Best practice guidance on tools for sharing and storing information
Outlined below is Information Governance best practice guidance on sharing and storing information using the University's core tools and applications. All University information must be stored and handled in a manner appropriate to its security classification and stored on University-approved systems. Researchers should also refer to guidance provided by Research IT and the Library.
Email is the main communication method used at the University; much formal University business is conducted by email and may form part of an audit trail. It often contains personal, sensitive and confidential information that must be managed in accordance with the Records Retention Schedule. Email is used to store work-related information and to retain a record of discussions that an individual regards as useful to them. Email should not however be used as the main storage medium for important University information or for information that requires collaborative work.
Many emails are intended to be very short-term and do not need to be retained and in some cases doing so may be unlawful. See further advice on managing your in-box.
Email accounts are being migrated to Office 365 email and you will see that email over 3 years old has been migrated to an archive folder. This is to act as a reminder that the retention of email should be reviewed and periodically deleted.
Shared drives are appropriate places to store important University information and typically are used for documents shared within an office (eg a unit within the University’s organisation structure). Shared drives are regularly backed up, they are secure – provided that access and permissions are being actively managed to ensure only the intended people can access the relevant information. Records should be stored in distinct filing systems that take account of different processes within an office (eg HR records separate from financial records) to enable correct access management and easier application of the Records Retention Schedule.
The P drive is provided to staff as a place to store your working draft documents prior to them being stored elsewhere. It should not be used as a place to store final versions of important University information, or to store your own personal/private documents, photographs etc. that are not work related. Note that OneDrive for Business will introduce new features to help you manage your documents; it is envisaged that staff may prefer to use OneDrive rather than the P drive however the P drive will continue to be the default location for managed University devices.
OneDrive for Business
OneDrive for Business enables you to interact easily with Office 365 files (eg Word, Excel, Powerpoint) and collaborate on them with others, including non-University staff. You can securely share information and control levels of security via links for editing or viewing files. It should be used for your working drafts and to collaborate on documents before they are finalised and stored elsewhere, such as a SharePoint site, where they should be managed in accordance with the Records Retention Schedule. It should not be used, as a place to store your own personal/private documents, photographs etc. that are not work related.
Sharing a link in an email to a document rather than attaching a document helps to cut down on the proliferation of documents being circulated. It also aides the sharing of large files (meaning there’s likely to be less of a need to use Dropbox).
SharePoint 2010 and SharePoint online
Sharepoint provides useful features for collaboration and document management such as version control and metadata on documents and is an appropriate place to store important University information that must be managed in accordance with the Records Retention Schedule.
Sharepoint sites are backed up and are secure – provided that access and permissions are being actively managed to ensure only the intended people can access the relevant information. It enables collaboration internally and with non-University staff and can provide an alternative to using a shared drive for managing large amounts of information.
OneDrive for Business, Exchange Email Online and SharePoint Online are tightly integrated, however some of the O365 features may not be available at first; Sharepoint Online should not be used for holding highly restricted information. The advice on this page will be updated accordingly. NB if you have a personal (non-work) O365 account this must not be synced with your work O365 account ie personal use and work use must be kept separate.
University Dropbox for Business
Useful for one-off sharing of information with non-University staff. If the data is Highly Restricted it must be encrypted before it is uploaded to Dropbox for Business. It must not be used as a storage medium; information should remain on Dropbox for Business for the minimum amount of time. Access and permissions to folders and documents should be actively managed to ensure only the intended people can access the relevant information.
Free software and software not approved by the University
Free software or software that has not been provided by IT Services should be risk assessed prior to use. Please contact the IGO to check if an assessment has been completed before you purchase or use any new software. Alternative approved software tools may be available for use.