Information Management: using OneDrive for Business, SharePoint and Teams
There are many ways that you can create, access, organise and share information using the digital tools OneDrive for Business, SharePoint and Teams. This article provides some key guidance on the main commonalities and differences between these different components of Microsoft 365 and on managing information throughout its lifecycle within them.
- A key starting point to remember is that OneDrive for Business is linked to your personal IT account at Warwick and when you leave the University, your account will be deactivated and its contents lost. For this reason, it is worth thinking about OneDrive for Business as a personal workspace, with SharePoint and Teams document libraries as areas in which to store information that has wider institutional value.
- It might be helpful to consider OneDrive for Business as the ‘me’ space (One), and SharePoint and Teams as the ‘we’ spaces (Share).
- Understanding how to use the Microsoft 365 components is key to using them effectively and protecting the information that you work with in support of the University’s compliance obligations. IDG provides training and guidance on using these tools. For any advice on information and records management please contact the information and records management advisory team.
- Use OneDrive for Business if the document you are working on is something that you would like to keep private, retain for a short time or intend to use for lightweight collaboration (e.g. you are not sure it's a project yet and just want to share once/twice with a few people).
- If the document you are working on in OneDrive for Business develops into a project and something with wider institutional value, then move it to the appropriate Team or Sharepoint document library.
- If you are working on a document that you know you will be collaborating with others on from the outset, then you create and store it in the appropriate Team or Sharepoint document library.
- Information with longer term value to you or the University should not be communicated and recorded solely in the chat function within Teams. Chat should be used to share or highlight an issue or event in the short term.
- Before you set up a new SharePoint site or Team think about the purpose for which it is being created as a collaboration space. Is this space intended to bring together a distinct set of people with a common objective or goal? Does a SharePoint or Team site already exist for this purpose into which a new channel could be added?
- Creating a new Sharepoint or Team site can be an important first step in delivering a piece of work but having too many sites can make information difficult to find, manage or protect (e.g. where is the record that is needed as evidence of an activity or an event?)
- To help find information quickly when needed in OneDrive for Business, SharePoint or Teams, make sure you follow the University’s guidance on naming conventions when you create new documents and try and apply it consistently.
- In very limited situations when it's absolutely necessary to create a file name containing personal data or other sensitive information, give particular consideration to its storage arrangements, ensuring they are in line with the University’s Information Classification Policy (IG05) and Information Handling Policy (IS04) and adhere to Data Protection obligations.
- All the information held within OneDrive for Business, SharePoint and Teams sites is potentially subject to information access regimes such as the Freedom of Information Act and the General Data Protection Regulation, including the timescales for compliance set out in them. The former is concerned with information provided to the public; the latter, with personal data – anything that relates to someone identified or identifiable, requests for access to personal data, to rectify inaccurate information or to erase it etc.
Sharing Information and Access Controls
- Use the link-sharing functionality in OneDrive for Business and SharePoint to share documents rather than sending them as email attachments. This helps ensure that there is one version of the truth that colleagues can view or edit in real time rather than multiple versions of the same document emailed to recipients as an attachment.
- When you set up a new Teams Site or request a new SharePoint site, think about who needs to have access to the documents in each site and set access controls accordingly (e.g. does the site content contain personal data or sensitive information?). IG05 Information Classification Policy can help you identify whether information is sensitive.
- Ensure you review access control settings in the OneDrive for Business, SharePoint and Teams sites that you work in on a regular basis and always when a person joins or leaves your team.
- If you are leaving a team ensure the appropriate colleagues have access to your SharePoint and Teams sites if the information needs to be accessed after you've left. If you are the only site owner, decide who should own the information after you leave.
- Make sure any information that you've stored in OneDrive for Business is moved to the relevant SharePoint or Teams site if others will need to access it after you've left.
What to keep
- Follow the Stop the ROT guidance and delete Redundant, Obsolete and Trivial Information regularly. Identify records and find out how to keep them, using the Records Retention Schedule (RRS).
- Contact the Archivists at the Modern Records Centre if you have documents stored in OneDrive for Business, SharePoint or Teams that have permanent archival value as a record of the University’s development or corporate memory. This linked guidance outlines the types of record that might be in scope for preservation at the MRC.
- For guidance on the storage, curation, preservation and sharing of research data visit the Managing your research data intranet page.
- Further guidance about managing information and records can be found on the University’s Information and Records Management page.
Security & Information Management is Everyone's Responsibility
- Please read and follow our regular communications and key security advice
- Read and share these ten key points to ensure you are working as securely as possible.
Help and support
If you think you detect any unusual online activity, please report it immediately.
Self-Service Online - make requests and report incidents through our web-based tool ServiceNow
Call us on 024 765 73737. We're open 9:00am to 5:00pm, Monday to Friday (excluding bank holidays).
Email us at email@example.com
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.
Data Protection Officerinfocompliance@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW