{"id":7914,"date":"2021-11-01T08:21:05","date_gmt":"2021-11-01T08:21:05","guid":{"rendered":"https:\/\/www.insentragroup.com\/gb\/insights\/uncategorized\/information-architecture-part-2-how-should-we-go-about-defining-one\/"},"modified":"2024-10-09T03:46:42","modified_gmt":"2024-10-09T03:46:42","slug":"information-architecture-part-2-how-should-we-go-about-defining-one","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/gb\/insights\/geek-speak\/secure-workplace\/information-architecture-part-2-how-should-we-go-about-defining-one\/","title":{"rendered":"Information Architecture &#8211; Part 2: How Should We Go About Defining One?"},"content":{"rendered":"\n<p>In&nbsp;Part 1 <a href=\"https:\/\/www.insentragroup.com\/gb\/insights\/geek-speak\/secure-workplace\/what-is-information-architecture-and-why-do-you-need-it\/\" target=\"_blank\" rel=\"noreferrer noopener\">What is Information Architecture and Why Do You Need It<\/a> of this blog&nbsp;series,&nbsp;I&nbsp;explained&nbsp;what information architecture is&nbsp;and&nbsp;(hopefully) provided some basic&nbsp;pointers&nbsp;and underlying&nbsp;principles of why&nbsp;an organisation should think about developing&nbsp;one.<\/p>\n\n\n\n<p>Here&nbsp;I want to expand on the subject&nbsp;and&nbsp;cover how to go about creating an information architecture for&nbsp;Microsoft 365 (and particularly SharePoint Online).&nbsp;<\/p>\n\n\n\n<p>As a starting point, it is important to remind ourselves&nbsp;information architecture&nbsp;should&nbsp;provide&nbsp;a&nbsp;flexible yet intuitive&nbsp;plan for&nbsp;such elements as data locations, applications, features, functionality, business processes and activities (based on business requirements).&nbsp;&nbsp;<\/p>\n\n\n\n<p>The remainder of this blog will aim to&nbsp;provide some&nbsp;suggested&nbsp;insights into&nbsp;how to approach this.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/www.insentragroup.com\/gb\/wp-content\/uploads\/sites\/20\/2022\/02\/Neil_W_W_insentra_blog_11012021_img_1.jpg\" alt=\"\" class=\"wp-image-8499\" width=\"610\" height=\"374\"\/><\/figure><\/div>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>BUSINESS FOCUS<\/span><\/h3>\n\n\n\n<p>One of the key things to remember is an information architecture (though initially often created by IT or by a limited set of stakeholders) must incorporate the needs of the entire business.<\/p>\n\n\n\n<p>This cannot be stressed enough as many organisations forget and, as a result, user adoption and usability suffer.<\/p>\n\n\n\n<p>The people involved in the exercise will ideally have some expertise or experience in the following disciplines:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Setting out clear goals and outcomes<\/li><li>Guiding and defining use cases<\/li><li>Facilitating communication and feedback<\/li><li>Some Microsoft 365 and SharePoint Online experience<\/li><\/ul>\n\n\n\n<p><strong>Note<\/strong>: This activity shouldn\u2019t involve asking business stakeholders which SharePoint features they require, it is much deeper and requires some planning and thinking around work modelling and <a href=\"https:\/\/www.insentragroup.com\/gb\/services\/advisory-services\/\" target=\"_blank\" rel=\"noreferrer noopener\">building consensus regarding requirements<\/a> (e.g., use cases).<\/p>\n\n\n\n<p>Some further considerations are provided as follows:<\/p>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>WHAT IS THE GOAL? THINKING SHORT AND LONG TERM\u2026<\/span><\/h3>\n\n\n\n<p>Understanding and being clear about the goal of information architecture is an absolute must if you are to be able to define one which is fit for purpose, understandable and adaptable.<\/p>\n\n\n\n<p>For this blog (and in general), the goal is to document your organisation&#8217;s current taxonomy (some organisational lingo) and incorporate data and security policy as well.<\/p>\n\n\n\n<p>The desired outcome from this is a design incorporating a series of statements and concepts (typically captured in a document or set of documents) to assist you in making decisions, setting and enforcing policies and enabling you to configure your SharePoint and Microsoft 365 environment accordingly.<\/p>\n\n\n\n<p>See below for an example of what this could look like:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.insentragroup.com\/gb\/wp-content\/uploads\/sites\/20\/2022\/02\/Neil_W_W_insentra_blog_11012021_img_2.jpg\" alt=\"\" class=\"wp-image-8500\"\/><\/figure><\/div>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>WHY DO ORGANISATIONS OFTEN FIND THIS DIFFICULT AND WHY DOES IT GET OVERLOOKED? <\/span><\/h3>\n\n\n\n<p>The definition of an Information Architecture requires a range of skill sets which are mostly very different from the typical IT skills of technical infrastructure and application specialists. It requires an understanding of such areas as library science, facilitation and domain (e.g., Local Government, Not for Profit, Housing etc.) knowledge.<\/p>\n\n\n\n<p>When you consider the types of information created daily by varying worker types, understanding how information is created, stored and shared is critical as this will drive classification requirements.<\/p>\n\n\n\n<p>Leveraging classification helps to drive organisational initiatives and aids in reducing security related incidents, however the outcome from such an undertaking depends on how your organisation views the value of its information, how well it complies with regulatory guidelines (or needs to), how well it passes audits successfully and its ability to leverage its information assets.<\/p>\n\n\n\n<p>The complexity of the undertaking is compounded when you introduce cloud technologies because now the organisation has numerous ways and locations for storing data on a service which is outside the organisational firewall boundary \u2013 and this also introduces additional considerations including data protection risks.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.insentragroup.com\/gb\/wp-content\/uploads\/sites\/20\/2022\/02\/Neil_W_W_insentra_blog_11012021_img_3.jpg\" alt=\"\" class=\"wp-image-8503\"\/><\/figure><\/div>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>SO HOW DO YOU GET STARTED?<\/span><\/h3>\n\n\n\n<p>To make this as simple and straightforward as possible (given the challenges I\u2019ve already outlined above), I have set out 5 simple steps which I have and continue to use to help organisations begin to define an initial information architecture for SharePoint and Microsoft 365.<\/p>\n\n\n\n<p>It is safe to assume several workshops will be required to discuss these topics and progress these steps, each requiring some initial planning and agreement over objectives and topics.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.insentragroup.com\/gb\/wp-content\/uploads\/sites\/20\/2022\/02\/Neil_W_W_insentra_blog_11012021_img_4.jpg\" alt=\"\" class=\"wp-image-8505\"\/><\/figure><\/div>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>STEP 1<\/span><\/h3>\n\n\n\n<p>Bring a team together consisting of people with the requisite skill sets or business understanding e.g., information architecture, technical infrastructure, project coordination, communications and business representation.<\/p>\n\n\n\n<p>If your organisation is smaller this team may only consist of an Office 365 Administrator, Project Sponsor and a couple of representatives from each business area.<\/p>\n\n\n\n<p>If your organisation is larger or more complex, the team might consist of the following roles:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>SharePoint SME or Microsoft 365 Product Manager<\/li><li>Records Manager<\/li><li>Compliance Officer<\/li><li>Security Officer<\/li><li>Plus, several representatives from each business or functional area or service management team (operations teams and or service providers)<\/li><\/ul>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>STEP 2<\/span><\/h3>\n\n\n\n<p>Review your organisation&#8217;s security policy and understand how it applies to creating, using, protecting and disposing of information \u2013 location, tagging, permissions and data ownership.<\/p>\n\n\n\n<p>This information can be collected from a couple of sources such as the Security team (who should be able to provide data security guidelines and or policy documents and control plans). Auditor reports may also be useful (if they are made available) as they provide insight regarding how your environment scores from an Auditors perspective and more importantly, highlight area of improvement to be included in your architecture.<\/p>\n\n\n\n<p><strong>Note<\/strong>: In general, auditors dislike the distributed permission controls within platforms such as SharePoint and the lack of ongoing data scanning and policy enforcement (they prefer everything to be described under a \u2018control plan\u2019 &#8211; more on this later) and often view SharePoint as a \u2018black hole\u2019.<\/p>\n\n\n\n<p>This is an area where more focused tools and applications can really help.<\/p>\n\n\n\n<p>In particular, Insentra recommends the <a href=\"https:\/\/www.torsionis.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Torsion Information Security<\/a> suite, which provides a powerful, intuitive and comprehensive set of user tools and applications to (amongst other things) enable users to make it easy to prove they&#8217;re in control of exactly who has access to sensitive data, and everyone\u2019s access to a document is appropriate.<\/p>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>STEP 3<\/span><\/h3>\n\n\n\n<p>Review your organisation&#8217;s data policy and get a clear understanding of how the policy applies to retaining information, tagging and classification.<\/p>\n\n\n\n<p>This information can be collected from the Records Management team (who should be able to provide data protection and retention guidelines and or policy documents and control plans).<\/p>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>STEP 4<\/span><\/h3>\n\n\n\n<p>Work with representatives from key business areas to understand the data, content, documents, applications, and people etc. they work with to get their jobs done.<\/p>\n\n\n\n<p>This exercise should be conducted with several key business areas and departments initially and then refined as an ongoing activity by working with department SMEs across the remainder of the business.<\/p>\n\n\n\n<p>For example, when thinking about corporate information the following questions come to mind:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>What information does the business collect and how is it used?<\/li><li>How much of it is stored and where?<\/li><li>Why is it kept?<\/li><li><a href=\"https:\/\/www.insentragroup.com\/gb\/insights\/geek-speak\/modern-workplace\/torsion-who-has-access-to-what-and-should-they-get-control-be-ready-for-anything\/\" target=\"_blank\" rel=\"noreferrer noopener\">Who has access to it and why<\/a>?<\/li><li>For how long do they need access?<\/li><\/ul>\n\n\n\n<p>Here are some more focused questions to help, it is worth keeping in mind, it may be necessary to enlist the skills\/ services of someone who has done this successfully before:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>What are all the different types of data and how are they classified?<ul><li>Do data owners exist for each data type or aggregated data collection?<\/li><\/ul><\/li><li>How is data obtained? From whom? Why?<ul><li>What are the associated business processes and or tasks?<\/li><\/ul><\/li><li>What format is the data in? Applications? Documents? Staff contact details.<\/li><li>How is data shared? With whom? Why?<ul><li>What are the associated business processes and or tasks?<\/li><\/ul><\/li><li>What are the business information availability requirements? Why?<\/li><li>What confidentiality, integrity and availability requirements apply?<\/li><li>What is the legal environment surrounding the organisation\u2019s industry and the data it uses?<\/li><\/ul>\n\n\n\n<p>What issues has the organisation experienced in the past?<\/p>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>STEP 5<\/span><\/h3>\n\n\n\n<p>Create a draft baseline information architecture design<\/p>\n\n\n\n<p>When you have completed steps one through four (as at least a first pass exercise), the information architecture for the SharePoint and\/or Microsoft 365 environment(s) should be documented to include the environments\u2019 purpose (e.g., OneDrive for Business for peer-to-peer sharing and collaboration, SharePoint sites for internal team document management, Microsoft Teams for internal and external team collaboration or business partner collaboration etc.)&nbsp; &#8211; per the example provided above.<\/p>\n\n\n\n<p>The initial design should include logical structures for each type of data, activity and location and should detail the purposes and audiences for each specific area.<\/p>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>DON\u2019T FORGET GOVERNANCE!<\/span><\/h3>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/www.insentragroup.com\/gb\/wp-content\/uploads\/sites\/20\/2022\/02\/Neil_W_W_insentra_blog_11012021_img_5.jpg\" alt=\"\" class=\"wp-image-8508\"\/><\/figure><\/div>\n\n\n\n<p>Every information architecture definition should incorporate requirements for a baseline governance framework, detailing the information architecture maintenance roles and activities including the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Data owners<\/li><li>Provisioning<\/li><li>Exception handling<\/li><li>Breach management<\/li><li>Security monitoring (site security and data scanning)<\/li><\/ul>\n\n\n\n<p>It should also reference how any enforcement of governance policies and reporting will be handled so the organisation has a clear understanding and agreement about how the environment will be governed (in order to effectively steer and enforce the agreed Information Architecture).<\/p>\n\n\n\n<p>This should also highlight any unresolved risks (where feasible) which have not been addressed and assign ownership of these risks to an executive sponsor whose mandate is to comply with data policies and maintain the end-user experience.<\/p>\n\n\n\n<h3 style=\"padding-bottom: 15px; margin-bottom: 30px; margin-top: 40px; border-bottom: 1px solid #f16020;\"><span>IN SUMMARY<\/span><\/h3>\n\n\n\n<p>It\u2019s important to note an Information Architecture will evolve over time, refining it is very much an iterative process. As they say, you can\u2019t boil the ocean and if you try, it will be a frustrating and unsuccessful experience. Hence the need for a diverse team and securing executive sponsorship is critical. Most of the organisations I have worked with often start with the technical implementation of SharePoint and Microsoft 365 and lose sight of the user experience from an information and content perspective until much later.<\/p>\n\n\n\n<p>This can still work, however, there is additional effort involved in unpicking what has already been deployed.<\/p>\n\n\n\n<p>And finally\u2026.<\/p>\n\n\n\n<p>What\u2019s the use of a highly available, flexible environment if the content is hard to find and is of little or no relevance to the business?<\/p>\n\n\n\n<p>This will be covered in <a href=\"https:\/\/www.insentragroup.com\/gb\/insights\/geek-speak\/secure-workplace\/information-architecture-part-3-supporting-user-adoption\/\" target=\"_blank\" rel=\"noreferrer noopener\">Information Architecture \u2013 Part 3: Supporting User Adoption<\/a> of this series: \u201cHow to use Information Architecture to support user adoption in Microsoft 365 and SharePoint\u201d.<\/p>\n\n\n\n<p>For more information <a href=\"https:\/\/www.insentragroup.com\/gb\/services\/microsoft-fasttrack\/teams-governance-start-your-journey-today\/\" target=\"_blank\" rel=\"noreferrer noopener\">Governance in Microsoft Teams<\/a>, check out our <a href=\"https:\/\/www.insentragroup.com\/gb\/services\/microsoft-fasttrack\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft FastTrack services<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In\u00a0Part 1 of this blog\u00a0series,\u00a0I\u00a0explained\u00a0what information architecture is\u00a0and\u00a0(hopefully) provided some basic\u00a0pointers\u00a0<\/p>\n","protected":false},"author":131,"featured_media":7925,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[54,251,55,56,57,58,59,60,61,62,63],"class_list":["post-7914","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","tag-advisory-services","tag-document-management","tag-information-architecture","tag-information-protection","tag-it-consulting","tag-it-security","tag-microsoft","tag-microsoft-365","tag-records-management","tag-sharepoint-online","tag-torsion","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/7914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/131"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=7914"}],"version-history":[{"count":9,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/7914\/revisions"}],"predecessor-version":[{"id":7945,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/7914\/revisions\/7945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/7925"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=7914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=7914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=7914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}