Versions Compared

Old Version 53

changes.mady.by.user Andy R. Andersen

Saved on

compared with

New Version Current

changes.mady.by.user Alexander Yeh [X]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Aura - Title
color#0073a4
textAlignleft
fontSize28
lineHeight28
cloudTextDemo Title
tagh1
fontWeightbold
SharePoint: Requesting External Sites

Aura - Divider
serializedStyles{"alignment":{"horizontal":"start"},"icon":{"name":"faPaperPlane","color":"#333","size":24},"text":{"color":"#333","fontSize":14,"textAlign":"left","fontWeight":"bold","text":"Aura Divider"},"border":{"top":false,"right":false,"bottom":true,"left":false,"color":"#0073a4","style":"solid","width":2},"size":{}}
typeregular

Info
iconfalse

NYSERDA uses an external-facing SharePoint site as a secure web-based collaboration platform. With this platform, files can be shared with NYSERDA staff, external stakeholders, as well as with inter-agency personnel who require access to perform their specific job duties. Sharing files or information that contain classification ratings of LowModerate, or High are subject to NYSERDA's Data Classification and Security Controls Policy.

This page outlines the process involved in requesting a new external SharePoint site. Click each step below to review the complete process and all steps involved. If you have questions or issues with any part of this process, please reach out to the Data Governance Office (part of IT) for further support.

UI Expand
titleRoles & Responsibilities

Excerpt Include
DGOV:Information Asset Identification Worksheet Process
DGOV:Information Asset Identification Worksheet Process
nopaneltrue

Aura - Tab Group
settings{"generalSettings":{"tabSpacing":0,"tabWidth":100,"tabHeight":40,"direction":"horizontal"},"activeSettings":{"backgroundColor":{"color":"#002d72"},"text":{"fontSize":16,"color":"#ffffff","textAlign":"left","fontWeight":"normal"},"border":{"top":true,"left":false,"right":false,"bottom":false,"width":2,"style":"solid","color":"#002d72"}},"inactiveSettings":{"backgroundColor":{"color":"#f4f5f7"},"text":{"fontSize":16,"color":"#5e6c84","textAlign":"left","fontWeight":"normal"},"border":{"top":true,"left":false,"right":false,"bottom":false,"width":2,"style":"solid","color":"#002d72"}},"contentSettings":{"backgroundColor":{"color":"#fff"},"padding":{"top":10,"right":10,"bottom":10,"left":10},"border":{"style":"solid","width":2,"top":true,"bottom":false,"left":false,"right":false,"color":"#002d72"}},"hoverSettings":{"backgroundColor":{"color":"#0073a4"},"text":{"fontSize":18,"color":"#ffffff","textAlign":"left","fontWeight":"normal"},"border":{"top":true,"left":false,"right":false,"bottom":false,"width":2,"style":"solid","color":"#002d72"}}}
tab1
Aura - Tab
title1. Outline Requirements

1. Outline Requirements

Info
iconfalse

Outlining requirements is an

Panel
borderColor#008b3f
bgColor#e7f4ed
borderStylesolid

Process

Panel
bgColor#f0f0f0
borderStylesolid

Introduction

The below procedure outlines all required steps in order to request a new External SharePoint site. Each request will undergo a review and approval process prior to implementation. This process may take up to three weeks once the forms are fully completed to receive all approvals and to build and implement the platform. The process may be expedited in rare and necessary situations.

Panel
borderColor#9AACC7
titleBGColor#E5EAF1
borderStylesolid
title1. Outline Requirements
Expand
titlelearn more...
Outlining requirements is an extremely

important first step in the process of establishing a new

External

external SharePoint site. IT

and

, Data Governance, and Legal will rely largely on these requirements when building

the

a site but will reach out to you if they have questions

during implementation

. To that end, the more detail you provide regarding how the site will be used, the type of data that will be shared, and by whom, the easier the implementation will be.

Provide as much clarity on what you know at the time. While it is possible to re-work sites, and change components and names, it is not a recommended practice. Re-working sites can be time consuming, and possibly confusing when dealing with permission groups, and may pose issues for users who frequent your site. It may also require removing all external stakeholders from permission groups only to re-add them again so external stakeholders can receive updated links

UI Steps
sizesmall


UI Step

Project Lead Responsibilities

What is the Role of a Project Lead?
  • Adhere to the data classification and security controls policies, and External SharePoint best practices that have been put into place to protect information  
  • Complete required training – new Project Leads must take required training (refresher training is available)  
  • Share information appropriately with stakeholders (internal and external) through a document library and permission group especially data with Moderate or High Confidentiality ratings  

  • If you receive email requests from stakeholders, add them via the Permission Group if they should have access; do not click on the links in the email

    Expand
    titlescreenshot

    Image Added


  • Update permissions groups – remove stakeholders that no longer need access

  • Approve updates to your site – add new document libraries/SharePoint lists or sub-sites, or update project leads

  • If you are the owner of an approved external SharePoint site, contact the Data Governance Office before adding:

    • Data or documents that do not comply with the existing purpose or classification, or

    • Authorized stakeholders that are not under a NYSERDA agreement or NDA.

Why is the Project Lead Role Important?
  • Failure to secure and protect the confidentiality of sensitive information containing utility data, proprietary data, low to moderate income etc. may:
    • Impact NYSERDA financially and jeopardize our mission, and public trust
    • Harm NYSERDA customers
    • Cause legal implications
    • Create administrative burden to assess the risk and address the data breach


UI Step

General Guidance

Prior to submitting the External Data Sharing Request form and the Information Asset Identification Worksheet to begin the process of implementing an external SharePoint site, outline the answers to the following questions below. These answers will help guide you when completing the required forms.

  • Will the site be used for multiple initiatives, programs, or phases?

UI Step
Try to answer the following questions:

  • What is the purpose and/or goal of your new site?

Do you currently have a site this new site will be aligned to

  • What initiative will the site support and what is the justification for external collaboration?

  • Who are the stakeholders?

  • What type of data are you sharing on the site? (Describe the actual data/content that will be shared through documents or data sets).

  • Are there any third-parties involved who have restricted access to the data? If so, what data is restricted by a third party and how is

the name and URL for your existing parent site?

  • it restricted?

  • Will everyone have access to all documents on the site or will you need to restrict access to specific information or users?

  • If you are collaborating across teams, is a current site already in place? If so, does it make sense to use an existing site or create a new one?

  • Will you be requesting a single site, or should IT also create sub-sites? If so, how many?

    Expand
    titleTerms and Definitions


    TermDefinition
    SiteGenerally, refers to the top-most page of your complete site structure. Can also be called a Parent site. This is often the page users navigate to first when accessing the site.
    Sub-SiteAny site that is a Child to a Parent site.
    Document LibraryA site component of SharePoint that provides the ability to upload, share and edit documents and files with other users who have access.
    ListA site component of SharePoint that provides an ability to collect, organize and manage important data.
    Site Component(s)Any part of a site that is not a Site or Sub-Site. Examples include Document Libraries, Lists, Calendars, etc.
    Permission GroupA mechanism to provide access to Sites and Site Components that minimizes work effort and risk of exposure to sensitive information.
    Info
    iconfalse

    Site and Sub-Site refer to the site's hierarchy. Each uses an independent left-hand navigation bar. Components in one Site or Sub-Site cannot be accessed using the left-hand navigation bar of a different Site or Sub-Site.

    Clicking Home in a Sub-Site will navigate users to the Sub-Site home page, not the parent Site home page.



  • How many Document Libraries or Lists will you require as part of the implementation?
  • What should the names for each site, sub-site, Document Library and List be?

    • Certain characters have special meanings when used in file names in SharePoint. If a file or folder you’re trying to upload to SharePoint contains any of the characters listed below, it may prevent files and folders from syncing. Rename the file or folder to remove these characters before you upload it.

      Quotation MarksAsterisksColonsCarrotsQuestion MarksBack and Forward SlashesVertical BarsLeading/Trailing Spaces
      "*:< >?/ \|

  • Who will require access to the site, sub-site, Document Library and/or List, and what level of access should they be given? (see the information table below for access level definitions).

    Expand
    titleinformation table


    Permission
Group Identifier
  • GroupsAccess Level
Provided
  • Definition
    Project LeadsAdministerProvides access to
add and remove members from permission groups assigned to sites, sub-sites, document libraries and lists. Should only be assigned to users who will need to manage and maintain access to all site and site components. This access also provides all the access listed below as well
  • the overall site (parent and child/site and sub-site), as well as the ability to add or remove users from Permission Groups. This access should only be provided to NYSERDA staff who will administer the site.
    MembersContributeProvides access to
upload and delete document from document libraries as well as
  • the overall site (parent and child/site and sub-site), plus allows for the ability to add, edit, and
delete list items. This access also provides all the access listed below
  • /or delete documents in Document Libraries and items in Lists. This access can be provided to internal and external stakeholders as needed.
    VisitorsReadProvides view only access to
sites
  • the site, sub-
sites
  • site, and site components: associated document libraries
and lists including the
  • (included ability to download documents) and lists.
  • Info
    iconfalse

    Unique Permission Groups can be established for each site, sub-site, document library, and list. Be sure to outline what level of access each user will need for each site/sub-site and site components (Document Libraries and Lists).



Tip
iconfalse

Provide as much clarity on what you know at the time.

What will be the name of your new site?

Warning

While it is possible to

change the names of sites and site components

re-work sites, change components and names, it is not

recommended. Be sure to think thoroughly through what the name of the site will be as changes, while possible, can have some negative downstream impacts to

a recommended practice as it can be time consuming for IT and may pose issues for users who frequent your site.



UI Step
Be mindful of the following:

Expectations

  • The Data Governance Office (part of IT) is available to help the a Requestor complete the required forms (External Data Sharing Request form and Information Asset Identification Worksheet) if necessary. Be sure to consult with your Program Counsel before submitting a request.
  • If a NDA (Non-Disclosure Agreement), MOU (Memorandum of Understanding) or other agreement exists, the classification of data must comply with stated restrictions. This information is necessary to inform both Legal and Data Governance of any restrictions on how NYSERDA may share or store data. Please ensure this information is communicated to the Data Governance Office and Legal, and denoted on the Information Asset Identification Worksheet. The External Data Sharing Request form can be found on the Data Governance SharePoint Site .
  • The Data Governance Office reviews all completed forms and will follow up with the Requestor if forms are not fully completed or more details are needed.
  • For External external SharePoint sites, the Requestor, Data OwnersProject Leads, Data Stewards, or and Site Manager is are responsible for ensuring that the integrity, security requirements, and access authorizations are managed properly.
  • Immediately remove stakeholders that no longer work at an organization or on the program.
  • If you are the owner of an approved External SharePoint site, any additional information, data, or authorized stakeholders that need to be added to the existing site must be approved by Data Governance. Contact Data Governance before adding any updates to the existing External SharePoint siteIf you are not the Project Leads, please consult with the Project Leads specified on the Information Asset Identification Worksheet. If the Project Leads is not listed on the Information Asset Identification Worksheet, contact the Data Governance Office.
  • The following types of data sharing do NOT need to go through the Sharing Data with External Stakeholders Request process:
    • Responses to FOIL requests that have been vetted through Counsel’s Office.
      (Utilize the Freedom of Information Law (FOIL) External SharePoint Site.)
    • External and internal collaboration on NYSERDA Lean Projects.
      (Utilize NYSERDA's Lean Projects External SharePoint Site.)
    • Proposals to Scoring Committee Members for programs not in Salesforce. Approval must be provided by your Contract Management liaison and Program Counsel before requesting an External SharePoint site to conduct a scoring committee.
      (Submit a Service Desk: Share Data with External Parties ticket.)
    • Requests to the Web Development team.
      (Submit a request through the Marketing Collaboration Tool.)
    • NYSERDA corporate NYSERDA Corporate reports to required stakeholders.
    Panel
    borderColor#9AACC7
    titleBGColor#E5EAF1
    borderStylesolid
    title2. Complete a Data Classification Form
    Expand
    titlelearn more...
    Include Page
    • It can take up to two to three weeks after completing step 4 of the process outlined in the Submit Request tab on this page before your new site is implemented. Be sure to take this into consideration.


    Aura - Tab
    title2. Information Asset Identification Worksheet

    2. Information Asset Identification Worksheet

    Include Page
    DGOV:Information Asset Identification Worksheet Process
    DGOV:Information Asset Identification Worksheet Process

    Aura - Tab
    title3.
    TD:SharePoint: Data Classification FormTD:SharePoint: Data Classification Form PanelborderColor#9AACC7titleBGColor#E5EAF1borderStylesolidtitle3. Complete a TD

    External Data Sharing Request Form
    Expand
    titlelearn more...

    3. External Data Sharing Request Form

    Excerpt Include
    ERDADSK

    Include Page
    :SharePoint: External Data Sharing Request Form

    TD

    ERDADSK:SharePoint: External Data Sharing Request Form

    panel

    nopanel

    borderColor#9AACC7titleBGColor#E5EAF1borderStylesolid

    true

    Aura - Tab
    title4. Submit
    Service Desk
    Request
    Expand
    titlelearn more...

    4. Submit Request

    excerpt-include
    ERDADSK:Service Desk: Share Data with External Parties
    ERDADSK:Service Desk: Share Data with External Parties

    panel

    nopanel

    borderColor

    true

    #9AACC7
    Aura - Tab
    titleBGColor#E5EAF1borderStylesolid
    title5. Site Implementation
    titleexpandlearn more...

    5. Site Implementation

    Info
    icon
    		title
    false

    This part of the process may take up to two or three weeks to receive all approvals and implement the site. The process may be expedited in rare and necessary situations.

    UI Steps
    sizesmall


    UI Step

    The Data Governance Office will review your submitted Data Classification FormExternal Data Sharing Request Form and Share Data with External Parties service desk request and provide a recommendation to the Legal Contact aligned legal contact assigned to your Program or Department.


    UI Step

    The Counsel's Office will then review the information provided and either approve, request additional information for, or deny the request.


    UI Step

    Once the request is approved by Legal, the Data Governance Office will work with IT to implement the site based upon on your submitted requirements. You will receive a notification from IT when the site has been implemented with instructions on how to use the new platform.


    UI Step

    Review the new site when you receive notification of implementation. Confirm that the site was implemented correctly according to your requirements and verify that the following disclosure appears on all pages.

    Expand
    titlerequired disclosure

    Image Added



    UI Step

    When your site is implemented, IT will update the Share Data with External Parties Service Desk ticket established during the Submit Request step. This action sends an automated email to the Requestor confirming the work completed which includes a link . Respond to the Share Data with External Parties service desk ticket you established documenting  Service Desk ticket. The Requestor should access the ticket by clicking this link. Then, using the comments field in the ticket, document any additional changes that are needed or provide your approval for the new site. Send an When providing final approval, be sure to close the ticket by clicking the Passed UAT button at the top-right of the page. This action sends an email confirmation to the Data Governance Office and IT that the platform works successfully.

    Warning
    iconfalse

    If you are the owner of an approved external SharePoint site, contact the Data Governance Office before adding:

    • Data or documents that do not comply with the existing purpose or classification, or
    • Authorized stakeholders that are not under a NYSERDA agreement or NDA.


    Expand
    titlescreenshot

    Image Added



    UI Step

    If you or other Project Leads require training on how to use your new SharePoint site or site components, submit a

    UI Button
    colorblue
    newWindowtrue
    sizesmall
    iconlink
    titleRequest Training
    urlhttps://servicedesk.nyserda.ny.gov/plugins/servlet/desk/portal/16/create/303
     ticket (only accessible from within your VM, otherwise access the Service Desk from the NYSERDA Launch Page and select the Request Training ticket type).


    UI Step

    Provide access for the new site to internal and external stakeholders following the instructions on the SharePoint: Managing Permissions page. Each Share details with the external stakeholders on how to access the platform and data. Each user must have a unique Microsoft email account - shared accounts are not allowed.

    UI Step

    Ensure that the integrity, security requirements and access authorizations are managed properly.

    UI Step

    Remove stakeholders immediately that no longer work at an organization or on the program.

    Image Removed


    HTML
    <style type="text/css">
    .rwui_button
    #title-text {
    background-color
     display:
    #0073A4
    none;}
.
    rwui_button:hover {background-color: #002D72;} .panelHeader { font-size: 20px; color: #002D72;} b {font-weight: normal
    aura-tab-content {padding-left: 0px!important; padding-right: 0px!important;}
</style>