Introduction
This document is an example of a policy for storing, sharing and managing documents in Office 365. The prerequisite is that Microsoft Office 365, OneDrive, Microsoft Teams (hereafter referred to as Teams) and MetaShare are technically implemented. Use this document to set out your principles for working with documents in your organisation.
Purpose
Our organisation handles a large number of documents of different types. Most documents need to be used by different groups, roles and individuals, both in the course of the work and afterwards.
The need is to be able to create, find, share, modify, review, follow up and otherwise manage documents regardless of role and time.
Protecting our information assets is a priority for us within our organisation. We must be able to trust that the information is always available, accurate and protected from unauthorised access.
Our organisation uses Microsoft Office 365 as a tool and platform for document management, collaboration and communication. All storage is in Office 365, which means that information is kept up-to-date and accessible regardless of time, location and device (work computer, mobile or other mobile devices).
The purpose of this policy is to provide clear guidance as to which tools and storage locations you should use when:
- Creates
- Edit
- Share
- Publish
- Archived
How we manage documents within our organisation
Our organisation primarily stores documents in a common document space with an elaborate navigation structure that reflects the way the organisation works. This is in order to make storage and retrieval naturally linked to our business and as user-friendly as possible.
Our organisation manages documents in a common document space for the following reasons:
- Finding documents becomes easier
- It improves internal efficiency and facilitates collaboration – everyone works in a similar way and can find each other’s documents
- It will be easier to access and control our important documents
- It increases the reliability and security of documents
- Important documents should not disappear when someone quits or a computer is stolen
- Reduce the number of duplicates and instead work with document versions and get traceability in the document lifecycle
Our organisation’s document management is done within the framework of Office 365. The common document space is available in MetaShare, an add-on application to Office 365 and SharePoint that simplifies and improves its document management.
In addition to MetaShare, there are two other applications for managing documents in Office 365:
- Microsoft Teams – the Teams collaboration portal provides storage and management of “team” shared documents and files
- OneDrive – a storage space that’s personal
Documents and files stored in MetaShare, Microsoft Teams and OneDrive are technically stored in SharePoint, but in different separate and distinct document libraries with different functionality, metadata and permissions options. For documents stored in Microsoft Teams and OneDrive, there is no common metadata structure in the same way as in MetaShare. Important documents managed in Microsoft Teams should therefore be managed in MetaShare, i.e. MetaShare is enabled in Teams.
This is described in the following figure:
Guidelines for our document spaces in Office 365
Below we describe our guidelines for different document spaces in Office 365.
The basic principle is that we divide our documents into two main parts:
- Documents that our organisation does not need to keep – they should be able to be deleted
- Documents that our organisation needs to keep – they should be kept
The following figure illustrates the principles of the organisation’s document management:
All documents should primarily be stored in MetaShare, which is the basis for our document management and should be used in our daily work. Documents should be created/uploaded there in everyday work.
Storing and sharing documents
Documents stored in MetaShare, Teams or OneDrive can be shared by two or more people and in different ways. Before we share documents, we should consider what we are sharing and to whom. In our organisation, we classify all our documents into three different information classes:
| Information class | Description |
|---|---|
| Confidential | Access to this document is normally restricted to the specific roles that should have access to the document. This document must not leave our organisation or otherwise be exposed to external users unless there is agreed support for it. In the case of external sharing, only named individuals should be given permission and restrictions can be applied such as limiting the duration of the share and limiting the ability to edit/download the document. |
| Internal | This is an internal document to be handled by our employees only. In the case of external sharing, only named individuals should be given permission and restrictions can be applied such as limiting the duration of the share and limiting the ability to edit/download the document. |
| Publikt | This document may be freely distributed. |
The basic principle is that documents should only exist in one place and not be copied. It is better and safer to send a link to a document than to send a copy of the document.
Sensitive information such as personal data that must be handled according to GDPR, trade secrets or other laws and regulations is classified as confidential.
The following table summarises how documents are stored and shared within our organisation:
| Service | Which documents should be stored | How should the documents be shared |
|---|---|---|
| MetaShare | All documents that may need to be used by someone in our organisation, today or in the future. | The information class of the documents sets restrictions on how they should be shared. If you are unsure, you should contact our Security Officer. |
| Teams (temporary teams, e.g. cooperation on a topic) | Documents that all employees should be able to access are stored in open collaboration areas, while more confidential documents are stored in password-protected collaboration areas. For documents related to the work of the team but of minor importance or temporary nature, these are stored in the “Files” tab of the channel (temporary documents). If documents are of importance to our organisation, they should be stored in a “Documents” tab (a MetaShare tab), see further under Permanent Teams. A temporary team area will be deleted when the need no longer exists. A sustainable team space is a space that is used continuously in our operations. Channels in these team spaces are complemented with a “Documents” tab (a MetaShare tab) where the channel’s documents are stored. | All documents are fully accessible to the members of the specific team. The information class of the documents sets restrictions on how they should be shared. If you are unsure, you should contact our Security Officer. |
| Teams (permanent Teams, for example, projects, department/unit) | A sustainable team space is a space that is used continuously in our operations. Channels in these team spaces are complemented with a “Documents” tab (a MetaShare tab) where the channel’s documents are stored. The channel’s “Files” tab will remain and is only for temporary documents and documents attached to the channel’s Post tab. | All documents are fully accessible to the members of the specific team. The information class of the documents sets restrictions on how they should be shared. If you are unsure, you should contact our Security Officer. |
| OneDrive | Used only for purely personal work-related documents, such as your employment contract, notes from development meetings, etc. Your previous drafts can also be stored here, before being made available later via other services. | For each document or folder, you can choose to share internally or externally and set your own read and write permissions. |
Exception
MetaShare and other Office 365 products are the platforms we use. However, there may be exceptions. There must be strong and decided reasons for using other solutions, services and products.
When our organisation collaborates with external parties, it may be necessary, for technical or other reasons, to use their collaboration systems. Generally speaking, if our organisation is the lead partner in a project, the external partners should work in our system and be assigned an access authorisation.
Other digital collaboration and communication
In addition to document management and sharing, the principles for other collaboration and communication with digital tools within the organisation are also described.
Microsoft Teams
In Teams, teams are created for a group of employees to work together. Within each team, the group can then configure what functionality is needed and how best to organise the work. See also section “4. Storage and sharing of documents”.
The idea of Teams is to bring together relevant information and functionality in a shared workspace – so that you, as part of the group, can work wherever you want and easily communicate and chat with colleagues, manage simple notes, plan, collaborate on documents and otherwise work with other favourite apps that collaboration requires. Teams also includes remote meeting capabilities with audio, video and screen sharing.
The chat feature in Teams makes it possible to reduce the amount of email sent internally. If you want a quick response from several users, it can be much more convenient and efficient to send a question as a team.
E-mail in Outlook
Outlook is primarily used for communication to and from our organisation with external parties.
When we work with documents, it means:
- Documents classified as public can be sent as attachments in an email, but ideally, if possible, they should be shared and sent as links in an email.
- Documents classified as internal or confidential should be sent as shareable links, not as attachments.
Unauthorised external services
We do not store any documents belonging to the organisation on any external file storage service such as Dropbox, Google Drive, private OneDrive or similar.
We are not allowed to use any alternative email service such as Gmail, Hotmail or similar in our daily work.
What document spaces and teams does our organization have
The text in this section describes the specific areas in which your documents should be stored and managed. Our recommendation, in order to get a clear description, is to describe which document and team spaces exist in the organisation.
For example, according to the table below.
| Workspace | Should contain the following documents | Should also have a Team in teams? |
|---|---|---|
| Common | Documents that are common to our organisation and should be used in our daily work. | No |
| Management team | Only for management’s internal documentation, which should not be accessible to other employees. | Yes, for discussions within the management team. Not saving documents in the “Files” tab |
| Board of Directors | Only for the internal documentation of the Board of Directors, which should not be accessible to other employees | Yes, for discussions within the Board that take place between Board meetings. Not saving documents in the “Files” tab |
| Department(s) | Department/unit documents which, for various reasons, are not suitable for the general collaboration area “Common”. | Yes, for discussions within our departments/units. Handling of documents takes place in separate “Documents” tabs (MetaShare tabs). |
| Project | Project documents which, for various reasons, are not suitable for the general collaboration area “Common”. | Yes, for discussions within the project. |