Recordkeeping In Brief 57 - Managing shared drives
Shared drives, also known as network drives, are used by many organisations to store electronic information, including Word documents, Excel spreadsheets, PowerPoint slides, digital photos, PDF documents and database reports.
If you have feedback or suggestions about this latest RIB we’d love to hear from you
Managing shared drives
- Purpose
- What are shared drives?
- Are shared drives recordkeeping systems?
- Other problems with shared drives
- How to improve the use of shared drives
- Managing existing or legacy data in shared drives
- Sample procedures for managing shared drives
- Other collaboration tools
- Checklist of steps in managing shared drives
- Acknowledgements
Purpose
The purpose of this guidance is to explain:
- the value of managing your shared drives well
- how to improve the management of shared drives for better access to information and more efficient use of ICT resources
- how to ensure that your organisation’s recordkeeping requirements are met.
What are shared drives?
Shared drives, also known as network drives, are used by many organisations to store electronic information, including Word documents, Excel spreadsheets, PowerPoint slides, digital photos, PDF documents and database reports.
Are shared drives recordkeeping systems?
No. While they have a number of business advantages, shared drives are not suitable as recordkeeping systems. While some security measures can be added, most information on shared drives can be easily edited or deleted and there are no audit trails to indicate who has made modifications. Property fields are rarely populated with metadata and there are no contextual links between documents and their business context. As their authenticity can be compromised, records stored on shared drives cannot adequately function as evidence.
When documents and other information kept on shared drives have been finalised, issued, sent or have otherwise taken part in official business transactions, they should be captured into corporate recordkeeping systems.
Tip: In many cases, documents will be emailed as part of those transactions, making the capture of the email with attachments the most sensible option for keeping the records. Otherwise, documents and other information types used for official business should be captured individually if they are needed as evidence of the business being performed.
Organisational recordkeeping policy and business rules should direct staff on when and how to save documents as records.
Other problems with shared drives
- Shared drives have often evolved informally with little planning or structure. As a result, directory folders and documents may be poorly organised and titled. In an environment where records are supposed to be shared with a number of users, this lack of rigour will inevitably cause difficulty in locating, retrieving and using information and in managing versions. It also makes it difficult to assign security restrictions to certain parts of the business that may be more sensitive.
- In addition, users of shared drives often don’t perform regular ‘housekeeping’ of their shared drives. For example, information accumulates and is rarely deleted, leading to volumes of storage that are costly for the organisation to maintain. Excessive volumes of storage on the drive also contribute to the inability to find and use relevant information.
- Users will often leave the organisation without ‘cleaning up’ their documents on shared drives, and it is difficult for others to determine what is of value and what has or has not been saved to corporate recordkeeping systems.
How to improve the use of shared drives
There are a number of ways the organisation can improve the management of shared drives. A few key ways are listed below.
- Consider shared drives as part of your information management strategic framework and include them in your Records management policy.
- Have clear policy and procedures for staff regarding the use of shared drives and saving records to corporate recordkeeping systems.
- Create (or facilitate the creation of) logical hierarchical structures for information in shared drives. It may be suitable to align the folder titles to the organisation’s business classification scheme if there is one that is accepted in the workplace. Structures should be workshopped and piloted within the group. Structures should be flexible and be altered as the business changes.
Tip: If an XSL style sheet has been used to produce the organisation’s retention and disposal authority, a batch file can be generated to automatically create the same structure in shared drives. See Creating custom XSL style sheets for more information.
- Define document naming conventions that are easy to use and can be adopted by all staff.
Tip: The Department of Services, Technology and Administration have developed MS Office templates for common business formats (such as memos, faxes etc) which can be used by staff. This automatically captures a sensible file ‘save as’ name based on document content. It takes information from bookmarked fields, processes it, and suggests a filename, and also saves metadata in to the document properties. The templates are available for anyone in NSW Government to use, and can be downloaded from the IAMSAsk website (contact Peter Clare at Peter.Clare@services.nsw.gov.au for a login). They come with instructions on how they can be modified to the needs of a particular organisation.
- Establish suitable restrictions and controls for workgroups or folders within shared drives. Consider controls to prevent the unauthorised creation of top or mid level folders, while allowing more freedom at lower levels.
- Consider whether some folders containing sensitive information may need to be removed from shared drives or secured and hidden from view except to those groups who have the correct levels of authorisation. See Premier’s Circular C2002-69 Labelling sensitive information and the guidelines it endorses for information regarding security levels and when to apply them.
- Advise staff regarding security needs for documents they create that may be sensitive.
- Create and implement standard templates which include footers that provide the document name and file path (these are also valuable for capturing essential metadata).
- Assign responsibility for the management of the folder structures in shared drives.
For example, in some organisations it may be suitable for a records or information manager to be responsible for structuring and maintaining organisation-wide shared drives with administrators within each workgroup managing workgroup folders.
- Provide training and assistance for staff with responsibility for structuring or managing folders and for users. Consider change management initiatives that will promote compliance.
- Establish procedures and controls and assign responsibility for managing the deletion of information and records from shared drives. These could include security controls to prevent deletion, reference to your organisation’s Normal Administrative Practice (NAP) guidelines regarding what can be routinely deleted and the inclusion of responsibilities in HR exit procedures for staff.
- Set up a transition arrangement for moving from old directory structures or files to the new structure. This might involve, for example, freezing use of the old structure, leaving shortcuts pointing to the new location and gradually moving files into the new structure.
- Audit shared drives regularly to ensure procedures are followed.
Managing existing or legacy data in shared drives
Organisations will need to establish a strategy for dealing with existing unstructured or poorly managed data that is already residing in shared drives.
For example, when new structures are established staff should be encouraged to:
- capture records to corporate recordkeeping systems as required if they have not already done so (whether this means printing and filing or capturing digitally)
- delete unimportant information in accordance with the organisation’s Normal Administrative Practice guidelines
- move any documents they are still working on to the new structure.
Records or business unit managers will need to monitor this carefully to ensure that records are actually being captured and that other documents can confidently be regarded as falling within their NAP guidelines. This may involve speaking to relevant staff in business areas and reviewing drives and what has been captured into recordkeeping systems.
If unstructured or poorly structured shared drives are to be closed off, they should be saved for reference purposes for a period of time prior to deleting them. Set a timeframe for this and make staff aware of it.
If there is:
- an overwhelming volume of information in older shared drives
- legacy information that no one in the organisation is familiar with
and it cannot be confidently assumed that records have been saved to corporate recordkeeping systems, it may not be viable to sort them. In this case, organisations may make a risk based decision to close off the shared drive and save the entire drive. The drive will need to be migrated and kept accessible until the retention of all of the records likely to be contained in it has expired.
There should be clear and enforced procedures for staff to use new directory structures and guidelines so that this situation does not reoccur.
Sample procedures for managing shared drives
State Records NSW has created Sample procedures for staff: managing shared drives (Doc, 113kb). These are designed to be circulated to staff members in the organisation to help them manage their shared drives. Before circulating to staff, records or information managers, in liaison with relevant ICT professionals and business unit managers, should modify the sample procedures so that they are in line with internal business practices and the organisation’s particular infrastructure and information strategy.
For example modifications might include providing:
- a list of the types of shared drives in use in the organisation and their purpose
- particular details about business classification scheme or thesaurus to be used in shared drives
- information on when and how acronyms can be used
- more information about folder administrators’ responsibilities
- organisation-specific examples and links to organisation-specific procedures or guidance
- advice about infrastructure requirements e.g. size of personal drives, access restrictions or security measures (e.g password protection)
- information about particular corporate recordkeeping systems to be used and links to guidance on how to save to them
- authorisation and high level support for the guidance from a senior manager (in line with organisational procedures).
See also Managing digital records for advice on:
- the management of special format digital records such as digital photographs, digital audiovisual records, CAD etc
- choosing formats and the management of certain commonly used formats for better long term preservation.
Other collaboration tools
Many organisations are now using other document sharing/collaboration tools, such as SharePoint and GovDex. This guidance does not address these tools directly. However, it is important to note that if the tool is not compliant with the Standard on digital recordkeeping, the documents within these tools should be saved to a recordkeeping system (manually or by integration) if there is a need to retain them as records of organisational business.
See the following State Records publications:
- Records management and web 2.0 2009, for information about collaboration tools
- Recordkeeping in brief 54: Storage of State records with service providers outside of NSW 2009, for guidance on cloud computing arrangements.
Checklist of steps in managing shared drives
| Policy and procedure | Yes | No | |
|---|---|---|---|
| 1. | Have shared drives been included in the organisation’s information strategy and Records management policy? | ||
| 2. | Are there policy and procedures for staff regarding the use of shared drives? | ||
| 3. | Do policy and procedures include rules and instructions for saving records into corporate recordkeeping systems? | ||
| 4. | Do policy and procedures include rules and instructions regarding the deletion of information from shared drives e.g. what can be deleted using Normal Administrative Practice (NAP)? |
| Structures, conventions and templates | Yes | No | |
|---|---|---|---|
| 5. | Have folder structures been set up for all corporate drives? | ||
| 6. | Have document naming conventions been established and promoted to staff? | ||
| 7. | Are standard templates used which include the document name and file path in footers? |
| Security | Yes | No | |
|---|---|---|---|
| 8. | Has the organisation considered whether some information is too sensitive to keep on shared drives and, if so, made other arrangements? | ||
| 9. | Have appropriate security controls been added to relevant shared drive folders? | ||
| 10. | Are staff members aware of security needs for documents they create? |
| Responsibilities | Yes | No | |
|---|---|---|---|
| 11. | Has responsibility for managing folder structures been assigned to appropriate people in the organisation and workgroups? | ||
| 12. | Have staff responsibilities for managing documents they create in shared drives been documented and communicated to staff? | ||
| 13. | Have responsibilities been assigned for the authorised deletion of information from shared drives? |
| Training | Yes | No | |
|---|---|---|---|
| 14. | Have all staff members been provided with training appropriate to their roles in managing information on shared drives? |
| Existing or legacy data | Yes | No | |
|---|---|---|---|
| 15. | If moving to a new structure for shared drives, have transition arrangements been established? | ||
| 16. | Does the organisation have a strategy for managing any unstructured or poorly managed data already residing in shared drives? |
| Monitoring | Yes | No | |
|---|---|---|---|
| 17. | Are monitoring arrangements in place to ensure shared drives are being managed in accordance with procedures? |
Acknowledgements
State Records wishes to acknowledge use of the following documents in the compilation of this guidance and the Sample procedures for staff: managing shared drives:
- Alberta Government, Managing shared electronic workspace: business rules, December 2005, available at: http://www.im.gov.ab.ca/publications/pdf/ManagingSharedElectronicWorkspace.pdf
- Barts and the London NHS Trust, Where to store and how to share electronic documents: guidance for staff, 1 March 2007, available at: http://www.healtharchives.org/docs/BLT_Where_to_Store_and_How_to_Share_Electronic_Documents.pdf
- National Archives of Australia, Can I use shared folders to manage records? available at: http://www.naa.gov.au/records-management/systems/shared-folders.aspx
- National Archives of the UK, Good practice in managing electronic documents using Office 97 on a local area network, (no longer current) available at: http://www.nationalarchives.gov.uk/documents/managing_elect_docs.pdf
- Queensland State Archives, Public Records Brief: Managing shared drives, October 2005, available at: http://www.archives.qld.gov.au/publications/PublicRecordsBriefs/SharedDrives.pdf
- University of Stirling, Managing electronic records in shared network drives – good practice guidance, 24 April 2007, available at: http://www.rec-man.stir.ac.uk/documents/ManagingElectronicRecordsInSharedNetworkDrives-V1.pdf
