SharePoint: Requesting External Sites
Process Steps
Outlining requirements is an important first step in the process of establishing a new external SharePoint site. IT, Data Governance, and Legal will rely largely on these requirements when building a site but will reach out to you if they have questions. To that end, the more detail you provide regarding how the site will be used, the type of data that will be shared, and by whom, the easier the implementation will be.
Provide as much clarity on what you know at the time. While it is possible to re-work sites, and change components and names, it is not a recommended practice. Re-working sites can be time consuming, and possibly confusing when dealing with permission groups, and may pose issues for users who frequent your site. It may also require removing all external stakeholders from permission groups only to re-add them again so external stakeholders can receive updated links.
Project Lead Responsibilities
What is the Role of a Project Lead?
- Adhere to the data classification and security controls policies, and External SharePoint best practices that have been put into place to protect information
- Complete required training – new Project Leads must take required training (refresher training is available)
- Share information appropriately with stakeholders (internal and external) through a document library and permission group especially data with Moderate or High Confidentiality ratings
If you receive email requests from stakeholders, add them via the Permission Group if they should have access; do not click on the links in the email
Update permissions groups – remove stakeholders that no longer need access
Approve updates to your site – add new document libraries/SharePoint lists or sub-sites, or update project leads
If you are the owner of an approved external SharePoint site, contact the Data Governance Office before adding:
Data or documents that do not comply with the existing purpose or classification, or
Authorized stakeholders that are not under a NYSERDA agreement or NDA.
Why is the Project Lead Role Important?
- Failure to secure and protect the confidentiality of sensitive information containing utility data, proprietary data, low to moderate income etc. may:
- Impact NYSERDA financially and jeopardize our mission, and public trust
- Harm NYSERDA customers
- Cause legal implications
- Create administrative burden to assess the risk and address the data breach
General Guidance
Prior to submitting the External Data Sharing Request form and the Information Asset Identification Worksheet to begin the process of implementing an external SharePoint site, outline the answers to the following questions below. These answers will help guide you when completing the required forms.
- Will the site be used for multiple initiatives, programs, or phases?
- What is the purpose and/or goal of your new site?
- What initiative will the site support and what is the justification for external collaboration?
- Who are the stakeholders?
- What type of data are you sharing on the site? (Describe the actual data/content that will be shared through documents or data sets).
- Are there any third-parties involved who have restricted access to the data? If so, what data is restricted by a third party and how is it restricted?
- Will everyone have access to all documents on the site or will you need to restrict access to specific information or users?
- If you are collaborating across teams, is a current site already in place? If so, does it make sense to use an existing site or create a new one?
Will you be requesting a single site, or should IT also create sub-sites? If so, how many?
- How many Document Libraries or Lists will you require as part of the implementation?
- What should the names for each site, sub-site, Document Library and List be?
Certain characters have special meanings when used in file names in SharePoint. If a file or folder you’re trying to upload to SharePoint contains any of the characters listed below, it may prevent files and folders from syncing. Rename the file or folder to remove these characters before you upload it.
Quotation Marks Asterisks Colons Carrots Question Marks Back and Forward Slashes Vertical Bars Leading/Trailing Spaces " * : < > ? / \ |
Who will require access to the site, sub-site, Document Library and/or List, and what level of access should they be given? (see the information table below for access level definitions).
Provide as much clarity on what you know at the time. While it is possible to re-work sites, change components and names, it is not a recommended practice as it can be time consuming for IT and may pose issues for users who frequent your site.
Expectations
- The Data Governance Office (part of IT) is available to help a Requestor complete the required forms (External Data Sharing Request form and Information Asset Identification Worksheet) if necessary. Be sure to consult with your Program Counsel before submitting a request.
- If a NDA (Non-Disclosure Agreement), MOU (Memorandum of Understanding) or other agreement exists, the classification of data must comply with stated restrictions. This information is necessary to inform both Legal and Data Governance of any restrictions on how NYSERDA may share or store data. Please ensure this information is communicated to the Data Governance Office and Legal, and denoted on the Information Asset Identification Worksheet. The External Data Sharing Request form can be found on the Data Governance SharePoint Site .
- The Data Governance Office reviews all completed forms and will follow up with the Requestor if forms are not fully completed or more details are needed.
- For external SharePoint sites, the Requestor, Project Leads, Data Stewards, and Site Manager are responsible for ensuring that the integrity, security requirements, and access authorizations are managed properly.
- If you are not the Project Leads, please consult with the Project Leads specified on the Information Asset Identification Worksheet. If the Project Leads is not listed on the Information Asset Identification Worksheet, contact the Data Governance Office.
- The following types of data sharing do NOT need to go through the Sharing Data with External Stakeholders Request process:
- Responses to FOIL requests that have been vetted through Counsel’s Office.
(Utilize the Freedom of Information Law (FOIL) External SharePoint Site.) - External and internal collaboration on NYSERDA Lean Projects.
(Utilize NYSERDA's Lean Projects External SharePoint Site.) - Proposals to Scoring Committee Members for programs not in Salesforce. Approval must be provided by your Contract Management liaison and Program Counsel before requesting an External SharePoint site to conduct a scoring committee.
(Submit a Service Desk: Share Data with External Parties ticket.) - Requests to the Web Development team.
(Submit a request through the Marketing Collaboration Tool.) - NYSERDA corporate reports to required stakeholders.
- Reports on the NYSERDA Reporting Timeline will continue with current process
- If file transfers are required, submit a Service Desk: Share Data with External Parties ticket
- Responses to FOIL requests that have been vetted through Counsel’s Office.
- It can take up to two to three weeks after completing step 4 of the process outlined in the Submit Request tab on this page before your new site is implemented. Be sure to take this into consideration.
SharePoint: External Data Sharing Request Form
Access the External Data Sharing Request Form here: External Data Sharing Request Form
Complete the form, being as detailed and thorough as possible.
**Note: If you need assistance when completing the form, please reach out to the Data Governance Office.
Then, attach any agreements, such as NDAs, MOUs, or third-party contract if applicable, to the form using the Attach File button found at the top of the form. This information is necessary to inform both Legal and Data Governance of any restrictions on how NYSERDA may share or store data.
To update your completed form:
- Access the list of completed forms here: External Data Sharing Request Completed Forms.
- Filter the Requestor Name column to locate your name.
- Click the icon to put the record in edit mode and update information or attach a file.
- Click Save to accept changes.
Service Desk: Share Data with External Parties
Access Service Desk from the NYSERDA Launch Page (https://launch.nyserda.org).
**NOTE: The NYSERDA Launch Page can only be accessed from your VM.
Scroll down the page to Request Types and select the Share Data with External Parties option under the IT Support side-tab.
Select the Priority for the request.
Enter a due date when the new site, site component, library, list or Permission Group should be implemented and a summary or title.
Enter a detailed description to adequately outline all of your needed requirements. These requirements can also be outlined in a Word or Excel file and attached to the ticket. Include links to your completed Information Asset Worksheet and External Data Sharing Request Form.
These requirements can also be outlined in a Word or Excel file and attached to the ticket. Include links to your completed Information Asset Identification Worksheet
Click the Create button to submit your request.
This part of the process may take up to two or three weeks to receive all approvals and implement the site. The process may be expedited in rare and necessary situations.
The Data Governance Office will review your submitted Data Classification Form, External Data Sharing Request Form and Share Data with External Parties service desk request and provide a recommendation to the legal contact assigned to your Program or Department.
Counsel's Office will then review the information provided and either approve, request additional information, or deny the request.
Once the request is approved by Legal, the Data Governance Office will work with IT to implement the site based on your submitted requirements. You will receive a notification from IT when the site has been implemented with instructions on how to use the new platform.
Review the new site when you receive notification of implementation. Confirm that the site was implemented correctly according to your requirements and verify that the following disclosure appears on all pages.
When your site is implemented, IT will update the Share Data with External Parties Service Desk ticket established during the Submit Request step. This action sends an automated email to the Requestor confirming the work completed which includes a link to the Share Data with External Parties Service Desk ticket. The Requestor should access the ticket by clicking this link. Then, using the comments field in the ticket, document any additional changes that are needed or provide your approval for the new site. When providing final approval, be sure to close the ticket by clicking the Passed UAT button at the top-right of the page. This action sends an email confirmation to the Data Governance Office and IT that the platform works successfully.
If you are the owner of an approved external SharePoint site, contact the Data Governance Office before adding:
- Data or documents that do not comply with the existing purpose or classification, or
- Authorized stakeholders that are not under a NYSERDA agreement or NDA.
If you or other Project Leads require training on how to use your new SharePoint site or site components, submit a Request Training ticket (only accessible from within your VM, otherwise access the Service Desk from the NYSERDA Launch Page and select the Request Training ticket type).
Provide access for the new site to internal and external stakeholders following the instructions on the SharePoint: Managing Permissions page. Each user must have a unique Microsoft email account - shared accounts are not allowed.