Home > Articles

  • Print
  • + Share This
This chapter is from the book

What Is in the Governance Plan?

An effective governance plan provides a framework for design standards, information architecture, service-level agreements, infrastructure maintenance, and your overall measurement plan. It is intended to summarize and tie together, not replace, the documents that describe these activities in detail. Referencing this related content rather than embedding it in the governance plan will keep the plan from becoming unnecessarily bloated and unmanageable.

In addition, the governance plan should reference all of your existing IT policies for topics such as the appropriate use of technology resources, confidentiality of content, and records retention. As you begin to deploy more and more "Web 2.0" functionality into your environment, new IT policies will emerge that will impact SharePoint governance. Again, your plan doesn't need to include these emerging policies, but should reference them where appropriate.

The governance plan is a business document, its primary audience being the business (content) owners of your SharePoint sites and the users who produce and consume the content on those sites. Because all users can effectively produce content in SharePoint via social tags and ratings (if you allow these in your solution), everyone in the organization needs to be familiar with the governance plan.

The formal governance plan document includes several critical elements, each of which is discussed in more detail in the remainder of this chapter:

  • Vision statement
  • Roles and responsibilities
  • Guiding principles
  • Policies and standards

In addition to these elements, your plan will likely also include a section that references procedures for common tasks such as requesting a new site, requesting a new shared Content Type or attribute, requesting a new site template, and so on. Publish these procedures so site owners can easily find and follow the processes you define. These tasks typically vary from one organization to the next, so we're not going to address them explicitly in this chapter other than to remind you that you need to provide guidance in this area.

As you think about creating your governance plan, consider how users will consume and internalize the content in your plan. There is a great quote from Blaise Pascal that is often misattributed to Mark Twain (and others). In the original French, the quote reads "Je n'ai fait celle-ci plus longue parceque je n'ai pas eu le loisir de la faire plus courte." Loosely translated: "If I had more time, I would have written a shorter letter." Think about this quote as you are working on your governance plan because it's very easy for these documents to get very, very long. The longer they are, the more difficult it is for users to digest them. Putting in the extra time needed to make sure your plan is as concise as possible will make it easier for your users to understand and follow the rules.

As you create your governance plan, think about how you might create companion material to go with the plan—a "cheat sheet" of your most important guiding principles, a laminated card or magnet with your vision statement, individual brief job descriptions for each core role, a records retention "ad campaign," or supplements to the governance plan (shorter letters) that will help users remember and internalize this important content.

Vision Statement

A vision statement describes, at a high level, what you want to achieve with SharePoint, essentially describing how the solution delivers value to the enterprise and to each individual employee. A clear vision statement provides critical guidance to the inevitable decision trade-offs you will need to make in thinking about your governance plan. The vision statement is typically written when the project to create the solution is initiated and may be refined as the project matures.

Here are two examples of vision statements:

  • "The portal enables the creation, management, and sharing of document assets in a business-driven environment for collaboration, classification, and access across all of the company. Through its workflow capabilities and application development foundation, it will support the organization's information management needs and provide a business process framework for all business units."
  • "SharePoint provides a holistic view of organizational assets that simplifies employee interaction with our enterprise business systems and helps improve collaboration within the company and with our suppliers, partners, and customers, thus improving employee productivity and employee and customer satisfaction."

Once you have set forth your vision statement, the next step is to gather your core project team together to think about the principles that will guide the creation of your governance plan.

Roles and Responsibilities

Roles and responsibilities describe how each employee as an individual or as a member of a particular role or group is responsible for ensuring success of the solution. Documenting roles and responsibilities is a critical aspect of the governance plan, which defines who has authority to mediate conflicting requirements and make overall branding and policy decisions. Some of the policy decisions that will frame your governance plan and form the basis of the specifics of your roles and responsibilities definition include deciding the following:

  • Who is responsible for technical management of the environment, including hardware and software implementation, configuration, and maintenance? Who can install new Web Parts, features, or other code enhancements?
  • Who is allowed or who will be responsible for setting up new sites? If this responsibility is controlled by the IT department, then it is likely that IT will have to negotiate a service-level agreement (SLA) for site set-up responsiveness with the business stakeholders. If this responsibility is delegated, users will need training to ensure that they follow acceptable conventions for naming, storage, and so on.
  • Who has access to each page/site? Who can grant access to each?
  • How much responsibility for page/site design will you delegate to page owners? Can users modify Web Parts (Web-based data and UI components) on pages that they "own" in team sites? Can they modify Web Parts on pages that are part of the corporate intranet publishing solution?
  • Will some Web Parts be "fixed" on the page, or will page owners be allowed to customize all of the content on their pages?
  • Who is responsible for managing metadata? Who can set up or request new Content Types or Site Columns? How much central control do you want to have over the values in Site Columns? (Content Types and Site Columns allow you to specify elements in your taxonomy. These SharePoint features are discussed in detail in Chapter 3, "SharePoint 2010: Architecture Fundamentals.")
  • If the governance plan says that page and site owners are responsible for content management, are you prepared to decommission pages where no one in the organization will step up to page ownership responsibilities?

There are several key roles to consider. In smaller organizations, many roles may be fulfilled by a single individual. Table 4-1 and Table 4-2 present lists of typical roles and responsibilities in successful solutions. You will likely need to adapt both the responsibilities and even the terms you use to describe each role for your organization, but these lists give you a good place to start.

Table 4-1. Overall Roles for the Solution


Key Responsibilities

Executive Sponsor

Serves as the executive level "champion" for the solution. The primary responsibility of the Executive Sponsor is strategic, positioning the solution as a critical mechanism for achieving business value and helping to communicate the value of the solution to the management levels of the organization.

Governance Board/Steering Committee

Serves as a governance body with ultimate responsibility for meeting the goals of the solution. This Board is typically comprised of representatives of each of the major businesses represented in the solution, including corporate communications, HR, and IT.

Business Owner

Manages the overall design and functionality integrity of the solution from a business perspective. The Business Owner does not have to be an IT expert but his job function typically includes responsibility for internal communications.

Solution Administrator (Technology)

Manages the overall design and functionality integrity of the solution from a technology perspective. Works in partnership with the Business Owner.

Technology Support Team

Ensures the technical integrity of the solution. Makes regular backups of the solution and its content. Also usually sets up and maintains the security model, at least the components in the Active Directory. Develops new Web Parts and provides support to Site Sponsors/Owners seeking enhancements to their pages or new uses of the solution.

Metadata Steering Committee/Content Steward

While some large organizations may already have an individual or group serving in this role, SharePoint 2010's enterprise content capabilities require an overall metadata management plan and an individual or team responsible for maintaining the "metadata dictionary" over the life of the solution.

SharePoint "Coach" or Center of Excellence

Provides coaching and design consulting to new users who have Full Control design privileges to ensure that best practices are followed and that the appropriate SharePoint features are applied in individual sites or Site Collections. In many organizations, a particular SharePoint feature becomes the defacto solution for any business problem—a "hammer in search of a nail." For example, you don't want to see users creating wiki sites when what they really need is a custom list. If you will be delegating site design capabilities to users who have limited solution design experience (which pretty much means every organization), having experienced site design "coaches" available to help users get started can ensure that you end up with a solution that actually gets used. One successful organization implemented "drop-in" office hours where new site owners could come and spend an hour or two with an experienced solution architect to ensure that they got appropriate guidance (in addition to formal training). Several others have established in-house consulting services to help new site owners get started. In many cases, the first hour or two of consulting is "free," and services beyond that require a charge code.

"Power Users" Community of Practice

Supports the successful deployment of SharePoint in the organization by sharing best practices and lessons learned in a Community of Practice team site. Members serve as SharePoint advocates and change agents.

Table 4-2. Roles for Each Site or Site Collection


Key Responsibilities

Site Sponsor/Owner

Serves as the centralized, primary role for ensuring that content for a particular page/site is properly collected, reviewed, published, and maintained over time. The Site Sponsor is an expert in the content that is showcased on the site or page and will likely need to learn about SharePoint, but his or her primary expertise is business-focused. The Site Sponsor/Owner may designate a Site Steward/Contact who will provide the primary day-to-day interface between their business and the users of the page or site.

Site Steward/Contact

Manages the site day-to-day by executing the functions required to ensure that the content on the site or page is accurate and relevant, including records retention codes. Monitors site security to ensure that the security model for the site matches the goals of the Business Owner and Site Sponsor/Owner and support Users of the site by serving as the primary identified contact point for the site. Acts as the Content Steward for the sites for which they are responsible.

Site Designer

In an environment where site design is delegated to business users, the Site Designer creates and maintains the site (or Site Collection) design. Follows design best practices and guiding principles to ensure that even sites with limited access are optimized for end-user value. Defines and executes the security plan for the site.


Uses the solution to access and share information. Users may have different access permissions in different areas of the solution, sometimes acting as a Contributor (content producer) and other times acting as a Visitor (content consumer).

Guiding Principles

Guiding principles define organizational preferences supporting the vision. These critical statements reflect best practices that all users and site designers must understand and internalize to ensure the success of your solution. It is very likely that your organization will share many of the same guiding principles that we've seen in successful SharePoint deployments.

Use the examples shown in Table 4-3 to help define a starter set of guiding principles for your solution. Think about how you might create some supplemental reference material to help users internalize these principles—or consider adding a "principle of the day" to the home page of your solution. If users have a good understanding of the guiding principles, you have a reasonable shot at getting them to follow your governance guidelines.

Table 4-3. Examples of Guiding Principles

Governance Guiding Principle


Remember ...

General Principles

Policies are tied to the scope and intention of the site. Governance policies will be more flexible for sites with more limited access than they will for sites that are shared with a broad audience.

The different audiences for sites allow you to adapt the governance model according to business needs. While some policies will be enforced across the entire organization, others may be determined by each site owner. This means that there may be some content that will not be as structured or searchable compared to other content that will be consistently "managed."

One size does not fit all. Yes, we've got rules, but we're smart enough to know when it's appropriate to deviate from a standard in order to achieve a business objective more effectively.

Even though SharePoint may be a new vehicle for collaboration, SharePoint content is governed by all general policies pertaining to the use of IT resources, including privacy, copyright, records retention, confidentiality, document security, and so on.

Content ownership, security, management, and contribution privileges are distributed across the entire organization, including users who may not have had content contribution, security, or records management privileges in the past. All content contributors need to be aware of organization policies for business-appropriate use of IT resources.

Existing rules still apply—would you want your mother/boss/customer/client to see this picture? Should your mother/boss/customer/client be able to see this content?

Security Principles

Overall firm security policies about who can see what content still apply and govern the portal.

Users need to think about where content is published to ensure that confidential content is only shared on sites with limited access.

Publish to meet the "need to know" standards for your organization: No more, no less!

Role-based security will govern access control and permissions on each area of the portal (intranet and extranet).

Users may have different permissions on different areas of the portal, which has an implication for both governance and training. While most users may not have content contribution privileges for tightly governed intranet pages, every user has Full Control privileges on his or her My Site.

You may not have the same permissions on every page of the portal.

Site Design Principles

Provide a consistent user experience—users should be able to consistently find key information on any collaboration site and search for the content they need.

All sites will also follow a consistent baseline design template to ensure consistency and usability across collaboration sites.

Hey—it's not about you, it's about the user!

Design to minimize training requirements for end users—use the best (and simplest) feature for each business objective.

Any user with site design privileges will be encouraged to participate in training to ensure that they use the most appropriate Web Parts and lists for each task.

Just because you can, doesn't mean you should. You don't really need to try every new feature!

Ensure that "findability" governs design decisions—optimize metadata and site configuration to provide the best value for the end-user audience, not just the content contributor.

In situations where design trade-offs must be considered (more metadata versus less, information above or below "the fold," duplicating links in multiple places), decisions should be made to make it easier for end users rather than content contributors. "Findability" means designing sites so that important information is easily visible and that navigational cues are used to help users easily find key information. It also means using metadata to improve accuracy of search results. Both the "browse" and "search" experience for users will guide design decisions in initial site development and modification over time.

Avoid building the roach motel—where content "checks in" but it never "checks out."

Site designers must understand the objectives of the recommended site design standards and make changes only when they can be justified with a valid business need.

Even though site designers may have permissions that allow them to make changes to site templates and other "controlled" site areas, they agree not to arbitrarily make changes to the basic site templates based on personal preference. Suggestions for changes to the standard site templates should be elevated to the Governance/Steering Committee.

It's all about Spiderman: "With great power comes great responsibility." Use your powers wisely.

All sites/pages must have a clearly identified content "owner."

Users need to know who to contact if information on a page or site is out of date or inaccurate.

Make it obvious who owns the content on all pages and sites.

Content Principles

All content is posted in just one place. Users who need access to content should create links to the document ID* for the document to access the content from its "authoritative" location.

This means that the official version of a document is posted once by the content owner (which may be a department, not necessarily an individual). For the reader's convenience, users may create a link to the official copy of a document from anywhere in SharePoint but should not post a "convenience copy."

Users should not post copies of documents to their personal hard drives or My Sites if they exist elsewhere in the solution.

Post one copy of a document.

Edit in place—don't delete documents to create new versions.

Version control will be enabled in document libraries where prior versions need to be retained during document creation or editing. If prior versions need to be retained permanently for legal purposes, "old" versions of documents should be stored in an archive location or library. Documents will be edited in place rather than deleted and re-added so that document links created by other users will not break.

Someone may be linking to your documents. Update, don't delete!

Site Sponsors/Owners are accountable, but everyone owns the responsibility for content management.

All content posted to a site shared by more than a small team will be governed by a content management process that ensures content is accurate, relevant, and current. Site Sponsors/Owners are responsible and accountable for content quality and currency and archiving old content on a timely basis, but site users are responsible for making Site Sponsors/Owners aware of content that needs updating.

We're all responsible for content management.

Links instead of e-mail attachments.

Users should send links to content whenever possible rather than e-mail attachments.

No more e-mail attachments!

Copyrighted material will not be added to the portal without the proper licensing or approval.

Copyright violations can be very costly. This is probably one of the most frequently ignored principles on corporate intranets and one that your corporate librarian (if your organization still has one) is going to be particularly concerned about.

Don't publish what we don't own.

It is especially important to remember the "one size does not fit all" guiding principle when it comes to governance. Use Figure 4-1 to help plan both the principles and communications around your governance plan.

Figure 4-1

Figure 4-1 Governance based on the scope of a site

Policies and Standards

Policies define rules for SharePoint use; standards describe best practices. From a governance perspective, policies are usually driven by statutory, regulatory, or organizational requirements. Users are expected to meet policies without deviation. If your organization is subject to regulatory oversight, be sure you can actually enforce your policies because a failure to do so may target you as being noncompliant. Standards are usually established to encourage consistent practices. Users may adopt some elements of the standard that work for them while not implementing others.

As applied to the topic of file names, a policy might state, "Do not include dates or version numbers in file names," while a standard might state "File names should be topical and descriptive." In another example, the policy might state "All SharePoint sites will have a primary and secondary contact responsible for the site and its content," and the standard might state, "The site contact is listed on the site home page and in the site directory."

Each organization will have its own set of policies and standards. General topics should include content oversight, site design, branding and user experience, site management, back-end systems (hardware, software, and database management), and security. To ensure your content is relevant, do the following:

  • Verify that your SharePoint polices and standards do not conflict with broader organizational polices.
  • Publish policies and standards where users can easily find and follow them. Some policies may need to be published to "all readers," while others may need to be secured to protect the integrity of the application.
  • Regularly review and revise policies and standards to keep them aligned to organizational needs.

The next sections describe some specific examples of policies and standards that you might want to consider for your organization. This is not an exhaustive list but includes some reusable ideas to consider.

Content Policies and Standards

Consider the following example content policies and standards, each of which is discussed in more detail in this section:

  • Posting content to existing pages or sites
  • Posting content to the home page
  • Content auditing and review
  • Records retention

Posting Content to Existing Pages or Sites You will definitely need a policy or standard to ensure that the "one copy of a document" guiding principle is enabled. Take a look at the Content Contribution and Ownership sidebar that follows for a good policy to guide users regarding only posting content that they "own." In addition, consider creating policies for these other content topics:

  • Content posting cycle. Create a policy to remind users to delete content from its original source or collaboration environment when it is "published" to the official SharePoint repository (or use automated content disposition policies to make sure this happens routinely).
  • Content editing. Because content contributors on one site might have a link to content on a site they don't own, it is important to have a standard reminding users to "edit documents in place" so that links do not break.
  • Content formats and names. Decide whether you need policies for where certain types of content are stored in your solution and whether or not you need file naming standards. Consider a policy for defining what types of content belong in your SharePoint solution and what types of content belong in other locations. Given the rich search capabilities in SharePoint, it is not always necessary to define strict standards for file names other than to encourage users to choose names that will help someone else identify the file contents.
  • Content containing links. Clearly define who is accountable for making sure that links in content or on a site are not "broken."

Posting Content to the Home Page You will definitely want to consider creating a specific policy for posting content to the home page of your portal solution. Most content on the home page should be carefully controlled, especially for your intranet. After all, you get one chance to make a first impression, and your home page is where users get that impression! On an enterprise intranet, the home page can become a battle for "real estate" among several business units, usually Corporate Communications or Marketing and Human Resources. Even if your "solution" is a project team site, you will need to carefully consider how information is presented on the home page of the site and who is allowed to create and place content in this critical location. Some organizations solve the battle for home page real estate by assigning areas of the page ("neighborhoods") to specific departments. Others assign primary ownership to one specific department (often the department responsible for internal communications) but use the Portal Governance Board or Steering Committee to provide oversight and escalation if there are disagreements about content.

Content Auditing and Review Consider a policy to define the frequency and type of review that you will have on each type of content or site. All content posted to enterprise-wide sites should be governed by a content management process that ensures content is accurate, relevant, and current, but even private team sites should have a content management strategy. For most sites, the maximum content review cycle should be no more than 12 months from the date content is posted. Confirm that your review cycles conform to any regulatory or statutory requirements.

Records RetentionBe sure you define clear policies regarding how your records retention policies will be implemented in your solution and the responsibilities content owners have to identify content as records and associate the appropriate record retention code to a given content item.

Design Policies and Standards

Consider creating policies and standards for each of the following design elements:

  • Creating new subsites
  • Page layout and organization
  • Content Types and metadata
  • Content-specific guidelines/policies
  • Security
  • Branding

Creating New Subsites If individual "end-user" site owners will have permissions that enable them to create their own information architectures for sites under their control, it is important to provide some guidance to help them understand best practices for creating nodes in an information hierarchy. For example

  • Content ownership. If a particular business group is the primary owner of all of the content to be posted on the page or site, creating a separate subsite ("node") for that business group probably makes sense.
  • Security. If a significant group of content is highly sensitive, create a separate subsite, workspace, or node to more easily control the security settings for that content.
  • Database administration. If there is a need to backup, restore, or otherwise manage content in a single group, having a unique subsite or page for that content will make these processes easier to manage.
  • Navigation. Minimize the levels of nesting in the information architecture. It is a good practice to keep the number of levels in the hierarchy to no more than three so that users do not have to continuously "click through" to get to critical content. If a new node in the architecture is not needed for any of the other reasons just outlined, don't create it.

Page Layout and Organization Nothing makes a site more confusing than a random collection of disorganized Web Parts cluttering a page. Anyone with page design permissions needs to remember the guiding principle about focusing on the end user, but these page designers should also be familiar with general design usability best practices. Usability guru Jakob Nielsen publishes a bi-weekly newsletter with excellent advice, best practices, and tips for Web page designers. You can sign up to get your copy directly in your e-mail inbox at http://www.useit.com/alertbox. Some of the recommended best practices for page design include

  • Consistency. Establish a standard design for all pages of each site to ensure that users can navigate without getting surprised by changing page layouts.
  • Speed. Make sure that users can get important information as quickly as possible.
  • Scrolling. Does the page layout require that users scroll up or down or left to right to find important information? Design a page to fit your organization's standard screen size and then make sure that users do not have to scroll to find the most important information or Web Parts on the page. Scrolling should never be tolerated for critical information.
  • Important content in the upper left. Put the most important content toward the top-left part of the page. This is where readers will "land" visually when they get to the page. If the most important information is in this location, chances are better for capturing the user's attention than if the information is buried somewhere else on the page.

Content Types and Metadata A Content Type is a collection of settings that define a particular type of information, such as a project plan or financial report, and can be defined for the entire enterprise, for an entire Site Collection, or it can be defined "locally" for a specific page or site. Site Columns are the "properties" of a particular type of content. Columns are part of the attributes or properties of a Content Type. Site Columns can also be defined across the entire solution or for an individual site or Site Collection. Content Types and Site Columns are both types of "metadata" in SharePoint 2010. The values for many Site Columns (metadata) are specific to specific sites. Best practices and concepts for defining a good metadata structure are presented in Chapter 5, "Planning Your Information Architecture." Your governance plan needs to include your standards and policies for the Content Types and Site Columns used in your solution as well as policies for how users can request the creation of a new enterprise Content Type or Site Column.

Social Tags and Ratings Social feedback, content added by users as tags and ratings, is new in SharePoint 2010. These capabilities allow users to participate and interact with your SharePoint solution and improve content "findability" by allowing individuals to supplement formal classification with additional tags they find personally meaningful. Social tags refer to metadata that users add to content to help define what it is, what it includes, or what it does. Your governance policies should include guidelines for how you want users to participate in social tagging and provide guidance and examples of meaningful tags for your organization. You should also make sure that users understand that social tagging uses the Search Index to provide security trimming on content that is stored in SharePoint, which means that users will be able to tag confidential documents, but those tags are not visible to anyone who doesn't have read access to the document.

If you choose to activate the Ratings feature in SharePoint 2010, users will have the option to "rate" documents (and pages) on a scale of 0 to 5 stars. Your governance plan should document how you intend to use ratings in your organization—for example, are you asking users to rate whether they think the content is well-written or whether or not they think it is useful? An October 2009 article in the Wall Street Journal 2 cited a statistic that states when consumers write online reviews of products, they tend to leave positive ratings: The average rating for items online is 4.3 stars out of 5. If you want to have meaningful ratings on content in your organization, you will need to define your expectations and make it clear to users how ratings will be used. Obviously, if all the ratings are positive, it's going to be hard to find value. Some organizations try to identify stellar examples as best practices, but this is a very difficult process to sustain over time without dedicated resources. Allowing users to rate content as they see fit may help identify potential best practices, but you need to be careful about assuming that low-rated content is necessarily "bad."

Content-specific Guidelines/Policies High-impact collaboration solutions ensure that content is easily accessible by end users. This means that the content is not just "findable," but that it is structured and written to be consumed online. Assuming that your content contributors are good writers to begin with, they may not be familiar with best practices for writing for the Web. It's helpful to provide some standards and policies for specific SharePoint lists and libraries. Following are several examples of standards, policies, and best practices you may wish to consider for your solution.

  • Blogs and wikis. End users should be aware of what your organization considers appropriate for posting social content to personal sites such as blogs and wikis. While in some organizations, blogging about your hobbies is acceptable; in others, it's not. Be very thoughtful about how you define governance policies for social content because you need to be sure that you are not placing so many rules on your content that you will discourage content contributions. There is no single right answer for every organization. Chapter 7 includes some specific governance suggestions for social computing features that you should consider as part of your governance plan.
  • Announcements. Overall, the tone of all text should be concise and helpful. For announcements, create a descriptive but succinct title. In the announcement text, put the important information first and write briefly, using no more than four to five sentences. Try to avoid using large fonts and avoid lots of white space in announcement text. Do not underline anything that isn't a hyperlink. Make the link text a concise description of the link so that it aids the reader in scanning:
    • Bad: Click here for the latest application form
    • Better: Download the latest application form
    • Best: Download the latest application form
  • Discussion boards. Effective discussion boards must have someone who will serve as the discussion board moderator to ensure that questions are answered and that the discussion board adds value. In some organizations, you will need to consult with the Legal department to ensure that information about products, research, patients, data, regulated content, or legal issues are appropriate in online discussion boards.
  • Picture or video libraries. Content posted to picture or video libraries should be business-related and appropriate for publication in the corporate environment. Be sure to obtain permission from any individual in a picture or video that will be posted to a site before it is uploaded. Also make sure that your organization owns the image or has obtained the proper licenses for its use.
  • Links. In some cases, users and site designers will have the option to indicate whether or not a link should open up in a new window. In general, the following standards are recommended for links:
    • Links to documents or pages within the Site Collection: Do not open in a new window.
    • Links to documents or pages in another Site Collection: Open in a new window.
    • Links outside your intranet (to another application within the company or to an Internet site): Open in a new window.
  • Document libraries. (For additional best practices for document libraries, please see Chapter 5.) Consider how documents will be used when you upload to SharePoint. Documents may be uploaded to SharePoint using almost any document format (Word, .pdf, Excel, PowerPoint, and so on). If you upload documents in their native formats, users will be able to download them and easily edit them to create their own versions. Unless they have Contributor privileges to a library, they will not be able to post them back to the same sites. Documents that might be reused as an example for others should always be uploaded in their "native," editable formats. Documents that must be protected from editing or changing, even on a "private" copy, should be uploaded in a "protected" format or with passwords for editing. Consider the .pdf format for very large documents given that this format will reduce the file size and thus download time for others.

Security Security considerations are one of the most important design elements for a SharePoint site. It is important to think about security during the design process because understanding how objects will need to be secured on the site will affect the site structure, page layout, and metadata design. Considering that in almost all SharePoint deployments, end users will have some capabilities to manage security for sites they control, it is critical to ensure that anyone with permissions to assign security understands how SharePoint security works.

SharePoint provides the capability to secure content down to the item level and provides multiple options for creating security groups. This is both a blessing (due to the flexibility it enables) and a curse (because it makes it very easy for users to create overly complex and virtually unmanageable security models). As a best practice, it is helpful to offer "security planning" consulting to users who are new to SharePoint because planning security can easily fall into the category we call "Don't try this at home."

We talk more about planning security in Chapter 8, "Planning Your Security Model." In your governance plan, you need to clearly articulate specific security policies and how they should be applied within SharePoint sites.

Branding The Corporate Communications department (or its equivalent) in most organizations will typically define branding standards for your intranet and Internet presence. A key governance decision you need to think about is whether the corporate branding can be changed in a given SharePoint Site Collection. There may be valid business reasons to deviate from the corporate brand: For example, you may want an extranet collaboration site that is "co-branded" with your organization and a partner. Within an intranet solution, users may find it confusing and wonder "Where am I?" if the site branding changes from site to site, so you need to consider defining branding standards and policies with the site user in mind. Using some elements of color or brand variability in the site branding might help reinforce your security model. For example, you may want the site "brand" or theme to communicate the security model on the site—one theme or brand for enterprise-wide intranet sites and another theme or brand for secure team sites. This can help to provide visual cues to content contributors, reminding them when they post to a site with the "public" brand, the content can generally be seen by everyone in the organization.

  • + Share This
  • 🔖 Save To Your Account

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020