ExplainIA-Poster1-1024x791In Part 1, we focused on the discovery which focused on six critical reports that detailed your SharePoint farms and business data. Part 1 can be found here Migrating to Office 365 to SharePoint Online? Part 1: How to get started

Part 2 will focus on your Information Architecture for SharePoint whether it be SharePoint 201x and Office 365 or simply Office 365. The focus of this exercise is to document your organizations taxonomy (organizational lingo) and incorporate data and security policy as well. The desired outcome is a series of documents that will help you make decisions, set policy and its consistent enforcement and to configure your SharePoint 201x and Office 365 environment.

Why do organizations struggle with this topic? Information Architecture is a unique skill set very different from typical IT skills of technical infrastructure and applications. Information Architecture requires library science, facilitation and domain (e.g. Pharmaceuticals, health) knowledge because you’re dealing with information, its value in relation to job activities and its classification so it’s surfaced, protected and can be leveraged providing value to the organization. The value of such a role depends on how your organization views the value of its information, complying regulatory guidelines, passing audits successfully and your ability to leverage information assets. The value is compounded when you introduce cloud technologies because now you have a vehicle for storing data on a service residing within a vender’s data center – which introduces data protection risks.

So how do you get started?

  1. Assemble a team that consists of the required skills sets (Information architect/facilitator, scribe…) and business representation. In a small organization this team might consist of a SharePoint Service Manager, Records Manager, Cloud vender and representatives from each line of business. In a large organization team might consist of a SharePoint Service/Product Manager, Records Manager, Compliance Office, Security Officer, and Representatives from each line of business and service management team (Operation team and or service providers).
  2. Review your organizations security policy and understand how that policy applies to protecting information – location, tagging, permissions and ownership chain. This information can be collected from a couple sources such as the Security team who should be able to provide data security guidelines and or policy documents and control plans. Also, auditor reports may also be made available which provides your insight regarding how your environment scored from an Auditors perspective. In general, auditors dislike the distributed permission control within SharePoint and the lack of ongoing data scanning and policy environment – view SharePoint as a black hole of sorts.
  3. Review your organizations data policy and understand how that policy applies to retaining information, tagging and classification. This information can be collected from a couple sources such as the Records Management team who should be able to provide data protection and retention guidelines and or policy documents and control plans. Also, auditor reports may also be made available which provides your insight regarding how your environment scored from an Auditors perspective. In general, auditors dislike the distributed permission control within SharePoint and the lack of ongoing data scanning and policy enforcement – think control plan, more on that later.
  4. Work with each line of business to itemize the documents, applications, people etc. they work with to get their jobs done. This exercise would be conducted for the major lines of business and departments and refined ongoing by working with department SMEs. For example, when I think about corporate information, the following questions come to mind. What information does the business collect? How is it used? How much of it is stored and where? Why is it kept? For how long? Here are some focused questions that will help but keep in mind you require someone that has done this before successfully:
    • What are all the different types of data and how are they classified? Do data owners exist for each data type or aggregate data collections?
    • How is data obtained? From whom? Why? Associated business process and or task?
    • What format is the data in? Application? Documents? Persons contact details?
    • How is data shared? With whom? Why? Associated business process and or task?
    • What are the business information availability requirements? Why?
    • What confidentiality, integrity, and availability requirements apply?
    • What is the legal environment surrounding the organization’s industry and the data it uses?
    • What issues have they experienced in the past?
  5. Once you have completed steps one through four the information architecture for the SharePoint environment(s) is documented to include the environments purpose (e.g. Office for external team collaboration or business partner collaboration), web applications, site collections, site templates (with branding), content types and related meta data (e.g. Dublin Core) and settings such as quotas, permissions settings and information management policy settings. Additionally, a control plan detailing the Information Architecture upkeep roles (e.g. data custodians, provisioning, exception handling etc., monitoring (e.g. site security and data scanning), and enforcement and reporting must be created so that Governance knows how to steer and enforce the Information Architecture. Finally, document any risks that have not been addressed and assign ownership to an executive sponsor whose mandate is complying with data policies and maintaining end user experience.

It’s important to note that your Information Architecture will evolve over time, refining it is very much an iterative process. As they say you cant boil the ocean and if you try, it will be a frustrating and unsuccessful experience. Hence why a diverse team and executive support is so important. Most organizations I’ve been asked to help focus on plumbing and not user experience from an information and content perspective. What’s the use of a highly available environment if the content is hard to find and of no relevance to the business?

Want to read up on the topic?

Enjoy!

Advertisements