There are a host of governance categories that need to be addressed as you build your information management strategy.
Content governance addresses how content is created, controlled, managed, and identified through the use of metadata, permissions, and templates.
Content governance is probably the most important of all the governance categories. It is concerned primarily with efficiently managing work-in-progress content and records in a consistent manner in order to comply with internal policies and regulations – including litigation-related needs. Content governance controls are designed to ensure consistency across the organization.
Still another perspective is to recognize that content has a lifecycle within the organization. The same document, or piece of content, can change from draft, to active, to archived, to expired. The actions that can be performed on that content will change from one stage of the lifecycle to the next. Combinations of the above approaches are used to ensure consistency of creation, management, and retention of both work-in-progress content as well as records.
[Note: A free briefing paper is available from AIIM -- Automating ERM with SharePoint.]
Classification governance addresses content structure and content organization within the enterprise. Classification governance also includes content type definitions, and taxonomy and term management.
Classification governance is primarily concerned with how content is organized. The objectives of classification governance are threefold: first, to create classification structures; second, to organize content according to those structures using metadata; and third, to ensure that those classification structures remain consistent over time.
Functional governance addresses what users and administrators can use or configure. Functional governance is controlling the capabilities that are made available to users by authorized individuals. This control is exerted over administrators as well as end users. Functional governance includes things like whether or not administrators can create new sites or create content types and metadata within a site. It also includes whether or not users can take a web part and publish it for others to use or have access to web parts that others have created.
Security governance is primarily concerned with the organization and the assignment of specific permissions to users and groups.
Security governance is closely tied to the other areas of governance, since it is the manner in which security is applied that ultimately determines which users have access to sites, pages, web parts, administrative functions, and content
As with the other governance categories, the desired effect is to balance the benefit of a granular security model approach with the cost of maintaining that model.
Retention governance addresses the retention duration of documents and records. This is achieved through consistently applying metadata, information management policies and records centers. Retention governance is what controls the conditions and duration that content is retained.