 Hello again. Welcome back. Let's talk about the principles of managing shared drives. In this module, we will discuss the concept of information governance and importance of managed content systems, such as team shares, shared drives, SharePoint sites, or any of UBC's approved web-based platforms. What is information governance? Information governance is a set of policies and controls which inform users how to create, name, store, and dispose of information. It can apply to the enterprise or unit level. Today, we are talking about unit level governance. When unit level policies are applied, risk for the unit and the university is reduced. Let me show you how you can reduce risk for your unit and for the university. We have all seen shared drives with a folder structure and document names are unintelligible. The drive is used as a dumping ground. Sometimes folks abandon old systems and start creating records on a new platform. No one knows who owns the old records and which ones can be safely deleted. Before long, mass confusion. Governance over shared drives is important because with it, we can find and remove information efficiently. And without it, we have a mess for ourselves and risk for the university. In this module, you will learn key activities for managing any content system. Organize, manage and secure. Planned disposition. Let's start with organize. The structure of shared drives should be organized so that we can find documents easily. This includes naming folders and documents properly. We all know that, right? We also structure the shared drives to facilitate disposition. Yes, you heard me right. At creation, we need to determine if the record series will be ultimately retained or destroyed. Control over the folders and documents we create on the drives is important. Let's take financial records for example. It is best to create the folder structure according to accounting activities such as accounts payable. Our retention schedule states a seven-year retention period based on legislation. By creating a folder FY 2017 within accounts payable, we can safely and accurately destroy all financial information like invoices, travel requisitions and journal vouchers once that retention period is met. Very simple because we created a folder structure with destruction in mind. If we place financial files in folders named after say a person's name, it would be difficult to search and find actual accounts payable records. The data maintenance manager would be searching needlessly through many folders unrelated to finance such as event photos or staff meeting minutes all with different retention periods. If the data maintenance manager was able to find the financial records, he would have no idea whether these were the official source of truth records or one of many copies held for convenience only. This is why we never create folders by someone's name. We use function and activity. Finding information is always key but we also want to manage shared drives properly to reduce the risk for the university. Unmanaged and abandoned record systems causes record duplication which increases the risk of privacy breaches, complicates compliance with FIPA requests and increases storage costs exponentially. We have all heard that storage is cheap but the danger of uncovered information systems is not worth it at any cost. Remember, we organize shared drives with both access and disposition in mind. Next, let's talk about manage and secure. When the shared drive is managed, the organization of the content is done according to a documented method and we have assigned an individual or group of individuals the responsibility for maintaining the system. Let's say LARS is responsible for the official account's payable folders on the shared drive. If LARS leaves his position, Sherry takes over the responsibility for managing the folders and content. This transfer of responsibility is documented. This way, nothing created on the drive is abandoned. When new folders are added, they are added according to a managed system. This can simply be an agreed upon and documented naming standard for folders. A good system doesn't need to be complicated. Keep it simple but always documented and communicated. I need to get serious now and talk about security. Do you know who has access to your shared drives? Again, this goes back to a unit's information governance protocols and managing risk. Access to shared drives should be controlled through a security group, a group of people who require access to the shared drive in order to do their job. A security group is an efficient, secure and preferred way to assign permissions for different classes of records. This group can be broad or narrow but it should be documented, defensible and communicated. Access to the folders should be decided by management and administered by your department's IT resources. Shared drives with unmanaged security and poor document and naming standards tend to turn into a tangled mess quickly. Ugh, people please. Implementing a system of information governance is worth doing and we will all sleep better. The third and final principle is planned disposition. Let's go back to the example of accounts payable records. Keeping two years active and five years inactive records is common best practice in accounting departments. Every year, LARS separates the active accounts from the inactive ones and places them into their respective folders. Simple so far, right? At the end of the cycle, we go to the folder that is ready for destruction. In this case, the FY 2009 folder and all of its contents. The steps for disposition are as follows. First, we produce a content list. This is an Excel spreadsheet with a macro that captures content. It is available from UBC's Record Management Office. Second, LARS communicates destruction according to unit level policy. Remember, both paper and electronic records should be destroyed at the same time. Finally, we store the content list in the appropriate folder on the shared drive. All folders in the drive should be managed this way. Created according to the classification system with access and disposition in mind. Each records area, be it finance, personnel, communication, should have a person or persons responsible for managing the information. Disposition should be communicated and documented. Okay, what did we learn? The concept of information governance. Shared drives in all content systems, including SharePoint in workspace, should be organized by function and activity with access and disposition in mind. Assign responsibility for managing the drive. Access to shared drive should be controlled via security group. Follow the approved retention schedules and document what is being destroyed. Got an information governance problem but don't know where to start? Contact the Records Management Office. It's quiz time!