (custom SharePoint permission based on Full Control) SharePoint Solutions Architect Current Assignment Nick Roberts (backup Debbie Brannan) Duties Plan, design and implement solutions based on user requirements, industry best practices and the Cabarrus SharePoint Governance Policy. Permission(s) Full Control Database Administrator Current Assignment Nick Roberts (backup Zach Woolard) Duties Maintain supporting database environment Assist in planning and implementation of solutions requiring database development. Permission(s) Sysadmin database role on Specific Database Instances Software Developer Current Assignment Brad Eudy Duties Plan, design and develop custom software solutions including SharePoint web parts, applications, scripts and custom workflows as needed Permission(s) Full Control in Development Environments Team Site Owner Current Assignment Duties Permission(s) Various power user level staff Maintain specific SharePoint sites: Create new objects as needed in concert with the SharePoint Governance Policy Modify and Create views to support requirements Troubleshoot user issues within specific sites (act as first level support) Site Owner (custom SharePoint permission based on Full Control) Strategy and Oversight SharePoint Lead Evangelist Current Assignment Debbie Brannan (backup Nick Roberts) Duties Promote SharePoint as an enterprise solution for Cabarrus County. Represent SharePoint operations and strategy teams with Executive level colleagues. 4
Maintain and implement the SharePoint Governance Policy. Use SharePoint solutions to conduct daily business processes. Communications Liaison Current Assignment Kasia Thompson Duties Promote SharePoint as an enterprise solution for Cabarrus County Lead communications group as SharePoint solutions are implemented Conduct content manager training (public website) Use SharePoint solutions to conduct daily business processes SharePoint Power User (Team Site Owner) Current Assignment(s) None Duties Contribute feedback regarding SharePoint solutions implemented Promote SharePoint as an enterprise solution among colleagues Use SharePoint solutions to conduct daily business processes Site Structure There are several SharePoint site collections deployed throughout the County, each with specific structure and purpose. In general all SharePoint environments will be structured to support the strategic goals noted above. Sites will be easily accessible and apparent, scalable, secure, redundant, recoverable and designed to leverage out of the box functionality with little need for custom development. Specifically the Intranet site will be organized in three zones with associated permission levels and governance. In general as the site content reaches more users it will be more tightly controlled and governed. This structure is based on industry best practices and will be used going forward with all intranet sites in Cabarrus County. Figure 1 Intranet Structure Diagram 5
Site Structure Standards Global Tier (Intranet) The global tier is the top level of the SharePoint Intranet site. Content pertinent to all Cabarrus County employees is either located within this tier or directly accessed via links in this tier. Governance is strict at this tier. Few users have full control over the content and environment. New content or modifications to content and structure are requested via the ITS service desk and vetted by the SharePoint Operations Team. This tier is permanent it will remain as long as the site exists. Global navigation (top navigation) is consistent and controlled. The menus and links will appear on all sub sites. Content will be aggregated in this tier from locations in lower tiers. Departmental Tier (Intranet) The departmental tier represents a collection of sub sites under the top tier. Each departmental site will employ a standardized structure and will be modified and supplemented to meet specific business requirements. Governance applies at this tier; however, access and content management permissions are less strict. Departmental users are assigned permissions ranging from read only to contribute based on requirements. Standard document libraries and lists exist in each departmental site. Departmental users may be assigned the role of Team Site Owner / Power User Personal Tier (MySites) Each staff member will have access to a SharePoint MySite for document storage and collaboration. Content Types and Site Columns Content types and site columns facilitate comprehensive management of content while increasing possible automation functionality and improved searches. All document libraries and lists deployed within SharePoint will be associated with a content type. Site columns and content types will be managed at the highest level possible and inherited by subsequent sites. All custom site columns and content types will be included in the Custom group. Data integrity will be preserved via required fields and lookup lists whenever possible. Managed MetaData (Term Stores) Term stores will be developed and maintained to support taxonomy based functionality. Term stores will be managed by ITS staff. Enterprise Keywords are utilized on Intranet sites and currently allow users to add their own values. ITS will periodically review the Enterprise Keyword term store and modify terms as needed. 6
Access Control Access control for SharePoint as an enterprise solution is based on supporting Active Directory technology. This integration, based on industry best practices, facilitates centralized management and enforces specific separation of duties among technical staff. Access Control Standards 1. All SharePoint permissions will be granted via Active Directory security groups. 2. All SharePoint AD groups will be contained within AD in a common Organizational Unit (OU) named SharePoint 3. AD security groups for SharePoint will use a specific naming convention a. All SharePoint security groups will begin with SP b. All website SP security groups will begin with SPweb c. All Intranet SP security groups will begin with SPIntranet d. Department level and team sites will include at least two groups for contributors and administrators. i. SPIntranetDeptContribute_department or SPsite ii. SPIntranetDeptAdmin_department or SPsite 4. The DOMAIN USERS AD group will be used as a default for Read Only access to specific sites including the root of the Cabarrus County Intranet (http://intranet.cabarruscounty.us). 5. Sub sites will inherit security settings from parent sites by default. b. Sub Sites will use unique permission sets when: i. Contributor level permissions are assigned to specific end users. For example, each department site on the Intranet will be managed by departmental users and therefore one security group cannot be used for contribute permissions; rather, individual departmental security groups will be created and assigned as unique permissions to each department sub site. ii. Content should be secured based on legal statute. For example, specific reports within the Intranet data center contain private information which should be secured based on State and Federal guidelines. The permissions on these reports will be configured unique to the parent document library. 6. SharePoint Permission levels will be assigned to AD groups rather than utilizing the default SharePoint Groups created during site creation. SharePoint Permission Levels In addition to standard SP2010 permission roles Cabarrus County ITS developed customized roles to meet specific business needs. SP2010 creates default Permission Level groups based on the type of site. CabarrusCounty.us and Intranet.CabarrusCounty.us were developed as publishing sites within SP2010. Default SP2010 Permission Levels for all Cabarrus County Sites (based on publishing template) Permission Level Description Permissions Included by Default Limited Access Allows access to shared resources in the Web site so that View Application Pages the users can access an item within the site. Designed to Browse User Information be combined with fine grained permissions to give users Use Remote Interfaces access to a specific list, document library, folder, list item, Use Client Integration Features Open 7
or document, without giving them access to the entire site. Cannot be customized or deleted. Read View pages, list items and download documents. Limited Access permissions, plus: View Items Open Items View Versions Create Alerts Use Self Service Site Creation View Pages Contribute View, add, update, and delete items in the existing lists Read permissions, plus: and document libraries. Add Items Edit Items Delete Items Delete Versions Browse Directories Edit Personal User Information Manage Personal Views Add/Remove Personal Web Parts Update Personal Web Parts Design View, add, update, delete, approve, and customize items Approve permissions, plus: or pages in the Web site. Manage Lists Add and Customize Pages Apply Themes and Borders Apply Style Sheets Full Control Allows full control of the scope. All Permissions for specific Site Restricted Read View pages and documents. For publishing sites only. View Items Open Items View Pages Open Approve Edit and approve pages, list items, and documents. For Contribute permissions, plus: publishing sites only. Override Checkout Approve Items Manage Hierarchy Create sites; edit pages, list items, and documents. For Publishing sites only. Design permissions minus the Approve Items, Apply Themes and Borders, and Apply Style Sheets permissions, plus: Manage permissions View Web Analytics Data Create Subsites Manage Alerts Enumerate Permissions Manage Web Site The following list represents the current custom SP2010 permission levels. Site Level Description Permissions 8
CabarrusCounty.us Department Approvers Custom permission level for department level content approvers. Includes all permissions granted to Department Contributors. CabarrusCounty.us Department Contributors Custom permission level for department level content editors. Manage Lists Add Items Edit Items View Items Open Items Approve Items View Versions Create Alerts View Application Pages Add and Customize Pages Browse Directories View Pages Browse User Information Manage Lists Add Items Edit Items View Items Open Items View Versions Create Alerts View Application Pages Add and Customize Pages Browse Directories View Pages Browse User Information Access Requests All Cabarrus County employees will be added to specific Read Only groups by default. These groups will allow initial access to the Cabarrus County Intranet and other SP2010 Team Sites as needed. In addition, specific AD groups will be assigned based on an employee s job code and / or function. 1. Requests for access to specific SharePoint Sites including read only, contribute and Admin permission levels can be submitted via an IT service request. 2. Some SharePoint sites require Supervisor approval in order to grant access. Cabarrus County ITS will follow up with site owners and other department level supervisors regarding such requests. 3. Sites and sub sites will include configuration to direct all SharePoint access requests to the IT Service Desk work order system. Retention and Recovery Content in the SharePoint environments are subject to all infrastructure availability and disaster recovery policies and procedures including the Disaster Recovery Plan, Database Backup Policy and Server Backup Policy. At the user level recycle bins are used to help users protect and recover data. SharePoint 2010 supports two stages of Recycle Bins: the first stage Recycle Bin and second stage Recycle Bin. 9
When a user deletes an item, the item is automatically sent to the first stage Recycle Bin. By default, when an item is deleted from the first stage Recycle Bin, the item is sent to the second stage Recycle Bin. A site collection administrator can restore items from the second stage Recycle Bin upon request. SharePoint will not be Cabarrus County s repository for documents archival. Rather, the LaserFiche environment is the appropriate archive location. Content Standards Standards regarding content development and management are necessary to support the enterprise goals for the Cabarrus County SharePoint environment; specifically, to deliver consistent solutions and provide content in a homogenous manner. These standards are not intended to restrict end users; rather, they are in place to ensure the user experience is stable and intuitive. There are standards associated with each type of content Pages Pages refer to the web pages which make up any SharePoint solution. Most pages will be managed by the SharePoint Operations team (Cabarrus County ITS staff); however, some will be maintained by power users. 1. New Pages New pages are created globally by SharePoint Operations Team (Cabarrus Count ITS) or by Site Owners to meet business requirements at various sub site levels. 1. Publishing Features All pages editable by users will be deployed with SharePoint Publishing features. Edits to these pages will be submitted for publishing and reviewed by the appropriate approver group. 2. Page Layouts Page layouts will be limited to those made available by SharePoint Operations team (Cabarrus County ITS). a. Additional page layouts may be requested via an IT Service Desk work order request. 3. Page Properties (metadata) Page properties may be dictated via custom Content Types and therefore may require certain property data be entered upon page creation. The page owner or contact is responsible for all page content. 4. Deletes Delete permissions will be granted to specific users via SharePoint permission groups. Before deleting any page the end user will review any dependencies including incoming links. Deleted pages will be moved to a site recycle bin first and then a central recycle bin. Lists Lists are collection of items in list format and may include custom lists with customized attributes, calendars and task lists. 1. New Lists 10
New lists are created globally by SharePoint Operations Team (Cabarrus Count ITS) or by Site Owners to meet business requirements at various sub site levels. 2. Custom Content Type Each list developed in SharePoint will be bound to at least one customized Content Type. Content Types will facilitate association of metadata to list items and can be managed at a site level (or higher). 3. New Columns New data columns will be controlled via the custom content type rather than locally at the list. 4. List Views List views are created globally by the SharePoint Operations Team (Cabarrus County ITS) or by Site Owners to meet business requirements at various sub site levels. Personal views may be created by all read only users. Document Libraries 1. New Document Libraries New document libraries are created globally by SharePoint Operations Team (Cabarrus Count ITS) or by Site Owners to meet business requirements at various sub site levels. 2. Custom Content Type Each document library developed in SharePoint will be bound to at least one customized Content Type. Content Types will facilitate association of metadata to list items and can be managed at a site level (or higher). 3. Document Library Views Document library views are created globally by the SharePoint Operations Team (Cabarrus County ITS) or by Site Owners to meet business requirements at various sub site levels. Personal views may be created by all readonly users. 4. Standard Document Libraries Certain standardized document libraries will be deployed with all departmental Intranet sub sites. Forms departmental forms in support of specific business processes. Policies department level policies (current approved versions). Procedures department level procedures (current approved versions). Documents 1. File Types Standard document libraries will be associated with specific file types to ensure consistency in content delivery. Library Policies Procedures Forms File Type(s) Adobe PDF Adobe PDF Adobe PDF (Fillable) 11
Pages.html documents 12