In our practice, we make it a point to bring up that which will not be mentioned:
Governance – Management of your information requires controls, standards and yes, planning. I've seen very few companies put enough emphasis on governance – simple standards are not sufficient.
Business Continuity Planning – The most overlooked (particularly in SharePoint) is planning for what will happen should there some kind of diminished capacity – loss of services, loss of people, etc.
Disaster Recovery – Sure, everyone generally does backups of data, but rarely do I see them fully plan out what they would do if in fact backups were all they had to recover with.
Training – Usually never enough, not consistent or to vague to be of any use.
So you may ask, just why would companies overlook these critical areas?
Simple: there’s no real return on investment and maybe they think the risk isn't that high. Besides, it's hard to justify the extra costs in services, hardware and licensing right?
That’s foolish and dangerous.
All of these areas represent business operating insurance. It’s kind of like a health insurance policy – you hate paying the premiums but if you end up in the hospital, you’re pretty glad you have it. It does require an investment which is where the problem begins. If you expect to deploy a tool for the entire company to use (like SharePoint), there are a number of ‘not so obvious’ costs that generally overlooked.
For something like SharePoint, it is a collaboration tool that provides something for everyone. However, that means that it has to be opened up to users to make it useful – that means continuous training and the costs that go with that training. Management of SharePoint (the Governance) is usually a foreign thing to most firms and simply relegated to someone in IT (a big mistake) – without proper planning and control and the ability to guide groups and users, the implementation can become a mess (and usually does). Working around SharePoint if there is an outage requires processes in place to deal with it on the business side. And DR can be expensive for sure.
But cost aside, what’s the point of making the investment if you are only going to go half way? I've seen companies implement SharePoint only to sit on it for two or more years, burning operations expense and resources and why? Because usage wasn't promoted, governance wasn't planned, training wasn't sufficient, “turf battles” block the use and/or IT is too afraid to give up complete control.
So what to do?
Let’s start with Governance:
First of all, do you know what it really means? Governance is something that should be applied across the board and has to do specifically with the Who, What and Where of your information. This is very important in SharePoint and really any enterprise system. The “Who” defines the individuals (or groups) that will create, control and manage your information, documents and content; the “What” defines what content is, how documents are classified and how they need to be tagged for search and retention; finally the “Where” defines the locations where things are stored taking into account security and information rights. Governance tackles another issue: turf battles. In setting the standards of where everything goes, governance also covers the Who – as in who does what. This enables turf battles to be settled since the lines are clear – one group can’t stand in the way or play bottleneck games without it being obvious. Governance also ‘unlocks’ IT's grasp – SharePoint is for everyone and aside from the operational aspects, IT is just another group of users (sorry folks, that’s the way it is).
Next is Business Continuity:
Many think this area is covered but are woefully under estimating what the real impact of a loss can be. Most companies think that with a backup of things, they can probably handle losing power for a time and recover pretty quickly. Most however, overlook the real impact: if all of your documents are in SharePoint, how long can the business operate if they are not available – half a day? A day or maybe even a week? I've seen major companies implement ‘paperless’ environments (for example, SharePoint using KnowledgeLake) that completely ignore what the business would need to do if documents were unavailable.
Some of these, I’m sorry to say, will find out the hard way – if you can’t get to vital information to service or support your clients or customers, you may be closing the doors. It is extremely important for any system implementation to consider all aspects of potential loss. Types of losses must be categorized and planned for. For example one class may be a loss of services (power, water, building, fire) and another might be a loss of people (strike, civil unrest, sickness). Understanding all of the potential losses and classifying them into groups will help reduce the number of plans required (we helped Exxon do that!).
Next up, Disaster Recovery:
Backups are fine and thankfully, most companies do make use of them. Some have even enlisted cloud backup services to ensure they are quickly available if needed. Good, but not good enough. Most companies don’t account for DR when planning out systems and server farms. Even virtualized environments aren't completely foolproof. For any installation, you must consider another location with a matching environment. It can be expensive I know, but I also live in North Carolina and we have our share of hurricanes (and if you are from Jersey…). If a physical location isn't practical, you should at least consider a cloud based solution – they generally charge for both storage and usage but storage is generally cheap and usage won’t be accumulated unless you need it. Kept up, you can utilize a cloud solution to be up and running in the time it takes to change DNS.
A little training can go a long way. Making training an integrated part of the organization is vital to making enterprise systems successful. SharePoint is a prime example: if users can't figure out how things work, they won't use it so the investment is lost. If developers don’t know how SharePoint can be used, they'll work around it – again, investment lost.
So what should you be doing?
On Governance – if you haven't implemented it, start immediately. This helps across the organization in so many ways. For one, it takes guess work out of content and information – everyone knows where everything goes. It also makes an organization healthier and more secure. Intellectual property, proprietary information and otherwise sensitive information should be protected and controlled. It can also help 'fix' some things in the organization by distribution of responsibility and removing bottlenecks.
On Business Continuity – think through your current processes to look into how long a particular part of the operation can run (and how long) if the system was unavailable. Put plans in place for extended outages – for example, hard copy backups of critical documents or using a cloud solution to store copies offsite (accessible to end users). Examine the kinds of losses that would most impact you and which services are critical and look at ways that they can be made redundant or ‘swappable’ should the need arise. If you are running an internet site, don’t make the mistake of overlooking your internet connection (we've seen this, really!) – don’t assume a single provider is enough.
On Disaster Recovery – if you aren't doing it fully, stop and start now. In a critical time, you won’t have the ability to get it all together quickly enough. Consider the new cloud based solutions as a less expensive alternative if needed (though a physical location is preferred). Put it in place and TEST IT regularly. Look for areas that may need additional redundancy (like internet connections) and coordinate DR with business continuity planning.
On Training – implementing any governance, BCP and DR planning requires knowledge (use of SharePoint requires it too!) – first in the creation and setup and second in the communication to the entire enterprise. Having planning in place is only good when end users know exactly how to implement it if needed (consider a hard copy plan for every employee to keep with them - think about it!).
And a note on Vendors – All of your standards should be applied to your vendors as well. If a third party is providing a system, make sure they implement all of the standards you set – you should never have a one-off plan due to a vendor unable to comply.
One final note:
In short, do it or regret it. While I very much enjoy the consulting hours I get helping firms correct things, I'd rather be helping you progress in solutions instead. If you need help, get it from a knowledgeable consultant or firm – don’t take chances; protect your investment and make it work for you.
Sterling International Consulting Group is a specialist in enterprise systems including architecture, governance, business continuity and disaster recovery planning with over 28 years in IT and management consulting. SICG also has a dedicated practice in SharePoint Technologies and Microsoft Technologies. From planning to analysis to development to deployment, SICG has the experience and knowledge to understand the best for your business – find out why: firstname.lastname@example.org – www.sterling-consulting.com.
Keep up with the latest articles and tips around SharePoint from author & CEO David Sterling via http://www.sharepoint-blog.com and his personal blog site: http://davidmsterling.blogspot.com or contact him directly at email@example.com.