Example document management policy

Introduction

This document is an example of a policy for storing, sharing and managing documents in Microsoft 365. The prerequisite is that Microsoft 365, Office, OneDrive, Microsoft Teams and MetaShare has been implemented. Use this to establish your principles for working with documents in your organization.

Purpose

Our organisation handles a large number of documents of different types. Most documents need to be used by different groups, roles and individuals, both in the course of the work and afterwards.

The need is to be able to create, find, share, modify, review, follow up and otherwise manage documents regardless of role and time.

Protecting our information assets is a priority for us within our organisation. We must be able to trust that the information is always available, accurate and protected from unauthorised access.

Our organisation uses Microsoft 365 as a tool and platform for document management, collaboration and communication. All storage is in Microsoft 365, which means that information is kept up-to-date and accessible regardless of time, location and device (work computer, mobile or other mobile devices).

The purpose of this policy is to provide clear guidance as to which tools and storage locations you should use when:

  • Creates
  • Edit
  • Share
  • Publish
  • Archived

How we manage documents within our organisation

Our organisation primarily stores documents in a workspace with an elaborate navigation structure that reflects the way the organisation works. This is in order to make storage and retrieval naturally linked to our business and as user-friendly as possible.

Our organisation manages documents in a common workspace for the following reasons:

  • Finding documents becomes easier
  • It improves internal efficiency and facilitates collaboration – everyone works in a similar way and can find each other’s documents
  • It will be easier to access and control our important documents
  • It increases the reliability and security of documents
    • Important documents should not disappear when someone quits or a computer is stolen
    • Reduce the number of duplicates and instead work with document versions and get traceability in the document lifecycle

Our organisation’s document management is done within the framework of Microsoft 365. The common workspace is available in MetaShare, an add-on application to Microsoft 365 and SharePoint that simplifies and improves its document management.

In addition to MetaShare, there are two other applications for managing documents in Microsoft 365:

  • Microsoft Teams – the Teams collaboration portal provides storage and management of “team” shared documents and files
  • OneDrive – a storage space that’s personal

Documents and files stored in MetaShare, Microsoft Teams and OneDrive are technically stored in SharePoint, but in different separate and distinct document libraries with different functionality, metadata and permissions options. For documents stored in Microsoft Teams and OneDrive, there is no common metadata structure in the same way as in MetaShare. Important documents managed in Microsoft Teams should therefore be managed in MetaShare, i.e. MetaShare is enabled in Teams.

This is described in the following figure:

Guidelines for our workspaces in Microsoft 365

Below we describe our guidelines for different workspaces in Microsoft 365.

The basic principle is that we divide our documents into two main parts:

  • Documents that our organisation does not need to keep – they should be able to be deleted
  • Documents that our organisation needs to keep – they should be kept

The following figure illustrates the principles of the organisation’s document management:

All documents should primarily be stored in MetaShare, which is the basis for our document management and should be used in our daily work. Documents should be created/uploaded there in everyday work.

Storing and sharing documents

Documents stored in MetaShare, Teams or OneDrive can be shared by two or more people and in different ways. Before we share documents, we should consider what we are sharing and to whom. In our organisation, we classify all our documents into three different information classes:

Confidential

Access to this document is normally limited to the specific roles that should have access to the document. This document must not leave our organization or otherwise be exposed to external users unless there is agreed support for it.

For external sharing, only named individuals should be authorized and restrictions can be applied such as limiting the validity of the sharing and limiting the ability to edit/download the document.

Internal

This is an internal document that should only be handled by our staff.

For external sharing, only named individuals should be authorized and restrictions can be applied such as limiting the validity of the sharing and limiting the ability to edit/download the document.

Public

This document may be freely distributed.

Document storage services

The basic principle is that documents should only exist in one place and not be copied. It is better and safer to send a link to a document than to send a copy of the document.

Sensitive information such as personal data that must be handled according to GDPR, trade secrets or other laws and regulations is classified as confidential.

MetaShare

Which documents should be stored?

All documents that may need to be used by someone in our organisation, today or in the future.

How should documents be shared?

The information classification of the documents sets restrictions on how they should be shared. If you are unsure, you should contact our Security Officer.

Microsoft Teams

Temporary teams

For example, cooperation on a topic.

Which documents should be stored?

Documents that all employees should be able to access are stored in open workspaces; for more confidential types of documents, these are stored in authorization-protected workspaces.

For documents related to the team’s work but of minor or temporary nature, these are stored in the channel’s “Files” tab (temporary documents).

If documents are important for our organization, they should be stored in a “Documents” tab (a MetaShare tab), see further under permanent Teams.

A temporary team will be deleted when the need no longer exists.

A durable team is a team that is used continuously in our business.
Channels in these team areas are completed with a “Documents” tab (a MetaShare tab) where the channel’s documents are stored.

How should documents be shared?

The information classification of the documents sets restrictions on how they should be shared. If you are unsure, you should contact our Security Officer.

Sustainable teams

For example, project, department/unit.

Which documents should be stored?

A durable team is a team that is used continuously in our business.

Channels in these team areas are completed with a “Documents” tab (a MetaShare tab) where the channel’s documents are stored.

The channel’s “Files” tab will remain and is only for temporary documents and documents attached to the channel’s Posts tab.

How should documents be shared?

All documents are fully accessible to those in the specific team.

The information classification of the documents sets restrictions on how they should be shared. If you are unsure, you should contact our Security Officer.

OneDrive

Which documents should be stored?

Used only for purely personal work-related documents, such as your employment contract, notes from development meetings, etc. Your previous drafts can also be stored here, before being made available later via other services.

How should documents be shared?

For each document or folder, you can choose to share internally or externally and set your own read and write permissions.

Exceptions

MetaShare and other Microsoft 365 products are the platforms we use. However, there may be exceptions. There must be strong and decided reasons for using other solutions, services and products.

When our organisation collaborates with external parties, it may be necessary, for technical or other reasons, to use their collaboration systems. Generally speaking, if our organisation is the lead partner in a project, the external partners should work in our system and be assigned an access authorisation.

Other digital collaboration and communication

In addition to document management and sharing, the principles for other collaboration and communication with digital tools within the organisation are also described.

Microsoft Teams

In Microsoft Teams, teams are created for a group of employees to work together. Within each team, the group can then configure what functionality is needed and how best to organize the work.

The idea of Microsoft Teams is to bring together relevant information and functionality in a shared workspace – so that you, as part of the group, can work wherever you want and easily communicate and chat with colleagues, manage simple notes, plan, collaborate on documents and otherwise work with other favourite apps that collaboration requires. Microsoft Teams also includes remote meeting capabilities with audio, video and screen sharing.

The chat feature in Microsoft Teams makes it possible to reduce the amount of email sent internally. If you want a quick response from several users, it can be much more convenient and efficient to send a question as a team.

E-mail in Outlook

Outlook is primarily used for communication to and from our organisation with external parties.

When we work with documents, it means:

  • Documents classified as public can be sent as attachments in an email, but ideally, if possible, they should be shared and sent as links in an email.
  • Documents classified as internal or confidential should be sent as shareable links, not as attachments.

Unauthorised external services

We do not store any documents belonging to the organisation on any external file storage service such as Dropbox, Google Drive, private OneDrive or similar.

We are not allowed to use any alternative email service such as Gmail, Hotmail or similar in our daily work.

Which document workspaces and teams does our organization have

The text in this section describes the specific areas in which your documents should be stored and managed. Our recommendation, in order to get a clear description, is to describe which document workspaces and teams exist in the organisation.

For example, according to the table below.

WorkspaceShould include the following documentsMicrosoft Teams?
CommonDocuments that are common to our organisation and should be used in our daily work.No
Management teamOnly for management’s internal documentation, which should not be accessible to other employees.Yes, for discussions within the management team.

Not saving documents in the “Files” tab
Board of DirectorsOnly for the internal documentation of the Board of Directors, which should not be accessible to other employeesYes, for intra-Board discussions between Board meetings.

Not saving documents in the “Files” tab
Department/unit(s)Department/unit documents which, for various reasons, are not suitable for the general workspace “General”.Yes, for discussions within our departments/units.

Management of documents is done in
separate “Document” tabs (MetaShare tabs).
projectProject documents which, for various reasons, are not suitable for the general workspace “General”.Yes, for discussions within the project.