[Provided here is an example template for drafting a SharePoint governance plan for an on-premises SharePoint farm. This template is not meant to be the preferred organization and content for such a plan but merely a starting point.  It's much easier to begin with something, and then modify it to one's own needs, than to create something from whole cloth.  Each SharePoint governance plan will be unique to its organization. Critical to effective governance plan development and acceptance is trace-ability, where each governance requirement is traceable to an industry best-practice, vendor product recommended use or corporate requirement.  This example template provides that trace-ability to Microsoft SharePoint-related references.  Organizational references will still need to be added.  This helps ensure that the governance requirement is traceable and justifiable.]

1.0 Overview

1.1 Document Objective

This document sets the minimum rules of engagement, policies and guidelines related to the use and administration of the CONTOSO on-premises SharePoint Environment


1.2 Revision History

Revision Date Description Revised By
 1  MM/DD/YYYY  Initial  

1.3 Related Documents

Document Name Revision Author

1.4 Governance Framework

This Governance Plan is a guidebook outlining the roles, responsibilities, and policies necessary to support the CONTOSO implementation of the SharePoint environment. It identifies lines of ownership for both business (system users) and technical teams (system maintainers), defining who is responsible for what areas of the system; and it establishes rules for the appropriate usage of the CONTOSO SharePoint environment within the CONTOSO organization


1.5 Audience

The audience for this document includes

  • Management
  • IT administrators
  • Site collection administrators
  • Site owners
  • Site developers
  • Users

SharePoint product and technical environment governance are not in the scope of this document and shall be governed in accordance with CONTOSO Platform Services policies

2.0 Governance Committee

2.1 Purpose

The purpose of the CONTOSO SharePoint governance committee is to develop and implement the set of policies, roles, responsibilities, standards and practices that govern how CONTOSO organizations and individuals use the CONTOSO SharePoint environment to accomplish CONTOSO business goals and objectives.

The members of the CONTOSOS SharePoint governance committee meet monthly to develop and update as necessary the vision, policies, and standards used to monitor CONTOSO organizational use of the SharePoint and to objectively measure the ongoing benefit that the SharePoint environment is delivering to CONTOSO.

The members of the CONTOSOS SharePoint governance committee develop and implement the classification strategy and information architecture used to capture and organize business information in the CONTOSO SharePoint environment.

The members of the CONTOSOS SharePoint governance committee devise and implement the education strategy for training CONTOSO members on the approved use of the SharePoint environment and promoting the adoption of the SharePoint environment to meet CONTOSO business objectives.


2.2 Membership

The members of the CONTOSO SharePoint Environment governance committee shall be comprised of the following:

  • One representative from CONTOSOS senior management, as designated by the senior management team
  • One representative from each CONTOSO department, as designated by each department’s head
  • One representative from the CONTOSO development team
  • Lead SharePoint farm administrator

2.3 Roles

The members of the CONTOSO SharePoint Environment governance committee shall select members among themselves to serve in the following roles

  • Chair: organizes meetings; sets meeting agenda in consultation with committee members
  • Secretary: captures meeting discussions; generates and issues monthly meeting reports; schedules meetings
  • Members: represent the needs and concerns of their respective CONTOSO departments

The lead SharePoint farm administrator performs in a purely advisory role to the committee and does not take part in setting committee agendas or voting on committee decisions.

3.0 Site Architecture

3.1 Site Types

The SharePoint Environment for CONTOSO consists of the following types of sites

  • CONTOSO Core Sites: are the root sites of a department site collection and are accessible by all CONTOSO organization members. Content for Core Sites will be available on a read-only basis for CONTOSO personnel, except for those few employees who maintain the content on those sites.
  • Division Team Sites: are those that are only read/write by those who are part of the department/division/team.
  • Project Sites: are those that employ project management components. They are based on a specific site template that has been customized to meet company requirements with project specific folder hierarchies and metadata.


3.2 Site Collections

CONTOSO has adopted a hierarchical architecture model, where each type of site is provisioned in a tiered manner. Individual site collections are provisioned for each CONTOSO department.


3.3 Use of Subsites in Site Collections

Subsites are allowed in this SharePoint Environment and can be created by Site Owners at their discretion in any site they own


3.4 Site Publishing Features

All CONTOSO sites will employ SharePoint Server publishing. This is to ensure that all sites have a consistent global navigation menu, which is one of the features SharePoint Server publishing. To accomplish this, site collection administrators must activate the SharePoint Server Publishing Infrastructure site collection feature for the site collection or collections they administer, and site owners must activate the SharePoint Server Publishing site feature for the site or sites they administer


4.0 Security

4.1 Roles

Security Roles defined by CONTOSO

Role Name Authority
SharePoint Farm Administrator
  • Has admin access to SharePoint Central Administration farm web interface
  • Has access to all the Site Collections
Site Collection Administrator
  • Has admin access to a given site collection only
Site Owner
  • Has admin access to a given site only
  • In the context of subsites, Site Owner is the owner (Administrator) of a given subsite
Site Designer
  • Has design access to a given site only
  • Can perform all duties of site owner aside from user administration
Term Store Group Manager
  • Has Admin Access to the Term Store Group for a specific department/project
  • Usually the same individual as the Site Collection Administrator for a given department
Content Owner
  • An owner of content for a specific department/team/project
  • Usually a department head or a project manager or a team member
  • Content Owners are not the same as Site Owners, although they could be
  • Content Owners do not need to be proficient in SharePoint
  • All the employees of CONTOSO who do not have any administrative roles or permissions as defined above
  • Usually has Read-only or Add/Edit/Delete content permissions on a given site


4.2 Security Model

CONTOSO has adopted an out-of-the-box security model for its SharePoint sites. The table below represents an overview and description of the various out-of-the-box security groups and permission levels

Security Group Permission_Level Authority
Farm Owner Farm The CONTOSO farm owner is the CONTOSO IT department head, who delegates farm administration to designated farm administrators.
Farm Administrator Farm The CONTOSO SharePoint farm administrator is determined and designated by the CONTOSO IT department head. The farm administrator can modify all farm settings; and can modify all content and settings for all site collections, sites and subsites.
Service Application Administrator Service application A service application administrator is determined by the farm administrator in consultation with the farm owner. A service application administrator may view farm settings but may only modify the settings of the service application that he or she is designated to administer.
Site Collection Owner Site collection A site collection owner is the corresponding CONTOSO department head, who delegates site collection administration to designated site collection administrators.
Site Collection Administrator Site collection A site collection administrator is determined and designated by the CONTOSO department head. The site collection administrator can modify all site collection settings; and can modify all content and settings for all sites in the site collection.
Site Owners Full Control A site owner is determined and designated by the site collection owner in consultation with the site collection administrator. The site owner can modify all site collection settings; and can modify all content and settings for all subsites of the site.
Site Members Contribute Can modify content for a site
Site Visitors Read Can view content for a site


Additional SharePoint security groups can be created at the discretion of a Site Owner or a Site Collection Administrator

4.3 Network Security Groups

CONTOSO maintains security groups in Active Directory that aggregate multiple organization departments and divisions. Membership in these network security groups is administered and constantly updated by the CONTOSO network administration team. Site owners and site collection administrators must implement network security groups when provisioning access to members of a department or division so as to minimize user access administration


4.4 Custom Permission Levels

While custom permission levels can be created by Site Collection Administrators, their use shall be avoided as much as possible. Site Owners and Site Collection Administrators must first utilize the out-of-the-box permission levels that currently exist. Custom permission levels can only be created by Site Collection Administrators under the following conditions

  • Custom permission levels are not allowed on Core Sites
  • Out-of-the-box permission levels cannot be altered. Any new permission levels must be separately created by a Site Collection Administrator
  • Any custom permission levels created must be brought to the attention of the Governance Committee, so they can be properly documented


4.5 Site Collection Administrators

Each site collection shall have a minimum of one (1) and a maximum of three (3) site collection administrators


4.6 Site Owners

Each site (and subsite) not inheriting its permissions from its parent site shall have a minimum of one (1) site owner


4.7 Sharing and Access Request Settings

Access request settings must be disabled for each site and subsite in each departmental site collection; and site owners are responsible for disabling this setting

Access requests for any SharePoint site resource must be submitted to the appropriate supervisor for review using a CONTOSO site access request form so as to track and document user permission changes


4.8 Subsite Security Inheritance

Subsite security inheritance is engaged in coordination with the site collection administrator


4.9 Item and Folder Level Security

Individual items in a document library or list can be configured with unique security settings independent of its parent list or document library. However, configuring item level security should be avoided. The reason being that individual item security settings are not immediately visible as there is no GUI that enables an administrator to quickly view and administer individual item security for a site. The security setting for an individual item is unique to that item, and thus if there are 30 different items in a document library each having unique security settings, there are 31 different security interfaces for that one list or library that must be administered (30 items + the list or library). Best industry practice is to avoid item-level security and instead create a new list or document library to contain those items that need security settings different from their parent list or library


5.0 Navigation

5.1 Overview

CONTOSO employs both global and current (local) navigation controls that employ structured or managed navigation methods


5.2 Global Navigation

Global navigation is the top navigation available on each site collection. It usually links the Site Collection with its subsites (if applicable) such as sites, links and pages. It is to be managed by the Site Collection Administrator only


5.4 Current Navigation

Current navigation (also called local navigation) is the navigation that appears on the left side of a Team Site. Quick Launch Navigation shall link to content specific to a given site. It is to be managed by the Site Collection Administrator or the Site Owner

6.0 Look and Feel

6.1 Site Templates

The following is a list of available site templates that have been approved by the CONTOSO SharePoint Governance Committee. The Site Template must be defined the when a new site is requested by the Site Owner.

Template Name Description Purpose
Team Site Out of the box traditional Team site template To be used for all organization sites and subsites
Project Site Out of the box traditional project template To be used for all projects


6.2 Site Theme

The CONTOSO SharePoint environment supports the deployment of packaged themes that implement a consistent look and feel for all sites and subsites in a site collection. Site collection owners may adopt any theme they choose for implementing branding. Themes may be developed internally, or they may be obtained commercially

Theme packages must be deployed in coordination with the CONTOSO SharePoint farm administrator to ensure that all theme components are successfully deployed, some of which may need to be deployed to individual SharePoint farm servers

Themes deployed to a site collection must be implemented by all sites and subsites in the site collection so as to ensure a consistent look and feel to the organization’s site collection


6.3 Custom Branding

Site collection owners may opt to use a commercial or custom branding solution for their site collections. When doing so, site collection owners must deploy these solutions in coordination with the CONTOSO SharePoint farm administrator to ensure that all theme components are successfully deployed, some of which may need to be deployed to individual SharePoint farm servers. Additionally, commercial or custom branding solutions deployed to a site collection must be implemented by all sites and subsites in the site collection so as to ensure a consistent look and feel.


  • SharePoint site branding and page customization solutions
  • SharePoint development and design tools and practices

6.4 Master Page Templates

Site collection owners may implement branding through customization of the site collection’s master page. When this branding method is implemented, the site collection owner and administrator must ensure that the master page is implemented for all sites and subsites in the site collection so as to ensure a consistent look and feel for the organization’s site collection


7.0 Taxonomy and Metadata

7.1 Metadata Types

CONTOSO employs several types of metadata available to its SharePoint Environment

  • Global Metadata: metadata that is consistent and reusable among various site collections, lists and libraries. CONTOSO makes available global term sets that are available across all departmental site collections. Departments also have the option of having term sets that are available across all sites in the department’s site collection. All global metadata is to be defined in the Term Store. All Local Metadata can be defined either in the Term Store or locally at the site/list/library level.
  • Local Metadata: metadata that is unique to a particular site, list or library and is not repeatable or reusable among other sites, lists or libraries
  • Enterprise Keywords: stored in a single non-hierarchical term set called a keywords term set


7.2 Global Metadata Term Sets

CONTOSO implements several global term sets that maintain taxonomies to be used across all departments in the CONTOSO organization, including

  • Department and project names
  • CONTOSO satellite locations
  • Document types


  • tbd

7.3 Department Term Sets

Each CONTOSO department has the option of implementing one or more global term sets to maintain taxonomies and folksonomies that need to be available to all sites in the department’s site collection. All of a department’s term sets are maintained in a term set group that is administered by a designated department staff person, who may also be the department’s site collection administrator. The term sets of one department can only be accessed and employed by that department. Department’s are responsible for administering their own global term sets in consultation with the CONTOSO SharePoint farm administrator

At the discretion of the department, departmental users may also create and implement local term sets to meet the needs of specific sites, lists or libraries within the department’s site collection


7.4 Enterprise Keywords

Enterprise keywords is a form of global metadata in that the enterprise keywords term set is available to all site collections across the farm. It is a shared term set in that keywords created by users in one site collection are available to users of another site collection.  


7.5 Term Store Access

Access levels to the Term Store are presented below:

Role Name Authority
SharePoint farm administrator
  • Can Add/Edit/Delete any groups/term sets/terms, including Global Terms
  • Can assign group permissions
Site Collection Administrator
  • Can Add/Edit/Delete department-specific term sets/terms
  • Read-Only access to all other terms and term sets
Site Owner
  • Add/Edit/Delete access to the department-specific metadata at the discretion of a site collection administrator
  • Read-Only access to all terms and term sets


  • tbd

7.6 Use of Folders and Metadata

Site Owners have the option to employ folders and metadata on their sites in consultation with their department management to help ensure that end users have a consistent experience


  • tbd

8.0 Retention and Deletion

8.1 Overview



8.2 Content Retention Policy

All content within the SharePoint environment is to be retained indefinitely, unless deleted by the users of the site. CONTOSO does not employ any retention or disposition review policies of content. All content is to be retained indefinitely by default. 


8.3 Site Retention Policy

All sites within the CONTOSO environment must be retained indefinitely, unless specifically asked to be removed by the Site Owners. Any site with 180 days of inactivity will be “flagged” for the review and will be deleted if agreed by the Site Owner and the Governance Committee.


9.0 Integration

9.1 Overview

The CONTOSO SharePoint environment supports multiple integration methods, including sandbox solutions, provider-hosted add-in solutions,, and client-side scripting.  


9.1 Farm Solutions

The CONTOSO SharePoint 2016 environment does not support farm solutions involving custom managed code that runs on SharePoint servers. Site collection and site owners needing to deploy managed code solutions must deploy them using the SharePoint Add-in solution deployment model.


9.2 Sandbox Solutions

Site Collection owners and administrators, in coordination with SharePoint farm administrators, may deploy no-code sandbox solutions (NCSS) containing only declarative markup and JavaScript to their site collections.  


9.3 Provider Hosted Add-in Solutions

Site collection owners and administrators, in coordination with SharePoint farm administrators, may integrate their site collections with provider-hosted add-ins.


10.0 Training

10.1 User 

CONTOSO organization user training is provided by the respective organization.


  • tbd

10.2 Site Collection Administrator



  • tbd

10.3 Farm Administrator



  • tbd