My Site Implementation in SharePoint 2010 – A Best Practices Strategy
A SharePoint 2010 Enterprise initiative must be approached in a manner to ensure it is implemented with a “Platform Strategy” and “SharePoint as a Service” in mind. This not only includes the implementation of a Document Management \ Records Management SharePoint 2010 enterprise initiative in mind but all of the other facets that SharePoint 2010 bring to an organization.
I speak with business leaders and CIOs\IT Directors on a regular basis during my day-to-day activities at EPC Group and one question I continue to hear from many organizations is, “what is your opinion on how we could successful roll out SharePoint 2010 My Sites to our organization and how many other similar companies like ours are rolling it out”? The answer is currently about 60\40 in that 60% of organizations are rolling out My Sites and 40% are in a “wait and see” pattern and are struggling with legal & compliance or leadership who have serious concerns about rolling out My Sites.
I always discuss with client, in terms of a record, what is the difference between an email and/or a post on a My Site? Is there really any difference in the two from a legal perspective and unless the organization regularly monitors a large subset of employees emails, which is rare. My Sites are my more easily monitored and governable. In this, SharePoint 2010 My Site Governance is key and some initial core areas of consideration should be:
- All My Site Public View content must contain only work-related material. This includes work-related documents, discussions, pictures, links, calendar events, and related content.
- No My Site Public View content can contain any confidential or private data. If the organization would not allow all users within the company with a domain login to view this information, consider whether it should be on your My Site Public View.
- Content pertaining to human resources or legal (sensitive in nature) is typically considered confidential and should not be listed on My Site Public View.
- No PII or PHI (personal health information) information should ever be present in My Sites
o PII: Organization may differ on what PII they may consider PII data. Data about an individual that could potentially identify that person, such as a name, fingerprints or other biometric data, email address, street address, telephone number or social security number. A subset of PII is PIFI (personally identifiable financial information).
o PHI: under HIPAA includes any individually identifiable health information. Identifiable refers not only to data that is explicitly linked to a particular individual (that’s identified information). It also includes health information with data items which reasonably could be expected to allow individual identification.
- Public and already released financial data must be reviewed prior to its posting on My Site Public View. (i.e. Reports, etc.)
- Content on the private site must not contain personal audio files, inappropriate pictures, or other materials not allowed within the organization.
- All discussions or blogging done within a My Site must follow company policies and must not contain sensitive company material or defamatory comments about any person within the organization.
I think a key area for organizations to look at is first not thinking of My Sites as the “Facebook” of the enterprise, even thou it was a lot of similar characteristics. Facebook is a poorly governed (by its out-of-the-box configured) nature and the user is responsible to setting proper permissions, showing what posts can be publically viewed, etc.
It’s key to think of SharePoint 2010’s My Site as “Professional Networking” and that is the only term they should ever be referred to as that help set a standard and mindset within users. The other key area of concern I see is that organizations fear that existing and approved “policies and procedures” or “standard operating procedures” could be confused by someone’s “best practices” post on their My Site and again this is easily addressed. Having users sign either an online My Site “Professional Networking” user agreement or a paper based user agreement with the governance items and conduct responsibilities clearly spelled out is a great way myself and my professional networking teams at EPC Group have seen completely change the mindset and landscape of fears organizations face.
My Sites are an extremely powerful tool that, in my estimation, 40% of organizations are putting on the back burner or “in a later phase” that is causing them to loose productivity with this amazing tool at their fingertips (and by the way you already purchased\own it). You can institute My Site governance policies as well as actually configure the My Site templates with only the web parts and functionality you would like your user base to access and you do not have to give them all the capabilities right out of the gate.
My advice would be to pilot My Sites within 1 or 2 departments and test these strategies with these users and see how much ROI you really get out of them as I can guarantee you will be amazed at user productivity. One last area of concern I wanted to address is that organizations sometimes see the “My Site” as a replacement to the users existing personal file share. This may or may not be the case but my setting quotas on the My Sites and instituting required Content Type \ Metadata selection when they save documents will make a huge difference in your thinking in this area. These documents will also allow the users to fully search them with SharePoint’s native search and save the user time by searching rather than hunting and pecking around usually very poorly organized file shares.
In the past 4 months, we have completed over 5 extremely large enterprise My Site implementations in both the commercial (2 Fortune 500) and 2 mid-size organizations (1 government) and have not seen issues where they caused any major issues but rather training requirements to help users get used to having this powerful tool at their fingertips.
In summary, pilot My Sites for “Professional Networking” within 1 or 2 departments as you will not regret it.