Historically, SharePoint was thought to cause as many information governance problems as it solved. The 2001 to 2003 versions did not show Microsoft putting much effort into helping customers with information governance. But after the massive take up of SharePoint Portal Server 2007 licenses, and the often negative conversations coming out of the sizable SharePoint user community, Microsoft started to take governance issues seriously. Governance-focused sessions started popping up at the conferences, and governance articles and check lists made an appearance on TechNet.

Information Governance Back Then

In my experience, both as a consultant and SharePoint "user,” the biggest problems with SharePoint were ease of deployment and ease of use. It was (and remains) far too easy for IT to set up a SharePoint site (or site collection with multiple sub-sites) and hand them over to a business group that has no expertise in information governance or information management.

Some organizations took a “center of excellence” approach and provided business groups with a central point for advice, templates, training and education. But other organizations did not put this effort in. They left business users to their own devices, who often had no clue as to the implications of their decisions on how they set up document libraries, custom lists, permissions, etc.

The SharePoint vendor ecosystem tried to fill in some of the gaps with add on products to make information management and information governance easier to set up and maintain. Consulting organizations, both large and small, made a fortune in advising organizations how to manage their SharePoint environments and the information within them in a more thoughtful fashion.

Where Are We Today?

Luckily Microsoft did not let up on its efforts. Those TechNet articles and other resources are a good starting point for information, but let's get back to them in a moment. What you need to consider first is the breadth of the SharePoint technology platform, and what you intend to use it for:

Document centric collaboration (team sites)

Conversational collaboration (Social sites and social feeds, etc.)

Document Management

Records Management

Business Intelligence

Custom developed business applications

Once you've decided on your functional use cases, you can then consider whether your deployment will be on premises, up in the cloud on Office 365, or some kind of hybrid and how the legal and regulatory environment in which you operate impacts your options for information governance.

Once you've sorted out all of those questions, it’s time to look up those Microsoft resources.

Microsoft on Information Governance in SharePoint 2013

The best starting point is the TechNet page, Governance Planning in SharePoint 2013.

It includes links to a pdf “governance poster” and four more articles on:

What is Governance in SharePoint 2013?

IT Governance in SharePoint 2013

Application Management and Governance

Information Management and Governance in SharePoint 2013

I have provided the direct link to the last one only as it’s the focus of our attention. This is a good document which covers the following domains:

Information Architecture

Access and security controls

Information management tools -- including Information Rights Management

These Microsoft resources constitute a good starting point. Used in the context of your business requirements and the requirements of your legal and compliance departments (if appropriate), they provide a starting point to drill down to the tactical and technical levels of configuring access control lists, IRM polices, records management policies, etc.

Without due consideration, SharePoint has the potential to become an ungoverned information “wild west” similar to the file shares and the other solutions it was originally designed to replace. Given some appropriate planning effort and thought, there is no reason why it should be an effective tool to help meet the objectives of your overall information governance strategy.