SharePoint Deployment Standards

Back To All SharePoint Standards

SharePoint provides a great deal of functionality and capabilities to business users through Out of the Box (OOTB) components and browser based configuration. It is a general best practice to rely on these components wherever possible to mitigate risk introduced to the platform through custom code (performance, upgrade, support). However, custom code may become a requirement to achieve business objectives and can often result in high value returns through deployment to the SharePoint platform.

This set of Standards is still being defined.

What follows are SharePoint Deployment Standards. Many of these relate to SharePoint Development Standards.


  • In SharePoint 2007 STP files are not allowed as they are not updatable.
  • All custom SharePoint work should be deployed through SharePoint Solution (.wsp) files.
  • No files should ever be directly deployed into SharePointRoot (12-Hive, 14-Hive) Folders. Instead they must be deployed into a folder identified by Project Name.


  • Provide an Installation Guide which contains the following items:
    • Solution name and version number.
    • Targeted environments for installation.
    • Software and hardware Prerequisites: explicitly describes what is all needed updates, activities, configurations, packages, etc. that should be installed or performed before the package installation.
    • Deployment steps: Detailed steps to deploy or retract the package.
    • Deployment validation: How to validate that the package is deployed successfully.
    • Describe all impacted scopes in the deployment environment and the type of impact.
  • All custom SharePoint work should be deployed through SharePoint Solution (.wsp) files.
  • Do not deploy directly into SharePointRoot (12-Hive, 14-Hive) Folders. Instead deploy into a folder identified by Project Name.


  • If an InfoPath Form has a code behind file or requires full trust then it must be packaged as a solution and deployed through Central Administration.
  • If an InfoPath form does not have code behind and does not need full trust the form can be manually published to a document library, but the process and location of the document library must be documented inside the form.
    • Just add the documentation text into a section control at the top of the form and set conditional formatting on that section to always hide the section, that way users will never see it.


  • All customizations and custom code will go through our review and release cycle.
    Example of Review and Release Cycle:


Are some missing? Let me know via the comments section,
Richard Harbridge

Print Friendly, PDF & Email