What Is Web Content Governance and Why Most Organizations Skip It Until It's Too Late

The page nobody owns

It has been on the website for four years. It ranks well in search. Residents land on it regularly. It contains a phone number for a department that was restructured two years ago, a fee schedule last updated in 2021, and a link to a form that was replaced by an online portal eighteen months back.

Nobody knows who is responsible for it. The original author left. The department that once owned the content has since been split into two. IT maintains the CMS. Communications runs the blog. Nobody is sure which team the page technically falls under. So nobody updates it.

This is not a content problem. It is a governance problem. And it is so common that most organizations consider it a normal state of affairs rather than a failure.

The reason organizations skip governance isn't laziness. It's that governance sounds abstract and administrative until the moment it becomes a crisis: an AODA complaint about an inaccessible PDF that nobody knew was still live, a resident who called the helpline with information they found on a page that contradicted the correct information on a different page, or a news story about outdated COVID guidance still appearing on a public health website two years after restrictions lifted.

At that point, governance feels urgent. Before that point, it competes with everything else.

This guide makes the case for building your governance system before the crisis, and gives you a practical template to start.

What governance actually is

Most people, when they hear "content governance," picture a policy document. A PDF titled "Web Content Policy" that lives in SharePoint, was last updated in 2018, and has never been read by anyone who actually publishes content.

That is not governance. That is a policy. Policies describe what should happen. Governance is the system that makes it happen.

A working content governance system has four components:

Ownership: Every page and content section has a named person or team responsible for its accuracy and currency.

Lifecycle: Every piece of content has a defined path from creation through review to archiving or deletion.

Approval chains: Every publishing action has a defined process for who reviews what before it goes live.

Accountability triggers: There is a mechanism that actually alerts the right person when content goes stale, not just a policy that says they should check.

Remove any one of these four components and the system breaks. Most organizations have partial versions of one or two of them, nothing that covers all four, and no mechanism that ties them together. The result is the website equivalent of an unmaintained rental property: functional enough on the surface, quietly deteriorating underneath.

Component 1: Page ownership

Ownership means a named person or team is accountable for a specific section of the website. Not responsible-in-theory. Accountable-in-practice, with their name attached to the content in your CMS.

Ownership differs from authorship. The person who wrote a page two years ago may no longer work at your organization. The person who should own it now is whoever is currently accountable for that program, service, or function in the real world. If the Parks and Recreation department runs the community centre, someone in that department owns the community centre pages.

How to assign ownership

Start with your site architecture. Map every major section to a department or team. Then for each department, identify:

The content owner: The person accountable for accuracy. Usually a department manager or program lead. They may never log into the CMS, but they are responsible for confirming that their section reflects current reality.

The content editor: The person who actually makes updates in the CMS. Could be the same person, could be an admin or communications generalist.

Document this in your governance matrix (covered below). Store it somewhere you will actually find it: not in a strategy document, but in a pinned note in your CMS, a shared team document, or a field in your content inventory spreadsheet.

What to do when ownership gaps exist

After mapping, you will find pages with no clear owner. Common cases:

Pages created by staff who have since left

Legacy pages from organizational structures that no longer exist

Pages that span multiple departments and nobody claimed

For each orphaned page, make a decision: assign it to the most logically responsible team, archive it, or delete it. Do not leave it unowned. An unowned page is a governance liability: it will never be updated, it will eventually contain incorrect information, and when it causes a problem, nobody will know whose problem it is.

Component 2: Content lifecycle

Every piece of content has a lifespan. Some content is evergreen: a "how to contact us" page can stay accurate for years with minor maintenance. Some content is time-sensitive: a public notice about a water main closing has a clear expiry. Some content is evergreen in theory but drifts out of date in practice because nobody set a reminder to review it.

A content lifecycle defines four stages for every page:

Stage 1: Creation

Content goes through your approval chain (covered next) before it goes live. The content editor and content owner both sign off. Templates guide the format. The page is tagged with a review date before it publishes.

Stage 2: Active and current

The page is live, accurate, and being actively maintained by its owner. In your CMS, this is reflected by a status field ("Active") and a next-review date that hasn't elapsed.

Stage 3: Due for review

The next-review date has passed. Your CMS or a connected tool sends an automated notice to the content owner. The owner confirms the content is still accurate (quick), updates it (medium effort), or escalates to their department for a more substantial revision (longer).

Review frequency guidelines:

| Content type | Recommended review cycle |

|---|---|

| Contact information, hours, fees | Every 6 months |

| Program and service descriptions | Every 12 months |

| Policy and regulatory content | Every 12 months, or on any policy change |

| News and announcements | Review for archiving every 6 months |

| Campaign or seasonal content | Review immediately after the campaign or season ends |

| PDFs and downloadable documents | Every 12 months, with a check against the source document |

Stage 4: Archived or deleted

Content that is no longer current but may have historical or legal value gets archived: moved out of the public site but preserved internally. Content with no ongoing value gets deleted. Both actions should require the content owner's approval, not just an editor's.

The lifecycle stage should be visible in your CMS on every piece of content. If your platform doesn't support this natively, a simple taxonomy tag ("Active", "Due for review", "Archived") paired with a date field gets you most of the way there.

Component 3: Approval chains

An approval chain is the sequence of people who must review content before it goes live. The right chain depends on the content type, its risk level, and who created it.

An effective approval chain is:

Documented: written down, not just understood by the people currently in the roles

Proportionate: high-risk content gets more eyes; routine updates don't get bottlenecked

Enforced by the system where possible: a CMS role configuration that prevents a Contributor from publishing directly is more reliable than a policy that says they shouldn't

Three-level model that works for most organizations:

Level 1: Routine updates (low risk)

Content owner (subject matter expert) reviews for accuracy. Section Editor publishes. No additional gate.

Examples: correcting a phone number, updating program hours, fixing a typo.

Level 2: New or substantially revised content (medium risk)

Content owner reviews for accuracy. Section Editor reviews for style and standards compliance. Publisher approves and publishes.

Examples: adding a new service page, rewriting a program description, changing a policy explanation.

Level 3: Sensitive or regulatory content (high risk)

Content owner reviews for accuracy. Legal or compliance reviews for regulatory risk. Web Manager or Publisher approves for style and accessibility compliance. Publisher publishes.

Examples: fee schedules, bylaw summaries, AODA-related content, any page referenced in legal documents.

Document which content types belong to each level. When in doubt, default to Level 2 rather than Level 1. The cost of an unnecessary review is a minor delay. The cost of publishing inaccurate regulatory information without review is considerably higher.

Component 4: Accountability triggers

The weakest link in most governance systems is the trigger: the mechanism that actually causes the right person to take action when content needs attention. Without a trigger, governance depends on individual memory and initiative, which is to say, governance doesn't really exist.

Accountability triggers work at three points:

Trigger 1: At publication

Every page published must have two fields populated before it can go live: the content owner (name or team) and the next-review date. These fields should be required in your CMS. If a page can be published without them, they will routinely be skipped.

Trigger 2: At the review date

An automated notification goes to the content owner (not the web team) when a page's review date arrives. The notification includes a direct link to the page and a simple action: confirm it's current, request an update, or flag it for archiving. Responses go to the Section Editor.

Most CMS platforms don't do this natively. Options include:

A connected task management tool (Asana, Trello, Jira) with recurring review tasks assigned to content owners

A spreadsheet-based content calendar reviewed monthly by the Web Manager, who sends targeted reminders

A platform like GatherContent or Bynder that integrates content workflows with scheduling and ownership tracking

A simple recurring email digest generated from your content inventory

The method matters less than the consistency. A spreadsheet reviewed every month by a reliable person beats an elaborate automated system that nobody maintains.

Trigger 3: At organizational change

This trigger is the one most organizations forget entirely. When a staff member leaves, their content ownership assignments need to transfer to a named successor before their access is removed. When a department is restructured, the sections they owned need to be reassigned before the reorganization is complete.

Build this into your offboarding checklist. "Transfer CMS content ownership" should be a step that HR or a manager completes about the same time as revoking system access. It takes fifteen minutes. Skipping it creates orphaned pages that will cause problems for years.

The governance matrix template

A governance matrix is the single document that ties all four components together. It answers the question: for any given section of the website, who is responsible, what is the review cycle, and what does the approval chain look like?

Here is a starter template:

WEB CONTENT GOVERNANCE MATRIX
Organization: ___________
Last updated: ___________
Owner: ___________  (the person responsible for keeping this document current)

SECTION          | CONTENT OWNER     | CONTENT EDITOR    | APPROVAL LEVEL | REVIEW CYCLE | LAST REVIEWED | NEXT REVIEW
-----------------|-------------------|-------------------|----------------|--------------|---------------|-------------
Homepage         | Comms Director    | Web Manager       | Level 2        | 6 months     | 2025-04-01    | 2025-10-01
Services A-Z     | Comms Manager     | Section Editor    | Level 2        | 12 months    | 2025-01-15    | 2026-01-15
Permits          | Bylaw Manager     | Bylaw Admin       | Level 3        | 12 months    | 2025-03-01    | 2026-03-01
Recreation       | Parks Director    | Recreation Admin  | Level 2        | 6 months     | 2025-05-01    | 2025-11-01
News / Blog      | Comms Manager     | Comms Team        | Level 1        | 6 months     | Ongoing       | Ongoing
Fee schedules    | Finance Manager   | Finance Admin     | Level 3        | 6 months     | 2025-02-01    | 2025-08-01
Contact pages    | Comms Manager     | Web Manager       | Level 1        | 6 months     | 2025-04-01    | 2025-10-01
PDFs / Documents | Varies by section | Content Editor    | Level 2-3      | 12 months    | See inventory | See inventory

Filling this in for the first time:

Don't try to populate every row in one sitting. Start with your ten highest-traffic sections and fill in what you know. Where ownership is unclear, mark it "Unassigned" and handle it as a priority in your next content audit. A partial governance matrix with real owners and real dates is more valuable than a complete one with placeholders.

Keeping it current:

The matrix is a living document. Assign one person to own it (this is usually the Web Manager or digital communications lead). Review the entire matrix once a year. Update individual rows whenever ownership changes, a section is restructured, or a new section launches.

Why organizations skip this until it's too late

Governance delivers diffuse, hard-to-measure benefits. Nobody notices when a page is reviewed on time and a stale fee schedule is quietly updated before a resident sees the wrong number. That success is invisible.

What is visible is the crisis: the complaint, the correction, the story about the wrong information still on your website two years after it changed. By then, everyone is asking why there was no system.

The organizations that build governance infrastructure early share a few traits. They have usually experienced at least one content-related incident that was embarrassing or costly enough to motivate the investment. They have a leader who understands that digital content is an organizational asset with a maintenance requirement, not a one-time project. And they treat governance as a management function, not a task for the web team alone.

If you haven't had the incident yet, that's the right time to build. The governance matrix above takes about three hours to populate for a mid-sized site. It takes considerably longer to clean up the mess from four years of unowned content.

Start with your ten most-visited pages. Assign an owner to each one. Set a review date. That's a governance system. It scales from there.

Want help building a content governance framework your team will actually use? Get in touch for a governance audit and a tailored ownership matrix for your organization.