SharePoint Site Collection Guidelines and Best Practices
This article applies to: Office 365 Productivity Bundle
Cornell's SharePoint Online environment, part of the University's Office 365 offerings from Microsoft, has three major levels of administration:
The tenant is highest level of administration that the university has over SharePoint Online, and contains everything in Cornell's SharePoint Online. High-level settings are administered by CIT in consultation with the Cornell SharePoint Online Advisory Group. There is only one tenant for Cornell University.
A Site Collection is an administrative space in which a college, division, unit, or other group can maintain settings and parameters suited to their operational and organizational needs. Site collections are often administered by IT Service Group Directors or their designates. There can be many site collections in Cornell University's SharePoint Online tenant. Support for Site Collection Administrators is provided by CIT and escalated to Microsoft when needed.
A site is a space created for and assigned to a user or a group of users by the Site Collection Administrator for their college, division, or unit. There can be many sites in each site collection. Support for a site is provided by the appropriate Site Collection Administrator. Questions received by the IT Service Desk will be referred to the Site Collection Administrator for that unit, or if the unit doesn't have a site collection yet, the query will be forwarded to the IT Service Group Director for the unit for awareness of the level of interest and demand for the service.
Guidelines for Site Collections
IT Service Group Directors, their equivalents, and their designates for the purposes of administering SharePoint site collections may request a site collection by contacting the IT Service Desk Level 2 TSP support. By making this request, you indicate that you understand and agree to the guidelines below outlining the partnership between the central IT organization and campus for SharePoint site collections.
Site Collection Administration Responsibilities
- Designate a local technical staff person or persons for role of SharePoint site collection administrator. A primary and secondary administrator are recommended, at minimum.
- Provide end user support for your site collection(s).
- Use the TSP Service Desk for level 2 and level 3 support, with the unit Site Collection Administrator creating the case.
- Store only data that is not confidential and not subject to regulation.
- Implement SharePoint Global Best Practices as determined by the SharePoint Advisory Group, unless there is a business case for divergence.
- Participate in the Site Collection Administrators Group.
- Contribute to development of IT procedures, documentation and communication.
- Contribute to development of best practices for Site Collection Administrators.
- Share your experiences and your perspective on how effective particular uses of SharePoint are.
Central IT Organization Responsibilities
- Provide information, documentation, and resources for Site Collection Administrators and as appropriate for other roles, such as site owners.
- Coordinate communication, feedback, and support mechanisms, such as meetings, updates, and discussion.
- Direct Remedy cases submitted to the TSP Service Desk by general users to the appropriate Site Collection Administrator.
- Resolved Remedy cases submitted to the TSP Service Desk by Site Collection Administrators, either by solving the issue or escalating to Microsoft, when needed.
- Revise SharePoint documentation based on Site Collection Administrator experiences.
Global best practices
The following are Cornell's SharePoint Global Best Practices as determined by the SharePoint Advisory Group. SharePoint site collections should follow these best practices unless there is a business case for divergence.
An "About" link should be included on each site collection that lets users know what the best practices are for that unit/site. Standard content will be provided centrally and will be based on input from the SharePoint Advisory Group. Individual site collection administrators will have the option to modify this content to fit their specific needs. The About page will include information on how users may obtain support. The About page should be open to everyone using a standard convention for the link name:
All sites must adhere to University policy pertaining to data security. Currently, SharePoint Online cannot be used to store confidential data as defined in University policy 5.10, Information Security.
Follow the Principle of Least Privilege: Give people the lowest permission levels they need to perform their assigned tasks.
Avoid granting permissions to individuals, instead work with either SharePoint or Active Directory groups.
When using SharePoint groups give people access by adding them to standard, default groups (such as Members, Visitors, and Owners). Make most people members of the Members or Visitors groups, and limit the number of people in the Owners group.
Use permissions inheritance to create a clean, easy-to-visualize hierarchy. Where possible, have subsites simply inherit permissions from your team site, rather than having unique permissions.
Organize your content to take advantage of permissions inheritance: Consider segmenting your content by security level—create a site or a library specifically for sensitive documents, rather than having them scattered in a larger library and protected by unique permissions.
Use reference groups to grant access to all staff, faculty, and students.
Carefully review any use of the SharePoint group "Everyone" for granting access. This group includes any user who can authenticate with a NetID to Active Directory, including alumni, retirees and service accounts (holding IDs). Do not use Everyone to grant edit privileges.
Certain factors will determine whether a new site collection should be created, as opposed to a site within the same collection. Considerations that apply include, but may not be limited to:
If the function spans multiple departments or units, a new site collection is probably appropriate.
If the function is contained within one department or unit, a new site collection will be created if a valid business reason is presented.
An option for parallel development and/or test sites will be available to requesters.
Each site collection administrator should maintain good taxonomy documentation.
Site Level Branding/Graphic Design
Sites will use the Cornell branding standards established by University Communications. Templates will be provided for the initial deployment but branding may be applied globally when the feature becomes available in Office 365. The SharePoint Advisory Group, in collaboration with other stakeholders, will determine how centralized branding will be applied.
Site collection administrators should familiarize themselves with best practices for new site creation to avoid pitfalls of having too few or too many. Consider mapping the entire site collection on paper before creating sites.
Site collection administrators should develop and document a process for retiring (removing) unused sites and documents. The site collection administrator should turn on the Site Collection Audit feature which will provide data for identifying candidates for retirement. On an annual basis the central IT organization will ask site collection administrators to attest to completion of this audit.
OneDrive for Business
OneDrive for Business may be used as a personal document repository, or for documents with low business impact, similar in function to the storage on a computer or device used by faculty and staff to do university business, or to the storage on a student's personal computer or device. Site collection administrators should be prepared to advise their users about use cases where SharePoint is the appropriate solution as opposed to OneDrive for Business.