Should you always follow all the rules? Any SharePoint developer, architect or administrator will tell you that there’s often a bit of a gap between the theory of the governance rules you’re supposed to follow and the reality. If you’re too busy, if other projects get in the way or you’re simply understaffed, it can be tempting to ignore certain processes.

And you know what? That’s not always the end of the world. Of course, ideally, everyone would maintain and manage their SharePoint environments in the safest, most secure way possible. But we don’t live in an ideal world, and SharePoint gives professionals some flexibility when working with the platform – in certain respects. That’s the key point, SharePoint governance, just like the platform itself, is quite flexible and lets you cut corners in some areas.

Word of warning: although the rules are flexible, if you bend them too far, SharePoint might break!

For our 2016 State of SharePoint and Office 365 Development survey (which you can view here), 1,200 professionals told us how they are working on and developing the platform. One of the key areas in this topic is around methods for the governance of SharePoint.

A pragmatic approach to governance

So, what did people tell us? Well, we got some interesting responses. First and foremost, we discovered that while most people do have a governance plan in place for their customizations, there are a lot who don’t:

As the chart shows, 35% of companies simply don’t have a governance plan in place. That seems like a lot – so is this a problem? As this TechTarget article explains, the answer is: it kind of depends. If your customizations are basic – things like custom views on SharePoint lists and libraries – then having a full-blown governance plan actually isn’t really necessary. On the other hand, if your customizations include complex workflows with custom code or company specific web parts, you’ll want a much clearer plan. So, it all depends on context.

What about SharePoint as a whole? Are people governing the platform according to defined rules, or are things a little more haphazard?

Now, these results are a little more problematic than the previous question. It seems like most companies have some kind of governance in place (although 10% have none), yet actually, a lot of the time this governance is not that well-structured. Most companies depend on manual processes which, while effective in theory, are more likely to result in mistakes. It’s good to see that a lot of companies have implemented more rigorous frameworks and processes, but it would be good to see more community members doing this more consistently.

Again, this chart shows that while most respondents use at least one content governance tool (Sharegate, Metalogix and AvePoint are the most popular), there are still a lot—just over a third—who have none at all. Again, as with the question about customization governance, we need to ask if this is, in itself, a bad thing.

The answer depends entirely on your organization and the kinds of content you hold. For instance, a company that manages large amounts of extremely sensitive healthcare information would really benefit from having backup content management tools. On the other hand, SharePoint’s in-built governance features are usually enough for the majority of companies, so using a governance tool isn’t always necessary.

What about the way people analyze their customizations? Code analysis is very important if you’re introducing complex web parts or add-ins as it can reveal problems in your code that can cause major damage:

Looking at these results, there are a couple of important points to take away. First, a lot of companies simply aren’t using any code analysis tools for their customizations. This isn’t necessarily a bad thing. As outlined above, a lot of customizations are ‘no-code’ changes to features like page views. Nonetheless, it seems that a worryingly high number of respondents are not testing customizations against best practice rules, and that can result in people breaking their environments.

A second and more serious discovery is that 19% of respondents are still using SPDisposeCheck. As Matthias Einig, our CEO, explained in a blog post after the 2015 report, that tool is broken and, if you continue to use it, you’re putting your environment at risk. So stop using it!

Know when to play by the rules

As we stated at the beginning of this post, following the SharePoint ‘best practice’ rule book requires a little…interpretation. In an ideal world, SharePoint professionals would be able to do every time. Yet as we know, in reality that’s not always possible. However, while there are some rules which you can take a flexible approach to, there are others which you really should never avoid. So, how do you compare to the rest of our survey respondents?

For your comprehensive overview of how IT Pros and experts in the community are using Office 365 and SharePoint, download your free copy of the 2016 report today.

Matthias Einig
Rencore CEO & Microsoft MVP