Your SharePoint environment is set up. Now what? Without a clear plan, even the best systems can become disorganized and risky. This is where strong SharePoint governance comes into play, and it’s not a “set it and forget it” task.

So, who keeps things on track?

I’m back with Hamish Denston from Provoke Solutions to discuss a critical component: the governance committee. Think of this group as your most essential sharepoint governance tool. We’ll explore how this group functions, providing practical insights and examples for maintaining a secure and efficient solution.

Here is a link to Hamish’s original post on the Provoke Solutions blog. Read Part 1 here.

In my last post I described the importance of governance in any SharePoint deployment. In this post I had intended to take a closer look at some of the tools for establishing and maintaining governance, however as I was writing it I found that I had pretty much written a whole post on just one tool: the governance committee. This is possibly the most powerful tool for maintaining your solution, so I’ll have a look at other tools in a future post.

 

What is SharePoint Governance?

Think of SharePoint governance as the rulebook for your digital workspace. It’s not just a single document you create and forget; it’s a living framework. Microsoft defines it as a combination of rules, roles, and responsibilities that helps your business and IT teams collaborate effectively to meet your company’s goals. Without a solid governance plan, SharePoint can quickly become a disorganized digital attic where documents go to disappear. A good plan ensures that your SharePoint environment stays clean, secure, and genuinely useful for everyone on your team.

The main goal is to create a system that works for people, not the other way around. It answers critical questions like: Who is allowed to create new sites? What are the naming conventions for our files? How do we handle sensitive client information? By setting these expectations upfront, you prevent confusion and create a consistent, predictable experience. This framework is what turns a powerful tool like SharePoint into a true asset for your business, rather than a source of frustration and wasted time.

The Core Components: Rules, Roles, and Processes

At its heart, governance is built on three pillars: rules, roles, and processes. Rules are the specific guidelines for using SharePoint, like how to name a document or where to store project files. Roles define who is responsible for what—from the IT administrator who manages the backend to the department head who oversees their team’s site. Processes are the established workflows for getting things done, such as requesting a new team site or archiving a completed project.

Every organization has unique needs, so your governance plan will be specific to your business. A small accounting firm might have a simple, one-page document, while a large construction company will likely need a more detailed and formal plan. The key is to create a framework that provides clarity and structure without being so rigid that it hinders productivity. It’s about finding the right balance to keep your digital environment organized and efficient.

Key Components of a SharePoint Governance Plan

A comprehensive SharePoint governance plan acts as a blueprint for your entire environment. It should clearly outline how your organization will manage its information, users, and technology. A well-thought-out plan typically addresses several key areas to ensure consistency and security across the board. This includes defining your information architecture, setting up permissions, managing the content lifecycle, ensuring security and compliance, and establishing guidelines for any customizations. Think of it as a strategic guide that everyone, from IT to end-users, can follow.

By covering these essential components, you create a sustainable system that can adapt as your business grows. Your plan will specify who is responsible for what, how sites and content should be structured, and the rules for keeping information secure. It also includes training plans to make sure everyone knows how to use SharePoint correctly. This proactive approach helps you avoid common pitfalls and ensures your investment in the platform continues to deliver value over the long term.

Information Architecture

Information architecture (IA) is simply how you organize and structure all the content within SharePoint. Before you even think about building sites, you need a logical plan for your information. The first step is to take stock of your business information, whether you use an existing classification system or create a new one. Once you know what you have, you can design a structure that makes sense for your teams and decide which IT services are needed to support it.

A strong IA makes it easy for people to find what they need and understand where to save new content. It’s the foundation of a user-friendly SharePoint environment. Without it, you risk creating a confusing maze of sites and folders that nobody wants to use. Planning your IA upfront saves a lot of headaches down the road and is a critical step in effective governance.

Structuring Sites and Information

How you structure your sites has a huge impact on usability. The modern approach to SharePoint encourages a “flatter” site structure, which means having fewer layers of sites nested within each other. Instead of a deep, complex hierarchy of subsites, the best practice is to create individual sites for each department, project, or team. This model is far more flexible and makes it easier to manage permissions and reorganize content as your business needs change over time.

Permissions and Access Management

Controlling who can see and do what in SharePoint is fundamental to good governance. Deciding who is responsible for specific data and defining the rules for accessing it is crucial for maintaining security and order. The best practice is to follow the principle of least privilege, meaning users should only have access to the information and tools they absolutely need to perform their jobs. This minimizes the risk of accidental data deletion or unauthorized access to sensitive information.

Managing permissions can become complex, especially as your team grows. It’s important to have a clear process for granting and revoking access. For businesses that need to share documents securely with clients, this becomes even more critical. While SharePoint offers permission controls, platforms like SuiteFiles are designed with secure client communication in mind, offering features like a dedicated client portal to simplify sharing and collaboration outside your organization.

Content Lifecycle Management

Content lifecycle management is the process of overseeing information from its creation to its eventual deletion. Not all documents need to be kept forever. A good governance plan includes policies for how long different types of content should be stored, when they should be archived, and when they can be safely deleted. This prevents your SharePoint environment from becoming cluttered with outdated or irrelevant files, which improves search results and reduces storage costs.

For many industries, like accounting and law, this isn’t just about tidiness—it’s a legal requirement. Your governance plan should include retention policies that align with your industry’s compliance regulations. Setting up clear rules for managing records ensures you meet your legal obligations while keeping your digital workspace organized and efficient. This proactive management is key to maintaining a healthy SharePoint environment long-term.

Creation, Storage, and Deletion Policies

To make content lifecycle management practical, you need specific policies for creation, storage, and deletion. This means creating clear rules for how new sites are requested and built, establishing standardized document naming conventions, and defining how permissions are applied. For example, you might have a rule that all client proposal documents follow the format `ClientName_Proposal_YYYY-MM-DD`. These small details create consistency and make it much easier for everyone to find information.

Security and Compliance

Security and compliance are non-negotiable pillars of any governance plan. Your strategy must ensure you are meeting all legal and regulatory requirements for your industry while protecting sensitive company and client data. This involves implementing security measures like multi-factor authentication, defining policies for handling confidential information, and regularly auditing access logs to monitor for suspicious activity. A strong governance plan directly translates to a more secure digital environment.

Protecting your data is not just an IT responsibility; it’s a business-wide effort. Your governance plan should clearly communicate security protocols to all employees and provide training on topics like identifying phishing attempts and handling sensitive data properly. By making security a shared responsibility, you create a culture of awareness that serves as your first line of defense against potential threats and ensures you remain compliant with industry standards.

Customization and Branding Guidelines

While SharePoint offers a lot of flexibility, too much unstructured customization can lead to a messy and inconsistent user experience. Your governance plan should include clear guidelines for making changes to SharePoint sites. This ensures that all sites maintain a professional look and feel that aligns with your company’s brand. These guidelines might specify approved logos, color palettes, page layouts, and web parts that teams can use.

The goal isn’t to stifle creativity but to provide a framework that ensures usability and consistency. By setting rules for customization, you can prevent users from making changes that might “break” a site’s functionality or make it difficult to use. It also makes future platform updates smoother, as highly customized sites are more likely to encounter issues. A little bit of guidance goes a long way in maintaining a cohesive and functional digital workspace.

Modern SharePoint Architecture Best Practices

The way we build and organize SharePoint sites has evolved. Microsoft’s current recommendation is to move away from the traditional, hierarchical structure of subsites. In the past, it was common to have a main site with many smaller sites nested underneath it. However, this model has proven to be rigid and difficult to manage over time. If you needed to move a subsite to a different part of the organization, it was often a complicated and messy process.

The modern approach favors a “flat” architecture, where each unit of work—whether it’s a department, a project, or a team—gets its own separate site. These individual sites are then connected using a feature called Hub Sites. This structure is much more flexible, scalable, and easier to govern. It allows you to reorganize your digital workspace as your business changes without having to rebuild everything from scratch. Adopting this modern architecture is a key best practice for a healthy SharePoint environment.

Moving from Subsites to a Flat Structure

The shift from subsites to a flat structure is one of the most significant changes in SharePoint strategy. Think of the old subsite model as a rigid, multi-level filing cabinet. Everything is locked into a specific drawer, and moving a file from one drawer to another can be a hassle. A flat structure, on the other hand, is like having a collection of individual binders. Each binder is a standalone site, and you can easily group and regroup them as needed.

This flat approach simplifies permissions management, as each site has its own distinct set of owners and members. It also gives you the agility to adapt to organizational changes. For example, if a project team moves from the Marketing department to the Product department, you can simply associate their project site with the new departmental hub. This flexibility is why Microsoft now strongly encourages using a flat structure connected by Hub Sites.

Using Hub Sites to Connect and Organize

Hub Sites are the glue that holds a modern, flat SharePoint architecture together. A hub site acts as a central point that connects multiple separate SharePoint sites, creating a shared experience for navigation, branding, and content discovery. When you associate a site with a hub, it inherits the hub’s navigation bar and branding, creating a consistent look and feel across all related sites.

One of the most powerful features of Hub Sites is their ability to aggregate content. A hub site can automatically gather and display recent news and activities from all its associated sites in one central place. This allows you to roll up information from various project or team sites to a departmental or regional level, giving everyone a high-level view of what’s happening. It’s a simple yet effective way to organize your intranet and help people find relevant information across different sites.

Creating Your SharePoint Governance Plan

Right from the beginning of any project, you need to be planning for governance. It’s likely that you’ll have some roles identified as part of managing the project – somebody who can provide input and make decisions on behalf of your organisation. This person is often the business owner of the solution under development, or their representative. It’s common, particularly in larger organizations, for someone with subject matter expertise to act on behalf of a business owner who has a more general focus (usually senior management responsibilities). Straight away this creates a potential pitfall, as the person with the best knowledge of what the solution requires is not likely to be the budget holder. There’s also the possibility that project roles won’t necessarily have continuity through to business-as-usual operations, depending on how projects are run in your organization.

 

Assembling Your Governance Committee

In order to ensure that the broadest spectrum of business needs are met across the organization from the system, decisions should be made with input from a range of stakeholders. Creating a governance committee is the best way to ensure that decisions include input from the business units that they will affect. Getting this committee set up as early as possible is a sensible move. Certainly membership should be established prior to the system going live, and if possible one or more initial meetings of the group should be held before then as well. Your governance committee will also be valuable in change management activities, more so if they’ve had input into project decisions and gained an early understanding of how the system is to be used.

 

Defining Committee Roles and Responsibilities

The membership of the governance committee is one of the first decisions that needs to be made, and will most likely be driven by the person who will have ultimate responsibility for overseeing the solution. This is usually a subject matter expert reporting to the business owner. Let’s call them the Solution Manager. They’ll need the backing of an executive level sponsor to be able to effectively negotiate for resources.

The membership of the governance committee will depend on the organization. There are no hard and fast rules, but the make-up of the committee should ensure that all areas of the business feel that they have a voice, which will help to drive a sense of ownership – a real benefit in promoting uptake among staff. It makes sense that the business owner, Solution Manager and a senior representative from IT should all be on the committee. Representatives from Communications (internal comms) and Human Resources are also popular choices for Intranet governance committees. Other members should come from throughout the business. You may want to have someone from every business unit, or just try to make sure that the different roles in your organisation are represented. For example, if you’re a government department and the majority of your staff are policy analysts who work in the same way with the same tools, you don’t necessarily need a representative from each of the policy subject areas.

You can have as few or as many people as you think appropriate, but just remember that it is a working group that needs to be able to make decisions, and that can get harder with large groups.

The table below suggests how your committee could be made up.

 

Making Critical SharePoint Governance Decisions

So what are the decisions that need to be made? We’ve discussed the probable membership of the governance committee, but we also need to establish what’s within their remit. What are their inputs, processes and outputs?

In a nutshell, the committee should receive statistics on how the solution is being used by staff, how it is performing technically and the results of any user surveys or user testing that has been conducted. They should then take that information and discuss it to establish what it means for the organisation, and what action should be taken. Once decisions have been made, tasks should be assigned to committee members or other staff, and in some cases may need to be communicated to all users. This can range from assigning quick, simple tasks to system administrators through to starting a formal project to manage a major change.

 

Who Can Create New Sites?

One of the first questions your committee needs to tackle is who has the power to create new SharePoint sites. By default, anyone in your organization can create one. While this sounds collaborative, it can quickly lead to a messy, unmanageable digital environment often called “site sprawl.”

You have a few options to manage this. You can leave the default setting, but this is rarely a good idea for long-term organization. A better approach is to restrict site creation to a specific group, like the IT department. Another popular option is to allow anyone to request a site, but have it go through a formal approval process. This strikes a nice balance between control and user empowerment.

What Are the Rules for External Sharing?

Sharing documents with clients, partners, and vendors is a daily task for most businesses. Your governance plan must have clear rules for how employees share information externally. Without guidelines, you risk sensitive data being shared improperly, creating security vulnerabilities.

The committee should define who can share documents, what types of documents can be shared, and which platforms are approved for sharing. This is especially important if your team uses Microsoft Teams, as creating new channels can also create new SharePoint sites. Setting these rules protects your company’s information and ensures everyone is on the same page.

How Long Will Data Be Retained?

Not all data needs to be kept forever. In fact, many industries have legal and compliance rules that dictate how long you must store certain types of information. Your governance plan needs to include retention policies that outline the lifecycle of your data.

These policies help you automatically manage records, ensuring you comply with regulations and prevent the accidental loss of important information. The governance committee should work with legal or compliance experts to determine the appropriate retention periods for different types of documents, from client contracts to internal memos.

What is the Site Lifecycle Management Process?

Just like data, SharePoint sites themselves have a lifecycle. A site created for a specific project may no longer be needed once the project is complete. A formal site lifecycle management process helps keep your SharePoint environment clean and relevant.

Your plan should include a schedule for regularly reviewing existing sites. During this review, the committee or site owners can decide if a site should be kept active, archived for record-keeping, or deleted entirely. This proactive approach prevents your SharePoint from becoming a digital graveyard of outdated and irrelevant sites.

How Will You Prevent Data Loss (DLP)?

Protecting sensitive information is non-negotiable. Data Loss Prevention (DLP) policies are a critical component of your governance strategy. These are automated rules that help stop sensitive data from leaving your organization.

For example, you can create a DLP policy that identifies documents containing credit card numbers or other personal information. The policy can then automatically block these documents from being shared via email or printed. This is a powerful way to add a layer of security and enforce your data handling rules without manual oversight.

Tools for Enforcing SharePoint Governance

A governance plan is only effective if you can enforce it. Fortunately, you don’t have to rely on manual checks and reminders. Microsoft provides a suite of built-in tools to help you put your policies into action, and third-party applications can fill in the gaps to create a seamless experience for your team.

Using Built-in Microsoft 365 Features

Microsoft 365 comes with several features designed to support your governance efforts. You can use Site Policies to automate site cleanup and Content Types to standardize how information is organized across your environment. Features like Version History also help by allowing you to track changes to documents over time.

For more advanced security and compliance, Microsoft Purview is an essential tool. It allows you to implement the data retention and DLP policies we discussed earlier, helping you protect sensitive information and meet regulatory requirements. These tools form the technical backbone of your governance plan.

Enhancing Governance with Integrated Tools

While SharePoint is powerful, its interface can be complex for everyday users. This is where integrated tools can make a huge difference. A dedicated document management platform that works with SharePoint can simplify workflows and make it easier for your team to follow governance rules without even thinking about it.

For example, SuiteFiles sits on top of your Microsoft 365 environment, providing a more intuitive way to manage files. With features like pre-built templates and auto-filing, you can ensure documents are created and saved correctly every time. This approach embeds your governance policies directly into your team’s daily tasks, which drives consistency and adoption.

The Importance of User Training

You can have the most well-thought-out governance plan in the world, but it won’t succeed if your team doesn’t understand it. User training is absolutely essential. Your employees need to know not just the rules, but also how to use the tools you’ve put in place.

Effective training shouldn’t be a one-time event. Plan for initial onboarding sessions as well as ongoing resources like quick-reference guides or short video tutorials. When people feel confident using the system, they are far more likely to follow procedures, making your governance plan a natural part of how they work.

Common SharePoint Governance Challenges (and Solutions)

Implementing a governance plan isn’t always a straight path. You’ll likely encounter a few common hurdles along the way. Being aware of these challenges ahead of time can help you plan effective solutions and keep your project on track.

Balancing Control and Flexibility

One of the biggest challenges is finding the right balance between IT control and user flexibility. If your policies are too restrictive, people may look for workarounds that take them outside of your governed environment. If they’re too loose, you risk the chaos you were trying to avoid.

The solution is to focus on what’s truly necessary. Implement clear, simple policies for things like file naming conventions and storage limits. The goal is to provide guardrails that guide users toward best practices, not to build a cage that hinders their productivity.

Ensuring User Adoption

Getting everyone on board with a new system or new set of rules can be tough. People are often resistant to change, especially if they feel the new process is more complicated than the old one. Low user adoption can quickly derail your entire governance strategy.

To encourage adoption, make the system as easy to use as possible. This goes back to the importance of training and providing ongoing support. It’s also where tools like SuiteFiles can be a game-changer, as they provide a user-friendly interface that simplifies complex SharePoint functions and makes adoption feel effortless.

Keeping Up with Microsoft Updates

The Microsoft 365 ecosystem is constantly changing. New features are rolled out and existing ones are updated on a regular basis. While these updates often bring improvements, they can also impact your governance plan if you’re not prepared.

Your governance committee should be tasked with staying informed about upcoming Microsoft updates. They should regularly review how these changes might affect your policies and processes. Think of your governance plan as a living document that needs to be revisited and adjusted over time to remain effective.

Next Steps for Your SharePoint Governance

It’s a rare system that meets business objectives over time without requiring changes. A program of continuous review and improvement is the best way to ensure you maximise your investment and minimise costly overhauls. A functioning governance committee will go a long way to ensuring you achieve this.

Thanks again to Hamish and the Provoke team for letting us replicate this content on our blog. Check out Provoke’s website or follow them on Twitter.

Frequently Asked Questions

Is a governance committee really necessary for a small business? For a small business, a formal “committee” might sound like overkill. You can think of it more as a dedicated “governance role” or a small, focused group. The important thing is to have designated people who are responsible for making decisions about how SharePoint is used. Even with a small team, this prevents your system from becoming disorganized over time and ensures everyone is on the same page about how to store and share important files.

We’ve been using SharePoint for years without a formal plan. Is it too late to start now? It’s never too late. Many organizations implement governance after they’ve already been using SharePoint for some time. The best first step is to assess your current environment. Identify the biggest pain points—is it hard to find files, are there security concerns, or is there a lot of duplicate content? Use these issues to guide your priorities and start by creating a few simple rules that will have the biggest impact.

How often should our governance committee meet? The meeting frequency really depends on your organization’s needs. When you’re first establishing your governance plan, you might meet monthly to make key decisions and build momentum. Once your framework is in place and running smoothly, you can likely scale back to meeting quarterly. The goal is to stay proactive and address issues before they become major problems, rather than reacting to them.

Our team finds SharePoint complicated. How can we get them to follow new governance rules? This is a common challenge, and the key is to make following the rules the easiest option. Focus on clear training and simple, intuitive processes. If the “right way” is also the “easy way,” people will naturally adopt it. This is where integrated tools can be incredibly helpful. A platform like SuiteFiles provides a user-friendly layer over SharePoint, embedding good practices like file naming and templating directly into the workflow.

What’s the single most important decision a new governance committee should make first? A great starting point is to decide who can create new SharePoint sites. By default, anyone can, which often leads to “site sprawl” and confusion. Establishing a clear process for requesting and approving new sites is a foundational decision. It immediately introduces a level of control and ensures that your SharePoint environment grows in a structured, intentional way.

Key Takeaways

  • Establish a governance committee for long-term success: Treat SharePoint governance as an ongoing practice, not a one-off task. A dedicated committee with representatives from across the business is the most effective tool for making informed decisions and ensuring the platform evolves with your company.
  • Adopt a modern, flat site architecture: Ditch the rigid, hierarchical subsite model. Instead, build a flexible system by creating separate sites for each team or project and connecting them with Hub Sites for easier organization, navigation, and permissions management.
  • Make good governance easy for your team: Your rules will only work if people follow them. Ensure high user adoption by providing consistent training and integrating user-friendly tools that simplify complex processes, making it effortless for your team to do the right thing.

Related Articles