Aura - Title

color	#0073a4
textAlign	left
fontSize	28
lineHeight	28
cloudText	Demo Title
tag	h1
fontWeight	bold

SharePoint: Requesting External Sites

Aura - Divider

serializedStyles	{"alignment":{"horizontal":"start"},"icon":{"name":"faPaperPlane","color":"#333","size":24},"text":{"color":"#333","fontSize":14,"textAlign":"left","fontWeight":"bold","text":"Aura Divider"},"border":{"top":false,"right":false,"bottom":true,"left":false,"color":"#0073a4","style":"solid","width":2},"size":{}}
type	regular

Info

icon	false

NYSERDA uses an external-facing SharePoint site as a secure web-based collaboration platform. With this platform, files can be shared with NYSERDA staff, external stakeholders, as well as with inter-agency personnel who require access to perform their specific job duties. Sharing files or information that contain classification ratings of Low, Moderate, or High are subject to NYSERDA's Data Classification and Security Controls Policy.

This page outlines the process involved in requesting a new external SharePoint site. Click each step below to review the complete process and all steps involved. If you have questions or issues with any part of this process, please reach out to the Data Governance Office (part of IT) for further support.

UI Expand

title	Roles & Responsibilities

Excerpt Include

	DGOV:Information Asset Identification Worksheet Process
	DGOV:Information Asset Identification Worksheet Process
nopanel	true

Aura - Tab Group

settings

{"generalSettings":{"tabSpacing":0,"tabWidth":100,"tabHeight":40,"direction":"horizontal"},"activeSettings":{"backgroundColor":{"color":"#002d72"},"text":{"fontSize":16,"color":"#ffffff","textAlign":"left","fontWeight":"normal"},"border":{"top":true,"left":false,"right":false,"bottom":false,"width":2,"style":"solid","color":"#002d72"}},"inactiveSettings":{"backgroundColor":{"color":"#f4f5f7"},"text":{"fontSize":16,"color":"#5e6c84","textAlign":"left","fontWeight":"normal"},"border":{"top":true,"left":false,"right":false,"bottom":false,"width":2,"style":"solid","color":"#002d72"}},"contentSettings":{"backgroundColor":{"color":"#fff"},"padding":{"top":10,"right":10,"bottom":10,"left":10},"border":{"style":"solid","width":2,"top":true,"bottom":false,"left":false,"right":false,"color":"#002d72"}},"hoverSettings":{"backgroundColor":{"color":"#0073a4"},"text":{"fontSize":18,"color":"#ffffff","textAlign":"left","fontWeight":"normal"},"border":{"top":true,"left":false,"right":false,"bottom":false,"width":2,"style":"solid","color":"#002d72"}}}

tab

1

Aura - Tab

title	1. Outline Requirements

1. Outline Requirements

Info

icon	false

Outlining requirements is an

Panel

borderColor	#d87b41
bgColor	#fbf2ec
borderStyle	solid

Procedure

Panel

bgColor	#f0f0f0
borderStyle	solid

Introduction

Outline Requirements

Expand

title	learn more...

Outlining requirements is an extremely

important first step in the process of establishing a new

External

external SharePoint site. IT

and

, Data Governance, and Legal will rely largely on these requirements when building

the

a site but will reach out to you if they have questions

during implementation

Who will require access to the site and what level of access should they be given?

What will be the name of your new site?

. To that end, the more detail you provide regarding how the site will be used, the type of data that will be shared, and by whom, the easier the implementation will be.

Provide as much clarity on what you know at the time. While it is possible to re-work sites, and change components and names, it is not a recommended practice. Re-working sites can be time consuming, and possibly confusing when dealing with permission groups, and may pose issues for users who frequent your site. It may also require removing all external stakeholders from permission groups only to re-add them again so external stakeholders can receive updated links

UI Steps

size	small

UI Step

Project Lead Responsibilities

What is the

purpose and goal of your new site?

UI Step
Do you currently have a site this new site will be aligned to? If so, what is the name and URL for your existing parent site?

UI Step

Expand

title	information table

Permission Group Identifier

Access Level Provided

Definition

Project Leads

Administer

Provides access to add and remove members from permission groups assigned to sites, sub-sites, document libraries and lists. Should only be assigned to users who will need to manage and maintain access to all site and site components. This access also provides all the access listed below as well.

Members

Contribute

Provides access to upload and delete document from document libraries as well as add, edit and delete list items. This access also provides all the access listed below.

Visitors

Read

Provides view only access to sites, sub-sites, document libraries and lists including the ability to download documents.

UI Step

Warning
While it is possible to change the names of sites and site components, it is not recommended. Be sure to think thoroughly through what the name of the site will be as changes, while possible, can have some negative downstream impacts to users who frequent your site.

Document Requirements

Expand

title	learn more...

UI Steps

size	small

UI Step

Complete a Data Classification Form utilizing your requirements outline. Reference the Data Classification and Security Controls Policy as needed.

Expand

title	information table

Field NameRequiredPurpose and RequirementsVerified ByNoDo not use this field. It is used by Data Governance to manage the form review process.DateNoDo not use this field. The current date will always populate.Name of Data or Information being classifiedYesEnter the name of data or information that will be classified. There are some examples listed below this field if needed as a reference point.Data TypeNoData can be classified as a group or by attribute. When classifying data by attribute, a complete list of all data attributes must be attached. Select the most appropriate option from the drop-down menu.Data OwnerNoThis is the Director or Manager accountable for the data. This field is connected to NYSERDA's active directory.RequestorYesPerson completing this form. This field is connected to NYSERDA's active directory.Department within NYSERDA where data residesNoSelect the Program Name from the drop-down menu.LocationNoSelect your Office Location from the drop-down menu.Data SourceNoDocument where the data comes from, i.e. Sales Force, Excel Spreadsheet, NEIS, etc.Section 1: Personal, Private and Sensitive Information (PPSI).NoRefer to the question listed on the form associated with this field and choose the most appropriate option from the drop-down menu that answers the listed question.Select one of the following based on what describes your data the bestNoSelect the most appropriate option from the drop-down menu reflecting your answer to the disclosure listed below this field.Section 1: Question 1 CommentsNoEnter any relevant comments that relate to your selection for the Section 1: Question 1 field.Section 2: New York State Data Classification Mandated Question 1NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 2: Question 1 CommentsNoEnter any relevant comments that relate to your selection for the Section 2: New York State Data Classification Mandated Question 1 field.Section 2: Question 2NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 2: Question 2 CommentsNoEnter any relevant comments that relate to your selection for the Section 2: Question 2 field.Section 2: Question 3NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 2: Question 3 CommentsNoEnter any relevant comments that relate to your selection for the Section 2: Question 3 field.Section 2: Question 4NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 2: Question 4 CommentsNoEnter any relevant comments that relate to your selection for the Section 2: Question 4 field.Section 3: Program / Contractor Data Question 1NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 3: Question 1 CommentsNoEnter any relevant comments that relate to your selection for the Section 3: Program / Contractor Data Question 1 field.Section 3: Question 2NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 3: Question 2 CommentsNoEnter any relevant comments that relate to your selection for the Section 3: Question 2 field.Section 3: Question 3NoUse the drop-down menu to select an appropriate response to the questions listed just below this field.Section 3: Question 3 CommentsNoEnter any relevant comments that relate to your selection for the Section 3: Question 3 field.Data Governance ClassificationYesSelect the appropriate Confidentiality Rating from the drop-down menu.ReasonsNoEnter the reason for classification, i.e. contractual, PPSI, name, address, etc.Internal or stakeholder accessibility to dataNoSelect all the options that apply from this drop-down menu.OPEN NY ConsiderationNoSelect the appropriate response from the drop-down menu to assess if program is interested in publishing data on OPEN NY.Published on OPEN NYNoEnter the date that program data began to be published on OPEN NY, if applicable.AttachmentsNoInclude any required attachments to this form. UI Step

Then, complete an External Data Sharing Request Form utilizing you requirements outline. Reference the Data Classification and Security Controls Policy as needed.

Expand

title	information table

Role of a Project Lead?

Adhere to the data classification and security controls policies, and External SharePoint best practices that have been put into place to protect information
Complete required training – new Project Leads must take required training (refresher training is available)
Share information appropriately with stakeholders (internal and external) through a document library and permission group especially data with Moderate or High Confidentiality ratings
If you receive email requests from stakeholders, add them via the Permission Group if they should have access; do not click on the links in the email
Expand
title screenshot
Image Added
Update permissions groups – remove stakeholders that no longer need access
Approve updates to your site – add new document libraries/SharePoint lists or sub-sites, or update project leads
If you are the owner of an approved external SharePoint site, contact the Data Governance Office before adding:
- Data or documents that do not comply with the existing purpose or classification, or
- Authorized stakeholders that are not under a NYSERDA agreement or NDA.

Why is the Project Lead Role Important?

Failure to secure and protect the confidentiality of sensitive information containing utility data, proprietary data, low to moderate income etc. may:
- Impact NYSERDA financially and jeopardize our mission, and public trust
- Harm NYSERDA customers
- Cause legal implications
- Create administrative burden to assess the risk and address the data breach

UI Step

General Guidance

Prior to submitting the External Data Sharing Request form and the Information Asset Identification Worksheet to begin the process of implementing an external SharePoint site, outline the answers to the following questions below. These answers will help guide you when completing the required forms.

Will the site be used for multiple initiatives, programs, or phases?
What is the purpose and/or goal of your new site?
What initiative will the site support and what is the justification for external collaboration?
Who are the stakeholders?
What type of data are you sharing on the site? (Describe the actual data/content that will be shared through documents or data sets).
Are there any third-parties involved who have restricted access to the data? If so, what data is restricted by a third party and how is it restricted?
Will everyone have access to all documents on the site or will you need to restrict access to specific information or users?
If you are collaborating across teams, is a current site already in place? If so, does it make sense to use an existing site or create a new one?

Will you be requesting a single site, or should IT also create sub-sites? If so, how many?

Expand

title	Terms and Definitions

Term	Definition
Site	Generally, refers to the top-most page of your complete site structure. Can also be called a Parent site. This is often the page users navigate to first when accessing the site.
Sub-Site	Any site that is a Child to a Parent site.
Document Library	A site component of SharePoint that provides the ability to upload, share and edit documents and files with other users who have access.
List	A site component of SharePoint that provides an ability to collect, organize and manage important data.
Site Component(s)	Any part of a site that is not a Site or Sub-Site. Examples include Document Libraries, Lists, Calendars, etc.
Permission Group	A mechanism to provide access to Sites and Site Components that minimizes work effort and risk of exposure to sensitive information.

Info

icon	false

Site and Sub-Site refer to the site's hierarchy. Each uses an independent left-hand navigation bar. Components in one Site or Sub-Site cannot be accessed using the left-hand navigation bar of a different Site or Sub-Site.

Clicking Home in a Sub-Site will navigate users to the Sub-Site home page, not the parent Site home page.

How many Document Libraries or Lists will you require as part of the implementation?
What should the names for each site, sub-site, Document Library and List be?
- Certain characters have special meanings when used in file names in SharePoint. If a file or folder you’re trying to upload to SharePoint contains any of the characters listed below, it may prevent files and folders from syncing. Rename the file or folder to remove these characters before you upload it.
  
  Quotation Marks Asterisks Colons Carrots Question Marks Back and Forward Slashes Vertical Bars Leading/Trailing Spaces
  " * : < > ? / \ |

Who will require access to the site, sub-site, Document Library and/or List, and what level of access should they be given? (see the information table below for access level definitions).

Expand

title	information table

Permission Groups	Access Level	Definition
Project Leads	Administer	Provides access to the overall site (parent and child/site and sub-site), as well as the ability to add or remove users from Permission Groups. This access should only be provided to NYSERDA staff who will administer the site.
Members	Contribute	Provides access to the overall site (parent and child/site and sub-site), plus allows for the ability to add, edit, and/or delete documents in Document Libraries and items in Lists. This access can be provided to internal and external stakeholders as needed.
Visitors	Read	Provides view only access to the site, sub-site, and site components: associated document libraries (included ability to download documents) and lists.

Info

icon	false

Unique Permission Groups can be established for each site, sub-site, document library, and list. Be sure to outline what level of access each user will need for each site/sub-site and site components (Document Libraries and Lists).

Tip

icon	false

Provide as much clarity on what you know at the time. While it is possible to re-work sites, change components and names, it is not a recommended practice as it can be time consuming for IT and may pose issues for users who frequent your site.

UI Step

Expectations

The Data Governance Office (part of IT) is available to help a Requestor complete the required forms (External Data Sharing Request form and Information Asset Identification Worksheet) if necessary. Be sure to consult with your Program Counsel before submitting a request.
If a NDA (Non-Disclosure Agreement), MOU (Memorandum of Understanding) or other agreement exists, the classification of data must comply with stated restrictions. This information is necessary to inform both Legal and Data Governance of any restrictions on how NYSERDA may share or store data. Please ensure this information is communicated to the Data Governance Office and Legal, and denoted on the Information Asset Identification Worksheet. The External Data Sharing Request form can be found on the Data Governance SharePoint Site .
The Data Governance Office reviews all completed forms and will follow up with the Requestor if forms are not fully completed or more details are needed.
For external SharePoint sites, the Requestor, Project Leads, Data Stewards, and Site Manager are responsible for ensuring that the integrity, security requirements, and access authorizations are managed properly.
If you are not the Project Leads, please consult with the Project Leads specified on the Information Asset Identification Worksheet. If the Project Leads is not listed on the Information Asset Identification Worksheet, contact the Data Governance Office.
The following types of data sharing do NOT need to go through the Sharing Data with External Stakeholders Request process:
- Responses to FOIL requests that have been vetted through Counsel’s Office.
  (Utilize the Freedom of Information Law (FOIL) External SharePoint Site.)
- External and internal collaboration on NYSERDA Lean Projects.
  (Utilize NYSERDA's Lean Projects External SharePoint Site.)
- Proposals to Scoring Committee Members for programs not in Salesforce. Approval must be provided by your Contract Management liaison and Program Counsel before requesting an External SharePoint site to conduct a scoring committee.
  (Submit a Service Desk: Share Data with External Parties ticket.)
- Requests to the Web Development team.
  (Submit a request through the Marketing Collaboration Tool.)
- NYSERDA corporate reports to required stakeholders.
  - Reports on the NYSERDA Reporting Timeline will continue with current process
  - If file transfers are required, submit a Service Desk: Share Data with External Parties ticket
It can take up to two to three weeks after completing step 4 of the process outlined in the Submit Request tab on this page before your new site is implemented. Be sure to take this into consideration.

Aura - Tab

title	2. Information Asset Identification Worksheet

2. Information Asset Identification Worksheet

Include Page

	DGOV:Information Asset Identification Worksheet Process
	DGOV:Information Asset Identification Worksheet Process

Aura - Tab

title	3. External Data Sharing Request Form

3. External Data Sharing Request Form

Excerpt Include

	ERDADSK:SharePoint: External Data Sharing Request Form
	ERDADSK:SharePoint: External Data Sharing Request Form
nopanel	true

Aura - Tab

title	4. Submit Request

4. Submit Request

Excerpt Include

	ERDADSK

Field NameRequiredPurpose and RequirementsDate of RequestNoDO not use this field. It will auto-populate with the current date.Desired Site Completion DateYesEnter a date when the site needs to be completed by.Requestor NameNoEnter your name. This field is connected to NYSERDA's active directory.Purpose of RequestYesProvide a detailed description for this request. Utilize the work done when Outlining Requirement when entering a description. Be as detailed as possible,Description and Permissions for Data, Document and ReportsYesProvide a list with a description of the data, documents and reports being shared. Identify any confidential data, who will have access to the information and the permission level (read only or read/write permissions).If you selected an External SharePoint site, is this a request for a new site or a new sub-site under an existing site?NoSelect all that apply from the options listed.If you selected New Site, describe the stakeholders for this external siteNoSelect the most appropriate option from the drop-down menu.If you selected New Sub-Site or Document Library under existing site, then provide the link to the existing SharePoint siteNoProvide the URL link to your existing External SharePoint site this new site will be a sub-site for.URL preference for new SharePoint site / sub-siteNoEnter in an identifiable acronym for your program, department or team that will be used in the new site's URL.Title for new SharePoint site / sub-siteNoEnter in a name for your new site. This field is only used if you are requesting a new External SharePoint site.Provide at least 2 NYSERDA staff names that will function as SharePoint Site LeadersNoEnter in the name of at least two of your teams members that will act as Project Leads for the new site.SharePoint Document Library Name(s)NoSpecify the name of all document libraries that should be created.Provide at least 2 NYSERDA staff names per Document Library that will function as Library LeadsNoEnter in the name of at least two of your teams members that will act as Project Leads for the new document libraries.Open NY PlatformNoThis field should only be used if requesting using the Open NY Platform.Legal Contact for your program / departmentYesSelect the appropriate legal contact from the drop-down menu.Does the data / information contain Personal, Private, or Sensitive Information (PPSI)?YesSelect the option that best answers this question.Has the data / information / report been classified by the Data Governance Office?YesSelect the option that best answers this question.If YES: Data /information / report classification levelYesIf you answered Yes to the above question, select the option that best responds to this field.Is the data / information leased or purchased from a third party or generated by NYSERDA?YesSelect the option that best answers this question.If leased or purchased from a third party, please provide a link to the third party agreementNoEnter the link to the third party agreement.Identify where the data / information is stored, examples in descriptionNoEnter details that best respond to this field. Examples are listed below for reference.Stakeholder Name(s) and OrganizationYesList all stakeholders that will have permission to access this site, i.e. DPS staff, DEC staff, etc.Has the stakeholder / contractor signed a Non-Disclosure Agreement (NDA)?YesAnswer accordingly. If answering Yes, be sure to include all signed NDA's to this form.Has the stakeholder / contractor signed a fully executed NYSERDA Contract, Agreement or Task Work Order?NoAnswer accordingly. If answering Yes, be sure to include all signed contracts or agreements to this form.FOR DATA GOVERNANCE OFFICE ONLY. Recommendation to Legal.NoDo not use this field.FOR LEGAL DEPARTMENT ONLY: Does the site need a disclaimer?NoDo not use this field.FOR LEGAL DEPARTMENT ONLY: Disclaimer LanguageNoDo not use this field.FOR DATA GOVERNANCE OFFICE ONLY: Reviewer(s)NoDo not use this field.Manager or DirectorNoEnter the name of the person responsible for all external information via any platform.

Tip
The Data Governance Office is available to help requestors complete either of these forms if necessary. If you are having trouble, please reach out to them.

Establish Request

LIBRARY

Expand

title	learn more...

Include Page

:Service Desk: Share Data with External Parties

LIBRARY

	ERDADSK:Service Desk: Share Data with External Parties
nopanel	true

Site Implementation, Review and Approval

learn more..

Aura - Tab

title	5. Site Implementation

5. Site Implementation

Info

icon	false

This part of the process may take up to two or three weeks to receive all approvals and implement the site. The process may be expedited in rare and necessary situations

Expand

title

.

UI Steps

size	small

UI Step
The Data Governance Office will review your submitted Data Classification Form, External Data Sharing Request Form and Share Data with External Parties service desk request and provide a recommendation to the

Legal Contact aligned

legal contact assigned to your Program or Department.

UI Step

The

Counsel's Office will

also

then review the information provided and either approve,

requests

request additional information, or

denies

deny the request.

UI Step
Once the request is approved by Legal, the Data Governance Office will work with IT to implement the site based

upon

on your submitted requirements. You will receive a notification from IT when the site has been implemented with instructions on how to use the new platform.

UI Step
Review the new site when you receive notification of implementation

. Respond

. Confirm that the site was implemented correctly according to your requirements and verify that the following disclosure appears on all pages.

Expand

title	required disclosure

Image Added

UI Step
When your site is implemented, IT will update the Share Data with External Parties Service Desk ticket established during the Submit Request step. This action sends an automated email to the Requestor confirming the work completed which includes a link to the Share Data with External Parties

service desk ticket you established documenting

Service Desk ticket. The Requestor should access the ticket by clicking this link. Then, using the comments field in the ticket, document any additional changes that are needed or provide your approval for the new site. When providing final approval, be sure to close the ticket by clicking the Passed UAT button at the top-right of the page. This action sends an email confirmation to the Data Governance Office and IT that the platform works successfully.

Warning

icon	false

If you are the owner of an approved external SharePoint site, contact the Data Governance Office before adding:

Data or documents that do not comply with the existing purpose or classification, or
Authorized stakeholders that are not under a NYSERDA agreement or NDA.

Expand

title	screenshot

Image Added

UI Step

Share details with the external stakeholders on how to access the platform and data. Each

If you or other Project Leads require training on how to use your new SharePoint site or site components, submit a

UI Button

color	blue
newWindow	true
size	small
icon	link
title	Request Training
url	https://servicedesk.nyserda.ny.gov/plugins/servlet/desk/portal/16/create/303

ticket (only accessible from within your VM, otherwise access the Service Desk from the NYSERDA Launch Page and select the Request Training ticket type).

UI Step
Provide access for the new site to internal and external stakeholders following the instructions on the SharePoint: Managing Permissions page. Each user must have a unique Microsoft email account - shared accounts are not allowed.

UI Step
Ensure that the integrity, security requirements and access authorizations are managed properly.

UI Step
Remove stakeholders immediately that no longer work at an organization or on the program.

HTML
<style type="text/css"> #title-text { display: none;} .aura-tab-content {padding-left: 0px!important; padding-right: 0px!important;} </style>

Image Removed

Page tree

Versions Compared

Old Version 10

New Version Current

Key

1. Outline Requirements

Introduction

Outline Requirements